Troubleshoot Policy Rule Traffic Match

Test the traffic policy match of the running firewall configuration.
To perform policy match tests for managed firewalls, test the policy rule configuration for your managed devices to ensure that the running configuration appropriately secures your network by allowing and denying the correct traffic. After the results are generated for traffic that was matched to configured rules, you can
Export to PDF
for auditing purposes.
  1. Select
    Panorama
    Managed Devices
    Troubleshooting
    to perform a policy match.
    You may also run a policy match test from the
    Policies
    tab.
  2. Enter the required information to perform the policy match test. In this example, a Security policy match test is run.
    1. Select
      Security Policy Match
      from the
      Select Test
      drop-down.
    2. Select device/VSYS
      and select the managed firewalls to test.
    3. Enter the Source IP address from which traffic originated.
    4. Enter the Destination IP address of the target device for the traffic.
    5. Enter the Protocol IP used for the traffic.
    6. If necessary, enter any additional information relevant for your Security policy rule testing.
  3. Execute
    the Security policy match test.
  4. Select the Security policy match Results to review the policy rules that match the test criteria.
    test-policy-rule-match-example.png

Related Documentation