>
    Strata Copilot
    inspect policy-manager status
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Use CLI Commands
    4. Inspect Commands
    5. inspect policy-manager status
    Download PDF
    Prisma SD-WAN

    inspect policy-manager status

    Table of Contents

    inspect policy-manager status

    Use the inspect policy-manager status command to display the current status of the policy manager, including whether policies are synchronized and operational.
    Use the inspect policy-manager status command to confirm that the policy manager has successfully loaded and is enforcing both network and priority policies. The output is a JSON object that reports the presence and active state of each policy type, the configured node limits, whether the device has reached a fully-loaded policy state, and whether the device migrated the policy from a previous configuration format. Use this command when troubleshooting policy enforcement issues to quickly determine whether the policy manager has initialized correctly.

    Command

    inspect policy-manager status

    Options

    None

    When to Use

    • After initial device deployment, to confirm policy synchronization with the controller before putting the device into production.
    • When troubleshooting traffic that is not matching expected policies, to rule out a policy manager initialization failure as the root cause.
    • After making policy changes in the controller, to verify that the updated policy has propagated to and been activated on the device.
    • When investigating policy resource exhaustion issues, to check configured node limits before running per-policy dropped commands.

    Command Notes

    RoleSuper, Read Only
    Related CommandsNone
    Introduced inRelease 5.0.1

    Example

    inspect policy-manager status
{
  "_net_policy_present": true,
  "_pri_policy_node_limit": 3000000,
  "_has_reached_all_policy_present": true,
  "_net_policy_node_limit": 3000000,
  "_is_migrated_policy": false,
  "_net_policy_active": true,
  "_pri_policy_present": true,
  "is_nctx_info_on_all_ifaces": true,
  "_pri_policy_active": true
}

    Output Fields

    • _net_policy_present: Whether the policy manager has loaded a network policy configuration.
    • _net_policy_active: Whether the device is currently enforcing the network policy.
    • _net_policy_node_limit: The maximum number of nodes the network policy can consume.
    • _pri_policy_present: Whether the policy manager has loaded a priority policy configuration.
    • _pri_policy_active: Whether the device is currently enforcing the priority policy.
    • _pri_policy_node_limit: The maximum number of nodes the priority policy can consume.
    • _has_reached_all_policy_present: Whether the device has completed loading all policy components and reached a fully initialized state.
    • _is_migrated_policy: Whether the device migrated the current policy from an older configuration format.
    • is_nctx_info_on_all_ifaces: Whether all interfaces have network context information.

    Troubleshooting

    ConditionPossible CauseAction
    _net_policy_present or _pri_policy_present is falseThe controller has not assigned a policy to the device, or the device has not connected to the controllerVerify device-to-controller connectivity; check that the controller has assigned a policy stack to the device
    _net_policy_active or _pri_policy_active is falseThe device downloaded the policy but has not yet activated it, or activation failedWait a few moments and re-run the command; if the issue persists, check for configuration errors in the controller
    _has_reached_all_policy_present is falseThe device is still synchronizing policies from the controllerWait for synchronization to complete; check controller connectivity if this persists
    is_nctx_info_on_all_ifaces is falseOne or more interfaces do not have network context configuredReview interface configuration and ensure network contexts are properly assigned

    © 2026 Palo Alto Networks, Inc. All rights reserved.