Palo Alto Ruleset Test

To test connectivity between IPs against exiting rules use the following command:
test security-policy-match source 1.1.1.1 destination 2.2.2.2/32 destination-port 22 protocol 6

Protocol Values

TCP – 6
UDP – 17
ICMP – 1
ESP – 50

admin@PaloAlto> test security-policy-match source 172.18.57.125 destination 172.18.56.10/32 destination-port 22 protocol 6
 "Rule 153" {
 from [ SEG-INT uat ];
 source [ 10.0.0.0-10.224.191.255 10.224.197.0-10.224.197.255 10.224.199.0-10.224.199.255 10.224.205.16-10.224.205.95 10.224.205.128-10.224.205.255 10.224.207.0-10.224.223.255 10.224.226.0-10.243.29.255 10.243.33.128-10.243.95.255 10.243.100.128-10.243.107.255 10.243.109.32-10.243.109.63 10.243.109.176-10.243.109.191 10.243.110.0-10.243.110.63 10.243.110.128-10.243.110.255 10.243.116.0-10.243.255.255 172.17.0.0-172.17.21.255 172.17.25.0-172.17.26.127 172.17.26.192-172.17.28.223 172.17.29.0-172.17.34.255 172.17.37.0-172.17.39.255 172.17.45.0-172.17.46.255 172.17.48.0-172.18.13.255 172.18.14.4-172.18.14.63 172.18.14.128-172.18.255.255 192.168.0.0-192.168.182.15 192.168.182.32-192.168.187.251 192.168.188.0-192.168.190.255 192.168.192.0-192.168.250.245 192.168.250.247-192.168.255.255 10.233.0.0/16 145.61.0.0/16 145.72.0.0/16 172.27.103.0/24 172.27.104.0/23 172.27.115.48/28 172.28.128.0/24 172.28.38.0/24 57.198.0.0/16 192.168.163.0/24 172.20.0.0/22 172.20.4.0/22 172.27.119.96/28 ];
 source-region none;
 to [ SEG-INT uat ];
 destination [ 172.18.42.64/27 172.18.42.128/27 172.18.42.160/28 172.18.42.176/28 172.18.42.240/28 172.18.60.64/27 172.18.60.96/27 172.18.37.80/28 172.18.37.96/28 172.18.39.128/27 172.18.39.160/27 172.18.44.160/28 172.18.44.176/28172.18.44.224/28 172.18.44.240/28 10.243.13.0/26 10.243.60.0/28 172.18.36.0/25 10.243.38.0/24 10.243.61.0/24 10.243.80.0/23 172.18.33.0/28 172.18.33.32/28 172.18.34.0/25 172.18.38.224/27 172.18.38.96/28 172.18.39.224/27 172.18.40.224/27 172.18.56.0/25 172.18.56.128/25 172.18.59.0/25 172.18.8.0/25 172.18.8.128/25 172.18.9.0/25 172.18.9.128/25 172.18.80.0/23 172.18.39.96/28 10.243.83.128/27 172.18.37.252/30 72.18.37.0/27 172.18.37.32/27 172.18.44.16/28 172.18.42.192/28 172.18.42.16/28 172.18.42.208/28 172.18.39.112/28 172.18.38.160/27 172.18.38.128/27 172.18.38.112/28 172.18.42.224/28 172.18.42.96/27 172.18.39.32/27 172.18.39.64/27 10.243.12.128/26 10.243.171.0/26 10.243.39.192/26 10.243.41.0/24 10.243.41.64/26 10.243.41.0/26 10.243.83.0/27 10.243.83.32/27 10.243.83.96/27 10.243.83.160/27 10.243.44.0/24 10.243.83.64/27 172.18.76.0/25 172.18.76.128/25 172.18.77.0/25 172.18.77.128/25 172.18.78.0/25 172.18.78.128/25 172.18.59.128/25 172.18.4.0/25 172.18.4.128/25 172.18.5.0/25 172.18.5.128/25 172.18.6.0/25 172.18.6.128/25 172.18.7.0/25 172.18.7.128/25 10.243.60.16/28 10.243.171.64/26 10.243.60.32/28 172.17.32.0/27 172.18.40.192/27 10.243.37.224/27 172.18.83.192/26 172.18.83.128/26 ];
 destination-region none;
 user any;
 category any;
 application/service any/any/any/any;
 action allow;
 icmp-unreachable: no
 terminal yes;
 }

https://live.paloaltonetworks.com/t5/Management-Articles/How-To-Test-Security-NAT-and-PBF-Rules-via-the-CLI/ta-p/55911