Category: Palo Alto

Palo Alto Ruleset Test

To test connectivity between IPs against exiting rules use the following command: test security-policy-match source 1.1.1.1 destination 2.2.2.2/32 destination-port 22 protocol 6 Protocol Values TCP – 6 UDP – 17 ICMP – 1 ESP – 50 admin@PaloAlto> test security-policy-match source 172.18.57.125 destination 172.18.56.10/32 destination-port 22 protocol 6 “Rule 153” { from [ SEG-INT uat ];…




Palo Alto Route and Zone Lookup

Check route by matching the IP: test routing fib-lookup virtual-router default ip <IP> Check zones on the Interfaces show interface all Show routing table show routing route Examples: admin@PaloAlto> test routing fib-lookup virtual-router default ip 172.18.57.125 ——————————————————————————– runtime route lookup ——————————————————————————– virtual-router: default destination: 172.18.57.125 result: via 10.243.21.174 interface ethernet1/23, source 10.243.21.164, metric 10 ——————————————————————————–…




Palo Alto Traffic Monitor Filtering

Host Traffic Filter Examples From Host a.a.a.a Syntax: (addr.src in a.a.a.a) Example: (addr.src in 1.1.1.1) To Host b.b.b.b Syntax: (addr.dst in b.b.b.b) Example: (addr.dst in 2.2.2.2) From Host a.a.a.a and To Host b.b.b.b Syntax: (addr.src in a.a.a.a) and (addr.dst in b.b.b.b) Example: (addr.src in 1.1.1.1) and (addr.dst in 2.2.2.2) From Host a.a.a.a or Host c.c.c.c…