I like that vendors allow you to test things in CLI. Testing NAT is sometimes necessary in troubleshooting issues. When you dont know for sure if your NAT is configured correctly or not, you can go into CLI and test it out.
shane@PA-3050(active)> test nat-policy-match destination 18.104.22.168 source 10.10.10.1 protocol 6 destination-port 80
Source-NAT: Rule matched: Users-Outbound
10.10.10.1:0 => 22.214.171.124:13666 (6), ethernet1/1
This is the retired Shane Killen personal blog, an IT technical blog about configs and topics related to the Network and Security Engineer working with Cisco, Brocade, Check Point, and Palo Alto and Sonicwall. I hope this blog serves you well. -- May The Lord bless you and keep you. May He shine His face upon you, and bring you peace.
Tuesday, December 15, 2015
Palo Alto: NAT Testing In CLI
Subscribe to: Post Comments (Atom)
Hi Shane, Thanks for doing the great stuff. Is there any way to simulate duplicate packets in Palo Alto, like Cisco ASA Packet-tracer command does.ReplyDelete