I like that vendors allow you to test things in CLI. Testing NAT is sometimes necessary in troubleshooting issues. When you dont know for sure if your NAT is configured correctly or not, you can go into CLI and test it out.
shane@PA-3050(active)> test nat-policy-match destination 7.7.7.7 source 10.10.10.1 protocol 6 destination-port 80
Source-NAT: Rule matched: Users-Outbound
10.10.10.1:0 => 5.5.5.5:13666 (6), ethernet1/1
Hi Shane, Thanks for doing the great stuff. Is there any way to simulate duplicate packets in Palo Alto, like Cisco ASA Packet-tracer command does.
ReplyDelete