Tuesday, December 15, 2015

Palo Alto: NAT Testing In CLI

I like that vendors allow you to test things in CLI.  Testing NAT is sometimes necessary in troubleshooting issues.  When you dont know for sure if your NAT is configured correctly or not, you can go into CLI and test it out.

shane@PA-3050(active)> test nat-policy-match destination source protocol 6 destination-port 80

Source-NAT: Rule matched: Users-Outbound => (6), ethernet1/1

1 comment:

  1. Hi Shane, Thanks for doing the great stuff. Is there any way to simulate duplicate packets in Palo Alto, like Cisco ASA Packet-tracer command does.


Your comment will be reviewed for approval. Thank you for submitting your comments.