Monday, February 11, 2019

Palo Alto Firewall: Testing PBF (Policy Based Forwarding) In CLI

PBR (or PBF as Palo calls it), is a really great feature.  Policy Based Forwarding (in the network world, we call it policy based routing) is a feature where you can control where packets go without using the routing table.  You set a destination based on certain parameters that you define (like source, protocol, etc) and it catches this PBF policy BEFORE it hits the routing table.  Here is how you test it in CLI, to verify it works the way you want it to.

PA850-1(active)> test pbf-policy-match from L3-Inside application web-browsing source destination protocol 6 destination-port 443

"Exchange; index: 8" {
        id 9;
        from L3-Inside;
        destination any;
        user any;
        application/service  any/any/any/any;
        action Forward;
        symmetric-return no;
        forwarding-egress-IF/VSYS ethernet1/3;
        terminal no;

Sunday, February 10, 2019

Sunday Thought:

No real thought in particular here.  I just pray that God will bless your life and that you will know the grace and love of our Lord and Savior Jesus (Yeshua) Christ, the Messiah that was written about in the Old Testament.