Monday, February 11, 2019

Palo Alto Firewall: Testing PBF (Policy Based Forwarding) In CLI

PBR (or PBF as Palo calls it), is a really great feature.  Policy Based Forwarding (in the network world, we call it policy based routing) is a feature where you can control where packets go without using the routing table.  You set a destination based on certain parameters that you define (like source, protocol, etc) and it catches this PBF policy BEFORE it hits the routing table.  Here is how you test it in CLI, to verify it works the way you want it to.

PA850-1(active)> test pbf-policy-match from L3-Inside application web-browsing source destination protocol 6 destination-port 443

"Exchange; index: 8" {
        id 9;
        from L3-Inside;
        destination any;
        user any;
        application/service  any/any/any/any;
        action Forward;
        symmetric-return no;
        forwarding-egress-IF/VSYS ethernet1/3;
        terminal no;

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.