topic test security-policy-match command in Automation/API Discussions https://live.paloaltonetworks.com/t5/automation-api-discussions/test-security-policy-match-command/m-p/122848#M1283 <P>Trying to utilize the "test security-policy-match" command to accomplish what I normally accomplish on the Cisco ASA using the packet tracer.&nbsp;</P><P>&nbsp;</P><P>On the firewall<BR />1- I have multiple interfaces configured with multiple zones/VR's</P><P>2- I need to test access to couple of destinations on a specific port</P><P>3- I am trying to use the any command in there but it returns an error</P><P>test security-policy-match protocol 6 from any to any destination 172.21.10.183 destination-port 8443</P><P>&nbsp;</P><P>Is there a way for me to test that access outbound to the destination from all the zones or will I need to do them all one by one specifying the zone and then source IP?</P><P>&nbsp;</P><P>I'm guessing I'll need to do it like this to get precise results</P><P>&nbsp;</P><P>test security-policy-match protocol 6 from zone source #.#.#.# to zone destination 172.21.10.183 destination-port 8443</P> Tue, 01 Nov 2016 16:07:02 GMT mali77palo 2016-11-01T16:07:02Z test security-policy-match command https://live.paloaltonetworks.com/t5/automation-api-discussions/test-security-policy-match-command/m-p/122848#M1283 <P>Trying to utilize the "test security-policy-match" command to accomplish what I normally accomplish on the Cisco ASA using the packet tracer.&nbsp;</P><P>&nbsp;</P><P>On the firewall<BR />1- I have multiple interfaces configured with multiple zones/VR's</P><P>2- I need to test access to couple of destinations on a specific port</P><P>3- I am trying to use the any command in there but it returns an error</P><P>test security-policy-match protocol 6 from any to any destination 172.21.10.183 destination-port 8443</P><P>&nbsp;</P><P>Is there a way for me to test that access outbound to the destination from all the zones or will I need to do them all one by one specifying the zone and then source IP?</P><P>&nbsp;</P><P>I'm guessing I'll need to do it like this to get precise results</P><P>&nbsp;</P><P>test security-policy-match protocol 6 from zone source #.#.#.# to zone destination 172.21.10.183 destination-port 8443</P> Tue, 01 Nov 2016 16:07:02 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/test-security-policy-match-command/m-p/122848#M1283 mali77palo 2016-11-01T16:07:02Z