topic Re: test security-policy-match in General Topics

test security-policy-match

Wbm — Fri, 22 Feb 2013 10:08:15 GMT

Somebody help me write command test security-policy-match....... which WORKS and search that rule:

VIP-TEST {

from zone-v586;

source any;

source-region any;

to zone-v8;

destination 192.168.81.81;

destination-region any;

user cn=net_vip-test,ou=paloalto,dc=domena;

category any;

application/service[ ssl/tcp/any/443 web-browsing/tcp/any/80 ];

action allow;

Thank you.

Re: test security-policy-match

SCoupland — Fri, 22 Feb 2013 10:20:34 GMT

This may work: -

test security-policy-match from <insert source zone> to zone-v8 source-user cn=net_vip,ou=paloalto,dc=domena destination 192.168.81.81 application web-browsing destination-port 80

Just replace the source zone and possibly the username (do a ? after entering source-user to get the correct syntax for their name). You can also add a "show all" at the end to see if it maybe is matching an earlier security policy.

Re: test security-policy-match

Wbm — Fri, 22 Feb 2013 11:58:29 GMT

sorry does not work

Are you sure that syntax is correct. I think you must use protocol and source adress.

If i use "source user ?" answer is <value> Source User

Please tell me correct syntax argument soure-user if my login is kdaniszewski

Re: test security-policy-match

NetEng-Dan — Fri, 22 Feb 2013 14:36:40 GMT

for source user try the following format <domain_name>\<username>

for example using a domain name of testdomain and a user named kdaniszewski the format would be as follows:

source-user testdomain\kdaniszewski

Hope that helps...

Re: test security-policy-match

sdurga — Fri, 22 Feb 2013 17:40:06 GMT

You can also try this

test security-policy-match source < src IP address > destination 192.168.81.81 protocol 6 destination-port 80.

Thanks,

Sandeep T

Re: test security-policy-match

Wbm — Mon, 25 Feb 2013 08:28:49 GMT

Thank you for help but still not work. If my policy I use argument source-user I can't find any policy but if source-user is empty I can find.

I tested and dosen't work

test security-policy-match source 0.0.0.0 destination 192.168.81.81 protocol 6 destination-port 80.

test security-policy-match source 0.0.0.0 destination 192.168.81.81 protocol 6 destination-port 80 source-user domain\kdaniszewski

test security-policy-match source 0.0.0.0 destination 192.168.81.81 protocol 6 destination-port 80 source-user domain\net_vip-test

test security-policy-match source 0.0.0.0 destination 192.168.81.81 protocol 6 destination-port 80 source-user domain\vip-test

If I use protocol IP (4) no change dosen't work.

Thank you

Re: test security-policy-match

sanju_nepal — Mon, 25 Feb 2013 20:22:43 GMT

test security-policy-match from <zone> to <zone> source-user domain\alias source x.x.x.x destination y.y.y.y application <name of application> protocol <protocolnumber> show all yes

Sample Example:
test security-policy-match from trust to untrust source-user test\testuser source 1.1.1.1 destination 2.2.2.2 application youtube-base protocol 80 show all yes

Thanks,

Sanju