https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280014#M75815 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/102651">@WhiteKnight</a>,</P><P>Hmm, that seems really odd. The only other reason I would suspect this to not work is if you were trying to utilize PBF for a globalprotect client. Outside of that you might want to open a ticket with TAC.&nbsp;</P> Tue, 30 Jul 2019 17:42:59 GMT BPry 2019-07-30T17:42:59Z https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/279981#M75803 <P>I am experiencing an issue with one of our PAN devices, which is a PA-500 running OS 7.0.19. I have created a new PBF rule to forward traffic from a certain subnet to the inside interface of our edge router. I have several other rules pointing other subnets at the same interface which work fine. The PBF rule did not seem to work (yes it is commited). So, I ran the test from the CLI as below.</P><P>&nbsp;</P><P>Zone/Interface: Zone2</P><P>Source Address: 10.80.80.0/24 (not real IP)</P><P>Destination Address: Any</P><P>Application: Any</P><P>Service: Any</P><P>Action: Forward</P><P>Egress Interface: Ethernet 1/2</P><P>Next hop: 12.12.12.1 (not real IP)</P><P>&nbsp;</P><P>From CLI - test pbf-policy-match protocol 6 from Zone2 source 10.80.80.15 destination 8.8.8.8 destination-port 80</P><P>&nbsp;</P><P>The results: "No rule matched"</P><P>&nbsp;</P><P>Any idea what can cause this?</P> Tue, 30 Jul 2019 12:27:58 GMT https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/279981#M75803 WhiteKnight 2019-07-30T12:27:58Z https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280007#M75811 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/102651">@WhiteKnight</a>,</P><P>Just for fun, can you try setting the source as a single IP and then running your tests again?&nbsp;</P> Tue, 30 Jul 2019 16:31:30 GMT https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280007#M75811 BPry 2019-07-30T16:31:30Z https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280011#M75812 <P>I was actually just trying that. I have a test box sitting on that subnet now. The rule is now set for the entire subnet as well as the single IP address. I didn't try the rule with the single IP and remove the subnet. I'll try that now.</P><P>&nbsp;</P><P>Edit: I edited to rule to have the source as a single IP. It still results in "No rule matched"</P> Tue, 30 Jul 2019 17:31:51 GMT https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280011#M75812 WhiteKnight 2019-07-30T17:31:51Z https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280012#M75813 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/102651">@WhiteKnight</a>,</P><P>And just to verify, have you looked for any validation errors with you having too many PBF entries? I know that our old 4000s back in the day could handle more than a few, so I doubt you are reaching the limit, but it might be worth checking.&nbsp;</P> Tue, 30 Jul 2019 17:35:41 GMT https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280012#M75813 BPry 2019-07-30T17:35:41Z https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280013#M75814 <P>I always validate before commiting. When I do validate, there are no errors.</P> Tue, 30 Jul 2019 17:38:38 GMT https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280013#M75814 WhiteKnight 2019-07-30T17:38:38Z https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280014#M75815 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/102651">@WhiteKnight</a>,</P><P>Hmm, that seems really odd. The only other reason I would suspect this to not work is if you were trying to utilize PBF for a globalprotect client. Outside of that you might want to open a ticket with TAC.&nbsp;</P> Tue, 30 Jul 2019 17:42:59 GMT https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280014#M75815 BPry 2019-07-30T17:42:59Z https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280015#M75816 <P>Ok, thanks for the feedback. We do have current support but I figured it was worth asking here. Incase I'm completely overlooking something.</P><P>&nbsp;</P><P>Thank you,</P><P>Matt</P> Tue, 30 Jul 2019 17:46:19 GMT https://live.paloaltonetworks.com/t5/general-topics/pbf-rule-not-being-hit/m-p/280015#M75816 WhiteKnight 2019-07-30T17:46:19Z