https://live.paloaltonetworks.com/t5/general-topics/access-rule-simulation/m-p/404337#M91885 <P>Hello,</P> <P>There is a GUI version of the policy tester as well. In policies at the bottom "Test policy Match".</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OtakarKlier_0-1619816542583.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/33583iBC5DCFED69EB7551/image-size/medium?v=v2&amp;px=400" role="button" title="OtakarKlier_0-1619816542583.png" alt="OtakarKlier_0-1619816542583.png" /></span></P> <P>Hope that helps.</P> Fri, 30 Apr 2021 21:02:35 GMT OtakarKlier 2021-04-30T21:02:35Z https://live.paloaltonetworks.com/t5/general-topics/access-rule-simulation/m-p/403621#M91830 <P>Does anyone have any idea how we can do access rule simulation from monitoring logs in PAN 820. Any automation or tool recommended?</P> Wed, 28 Apr 2021 20:33:06 GMT https://live.paloaltonetworks.com/t5/general-topics/access-rule-simulation/m-p/403621#M91830 ENMAXAdmin 2021-04-28T20:33:06Z https://live.paloaltonetworks.com/t5/general-topics/access-rule-simulation/m-p/403732#M91837 <P>Hey <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/133687">@ENMAXAdmin</a> ,</P><P>&nbsp;</P><P>Can you explain a bit more, what are you trying to achive?</P><P>From PAN-OS 9.0 and later there is "test policy" tool build-in to the GUI. You can access it either from Device &gt; Troubleshooting, or as button at the bottom of the Policy tab</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AlexanderAstardzhiev_0-1619682960035.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/33426i73E2B903DF7972B1/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="AlexanderAstardzhiev_0-1619682960035.png" alt="AlexanderAstardzhiev_0-1619682960035.png" /></span></P><P>&nbsp;</P><P>You can use the CLI tool as well:</P><LI-CODE lang="markup">&gt; test security-policy-match + application Application name + category Category name + check-hip-mask check hip mask + destination destination IP address + destination-port Destination port + from from + protocol IP protocol value + show-all show all potential match rules until first allow rule + source source IP address + source-user Source User + to to | Pipe through a command &lt;Enter&gt; Finish input</LI-CODE><P>&nbsp;</P><P>But I don't understand what you meand by "from monitoring logs". The each log entry contain the name of the rule that this traffic has matched.</P> Thu, 29 Apr 2021 08:00:10 GMT https://live.paloaltonetworks.com/t5/general-topics/access-rule-simulation/m-p/403732#M91837 aleksandar.astardzhiev 2021-04-29T08:00:10Z https://live.paloaltonetworks.com/t5/general-topics/access-rule-simulation/m-p/404337#M91885 <P>Hello,</P> <P>There is a GUI version of the policy tester as well. In policies at the bottom "Test policy Match".</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OtakarKlier_0-1619816542583.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/33583iBC5DCFED69EB7551/image-size/medium?v=v2&amp;px=400" role="button" title="OtakarKlier_0-1619816542583.png" alt="OtakarKlier_0-1619816542583.png" /></span></P> <P>Hope that helps.</P> Fri, 30 Apr 2021 21:02:35 GMT https://live.paloaltonetworks.com/t5/general-topics/access-rule-simulation/m-p/404337#M91885 OtakarKlier 2021-04-30T21:02:35Z