Feature to test Firewall rule logic with test packets?
cancel
Showing results for 
Search instead for 
Did you mean: 

Feature to test Firewall rule logic with test packets?

L3 Networker

Im setting up some rules right now which 'should' just work as they are fairly straightforward.

Is there a feature that will let me state a certain packet with certain info is comming in on an interface and the FW can tell me what rules it hits and what path it takes through virtual routers?

I just want to see the flow of the packet through the firewall so i know whats going wrong.

thanks

1 ACCEPTED SOLUTION

Accepted Solutions

L6 Presenter

You can use the test commands on the device. The test command can be used to test variety of rules like NAT, secuirty, dos , etc.

Capture3.PNG

You can test a security policy is working or not as below.

Capture.PNG

And the same applies for the NAT policy also. You can test NAT policy as below,Capture2.PNG

You can use a wide range of criteria's in your test like source ip, source-user, destination application and more. Take the help  of ? symbol while using this commands and test your rules.

View solution in original post

2 REPLIES 2

L6 Presenter

You can use the test commands on the device. The test command can be used to test variety of rules like NAT, secuirty, dos , etc.

Capture3.PNG

You can test a security policy is working or not as below.

Capture.PNG

And the same applies for the NAT policy also. You can test NAT policy as below,Capture2.PNG

You can use a wide range of criteria's in your test like source ip, source-user, destination application and more. Take the help  of ? symbol while using this commands and test your rules.

View solution in original post

thanks very much! thats exactly what i was hoping for.

also, i was able to find the protocol numbers the rules refer to

http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!