Test commnad on the nat policies

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Test commnad on the nat policies

L0 Member

Hello,

I did an upgrade from a 500 model to a 3020 model. All the configurations work just fine. The problem that I see is that I cannot test the nat-policy rules. I have the following configuration:

..

snat-all-LANs {

        from inside;

        source [ 172.30.0.0/15 192.168.0.0/16 ];

        to outside;

        to-interface  ;

        destination any;

        service  any/any/any;

        translate-to "src: #.#.#.# (dynamic-ip-and-port) (pool idx: 1)";

        terminal no;

..

when I do a test for the nat rule match it returns a no match result

PA-3020-CE-01> test nat-policy-match  source 192.168.0.1 destination 8.8.8.8 destination-port 80 protocol 6

No rule matched

How can I find out why is there no match?

I have to mention that the NAT configuration works just fine.

Thanks,

Costin

2 REPLIES 2

Retired Member
Not applicable

Did a quick test on PA-3020 and PA-200 and the test nat-policy-match command worked fine for me. I used PAN-OS 5.0.6 and 5.0.8. What PAN-OS version are you running? Perhaps you can try adding more parameters in your test command such as from zone, etc. See if that makes a difference.

-Richard

Hello,

I have PAN-OS 5.0.6 installed on my device. I used for the test the source and destination zones and it identified the rule.

I also tested this on a 5050 with PAN-OS 5.0.3 and on this one the rule was identified by the "test nat-rule" without using zone parameters.

Is there any reason for this? (different OS?)

Thanks,

Costin

  • 2024 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!