test policy match cli tool returns nothing. what does that mean?

cancel
Showing results for 
Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

test policy match cli tool returns nothing. what does that mean?

test policy match cli tool returns nothing. what does that mean?

It should match some policy right ?

Does that mean it matches one of the default policies?

2 REPLIES 2

Community Team Member

Hi @HistoricalSwimming ,

 

I see the same behavior when I test a policy that I didn't configure explicitly.

Only policies that I've explicitly configured will show up in the test.  Possibly because the default rules don't show in the config XML file.

 

Cheers,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Don't forget to hit that Like button if a post is helpful to you!

Cyber Elite
Cyber Elite

@HistoricalSwimming,

The logic for this feature only looks at entries under the <security/> rulebase (or whatever rulebase you're currently looking at). The default policies actually live in their own rulebase under <default-security-rules/> and are never analyzed by the policy match. 

You could probably put in a feature request with your SE if you wanted that feature to be expanded to include the default rules. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!