Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

test policy match cli tool returns nothing. what does that mean?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

test policy match cli tool returns nothing. what does that mean?

test policy match cli tool returns nothing. what does that mean?

It should match some policy right ?

Does that mean it matches one of the default policies?

2 REPLIES 2

Community Team Member

Hi @HistoricalSwimming ,

 

I see the same behavior when I test a policy that I didn't configure explicitly.

Only policies that I've explicitly configured will show up in the test.  Possibly because the default rules don't show in the config XML file.

 

Cheers,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Cyber Elite
Cyber Elite

@HistoricalSwimming,

The logic for this feature only looks at entries under the <security/> rulebase (or whatever rulebase you're currently looking at). The default policies actually live in their own rulebase under <default-security-rules/> and are never analyzed by the policy match. 

You could probably put in a feature request with your SE if you wanted that feature to be expanded to include the default rules. 

  • 1717 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!