test policy match cli tool returns nothing. what does that mean?

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

test policy match cli tool returns nothing. what does that mean?

test policy match cli tool returns nothing. what does that mean?

It should match some policy right ?

Does that mean it matches one of the default policies?


Community Team Member

Hi @HistoricalSwimming ,


I see the same behavior when I test a policy that I didn't configure explicitly.

Only policies that I've explicitly configured will show up in the test.  Possibly because the default rules don't show in the config XML file.




LIVEcommunity team member, CISSP
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Cyber Elite
Cyber Elite


The logic for this feature only looks at entries under the <security/> rulebase (or whatever rulebase you're currently looking at). The default policies actually live in their own rulebase under <default-security-rules/> and are never analyzed by the policy match. 

You could probably put in a feature request with your SE if you wanted that feature to be expanded to include the default rules. 

  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!