09-11-2020 09:37 AM
Hello to the community,
First I'd like to thank everyone for contributing. The community is invaluable.
I was wondering if anybody have any ideas why I always see this behavior? Reading through the discussions and doing my own research, I have seen it result showing "No rule matched" whereas my output is always just blank when no rule is matched.
I enabled override on the interzone-default, and I do see the logs appear in "monitor" in the GUI. But executing test security-policy-match in CLI for the same traffic results in no output at all.
Example of blank output:
admin@f1-nttptc-dmz-pa(active)> test security-policy-match from DMZ to IPAM source 155.16.250.9 destination 155.16.38.141 destination-port 53 protocol 17
admin@f1-nttptc-dmz-pa(active)>
I have always seen this behavior over numerous versions of PA 8.x / 9.x. Is this the expected behavior? Why do I see other posts with output results showing the helpful "No Rule Found" message? The only way I can get output from this command in CLI is if I add an explicit "deny any any" at the bottom, but this comes with its own set of issues as it overrides the default allow for "intrazone" traffic, affecting stuff like BGP, IPSec, Interface Mgmt, etc.,
I appreciate any feedback from others' experiences and whether this is the expected behavior?
Thanks to all in advance,
G
09-14-2020 10:38 AM
At least for me, this would be expected behavior. It used to be on older releases I would get the "No rule matched", but that changed with a later release and I simply don't get anything until it matches a rulebase entry. I'm not sure exactly when this change was introduced, or really if it's expected behavior, but I deal with enough environments that I can tell you it's standard from what I've seen.
09-14-2020 10:38 AM
At least for me, this would be expected behavior. It used to be on older releases I would get the "No rule matched", but that changed with a later release and I simply don't get anything until it matches a rulebase entry. I'm not sure exactly when this change was introduced, or really if it's expected behavior, but I deal with enough environments that I can tell you it's standard from what I've seen.
09-14-2020 11:48 AM
@BPry - Thanks for taking the time to respond with your answer. I can see you have solid experience, so I have gone ahead and accepted your response as the solution. Kudos
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
