Hello to the community, First I'd like to thank everyone for contributing. The community is invaluable. I was wondering if anybody have any ideas why I always see this behavior? Reading through the discussions and doing my own research, I have seen it result showing "No rule matched" whereas my output is always just blank when no rule is matched. I enabled override on the interzone-default, and I do see the logs appear in "monitor" in the GUI. But executing test security-policy-match in CLI for the same traffic results in no output at all. Example of blank output: admin@f1-nttptc-dmz-pa(active)> test security-policy-match from DMZ to IPAM source 155.16.250.9 destination 155.16.38.141 destination-port 53 protocol 17 admin@f1-nttptc-dmz-pa(active)> I have always seen this behavior over numerous versions of PA 8.x / 9.x. Is this the expected behavior? Why do I see other posts with output results showing the helpful "No Rule Found" message? The only way I can get output from this command in CLI is if I add an explicit "deny any any" at the bottom, but this comes with its own set of issues as it overrides the default allow for "intrazone" traffic, affecting stuff like BGP, IPSec, Interface Mgmt, etc., I appreciate any feedback from others' experiences and whether this is the expected behavior? Thanks to all in advance, G
... View more