You can use test commands
to verify that your policies are working as expected.
Test a security policy rule.
Use the test security-policy-match command
to determine whether a security policy rule is configured correctly.
For example, suppose you have a user mcanha in your marketing department
who is responsible for posting company updates to Twitter. Instead
of adding a new rule just for that user, you want to test whether
twitter will be allowed via an existing rule. By running the following
test command, you can see that the user mcanha is indeed allowed
to post to twitter based on your existing Allowed Personal Apps
security policy rule:
Use the test authentication-policy-match command
to test your Authentication policy. For example, you want to make
sure that all users accessing Salesforce are authenticated. You
would use the following test command to make
sure that if users are not identified using any other mechanism,
the Authentication policy will force them to authenticate:
admin@PA-3060> test authentication-policy-match from trust to untrust source 192.168.201.10 destination 96.43.144.26
Matched rule: 'salesforce' action: web-form
Test a Decryption policy rule.
Use the test decryption-policy-match category command
to test whether traffic to a specific destination and URL category
will be decrypted according to your policy rules. For example, to
verify that your no-decrypt policy for traffic to financial services
sites is not being decrypted, you would enter a command similar
to the following:
admin@PA-3060> test decryption-policy-match category financial-services from trust source 10.40.14.197 destination 159.45.2.143
Matched rule: 'test' action: no-decrypt