Palo Alto Test Policy Matches

Test a security policy rule:

test security-policy-match application twitter-posting source-user cordero\kcordero destination 98.2.144.22 destination-port 80 source 10.200.11.23 protocol 6

Test an Authentication policy rule:

test authentication-policy-match from trust to untrust source 192.168.10.10 destination 98.2.144.22

Test a Decryption policy rule:

test decryption-policy-match category financial-services from trust source 10.200.11.23 destination 98.2.144.22

Protocol Options:
When it comes to the protocol #, you have several options to choose from like:

TCP = 6
UDP = 17
ICMP = 1
ESP = 50

Below is a full list of options you can use.

Decimal	Keyword	Protocol	IPv6 Extension Header	Reference
0	HOPOPT	IPv6 Hop-by-Hop Option	Y	[RFC8200]
1	ICMP	Internet Control Message		[RFC792]
2	IGMP	Internet Group Management		[RFC1112]
3	GGP	Gateway-to-Gateway		[RFC823]
4	IPv4	IPv4 encapsulation		[RFC2003]
5	ST	Stream		[RFC1190][RFC1819]
6	TCP	Transmission Control		[RFC793]
7	CBT	CBT		[Tony_Ballardie]
8	EGP	Exterior Gateway Protocol		[RFC888][David_Mills]
9	IGP	any private interior gateway (used by Cisco for their IGRP)		[Internet_Assigned_Numbers_Authority]
10	BBN-RCC-MON	BBN RCC Monitoring		[Steve_Chipman]
11	NVP-II	Network Voice Protocol		[RFC741][Steve_Casner]
12	PUP	PUP		[Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, “PUP: An Internetwork Architecture”, XEROX Palo Alto Research Center, CSL-79-10, July 1979; also in IEEE Transactions on Communication, Volume COM-28, Number 4, April 1980.][[XEROX]]
13	ARGUS (deprecated)	ARGUS		[Robert_W_Scheifler]
14	EMCON	EMCON		[<mystery contact>]
15	XNET	Cross Net Debugger		[Haverty, J., “XNET Formats for Internet Protocol Version 4”, IEN 158, October 1980.][Jack_Haverty]
16	CHAOS	Chaos		[J_Noel_Chiappa]
17	UDP	User Datagram		[RFC768][Jon_Postel]
18	MUX	Multiplexing		[Cohen, D. and J. Postel, “Multiplexing Protocol”, IEN 90, USC/Information Sciences Institute, May 1979.][Jon_Postel]
19	DCN-MEAS	DCN Measurement Subsystems		[David_Mills]
20	HMP	Host Monitoring		[RFC869][Bob_Hinden]
21	PRM	Packet Radio Measurement		[Zaw_Sing_Su]
22	XNS-IDP	XEROX NS IDP		[“The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specification”, AA-K759B-TK, Digital Equipment Corporation, Maynard, MA.  Also as: “The Ethernet – A Local Area Network”, Version 1.0, Digital Equipment Corporation, Intel Corporation, Xerox Corporation, September 1980.  And: “The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specifications”, Digital, Intel and Xerox, November 1982. And: XEROX, “The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specification”, X3T51/80-50, Xerox Corporation, Stamford, CT., October 1980.][[XEROX]]
23	TRUNK-1	Trunk-1		[Barry_Boehm]
24	TRUNK-2	Trunk-2		[Barry_Boehm]
25	LEAF-1	Leaf-1		[Barry_Boehm]
26	LEAF-2	Leaf-2		[Barry_Boehm]
27	RDP	Reliable Data Protocol		[RFC908][Bob_Hinden]
28	IRTP	Internet Reliable Transaction		[RFC938][Trudy_Miller]
29	ISO-TP4	ISO Transport Protocol Class 4		[RFC905][<mystery contact>]
30	NETBLT	Bulk Data Transfer Protocol		[RFC969][David_Clark]
31	MFE-NSP	MFE Network Services Protocol		[Shuttleworth, B., “A Documentary of MFENet, a National Computer Network”, UCRL-52317, Lawrence Livermore Labs, Livermore, California, June 1977.][Barry_Howard]
32	MERIT-INP	MERIT Internodal Protocol		[Hans_Werner_Braun]
33	DCCP	Datagram Congestion Control Protocol		[RFC4340]
34	3PC	Third Party Connect Protocol		[Stuart_A_Friedberg]
35	IDPR	Inter-Domain Policy Routing Protocol		[Martha_Steenstrup]
36	XTP	XTP		[Greg_Chesson]
37	DDP	Datagram Delivery Protocol		[Wesley_Craig]
38	IDPR-CMTP	IDPR Control Message Transport Proto		[Martha_Steenstrup]
39	TP++	TP++ Transport Protocol		[Dirk_Fromhein]
40	IL	IL Transport Protocol		[Dave_Presotto]
41	IPv6	IPv6 encapsulation		[RFC2473]
42	SDRP	Source Demand Routing Protocol		[Deborah_Estrin]
43	IPv6-Route	Routing Header for IPv6	Y	[Steve_Deering]
44	IPv6-Frag	Fragment Header for IPv6	Y	[Steve_Deering]
45	IDRP	Inter-Domain Routing Protocol		[Sue_Hares]
46	RSVP	Reservation Protocol		[RFC2205][RFC3209][Bob_Braden]
47	GRE	Generic Routing Encapsulation		[RFC2784][Tony_Li]
48	DSR	Dynamic Source Routing Protocol		[RFC4728]
49	BNA	BNA		[Gary Salamon]
50	ESP	Encap Security Payload	Y	[RFC4303]
51	AH	Authentication Header	Y	[RFC4302]
52	I-NLSP	Integrated Net Layer Security  TUBA		[K_Robert_Glenn]
53	SWIPE (deprecated)	IP with Encryption		[John_Ioannidis]
54	NARP	NBMA Address Resolution Protocol		[RFC1735]
55	MOBILE	IP Mobility		[Charlie_Perkins]
56	TLSP	Transport Layer Security Protocol using Kryptonet key management		[Christer_Oberg]
57	SKIP	SKIP		[Tom_Markson]
58	IPv6-ICMP	ICMP for IPv6		[RFC8200]
59	IPv6-NoNxt	No Next Header for IPv6		[RFC8200]
60	IPv6-Opts	Destination Options for IPv6	Y	[RFC8200]
61		any host internal protocol		[Internet_Assigned_Numbers_Authority]
62	CFTP	CFTP		[Forsdick, H., “CFTP”, Network Message, Bolt Beranek and Newman, January 1982.][Harry_Forsdick]
63		any local network		[Internet_Assigned_Numbers_Authority]
64	SAT-EXPAK	SATNET and Backroom EXPAK		[Steven_Blumenthal]
65	KRYPTOLAN	Kryptolan		[Paul Liu]
66	RVD	MIT Remote Virtual Disk Protocol		[Michael_Greenwald]
67	IPPC	Internet Pluribus Packet Core		[Steven_Blumenthal]
68		any distributed file system		[Internet_Assigned_Numbers_Authority]
69	SAT-MON	SATNET Monitoring		[Steven_Blumenthal]
70	VISA	VISA Protocol		[Gene_Tsudik]
71	IPCV	Internet Packet Core Utility		[Steven_Blumenthal]
72	CPNX	Computer Protocol Network Executive		[David Mittnacht]
73	CPHB	Computer Protocol Heart Beat		[David Mittnacht]
74	WSN	Wang Span Network		[Victor Dafoulas]
75	PVP	Packet Video Protocol		[Steve_Casner]
76	BR-SAT-MON	Backroom SATNET Monitoring		[Steven_Blumenthal]
77	SUN-ND	SUN ND PROTOCOL-Temporary		[William_Melohn]
78	WB-MON	WIDEBAND Monitoring		[Steven_Blumenthal]
79	WB-EXPAK	WIDEBAND EXPAK		[Steven_Blumenthal]
80	ISO-IP	ISO Internet Protocol		[Marshall_T_Rose]
81	VMTP	VMTP		[Dave_Cheriton]
82	SECURE-VMTP	SECURE-VMTP		[Dave_Cheriton]
83	VINES	VINES		[Brian Horn]
84	TTP	Transaction Transport Protocol		[Jim_Stevens]
84	IPTM	Internet Protocol Traffic Manager		[Jim_Stevens]
85	NSFNET-IGP	NSFNET-IGP		[Hans_Werner_Braun]
86	DGP	Dissimilar Gateway Protocol		[M/A-COM Government Systems, “Dissimilar Gateway Protocol Specification, Draft Version”, Contract no. CS901145, November 16, 1987.][Mike_Little]
87	TCF	TCF		[Guillermo_A_Loyola]
88	EIGRP	EIGRP		[RFC7868]
89	OSPFIGP	OSPFIGP		[RFC1583][RFC2328][RFC5340][John_Moy]
90	Sprite-RPC	Sprite RPC Protocol		[Welch, B., “The Sprite Remote Procedure Call System”, Technical Report, UCB/Computer Science Dept., 86/302, University of California at Berkeley, June 1986.][Bruce Willins]
91	LARP	Locus Address Resolution Protocol		[Brian Horn]
92	MTP	Multicast Transport Protocol		[Susie_Armstrong]
93	AX.25	AX.25 Frames		[Brian_Kantor]
94	IPIP	IP-within-IP Encapsulation Protocol		[John_Ioannidis]
95	MICP (deprecated)	Mobile Internetworking Control Pro.		[John_Ioannidis]
96	SCC-SP	Semaphore Communications Sec. Pro.		[Howard_Hart]
97	ETHERIP	Ethernet-within-IP Encapsulation		[RFC3378]
98	ENCAP	Encapsulation Header		[RFC1241][Robert_Woodburn]
99		any private encryption scheme		[Internet_Assigned_Numbers_Authority]
100	GMTP	GMTP		[[RXB5]]
101	IFMP	Ipsilon Flow Management Protocol		[Bob_Hinden][November 1995, 1997.]
102	PNNI	PNNI over IP		[Ross_Callon]
103	PIM	Protocol Independent Multicast		[RFC7761][Dino_Farinacci]
104	ARIS	ARIS		[Nancy_Feldman]
105	SCPS	SCPS		[Robert_Durst]
106	QNX	QNX		[Michael_Hunter]
107	A/N	Active Networks		[Bob_Braden]
108	IPComp	IP Payload Compression Protocol		[RFC2393]
109	SNP	Sitara Networks Protocol		[Manickam_R_Sridhar]
110	Compaq-Peer	Compaq Peer Protocol		[Victor_Volpe]
111	IPX-in-IP	IPX in IP		[CJ_Lee]
112	VRRP	Virtual Router Redundancy Protocol		[RFC5798]
113	PGM	PGM Reliable Transport Protocol		[Tony_Speakman]
114		any 0-hop protocol		[Internet_Assigned_Numbers_Authority]
115	L2TP	Layer Two Tunneling Protocol		[RFC3931][Bernard_Aboba]
116	DDX	D-II Data Exchange (DDX)		[John_Worley]
117	IATP	Interactive Agent Transfer Protocol		[John_Murphy]
118	STP	Schedule Transfer Protocol		[Jean_Michel_Pittet]
119	SRP	SpectraLink Radio Protocol		[Mark_Hamilton]
120	UTI	UTI		[Peter_Lothberg]
121	SMP	Simple Message Protocol		[Leif_Ekblad]
122	SM (deprecated)	Simple Multicast Protocol		[Jon_Crowcroft][draft-perlman-simple-multicast]
123	PTP	Performance Transparency Protocol		[Michael_Welzl]
124	ISIS over IPv4			[Tony_Przygienda]
125	FIRE			[Criag_Partridge]
126	CRTP	Combat Radio Transport Protocol		[Robert_Sautter]
127	CRUDP	Combat Radio User Datagram		[Robert_Sautter]
128	SSCOPMCE			[Kurt_Waber]
129	IPLT			[[Hollbach]]
130	SPS	Secure Packet Shield		[Bill_McIntosh]
131	PIPE	Private IP Encapsulation within IP		[Bernhard_Petri]
132	SCTP	Stream Control Transmission Protocol		[Randall_R_Stewart]
133	FC	Fibre Channel		[Murali_Rajagopal][RFC6172]
134	RSVP-E2E-IGNORE			[RFC3175]
135	Mobility Header		Y	[RFC6275]
136	UDPLite			[RFC3828]
137	MPLS-in-IP			[RFC4023]
138	manet	MANET Protocols		[RFC5498]
139	HIP	Host Identity Protocol	Y	[RFC7401]
140	Shim6	Shim6 Protocol	Y	[RFC5533]
141	WESP	Wrapped Encapsulating Security Payload		[RFC5840]
142	ROHC	Robust Header Compression		[RFC5858]
143	Ethernet	Ethernet		[RFC8986]
144-252		Unassigned		[Internet_Assigned_Numbers_Authority]
253		Use for experimentation and testing	Y	[RFC3692]
254		Use for experimentation and testing	Y	[RFC3692]
255	Reserved			[Internet_Assigned_Numbers_Authority]