Here are PAN-OS CLI commands.
- Device Management
※ CLI Cheat Sheet: Device Management (PAN-OS CLI Quick Start)
show system info
show system disk-space
show system logdb-quota
show system software status
▶ Display CPU information
show system resources- shows MP CPU
* Related posts:
show running resource-monitor
* Related posts:
request license info
show jobs processed
show session info
show session all
show session all filter
show session meter
show session id session-id
clear session id 12345
show running security-policy
less mp-log authd.log
request restart system
show admins
show admins all
delete admin-sessions username
set deviceconfig system type dhcp-client accept-dhcp-domain accept-dhcp-hostname send-client-id send-hostname
- Policies
▶ Security
set system setting arp-cache-timeoutshow system setting arp-cache-timeout
▶ NAT
- Show the NAT policy table:show running nat-policy
- Test the NAT policy:
test nat-policy-match
test nat-policy-match
- Show NAT pool utilization:
show running ippool
show running global-ippool
▶ PBF
show pbf rule all
show pbf return-mac name <value>
show pbf return-mac all
- Networking
※ CLI Cheat Sheet: Networking (PAN-OS CLI Quick Start)
▶ System
set system setting arp-cache-timeoutshow system setting arp-cache-timeout
▶ VPN (IPSec)
show vpn flowshow vpn gateway
show vpn ike-sa
show vpn ipsec-sa
show vpn tunnel
test vpn ike-sa gateway
test vpn ipsec-sa tunnel
▶ Routing
show routing routeshow routing fib virtual-router name | match x.x.x.x
show routing bfd active-profile []
show routing bfd details [interface ] [local-ip ] [multihop][peer-ip ] [session-id] [virtual-router ]
show routing bfd drop-counters session-id
show counter global | match bfd
clear routing bfd counters session-id all |
clear routing bfd session-state session-id all |
set session pvst-native-vlan-id
set session drop-stp-packet
show vlan all
show counter global
▶ Troubleshooting
ping host destination-ip-addressping source ip-address-on-dataplane host destination-ip-address
traceroute host remote host
show netstat statistics yes
- User-ID
※ CLI Cheat Sheet: User-ID (PAN-OS CLI Quick Start)
debug user-id log-ip-user-mapping yes
debug user-id log-ip-user-mapping no
show user user-id-agent state all
show user server-monitor state all
show user server-monitor statistics
show user user-id-agent config name
show user group-mapping statistics
show user group-mapping state all
show user group list
show user group name
show user ip-user-mapping all
show user ip-user-mapping all | match \\
show user ip-user-mapping ip
show user user-ids
show log userid datasourcename equal direction equal backward
show log userid datasourcetype equal
show log userid datasourcetype equal kerberos
show log userid datasource equal
show log userid datasourcetype equal xml-api
show user email-lookup
show user email-lookup base "DC=lab,DC=sg,DC=acme,DC=local" bind-dn "CN=Administrator,CN=Users,DC=lab,DC=sg,DC=acme,DC=local" bind-password acme use-ssl no email [email protected] mail-attribute mail server 10.1.1.1 server-port 389 labsg\user1
clear user-cache all
clear user-cache ip
- HA
※ CLI Cheat Sheet: HA (PAN-OS CLI Quick Start)
show high-availability cluster all
show high-availability cluster flap-statistics
show high-availability cluster ha4-status
show high-availability cluster ha4-backup-status
show high-availability cluster session-synchronization
show high-availability cluster state
show high-availability cluster statistics
clear high-availability cluster statistics
request high-availability cluster clear-cache
request high-availability cluster sync-from
show high-availability interface ha2 | match bytes
request high-availability state suspend
- VSYS
※ CLI Cheat Sheet: VSYS (PAN-OS CLI Quick Start)
show system info | match vsys
set system setting target-vsys ?
set system setting target-vsys vsys-name
set system setting target-vsys vsys2
show session meter
show user ip-user-mapping all
set system setting target-vsys none
- Panorama
※ CLI Cheat Sheet: Panorama (PAN-OS CLI Quick Start)
show system info | match system-mode
request system system-mode logger
request system system-mode panurldb
request system system-mode panorama
request system system-mode legacy
set cli config-output-mode set
show device-group branch-offices
set panorama [off | on]
request high-availability sync-to-remote [running-config | candidate-config]
request batch reboot [devices | log-collectors]
set dlsrvr poll-interval
show devicegroups name
show templates name
show config pushed-shared-policy
show config pushed-template
debug log-collector log-collection-stats show incoming-logs
debug log-collector log-collection-stats show log-forwarding-stats
show logging-status device
clear log [acc | alarm | config | hipmatch | system | threat | traffic]
request system system-mode logger
request system system-mode panurldb
request system system-mode panorama
request system system-mode legacy
set cli config-output-mode set
show device-group branch-offices
set panorama [off | on]
request high-availability sync-to-remote [running-config | candidate-config]
request batch reboot [devices | log-collectors]
set dlsrvr poll-interval
show devicegroups name
show templates name
show config pushed-shared-policy
show config pushed-template
debug log-collector log-collection-stats show incoming-logs
debug log-collector log-collection-stats show log-forwarding-stats
show logging-status device
clear log [acc | alarm | config | hipmatch | system | threat | traffic]
* Reference links:
No comments:
Post a Comment