Palo Alto Global Protect
Software, Content and Licenses
To upgrade the software on the FW:
tftp import software from <IP_addr_tftp_server> file <filename>
request system software install file <filename>
request restart system
request system software [info | check | download | install ] –manipulate PANOS software from the CLI
To upgrade the content on the FW:
tftp import content from <IP_addr_tftp_server> file <filename>
request content upgrade install file <filename>
request content downgrade install previous –downgrade to the previous content version
request system private--data--reset-- to clear config and logs/reports
debug swm [ status | list | revert ] – will show possible code to install, or code that was installed. “revert” is used to revert to last running OS version without having to do a
factory reset (such as from 4.0 to back to 3.1)
request license info – shows the license installed on the device
delete license key ? – use to delete a license file if having issues and want to retrieve new licenses, use question mark to list file names, only delete the files you see fit
Config diff/force/cli format
show config diff-- compares two versions of the config
commit force-- perform a commit, even if there are errors
set cli config--output--format set-- use to view the config in “set” format from within the configure prompt (#)
IPSec
To view detailed debug information for IPSec tunneling:
1. debug ike global on debug
2. less mp--log ikemgr.log
Misc
set deviceconfig setting session tcp--reject--non--syn no – used to ignore SYN when creating sessions; confirm command took effect with show session info
set deviceconfig setting session offload no –-- makes all packets go through CPU, otherwise all fastpath packets just go through EZ chip (turns off session offload to fastpath); confirm command took effect with show session info
debug dataplane pool statistics -- this will show the different dataplane buffers and can e used to see if the system is nearing capacity in certain functionality.
tftp import software from <IP_addr_tftp_server> file <filename>
request system software install file <filename>
request restart system
request system software [info | check | download | install ] –manipulate PANOS software from the CLI
To upgrade the content on the FW:
tftp import content from <IP_addr_tftp_server> file <filename>
request content upgrade install file <filename>
request content downgrade install previous –downgrade to the previous content version
request system private--data--reset-- to clear config and logs/reports
debug swm [ status | list | revert ] – will show possible code to install, or code that was installed. “revert” is used to revert to last running OS version without having to do a
factory reset (such as from 4.0 to back to 3.1)
request license info – shows the license installed on the device
delete license key ? – use to delete a license file if having issues and want to retrieve new licenses, use question mark to list file names, only delete the files you see fit
Config diff/force/cli format
show config diff-- compares two versions of the config
commit force-- perform a commit, even if there are errors
set cli config--output--format set-- use to view the config in “set” format from within the configure prompt (#)
IPSec
To view detailed debug information for IPSec tunneling:
1. debug ike global on debug
2. less mp--log ikemgr.log
Misc
set deviceconfig setting session tcp--reject--non--syn no – used to ignore SYN when creating sessions; confirm command took effect with show session info
set deviceconfig setting session offload no –-- makes all packets go through CPU, otherwise all fastpath packets just go through EZ chip (turns off session offload to fastpath); confirm command took effect with show session info
debug dataplane pool statistics -- this will show the different dataplane buffers and can e used to see if the system is nearing capacity in certain functionality.
No comments:
Post a Comment