| CLI Basics | |
| > show system info | Show general system health information |
| > show system disk-space files | Show percent usage of disk partitions |
| > show system software status | Show running processes |
| > show system resources | Show processes running in the management plane |
| > show running resource-monitor | Show resource utilization in the dataplane |
| > request license info | Show the licenses installed on the device |
| > request restart system | Restart the device |
| > request shutdown system | Shutdown the device |
| > show admins | Show the logged in administrators |
| > show admins all | Show all administrators, regardless of whether they are logged in |
| > set cli config-output-format <default | json | set | xml> | (Web GUI, CLI or API) Change the output format |
| > find command keyword <keyword> | Show list of commands that contain the specified keywor |
| Jobs | |
| > show jobs pending | show pending jobs |
| > show jobs processed | Show finished jobs |
| > show jobs id <number> | Show info about specific job |
| Commit | |
| > check pending changes | Check for uncommitted changes to the candidate configuration |
| > commit | Commit entire configuration |
| > commit partial ? | Commit part of the configuration |
| > show system last-commit-info | Show last commit information |
| Troubleshooting | |
| > show session info | Show session information |
| > show session id <session-id> | Show information about a specific session |
| > show session all | Show all active sessions |
| > show log traffic | Show traffic log |
| > less mp-log authd.log | Show the authentication logs |
| > tftp export tech-support to <tftp host> | Export tech support file via TFTP |
| > scp export tech-support to <username@host:path> | Export tech support file via SCP |
| Important files and folders | |
| /var/log/pan/dp-monitor.log | Data plane information |
| /var/log/pan/mp-monitor.log | Management plane information |
| /opt/pancfg/mgmt/saved-configs/ | Running configuration |
| /usr/local/bin/remove- private info.sh | Script to remove private information from log files |
| /var/cores/crashinfo | Backtraces files for service crahses |
| Packet capture | |
| > debug dataplane packet-diag show setting | Show configured capture settings |
| > debug dataplane packet-diag clear all | Delete existing filters |
| > debug dataplane packet-diag clear log log | Delete existing log files |
| > debug dataplane packet-diag set filter ? | Set filters |
| > debug dataplane packet-diag set filter enable | Enable filters |
| > debug dataplane packet-diag set capture ? | Configure capture |
| > debug dataplane packet-diag set capture on | Enable capture |
| > show counter global filter delta yes packet-filter yes | Verify if packets have been captured |
| > debug dataplane packet-diag set capture off | Stop capture |
| Network tools | |
| > ping host <ip-address> | Ping from the management interface |
| > ping source <ip-address-on-dp> host <destination-ip> | Ping from a dataplane interface |
| > traceroute <interface> <ip-address> | Traceroute |
| > dig <interface> <server address> <hostname> | DNS query |
| > show netstat statistics yes | Show network statistics |
| User-ID | |
| > show user user-id-agent state all | Show all configured Windows-based agents |
| > show user server-monitor state all | Verify if the PAN-OS-integrated agent is configured |
| > show user server-monitor statistics | Show user-ID mapping statistics |
| > show user user-id-agent config name <agent-name> | Show User-ID agent configuration |
| > show user group-mapping statistics | Show group mapping statistics |
| > show user group-mapping state all | Show all group mappings |
| > show user group list | Show list of user groups |
| > show user group name group-name> | Show group members of specified group |
| > show user ip-user-mapping all | Show all user mappings |
| > show user ip-user-mapping all | match <domain>\\<username> | Show filtered user mapping |
| > show user ip-user-mapping ip <ip-address> | Show user mapping for specific IP address |
| > show log userid datasourcename equal <agent name> direction equal backward | Show most recent addresses learned from a particular User-ID agent |
| > show log userid datasourcetype equal ? | Show mappings from a particular type of authentication service |
| > clear user-cache all | Clear the User-ID cache |
| > clear user-cache ip <ip-address> | Clear the User-ID mapping for a specific IP address |
| > debug user-id refresh user-id ip <IP-Address> agent <User-ID Agent> | Refresh the User-ID mapping for a specific IP address |
| > debug user-id refresh group mapping all | Refresh the user-group mappin |
| High Availability | |
| > show high-availability cluster all | Show all HA cluster configuration content |
| > show high-availability cluster flap-statistics | Show HA cluster flap statistics |
| > show high-availability cluster session-synchronization | Show information about the synchronized messages to or from an HA cluster |
| > show high-availability cluster state | Show HA cluster state and configuration information |
| > show high-availability cluster statistics | Show HA cluster statistics |
| > clear high-availability cluster statistics | Clear HA cluster statistics |
| > request high-availability cluster clear-cache | Clear session cache |
| > request high-availability cluster sync-from | Request full session cache synchronization |
| URL Filtering | |
| > show url-cloud status | Show the URL cloud status |
| > show log url direction equal backward | Display the URL log, most recent entries first |
| > clear url-cache all | Clear whole URL cache |
| > clear url-cache url <value> | Clear specific entry from URL cache |
| > test url <url or IP> | Test the categorization of a URL |
| > test url-info-cloud <url> | Test the categorization of a URL in the cloud |
| Routing | |
| > show routing route | Show the routing table |
| > show routing fib virtual-router <name> | match <x.x.x.x/Y> | Show routes for a specific destination |
| NAT | |
| > show running nat-policy | Show the NAT policy table |
| > test nat-policy-match | Test NAT-policy-match |
| > show running ippool | Show NAT pool utilization |
| > show running global-ippool | Show NAT pool utilization |
| IPSec | |
| > show vpn flow | Show IPSec counters |
| >show vpn gateway | Show list of IKE gateway configurations |
| > show vpn ike-sa | Show IKE phase 1 SAs |
| > show vpn ipsec-sa | Show IKE phase 2 SAs |
| > clear vpn ike-sa gateway <gateway-name> | Clear specific IKE phase 1 SA |
| > clear vpn ipsec-sa tunnel <tunnel-name> | Clear specific IKE phase 2 SAs |
| > show vpn tunnel | Show list of auto-key IPSec tunnel configurations |
| > test vpn ike-sa gateway <gateway-name> | Initiate Phase 1 for a specific gateway |
| > test vpn ipsec-sa tunnel <tunnel-name> | InInitiate Phase 2 for a specific tunnel |
| > debug ike pcap [on | off] | Activate or deactivate packet capture for all IKE traffic |
| > view-pcap follow yes debug | Display and follow the packet capture |
No comments:
Post a Comment