Palo Alto-CLI cheat sheet
Device management:
Show general system-health information –> show system info
Show percent usage of disk partitions –> show system disk-space
Show the maximum log file size –> show system logdb-quota
Show running processes –> show system software status
Show processes running in the management plane –> show system resources
Show resource utilization in the dataplane –> show running resource-monitor
Show the licenses installed on the device –> request license info
Show when commits, downloads, and/or upgrades are completed –> show jobs processed
Show session information –> show session info
Show information about a specific session –> show session id <session-id>
Show the running security policy –>show running security-policy
Show the authentication logs –> less mp-log authd.log
Restart the device –> request -restart system
Display the routing table –> show routing route
Look at routes for a specific destination –> show routing fib virtual-router <name> | match <x.x.x.x/Y>
NAT:
Show the NAT policy table –> show running nat-policy
Test the NAT policy –> test nat-policy-match
Show NAT pool utilization –> show running ippool,show running global-ippool
IPSec:
Show IPSec counters –> show vpn flow
Show a list of all IPSec gateways and their configurations –> show vpn gateway
Show IKE phase 1 SAs –> show vpn ike-sa
Show IKE phase 2 SAs –> show vpn ipsec-sa
Show a list of auto-key IPSec tunnel configurations –> show vpn tunnel
Troubleshooting:
Ping from the management (MGT) interface to a destination IP address –> ping host <destination-ip-address>
Ping from a dataplane interface to a destination IP address –> ping source <ip-address-on-dataplane> host <destination-ip-address>
Show network statistics –> netstat all yes
Show general system-health information –> show system info
Show percent usage of disk partitions –> show system disk-space
Show the maximum log file size –> show system logdb-quota
Show running processes –> show system software status
Show processes running in the management plane –> show system resources
Show resource utilization in the dataplane –> show running resource-monitor
Show the licenses installed on the device –> request license info
Show when commits, downloads, and/or upgrades are completed –> show jobs processed
Show session information –> show session info
Show information about a specific session –> show session id <session-id>
Show the running security policy –>show running security-policy
Show the authentication logs –> less mp-log authd.log
Restart the device –> request -restart system
Display the routing table –> show routing route
Look at routes for a specific destination –> show routing fib virtual-router <name> | match <x.x.x.x/Y>
NAT:
Show the NAT policy table –> show running nat-policy
Test the NAT policy –> test nat-policy-match
Show NAT pool utilization –> show running ippool,show running global-ippool
IPSec:
Show IPSec counters –> show vpn flow
Show a list of all IPSec gateways and their configurations –> show vpn gateway
Show IKE phase 1 SAs –> show vpn ike-sa
Show IKE phase 2 SAs –> show vpn ipsec-sa
Show a list of auto-key IPSec tunnel configurations –> show vpn tunnel
Troubleshooting:
Ping from the management (MGT) interface to a destination IP address –> ping host <destination-ip-address>
Ping from a dataplane interface to a destination IP address –> ping source <ip-address-on-dataplane> host <destination-ip-address>
Show network statistics –> netstat all yes
Comments
Post a Comment