Skip to main content

Palo Alto-CLI cheat sheet

Palo Alto-CLI cheat sheet

Device management:
Show general system-health information –> show system info
Show percent usage of disk partitions –> show system disk-space
Show the maximum log file size –> show system logdb-quota
Show running processes –> show system software status
Show processes running in the management plane –> show system resources
Show resource utilization in the dataplane –> show running resource-monitor
Show the licenses installed on the device –> request license info
Show when commits, downloads, and/or upgrades are completed –> show jobs processed
Show session information –> show session info
Show information about a specific session –> show session id <session-id>
Show the running security policy –>show running security-policy
Show the authentication logs –> less mp-log authd.log
Restart the device –> request -restart system
Display the routing table –> show routing route
Look at routes for a specific destination –> show routing fib virtual-router <name> | match <x.x.x.x/Y>
NAT:
Show the NAT policy table –> show running nat-policy
Test the NAT policy –> test nat-policy-match
Show NAT pool utilization –> show running ippool,show running global-ippool
IPSec:
Show IPSec counters –> show vpn flow
Show a list of all IPSec gateways and their configurations –> show vpn gateway
Show IKE phase 1 SAs –> show vpn ike-sa
Show IKE phase 2 SAs –> show vpn ipsec-sa
Show a list of auto-key IPSec tunnel configurations –> show vpn tunnel
Troubleshooting:
Ping from the management (MGT) interface to a destination IP address –> ping host <destination-ip-address>
Ping from a dataplane interface to a destination IP address –> ping source <ip-address-on-dataplane> host <destination-ip-address>
Show network statistics –> netstat all yes
Labels:

Comments

Post a Comment

Popular posts from this blog

Checkpoint firewall common commands part 2

Checkpoint firewall common commands part 2 For basic firewall informaton gathering: fgate stat -Status and statistics of Flood-Gate-1. fwaccel <stat|stats|conns>  – View status, statistics or connection table of SecureXL. fw getifs -Show list of configured interfaces with IP and netmask. cpstat <app_flag> [-f flavour] -View OS, HW and CP application status. Issue cpstat without any options to see all possible application flags <app_flag> and corresponding flavours. Examples: cpstat fw -f policy – verbose policy info cpstat os -f cpu – CPU utilization statistics cpinfo -y all   -List all installed patches and hotfixes. cpd_sched_config print -Show task scheduled with CPD scheduler. enabled_blades -View enabled software blades avsu_client [-app <app>]   , get_version <app>  -Get signature version and status of content security .Without the -app option “Anti Virus” is used. show co...
Post a Comment
Read more

Unable to Connect to Server Checkpoint R80

Unable to Connect to Server Checkpoint R80 Unable to Connect to Server A connection to the management server will fail if: A firewall between SmartConsole and the management server blocks Port 19009 -  port 19009 is used for a new R80 service. Allow traffic on this port for all clients and management servers. No GUI clients are assigned -  Open the Gaia Portal. If the First Time Configuration Wizard opens, complete it. If the First Time Configuration Wizard has already run, open  User Management > GUI Clients  and add a client. When using Multi-Domain Security Management, connect SmartConsole to the Multi-Domain Server and make sure the domains have GUI clients assigned to them. The required processes are not reachable -  Make sure the computer with SmartConsole installed can reach the IP address of the management server, and that these server processes are up and running: cpm fwm Operation time out  – Your connection ...
Post a Comment
Read more

Checkpoint firewall common commands part1

Checkpoint firewall common commands part1 For starting or stopping firewall services cpstop -Stop all Check Point services except cprid . You can also stop specific services by issuing an option with cpstop. For instance cpstop FW1 stops FW-1/VPN-1 or use cpstop WebAccess to stop WebAccess. cpstart -Start all Check Point services except cprid . cpstart works with the same options as cpstop . cprestart -Combined cpstop and cpstart . Complete restart. cpridstop, cpridstart, cpridrestart -Stop, start or restart cprid , the Check Point Remote Installation Daemon. fw kill [-t sig] proc -Kill a Firewall process. PID file in $FWDIR/tmp/ must be present. Per default sends signal 15 (SIGTERM).Example: fw kill -t 9 fwm fw unloadlocal – Uninstalls local security policy and disables IP forwarding. For getting basic firewall information : fw ver [-k] , fwm [mds] ver, vpn ver [-k], fgate ver -Show major and minor version as well as build numb...
Post a Comment
Read more