Difference between revisions of "Useful commands"
From Tech-Wiki
Line 15: | Line 15: | ||
show system resources (Top equivalent) | show system resources (Top equivalent) | ||
show running resource-monitor (Historical) | show running resource-monitor (Historical) | ||
+ | |||
+ | Reading the system log: | ||
+ | less mp-log master.log | ||
Display routing table: | Display routing table: |
Revision as of 16:35, 21 July 2016
Executing ping/traceroute:
ping host xxx.xxx.xxx.xxx traceroute host xxx.xxx.xxx.xxx
Sample log filter to use in GUI:
(addr.src in 192.168.1.10) and (port.dst eq 21)
Getting system information:
show system info
Getting performance status:
show system statistics session (Throughput) show system resources (Top equivalent) show running resource-monitor (Historical)
Reading the system log:
less mp-log master.log
Display routing table:
show routing route
To get MAC address:
show interface all show arp all
Validate if specified traffic will match any firewall/nat rule
test security-policy-match from trust to untrust source 10.4.70.48 destination 200.1.2.100 destination-port 80 protocol 6 test nat-policy-match source 10.1.0.1 destination 200.1.2.100 destination-port 21 protocol 6
To view current host objects based on FQDN or to update the list:
request system fqdn show request system fqdn refresh force yes
Display current connections through the firewall and get detailed info for a specific one:
show session all filter state active show session id xxxxx
To commit the candidate version of configuration:
commit partial vsys vsys1 device-and-network excluded
Check pending changes:
Click on the Device tab > Config audit Select a candidate config on the right
To validate if the candidate version is consistent (validating syntax and semantics):
validate full
To commit even with errors:
commit force
Troubleshoot IPSec VPN issues:
show vpn gateway show vpn ike-sa debug ike global on debug less mp--log ikemgr.log