Difference between revisions of "Useful commands"
From Tech-Wiki
(Created page with "Category:Palo Alto Executing ping: ping host xxx.xxx.xxx.xxx Sample log filter to use in GUI: (addr.src in 192.168.1.10) and (port.dst eq 21) Getting performance stat...") |
|||
(17 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Category:Palo Alto]] | [[Category:Palo Alto]] | ||
− | Executing ping: | + | Executing ping/traceroute: |
ping host xxx.xxx.xxx.xxx | ping host xxx.xxx.xxx.xxx | ||
+ | traceroute host xxx.xxx.xxx.xxx | ||
− | + | To get interfaces and MAC address: | |
− | + | show interface all | |
+ | show arp all | ||
− | + | Display routing table: | |
− | show | + | show routing route |
− | + | ||
− | + | ||
− | show | + | Getting system information: |
− | show | + | show system info |
+ | show system logdb-quota | ||
− | + | Getting performance status: | |
− | + | show system statistics session (Throughput) | |
− | + | show system resources (Top equivalent) | |
− | + | show running resource-monitor (Historical) | |
− | + | ||
− | + | ||
+ | Sample log filter examples to use in GUI: | ||
+ | (addr.src in 192.168.1.10) and (port.dst eq 21) | ||
+ | (from/member eq 'trust') and (source/member eq 'Host1') | ||
− | + | Reading the system log: | |
− | + | less mp-log master.log | |
− | + | ||
+ | Validate if specified traffic will match any firewall/nat rule | ||
+ | test security-policy-match from trust to untrust source 10.4.70.48 destination 200.1.2.100 destination-port 80 protocol 6 | ||
+ | test nat-policy-match source 10.1.0.1 destination 200.1.2.100 destination-port 21 protocol 6 | ||
− | + | To view current host objects based on FQDN or to update the list: | |
− | + | show dns-proxy fqdn all | |
+ | request system fqdn show | ||
+ | request system fqdn refresh force yes | ||
− | + | Display current connections through the firewall and get detailed info for a specific one: | |
− | + | show session all filter state active | |
− | + | show session id xxxxx | |
− | + | Filtering and closing active connections: | |
− | + | show session all filter source x.x.x.x | |
+ | show session all filter application xxxxxx | ||
+ | clear session id xxxxx | ||
+ | Change the virtual system | ||
+ | set system setting target-vsys ? | ||
− | + | To commit the candidate version of configuration: | |
+ | commit partial vsys vsys1 device-and-network excluded | ||
− | + | Check pending changes: | |
− | + | Click on the Device tab > Config audit | |
− | + | Select a candidate config on the right | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | To validate if the candidate version is consistent (validating syntax and semantics): | |
− | + | > configure | |
− | + | # validate full | |
− | + | > show jobs id xxxx | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | To commit even with errors: | |
+ | commit force | ||
− | + | Troubleshoot IPSec VPN issues: | |
− | + | show vpn gateway | |
+ | show vpn ike-sa | ||
+ | debug ike global on debug | ||
+ | less mp--log ikemgr.log | ||
− | + | Reboot/Shutdown the device | |
− | + | request restart/shutdown system | |
+ | On GUI click on Device tab > Setup link > Operations tab |
Latest revision as of 21:22, 25 May 2021
Executing ping/traceroute:
ping host xxx.xxx.xxx.xxx traceroute host xxx.xxx.xxx.xxx
To get interfaces and MAC address:
show interface all show arp all
Display routing table:
show routing route
Getting system information:
show system info show system logdb-quota
Getting performance status:
show system statistics session (Throughput) show system resources (Top equivalent) show running resource-monitor (Historical)
Sample log filter examples to use in GUI:
(addr.src in 192.168.1.10) and (port.dst eq 21) (from/member eq 'trust') and (source/member eq 'Host1')
Reading the system log:
less mp-log master.log
Validate if specified traffic will match any firewall/nat rule
test security-policy-match from trust to untrust source 10.4.70.48 destination 200.1.2.100 destination-port 80 protocol 6 test nat-policy-match source 10.1.0.1 destination 200.1.2.100 destination-port 21 protocol 6
To view current host objects based on FQDN or to update the list:
show dns-proxy fqdn all request system fqdn show request system fqdn refresh force yes
Display current connections through the firewall and get detailed info for a specific one:
show session all filter state active show session id xxxxx
Filtering and closing active connections:
show session all filter source x.x.x.x show session all filter application xxxxxx clear session id xxxxx
Change the virtual system
set system setting target-vsys ?
To commit the candidate version of configuration:
commit partial vsys vsys1 device-and-network excluded
Check pending changes:
Click on the Device tab > Config audit Select a candidate config on the right
To validate if the candidate version is consistent (validating syntax and semantics):
> configure # validate full > show jobs id xxxx
To commit even with errors:
commit force
Troubleshoot IPSec VPN issues:
show vpn gateway show vpn ike-sa debug ike global on debug less mp--log ikemgr.log
Reboot/Shutdown the device
request restart/shutdown system On GUI click on Device tab > Setup link > Operations tab