Difference between revisions of "Useful commands"

From Tech-Wiki
Jump to: navigation, search
Line 5: Line 5:
 
  traceroute host xxx.xxx.xxx.xxx
 
  traceroute host xxx.xxx.xxx.xxx
  
Sample log filter examples to use in GUI:
+
To get interfaces and MAC address:
  (addr.src in 192.168.1.10) and (port.dst eq 21)
+
  show interface all
  (from/member eq 'trust') and (source/member eq 'Host1')
+
  show arp all
 +
 
 +
Display routing table:
 +
show routing route
  
 
Getting system information:
 
Getting system information:
Line 16: Line 19:
 
  show system resources            (Top equivalent)
 
  show system resources            (Top equivalent)
 
  show running resource-monitor    (Historical)
 
  show running resource-monitor    (Historical)
 +
 +
Sample log filter examples to use in GUI:
 +
(addr.src in 192.168.1.10) and (port.dst eq 21)
 +
(from/member eq 'trust') and (source/member eq 'Host1')
  
 
Reading the system log:
 
Reading the system log:
 
  less mp-log master.log
 
  less mp-log master.log
 
Display routing table:
 
show routing route
 
 
To get MAC address:
 
show interface all
 
show arp all
 
  
 
Validate if specified traffic will match any firewall/nat rule
 
Validate if specified traffic will match any firewall/nat rule

Revision as of 13:54, 29 October 2018


Executing ping/traceroute:

ping host xxx.xxx.xxx.xxx
traceroute host xxx.xxx.xxx.xxx

To get interfaces and MAC address:

show interface all
show arp all

Display routing table:

show routing route

Getting system information:

show system info

Getting performance status:

show system statistics session    (Throughput)
show system resources             (Top equivalent)
show running resource-monitor     (Historical)

Sample log filter examples to use in GUI:

(addr.src in 192.168.1.10) and (port.dst eq 21)
(from/member eq 'trust') and (source/member eq 'Host1')

Reading the system log:

less mp-log master.log

Validate if specified traffic will match any firewall/nat rule

test security-policy-match from trust to untrust source 10.4.70.48 destination 200.1.2.100 destination-port 80 protocol 6
test nat-policy-match source 10.1.0.1 destination 200.1.2.100 destination-port 21 protocol 6

To view current host objects based on FQDN or to update the list:

request system fqdn show
request system fqdn refresh force yes

Display current connections through the firewall and get detailed info for a specific one:

show session all filter state active
show session id xxxxx

To commit the candidate version of configuration:

commit partial vsys vsys1 device-and-network excluded 

Check pending changes:

Click on the Device tab > Config audit
Select a candidate config on the right

To validate if the candidate version is consistent (validating syntax and semantics):

validate full

To commit even with errors:

commit force

Troubleshoot IPSec VPN issues:

show vpn gateway
show vpn ike-sa
debug ike global on debug
less mp--log ikemgr.log

Reboot/Shutdown the device

request restart/shutdown system
On GUI click on Device tab > Setup link > Operations tab