Difference between revisions of "Useful commands"

From Tech-Wiki
Jump to: navigation, search
(Created page with "Category:Palo Alto Executing ping: ping host xxx.xxx.xxx.xxx Sample log filter to use in GUI: (addr.src in 192.168.1.10) and (port.dst eq 21) Getting performance stat...")
 
Line 12: Line 12:
 
  show running resource-monitor
 
  show running resource-monitor
  
show session all filter state active
+
Display routing table:
show session id 35299
+
show routing route
  
# validate full
+
To get MAC address:
# exit
+
show interface all
> show jobs id xxx
+
show arp all
# commit
+
# commit partial ?
+
# commit partial vsys vsys1 device-and-network excluded
+
  
 +
Validate if specified traffic will match any firewall/nat rule
 +
test security-policy-match from trust to untrust source 10.4.70.48 destination 200.1.2.100 destination-port 80 protocol 6
 +
test nat-policy-match source 10.1.0.1 destination 200.1.2.100 destination-port 21 protocol 6
 +
 +
To view current host objects based on FQDN or to update the list:
 +
request system fqdn show
 +
request system fqdn refresh force yes
 +
 +
Display current connections through the firewall and get detailed info for a specific one:
 +
show session all filter state active
 +
show session id xxxxx
 +
 +
To commit the candidate version of configuration:
 +
commit partial vsys vsys1 device-and-network excluded
  
 
Check pending changes:
 
Check pending changes:
Line 27: Line 38:
 
  Select a candidate config on the right
 
  Select a candidate config on the right
  
 +
To validate if the candidate version is consistent (validating syntax and semantics):
 +
validate full
  
 
If your GUI is presenting some slowness, you can restart the management plane with no impact in your traffic:
 
If your GUI is presenting some slowness, you can restart the management plane with no impact in your traffic:
Line 34: Line 47:
 
  debug software restart device-server
 
  debug software restart device-server
 
  debug software restart log-receiver
 
  debug software restart log-receiver
 
request system fqdn refresh force yes
 
request system fqdn show
 
 
 
show routing route
 
 
To get MAC address:
 
show interface all
 
show arp all
 
 
Validate if specified traffic will match any firewall/nat rule
 
test security-policy-match from trust to untrust source 10.4.70.48 destination 200.1.2.100 destination-port 80 protocol 6
 
test nat-policy-match source 10.1.0.1 destination 200.1.2.100 destination-port 21 protocol 6
 
  
 
Performing a packet capture (sniffering)
 
Performing a packet capture (sniffering)

Revision as of 01:53, 12 July 2016


Executing ping:

ping host xxx.xxx.xxx.xxx

Sample log filter to use in GUI:

(addr.src in 192.168.1.10) and (port.dst eq 21)

Getting performance status:

show system statistics session
show system resources 
show running resource-monitor

Display routing table:

show routing route

To get MAC address:

show interface all
show arp all

Validate if specified traffic will match any firewall/nat rule

test security-policy-match from trust to untrust source 10.4.70.48 destination 200.1.2.100 destination-port 80 protocol 6
test nat-policy-match source 10.1.0.1 destination 200.1.2.100 destination-port 21 protocol 6

To view current host objects based on FQDN or to update the list:

request system fqdn show
request system fqdn refresh force yes

Display current connections through the firewall and get detailed info for a specific one:

show session all filter state active
show session id xxxxx

To commit the candidate version of configuration:

commit partial vsys vsys1 device-and-network excluded 

Check pending changes:

Click on the Device tab > Config audit
Select a candidate config on the right

To validate if the candidate version is consistent (validating syntax and semantics):

validate full

If your GUI is presenting some slowness, you can restart the management plane with no impact in your traffic:

debug software restart management-server

If you are experiencing Commit slowness or failed, you can also restart the management plane with no impact in your traffic:

debug software restart device-server
debug software restart log-receiver

Performing a packet capture (sniffering)

debug dataplane packet-diag clear filter all
debug dataplane packet-diag clear capture all
debug dataplane packet-diag set filter match source 10.1.1.100 destination 200.1.1.100 
debug dataplane packet-diag set filter match destination-port 80
debug dataplane packet-diag set filter on
debug dataplane packet-diag show setting
debug dataplane packet-diag set capture stage transmit file filename_transmit
debug dataplane packet-diag set capture stage receive file filename_receive
debug dataplane packet-diag set capture stage firewall file filename_firewall
debug dataplane packet-diag set capture stage drop file filename_drop
debug dataplane packet-diag set capture on
view-pcap filter-pcap filename_firewall
view-pcap follow yes filter-pcap filename_transmit
debug dataplane packet-diag set capture off
debug dataplane packet-diag set filter off