Palo Alto Networks Knowledgebase: Quick Reference Guide: Helpful Commands

Quick Reference Guide: Helpful Commands

22608
Created On 02/08/19 00:02 AM - Last Updated 02/08/19 00:02 AM
Resolution

Quick Reference Guide contains helpful PAN-OS CLI Commands.

 

COMMANDDESCRIPTION
General System Health
show system infoShows the system’s management IP, serial #, and code version
show jobs processedShows when commits, downloads, upgrades are completed
show system disk-spaceShows percent usage of disk partitions
show system logdb-quotaShows the maximum log file sizes
show system software statusShows running processes
Monitor CPUs
show system resourcesShows processes running in the Management Plane
show running resource-monitorShows the resource utilization in the Dataplane
Dropped Packet Troubleshooting
ping source <IP_addr_src_int> host <IP_addr_host>Ping from a specified device source interface to destination IP
ping host <IP> Ping from the management interface
show session all filter source <source-IP> destination <destination-IP> Shows specific sessions in the sessions table for source and destination IPs.
show session info Shows usage, pps rates, etc
show session id <id-number>Shows session details by entering the session ID number.
Packet Filters and Capture - WARNING: Running debug commands on a production device may cause instability or other undesirable results!

debug dataplane packet-diag clear all

debug dataplane packet-diag clear log log

Clear/delete settings and files previously created.
delete debug-filter file *Removes all packet capture files

debug dataplane packet-diag set filter match source x.x.x.x destination y.y.y.y destination-port

debug dataplane packet-diag set filter match source y.y.y.y destination x.x.x.x destination-port debug dataplane packet-diag set filter on

Sets filter with the source IP, destination IP and port to capture from/to packets.

debug dataplane packet-diag set capture stage receive file pantacrx.pcap

debug dataplane packet-diag set capture stage transmit file pantactx.pcap

debug dataplane packet-diag set capture stage drop file pantacdrop.pcap

debug dataplane packet-diag set capture stage firewall file pantacfw.pcap

debug dataplane packet-diag set capture on

Configures the different stage of capture types to be executed.
debug dataplane pack-diag show settingVerifies packet filters are setup correctly.
show counter global filter delta yes packet-filter yes While test is running, run the command 2-3 times to verify filtered traffic is being captured.
debug dataplane packet-diag set capture offTurns off packet capture and filter

tcpdump filter “src net <ip/netmask>”

tcpdump snaplen 1500 filter “src net <ip/netmask>”

view-pcap mgmt-pcap mgmt.pcap

Captures PCAP on management interface.
Packet Flow Logs - WARNING: Always set specific packet filters to minimize CPU usage. See above Packet Filters and Capture commands.
debug dataplane packet-diag set log feature flow basicSet packet-diag log to capture flow basic
debug dataplane packet-diag set log onTurns on packet-diag log.
debug dataplane packet-diag set log offCapture traffic then immediately disable packet-diag log.
debug dataplane packet-diag aggregate-logsAggregates pack-diag logs to a single file. After disabling packet-diag log, wait 1-2 minutes before running this command.
less dp-log pan_packet_diag.logView packet-diag log output. Note: PA-5000 series writes to individual dp0-log, dp1-log or dp2-log
Log/Forward Device Issues
debug log-receiver statisticsShows the log statistics, like logging incoming rate, log written rate, corrupted packets and logs discarded due to a full queue.
less mp-log logrcvr.logShows debug logging issues on the device.
debug software restart log-receiverRestarts log-receiver process.
Log Viewing/Deleting
show log [system | traffic | threat] direction equal [forward | backward]Goes to the beginning/end of a log. Note: Arguments shown with square bracket [] and pipe | symbols mean choose one of the arguments listed.
Monitor Management or Device Server

show system resources follow

tail follow yes mp-log ms.log

Shows management server messages for commit failures, updates, licenses, link status, policy details, etc.
tail follow yes mp-log devsrv.logShows device server message for commit failures, updates, licenses, link status, policy details, etc.
Authentication Logs
less mp-log authd.log Shows the detail authentication logs on the device.
NAT
show running nat-policyShows current NAT policy table.

show running ippool

show running global-ippool

Shows NAT pool utilization.
Routing
show routing routeShows routing table.
Policies
show running security-policyShows current policy set.
User-ID Agent

show user user-id-agent state all

show user user-id-agent statistics

Shows agent’s status. Status should be connected OK and there should be numbers shown under users, groups, and IPS.

show user user-ids show user user-IDs

show user group-mapping state all

show user group-mapping statistics

show user group list

show user group name <value>

Shows the groups pulled from User-ID Agent.
show user ip-user-mapping allShows IP to username mappings.

clear user-cache all

clear user-cache ip <ip/netmask>

Clears user-ID cache.
BrightCloud URL Filtering
test url <url or IP>Tests categorization of a URL on the device.
tail follow yes mp-log pan_bc_download.logShows the BrightCloud database update logs.
debug dataplane show url-cache statisticsShows statistics on the URL cache
clear url-cache url <url>Clears URL cache for a site.
show log url direction equal backward

Shows the URL log, most recent entries first.

Note: Cache contains 100k of the most popular URLs on the network.

ping host service.brightcloud.comTests connectivity to the BrightCloud servers.
PAN-DB URL Filtering
show url-cloud status Check URL cloud status.

debug dataplane test url-resolve-path <url>

test url-info-host <url>

test url-info-cloud <url>

Tests categorization of a URL on Dataplane cache.

Tests categorization of a URL on Management Plane cache.

Tests categorization of a URL on Cloud.

clear url-cache url <url>

delete url-database url <url>

Clears URLs from the Dataplane cache.

Clears URLs from the Management Plane cache

show running url-cache statistics

debug device-server pan-url-db show-stats

Show statistics on URL Dataplane cache.

Show statistics on URL Management Plane cache

IPSEC
show vpn flowShows encap/decap counters
show vpn gatewayShows list of IKE gateway configurations.
show vpn ike-saShows IKE Phase 1 SA
show vpn ipsec-saShows IPSEC Phase 2 SA.
show vpn tunnelShows list of auto-key IPSec tunnel configurations.

show log system subtype equal vpn direction equal backward

debug ike global on debug

less mp-log ikemgr.log

Shows detail debug information for IPSec tunneling.
High Availability
show high-availability stateShows the HA state of the device.
show high-availability allShows the HQ settings configured on the device and peer.
show high-availability state-synchronizationShows if the devices are synchronized
request high-availability state suspendSuspends active device and makes passive device active
request high-availability state functionalChanges the state from suspend to passive.
Software, Content and Licenses
request restart systemReboots the system.

request content upgrade

> check

> download

> info

> install

Upgrades content.

Gets info from Palo Alto Networks server.

Downloads content packages.

Displays available content packages info.

Installs content packages.

request content downgrade install previousDowngrades to previous content version
request license infoShows the license installed on the device.
delete license keyDeletes a license file.
Miscellaneous

configure

set deviceconfig setting session tcp-reject-non-syn no

commit

show session info

 

Ignore SYN when creating sessions.

 

Confirms command took effect

configure

set deviceconfig setting session offload no

commit

show session info

Make all packets go through CPU, otherwise all fastpath packets go through the chip. Turns session offload to fastpath.

Confirms command took effect.

debug dataplane pool statisticsShows the different dataplane buffers and capacity


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXRCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language