How to check the warning message for application dependency via CLI

How to check the warning message for application dependency via CLI

3439
Created On 01/10/24 05:30 AM - Last Modified 09/07/24 02:25 AM


Objective


  • Starting from PAN-OS 9.1 the application dependency warnings are now organized and presented in a clear manner for easy analysis.
  • Upon completion, the commit or validate job window may now show a separate tab for any application dependency warnings. Refer Simplified Application Dependency Workflow
  • GUI tab is shown below. This article provides the CLI commands to check the same.
     
image.png

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.1 and above
  • Application Dependency

Procedure


  1. Use the CLI command "show app-warning <tab>" and complete the command.
  2. The command is hidden and does not display until you type the string "show app-warning".
  3. The complete command is listed below.
show app-warning warning-message vsys <vsys name> uuid <rule uuid>
Note: Vsys and UUID fields are mandatory.
  1. UUID for security rule can be found out using the following command.
debug device-server dump idmgr type security-rule all | match <rule name>
Example:
  • Here is an example for checking the warning message for application dependency via CLI.
admin@PA-3060> debug device-server dump idmgr type security-rule all | match Allow
4 vsys1+Allow (uuid: c73ee4b8-3ed4-497a-876b-6f581512dc1f)

admin@PA-3060> show app-warning warning-message vsys vsys1 uuid c73ee4b8-3ed4-497a-876b-6f581512dc1f


Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008WX2CAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language