How to view the Prisma Access Remote Networks Service IP and network details from Panorama CLI
6437
Created On 11/09/22 10:42 AM - Last Modified 12/01/23 02:15 AM
Objective
- An administrator needs to fetch the Remote Networks Service IP and network information from Panorama via Command Line Interface (CLI).
- This information is already available in Web UI. Use this document for the instructions. The same information on the Web UI is show as below.
Environment
- Prisma Access managed by Panorama.
- Any PAN-OS versions
- Remote Networks
Procedure
- Login to the Panorama Command line interface.
- For Single tenant setup, Run following command to view the required information.
admin@Panorama> debug plugins cloud_services prisma-access query body b64eyJzZXJ2aWNlVHlwZSI6ImZ3YWFzIn0= action getNetworkDetailData pass {"@status": "success", "@code": "19", "result": {"@total-count": 4, "@count": 4, "entry": [{"name": "RN4", "Service IP Address": "x.x.x.156", "Local IP Address": "Citrix-IPSec-Tunnel-Default", "Static Subnet": ["192.168.4.0/24"], "EBGP Router": ["10.127.240.8"], "Branch AS and Router": [], "EBGP Router ECMP": null, "Branch AS and Router ECMP": null, "Inbound Access Apps": null, "Loopback IP Address": "10.127.240.8"}, {"name": "RN3", "Service IP Address": "x.x.x.156", "Local IP Address": "CloudGenix-IPSec-Tunnel-Default", "Static Subnet": ["192.168.3.0/24"], "EBGP Router": ["10.127.240.8"], "Branch AS and Router": [], "EBGP Router ECMP": null, "Branch AS and Router ECMP": null, "Inbound Access Apps": null, "Loopback IP Address": "10.127.240.8"}, {"name": "TestNetwork", "Service IP Address": "x.x.x.31", "Local IP Address": "CiscoASA-IPSec-Tunnel-Default", "Static Subnet": ["192.168.1.0/24"], "EBGP Router": ["10.127.240.4"], "Branch AS and Router": [], "EBGP Router ECMP": null, "Branch AS and Router ECMP": null, "Inbound Access Apps": null, "Loopback IP Address": "10.127.240.4"}, {"name": "RN2", "Service IP Address": "x.x.x.31", "Local IP Address": "CiscoISR-IPSec-Tunnel-Default", "Static Subnet": ["192.168.2.0/24"], "EBGP Router": ["10.127.240.4"], "Branch AS and Router": [], "EBGP Router ECMP": null, "Branch AS and Router ECMP": null, "Inbound Access Apps": null, "Loopback IP Address": "10.127.240.4"}], "redundancy-alert": []}} - For Multi-tenant setup, run following command to view the required information. Refer to the Additional information section to find the body information for each tenant.
admin@Panorama> debug plugins cloud_services prisma-access query body b64eyJzZXJ2aWNlVHlwZSI6ImZ3YWFzIiwidGVuYW50TmFtZSI6IkxhYlRlbmFudG5heWEifQ== action getNetworkDetailData pass {"@status": "success", "@code": "19", "result": {"@total-count": 1, "@count": 1, "entry": [{"name": "Tenant1RN1", "Service IP Address": "x.x.x.67", "Local IP Address": "test25NEWTEST-RN", "Static Subnet": ["1.1.1.1/32"], "EBGP Router": ["172.16.9.8"], "Branch AS and Router": [], "EBGP Router ECMP": null, "Branch AS and Router ECMP": null, "Inbound Access Apps": null, "Loopback IP Address": "172.16.9.8"}], "redundancy-alert": []}}
Additional Information
- The response is json format. Use any json parser sort the information in human friendly way.
- The output would list the same information which is shown in the Web UI.
- The same command should work on all the panorama's.
- For multi-tenant, Each tenant query body would be different. Use https://panorama-IP/php/utils/debug.php and then query the network details from GUI
- Search for body in the debug output and copy that body info specific to your tenant. Example below. This example has is for another tenant and hence the body is different than the one mentioned above.
- Php debug logs can also be captured from CLI under /var/log/php.debug.log
<operations xml="yes"> <request> <plugins> <cloud_services> <gpcs> <query> <action>getNetworkDetailData</action> <body>b64eyJzZXJ2aWNlVHlwZSI6ImZ3YWFzIiwidGVuYW50TmFtZSI6IkV4cGxpY2l0UHJveHkifQ==</body> </query> </gpcs> </cloud_services> </plugins> </request> </operations> </request>