如何从 Panorama CLI 查看 Prisma Access 远程网络服务 IP 和网络详细信息
6449
Created On 11/09/22 10:42 AM - Last Modified 02/02/24 06:09 AM
Objective
- 管理员需要通过命令行界面 (CLI) 从 Panorama 获取远程网络服务 IP 和网络信息。
- 此信息已在 Web UI 中提供。 有关说明,请参阅本 文档 。 Web UI 上的相同信息如下所示。
Environment
- Prisma Access 由 Panorama 管理。
- 任何 PAN-OS 版本
- 远程网络
Procedure
- 登录到 Panorama 命令行界面。
- 对于单租户设置,请运行以下命令以查看所需信息。
admin@Panorama> debug plugins cloud_services prisma-access query body b64eyJzZXJ2aWNlVHlwZSI6ImZ3YWFzIn0= action getNetworkDetailData pass {"@status": "success", "@code": "19", "result": {"@total-count": 4, "@count": 4, "entry": [{"name": "RN4", "Service IP Address": "x.x.x.156", "Local IP Address": "Citrix-IPSec-Tunnel-Default", "Static Subnet": ["192.168.4.0/24"], "EBGP Router": ["10.127.240.8"], "Branch AS and Router": [], "EBGP Router ECMP": null, "Branch AS and Router ECMP": null, "Inbound Access Apps": null, "Loopback IP Address": "10.127.240.8"}, {"name": "RN3", "Service IP Address": "x.x.x.156", "Local IP Address": "CloudGenix-IPSec-Tunnel-Default", "Static Subnet": ["192.168.3.0/24"], "EBGP Router": ["10.127.240.8"], "Branch AS and Router": [], "EBGP Router ECMP": null, "Branch AS and Router ECMP": null, "Inbound Access Apps": null, "Loopback IP Address": "10.127.240.8"}, {"name": "TestNetwork", "Service IP Address": "x.x.x.31", "Local IP Address": "CiscoASA-IPSec-Tunnel-Default", "Static Subnet": ["192.168.1.0/24"], "EBGP Router": ["10.127.240.4"], "Branch AS and Router": [], "EBGP Router ECMP": null, "Branch AS and Router ECMP": null, "Inbound Access Apps": null, "Loopback IP Address": "10.127.240.4"}, {"name": "RN2", "Service IP Address": "x.x.x.31", "Local IP Address": "CiscoISR-IPSec-Tunnel-Default", "Static Subnet": ["192.168.2.0/24"], "EBGP Router": ["10.127.240.4"], "Branch AS and Router": [], "EBGP Router ECMP": null, "Branch AS and Router ECMP": null, "Inbound Access Apps": null, "Loopback IP Address": "10.127.240.4"}], "redundancy-alert": []}} - 对于多租户设置,请运行以下命令以查看所需信息。 请参阅“其他信息”部分,查找每个租户的正文信息。
admin@Panorama> debug plugins cloud_services prisma-access query body b64eyJzZXJ2aWNlVHlwZSI6ImZ3YWFzIiwidGVuYW50TmFtZSI6IkxhYlRlbmFudG5heWEifQ== action getNetworkDetailData pass {"@status": "success", "@code": "19", "result": {"@total-count": 1, "@count": 1, "entry": [{"name": "Tenant1RN1", "Service IP Address": "x.x.x.67", "Local IP Address": "test25NEWTEST-RN", "Static Subnet": ["1.1.1.1/32"], "EBGP Router": ["172.16.9.8"], "Branch AS and Router": [], "EBGP Router ECMP": null, "Branch AS and Router ECMP": null, "Inbound Access Apps": null, "Loopback IP Address": "172.16.9.8"}], "redundancy-alert": []}}
Additional Information
- 响应为 json 格式。 使用任何 json 解析器以人性化的方式对信息进行排序。
- 输出将列出 Web UI 中显示的相同信息。
- 相同的命令应该适用于所有全景图。
- 对于多租户,每个租户查询正文都不同。 使用 https://panorama-IP/php/utils/debug.php 然后从 GUI 查询网络详细信息
- 在调试输出中搜索“正文”,并复制特定于租户的 正文信息。 下面的示例。 此示例适用于另一个租户,因此正文与上面提到的正文不同。
- Php 调试日志也可以从 /var/log/php.debug.log 下的 CLI 中捕获
<operations xml="yes"> <request> <plugins> <cloud_services> <gpcs> <query> <action>getNetworkDetailData</action> <body>b64eyJzZXJ2aWNlVHlwZSI6ImZ3YWFzIiwidGVuYW50TmFtZSI6IkV4cGxpY2l0UHJveHkifQ==</body> </query> </gpcs> </cloud_services> </plugins> </request> </operations> </request>