Scribd Logo
Upload

Welcome to Scribd!

  • 6 views

    Document CLI

    Uploaded by

    adriano.geek.ti
    This document provides a cheatsheet of 42 Palo Alto Networks CLI commands organized by command, privilege mode, and brief description to help with troubleshooting and monitoring firewall configurations and performance. The commands cover displaying system information, logs, sessions, jobs, routing tables, interfaces, resources, and enabling debugging for protocols, dataplane processes, and system modules.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Document CLI

    Uploaded by

    adriano.geek.ti
    6 views12 pages
    This document provides a cheatsheet of 42 Palo Alto Networks CLI commands organized by command, privilege mode, and brief description to help with troubleshooting and monitoring firewall configurations and performance. The commands cover displaying system information, logs, sessions, jobs, routing tables, interfaces, resources, and enabling debugging for protocols, dataplane processes, and system modules.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a cheatsheet of 42 Palo Alto Networks CLI commands organized by command, privilege mode, and brief description to help with troubleshooting and monitoring firewall configurations and performance. The commands cover displaying system information, logs, sessions, jobs, routing tables, interfaces, resources, and enabling debugging for protocols, dataplane processes, and system modules.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views12 pages

    Document CLI

    Uploaded by

    adriano.geek.ti
    This document provides a cheatsheet of 42 Palo Alto Networks CLI commands organized by command, privilege mode, and brief description to help with troubleshooting and monitoring firewall configurations and performance. The commands cover displaying system information, logs, sessions, jobs, routing tables, interfaces, resources, and enabling debugging for protocols, dataplane processes, and system modules.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    CLI For Paloalto|info@networkjourney.

    com | +91 9739521088

    Cheatsheet Guide

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 1 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    Palo Alto Config Commands:


    Sr.No CLI Command Privilege Mode Description
    1 show system info enable Display system information.
    2 show system statistics enable View various system statistics.
    Display the current running
    3 show running-config enable
    configuration.
    debug dataplane packet- Packet-diag for dataplane
    4 configure
    diag troubleshooting.
    debug software restart Restart a specific process for
    5 configure
    process troubleshooting.
    show high-availability Check the HA state for high-
    6 enable
    state availability setups.
    Display system logs for
    7 show log system enable
    troubleshooting.
    show counter global filter Display packet counters for
    8 enable
    delta yes troubleshooting.
    debug software restart Restart device server for
    9 configure
    device-server troubleshooting.
    debug software restart Restart management server for
    10 configure
    management-server troubleshooting.
    show session all filter Display all sessions originating
    11 enable
    source <IP> from a specific IP.
    debug dataplane pool Debug dataplane pool for
    12 configure
    <POOL_NAME> troubleshooting.
    Display processed jobs for
    13 show jobs processed enable
    monitoring.
    Display details about a specific
    14 show jobs id <JOB_ID> enable
    job.
    debug dataplane packet- Clear dataplane packet buffer
    15 configure
    buffer clear for troubleshooting.
    show log mp-log Display logs from the
    16 enable
    <LOG_NAME> management plane.
    Display the current routing
    17 show routing route enable
    table.
    debug routing protocol Enable OSPF protocol
    18 configure
    ospf <AREA> debugging.
    show running resource- Display resource monitoring
    19 enable
    monitor information.
    debug dataplane reset Reset dataplane processes for
    20 configure
    <PROCESS> troubleshooting.
    Display resource utilization
    21 show system resources enable
    information.

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 2 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    debug software restart Restart the dataplane for


    22 configure
    dataplane troubleshooting.
    Display system settings for
    23 show system setting enable
    verification.
    debug system module Enable debugging for a specific
    24 configure
    <MODULE> system module.
    Display the configured object
    25 show object-list enable
    lists.
    debug dataplane packet Enable packet filter debugging in
    26 configure
    filter match <FILTER> dataplane.
    Display global counters for
    27 show counter global enable
    troubleshooting.
    debug dataplane packet Display dataplane packet buffer
    28 configure
    buffer information.
    show counter global filter Display filtered counters for
    29 enable
    delta <FILTER> troubleshooting.
    show counter global filter Display counters for a specific
    30 enable
    category <CATEGORY> category.
    debug dataplane tcp- Enable TCP proxy debugging for
    31 configure
    proxy <PROXY_NAME> troubleshooting.
    show system setting
    32 enable Display specific system settings.
    <SETTING_NAME>
    debug dataplane pool Debug memory pool
    33 configure
    memory-pools information in dataplane.
    show log mp-log
    Display a specific number of logs
    34 <LOG_NAME> nlogs enable
    from the management plane.
    <NUM>
    debug dataplane packet Display detailed packet
    35 configure
    display yes information for troubleshooting.
    show interface Display information about a
    36 enable
    <INTERFACE_NAME> specific interface.
    debug dataplane packet Display statistics for dataplane
    37 configure
    buffer stats packet buffers.
    38 show jobs all enable Display all jobs for monitoring.
    debug dataplane packet Reset dataplane packet filter
    39 configure
    filter reset settings.
    Display Forwarding Information
    40 show routing fib <IP> enable
    Base (FIB) for an IP.
    debug dataplane tcp-
    Reset TCP proxy settings for
    41 proxy reset configure
    troubleshooting.
    <PROXY_NAME>
    show routing protocol Display BGP protocol
    42 enable
    bgp information.

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 3 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    debug routing protocol


    43 configure Enable RIP protocol debugging.
    rip
    show running resource- Display resource monitoring
    44 enable
    monitor information.
    debug routing protocol Enable OSPF area-specific
    45 configure
    ospf area <AREA> debugging.
    show system logdb- Display log database quota
    46 enable
    quota information.
    debug dataplane packet
    Display count of matched
    47 filter match-count configure
    packets for a filter.
    <FILTER>
    show system resources Display real-time resource
    48 enable
    follow utilization information.
    show log mp-log Display dataplane logs from the
    49 enable
    dataplane management plane.
    debug dataplane pool Debug dataplane pool statistics
    50 configure
    statistics <POOL_NAME> for troubleshooting.
    Display disk space utilization
    51 show system disk-space enable
    information.
    debug dataplane pool Debug memory pool leaks in
    52 configure
    leak dataplane.
    show counter global filter Display counters for traffic
    53 enable
    ingress-port <PORT> ingress on a specific port.
    debug dataplane stats Reset dataplane statistics for
    54 configure
    reset troubleshooting.
    Display scheduled jobs for
    55 show jobs scheduled enable
    monitoring.
    debug dataplane packet- Debug packet-diag for a specific
    56 configure
    diag file <FILENAME> file.
    Display the current state of the
    57 show system state enable
    system.
    debug dataplane packet Enable dataplane packet buffer
    58 configure
    buffer filter <FILTER> filtering.
    show routing route Display the routing information
    59 enable
    destination <DEST_IP> for a specific destination.
    debug dataplane pool Debug memory pool
    60 configure
    memory-pools information in dataplane.
    show counter global filter Display counters for traffic
    61 enable
    egress-port <PORT> egress on a specific port.
    debug dataplane packet Clear all dataplane packet
    62 configure
    buffer clear all buffers.
    Display completed jobs for
    63 show jobs completed enable
    monitoring.

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 4 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    debug dataplane packet Reset dataplane packet filter


    64 configure
    filter reset settings.
    show routing route
    Display routing information for a
    65 virtual-router enable
    specific virtual router.
    <VR_NAME>
    debug dataplane tcp- Enable TCP proxy debugging for
    66 configure
    proxy <PROXY_NAME> a specific proxy.
    show system setting Display service-related system
    67 enable
    service settings.
    debug dataplane packet Dump dataplane packet buffer
    68 configure
    buffer dump information.
    show counter global filter Display counters for traffic
    69 enable
    policy <POLICY_NAME> matching a specific policy.

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 5 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    Palo Alto IPSec Commands:


    Sr.No CLI Command Privilege Mode Description
    Display information about VPN
    1 show vpn enable
    tunnels.
    debug ike global on Enable IKE debugging for
    2 configure
    debug troubleshooting.
    Show detailed IKE phase 1 and
    3 debug ike detail configure
    2 information.
    Display information about
    4 show vpn ipsec-sa enable
    IPSec SAs.
    Clear VPN tunnels for
    5 clear vpn tunnel configure
    troubleshooting.
    Display ISAKMP (IKE phase 1)
    6 show crypto isakmp sa enable
    security associations.
    Enable ISAKMP debugging for
    7 debug crypto isakmp configure
    troubleshooting.
    Enable IPSec debugging for
    8 debug crypto ipsec configure
    troubleshooting.
    Clear ISAKMP (IKE phase 1)
    9 clear crypto isakmp configure
    security associations.
    Clear IPSec security
    10 clear crypto ipsec configure
    associations.
    show vpn ipsec-sa tunnel Display information about a
    11 enable
    <TUNNEL> specific IPSec tunnel.
    12 debug ike global off configure Disable global IKE debugging.
    debug ike gateway Enable IKE debugging for a
    13 configure
    <GATEWAY> specific gateway.
    14 debug ike global off configure Disable global IPSec debugging.
    debug ike gateway Enable IPSec debugging for a
    15 configure
    <GATEWAY> specific gateway.
    Display information about
    16 show crypto ikev2 sa enable
    IKEv2 security associations.
    Display information about
    show vpn ipsec-sa
    17 enable IPSec SAs for a specific
    gateway <GATEWAY>
    gateway.
    Clear IKE cookies for
    18 clear vpn ike-cookie configure
    troubleshooting.
    show vpn ipsec-sa Display lifetime information for
    19 enable
    lifetime IPSec SAs.
    debug vpn tunnel
    20 configure Enable VPN tunnel debugging.
    <TUNNEL>
    show crypto ipsec sa Display lifetime information for
    21 enable
    lifetime IPSec SAs.

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 6 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    Clear IPSec SAs for


    22 clear vpn ipsec-sa configure
    troubleshooting.
    Display information about all
    23 show vpn ipsec-sa tunnel enable
    IPSec tunnels.
    Clear IPSec security
    24 clear crypto ipsec sa configure
    associations.
    25 debug crypto isakmp off configure Disable ISAKMP debugging.
    26 debug crypto ipsec off configure Disable IPSec debugging.
    show vpn ike-sa gateway Display IKE SA information for a
    27 enable
    <GATEWAY> specific gateway.
    debug ike module Enable IKE module-specific
    28 configure
    <MODULE> debugging.
    Display information about
    29 show crypto ikev1 sa enable
    IKEv1 security associations.
    Clear IKE SAs for
    30 clear vpn ike-sa configure
    troubleshooting.
    Enable ISAKMP (IKE phase 1)
    31 debug crypto isakmp sa configure
    debugging.
    show vpn ipsec-sa
    Display detailed IPSec SA
    32 gateway <GATEWAY> enable
    information for a gateway.
    detail
    33 debug crypto ipsec sa configure Enable IPSec SA debugging.
    Display information about all
    34 show crypto ipsec sa enable
    IPSec SAs.
    Display IKE SA information for
    35 show vpn ike-sa gateway enable
    all gateways.
    36 debug vpn monitor configure Enable VPN monitor debugging.
    show vpn ike-sa gateway Display detailed IKE SA
    37 enable
    <GATEWAY> detail information for a gateway.
    show vpn ipsec-sa tunnel Display detailed IPSec SA
    38 enable
    <TUNNEL> detail information for a tunnel.
    Clear IKE cookies for
    39 clear vpn ike-cookie configure
    troubleshooting.
    Enable VPN statistics
    40 debug vpn statistics configure
    debugging.
    show vpn ipsec-sa tunnel Display detailed IPSec SA
    41 enable
    <TUNNEL> detail information for a tunnel.
    42 show vpn ike-sa statistics enable Display IKE SA statistics.
    clear vpn ike-sa gateway Clear IKE SAs for a specific
    43 configure
    <GATEWAY> gateway.
    show vpn ipsec-sa tunnel Display lifetime information for
    44 enable
    <TUNNEL> lifetime a specific IPSec tunnel.
    clear vpn ike-sa gateway Clear all IKE SAs for
    45 configure
    all troubleshooting.

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 7 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    Enable VPN tunnel drop


    46 debug vpn tunnel drop configure
    debugging.
    show crypto ipsec sa Display detailed lifetime
    47 enable
    lifetime detail information for IPSec SAs.
    Enable VPN tunnel debugging
    48 debug vpn tunnel on mp configure
    on MP.
    show vpn ipsec-sa
    Display lifetime information for
    49 gateway <GATEWAY> enable
    IPSec SAs on a gateway.
    lifetime
    clear vpn ike-sa gateway Clear IKE SAs for a specific
    50 configure
    <GATEWAY> gateway.
    debug crypto ipsec sa Enable global IPSec SA
    51 configure
    global debugging.
    show vpn ipsec-sa Display detailed lifetime
    52 gateway <GATEWAY> enable information for IPSec SAs on a
    lifetime detail gateway.
    clear vpn ipsec-sa Clear IPSec SAs for a specific
    53 configure
    gateway <GATEWAY> gateway.
    54 debug vpn tunnel off configure Disable VPN tunnel debugging.
    Display detailed lifetime
    show vpn ipsec-sa tunnel
    55 enable information for IPSec SAs on a
    <TUNNEL> lifetime detail
    tunnel.
    clear vpn ike-sa gateway Clear all IKE SAs for a specific
    56 configure
    <GATEWAY> all gateway.
    Enable VPN tunnel debugging
    57 debug vpn tunnel on dp configure
    on dataplane.
    show vpn ipsec-sa tunnel Display statistics for a specific
    58 enable
    <TUNNEL> statistics IPSec tunnel.
    clear vpn ike-sa gateway Clear all IKE SAs for a specific
    59 configure
    <GATEWAY> all gateway.
    Disable VPN monitor
    60 debug vpn monitor off configure
    debugging.
    show vpn ipsec-sa tunnel Display statistics for a specific
    61 enable
    <TUNNEL> statistics IPSec tunnel.
    clear vpn ike-sa gateway Clear all IKE SAs for a specific
    62 configure
    <GATEWAY> all gateway.
    63 debug vpn monitor off configure Disable VPN monitor debugging

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 8 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    Palo Alto SSL VPN Commands:

    Sr.No CLI Command Privilege Mode Description


    show global-protect- Display information about
    1 enable
    gateway GlobalProtect gateways.
    show global-protect- Display information about
    2 enable
    gateway current-user current GlobalProtect users.
    show global-protect- Display GlobalProtect gateway
    3 enable
    gateway configuration configuration.
    debug global-protect- Enable GlobalProtect gateway
    4 configure
    gateway debugging.
    show global-protect- Display information about
    5 enable
    clientless-vpn Clientless VPN connections.
    debug global-protect- Enable Clientless VPN
    6 configure
    clientless-vpn debugging.
    show user user-idd-agent Display statistics for User-ID
    7 enable
    statistics agents.
    show global-protect- Display statistics for
    8 enable
    satellite statistics GlobalProtect satellites.
    debug global-protect- Enable debugging for
    9 configure
    gateway on mp GlobalProtect gateways on MP.
    clear global-protect- Clear GlobalProtect gateway
    10 configure
    gateway information.
    show global-protect- Display statistics for
    11 enable
    gateway statistics GlobalProtect gateways.
    Display information about
    show global-protect-
    12 enable GlobalProtect gateway
    gateway connection
    connections.
    debug global-protect- Disable Clientless VPN
    13 configure
    clientless-vpn off debugging.
    debug global-protect- Disable GlobalProtect gateway
    14 configure
    gateway off debugging.
    show global-protect- Display information about
    15 enable
    clientless-vpn tunnel Clientless VPN tunnels.
    debug global-protect- Disable GlobalProtect satellite
    16 configure
    satellite off debugging.
    show user ip-user- Display IP user mapping
    17 enable
    mapping all information.
    18 debug user-id on debug configure Enable User-ID debugging.
    show global-protect- Display information about
    19 enable
    clientless-vpn portal Clientless VPN portals.

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 9 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    Display information about


    20 show user group list enable
    configured user groups.
    21 debug user-id reset all configure Reset all User-ID mappings.
    clear global-protect- Clear GlobalProtect gateway
    22 configure
    gateway statistics statistics.
    23 debug user-id off configure Disable User-ID debugging.
    debug user-id reset Reset User-ID mappings for a
    24 configure
    group <GROUP_NAME> specific group.
    show user ip-user- Display IP user mapping
    25 enable
    mapping all type <TYPE> information for a specific type.
    show global-protect- Display information about
    26 enable
    satellite tunnel GlobalProtect satellite tunnels.
    show global-protect-
    Display Clientless VPN
    27 clientless-vpn enable
    configuration.
    configuration
    debug global-protect-
    Enable packet debugging for a
    28 gateway packet configure
    specific gateway.
    <GATEWAY>
    debug global-protect- Enable Clientless VPN debugging
    29 configure
    clientless-vpn on mp on MP.
    show global-protect- Display status information for
    30 enable
    satellite status GlobalProtect satellites.
    clear global-protect-
    Clear a specific Clientless VPN
    31 clientless-vpn tunnel configure
    tunnel.
    <TUNNEL>
    show global-protect-
    Display information about
    32 satellite tunnel enable
    GlobalProtect satellite tunnels.
    <TUNNEL>
    Enable debugging for
    debug global-protect-
    33 configure GlobalProtect gateways on
    gateway on dp
    dataplane.
    clear global-protect-
    34 satellite tunnel configure Clear a specific satellite tunnel.
    <TUNNEL>
    show global-protect- Display GlobalProtect gateway
    35 enable
    gateway network-route network routes.
    show global-protect-
    Display information about a
    36 gateway tunnel enable
    specific GlobalProtect tunnel.
    <TUNNEL>
    debug global-protect- Enable debugging for
    37 configure
    satellite on mp GlobalProtect satellites on MP.

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 10 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    clear global-protect-
    Clear a specific GlobalProtect
    38 gateway tunnel configure
    tunnel.
    <TUNNEL>
    show global-protect- Display statistics for
    39 gateway network-route enable GlobalProtect gateway network
    statistics routes.
    Enable debugging for
    debug global-protect-
    40 configure GlobalProtect gateways on
    gateway on dp
    dataplane.
    clear global-protect-
    41 configure Clear all GlobalProtect tunnels.
    gateway tunnel all
    show global-protect-
    Display information about a
    42 clientless-vpn tunnel enable
    specific Clientless VPN tunnel.
    <TUNNEL>
    debug global-protect- Enable debugging for
    43 configure
    gateway on mp GlobalProtect gateways on MP.
    debug global-protect- Enable statistics debugging for
    44 configure
    gateway statistics GlobalProtect gateways.
    show global-protect-
    Display statistics for Clientless
    45 clientless-vpn portal enable
    VPN portals.
    statistics
    debug global-protect- Enable debugging for
    46 configure
    gateway on mp GlobalProtect gateways on MP.
    show global-protect- Display detailed information
    47 satellite tunnel enable about a GlobalProtect satellite
    <TUNNEL> detail tunnel.
    clear global-protect- Clear statistics for GlobalProtect
    48 configure
    gateway statistics gateways.
    debug global-protect- Enable Clientless VPN debugging
    49 configure
    clientless-vpn on dp on dataplane.
    show global-protect-
    Display statistics for a
    50 satellite tunnel enable
    GlobalProtect satellite tunnel.
    <TUNNEL> statistics
    clear global-protect- Clear statistics for GlobalProtect
    51 configure
    gateway statistics gateways.
    Enable debugging for
    debug global-protect-
    52 configure GlobalProtect gateways on
    gateway on dp
    dataplane.
    show global-protect- Display information about a
    53 satellite tunnel enable specific GlobalProtect satellite
    <TUNNEL> tunnel.
    clear global-protect- Clear statistics for GlobalProtect
    54 configure
    gateway statistics gateways.

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 11 | 12


    CLI For Paloalto|info@networkjourney.com | +91 9739521088

    debug global-protect- Enable debugging for


    55 configure
    satellite on mp GlobalProtect satellites on MP.
    show global-protect-
    Display information about a
    56 gateway tunnel enable
    specific GlobalProtect tunnel.
    <TUNNEL>
    clear global-protect-
    Clear a specific GlobalProtect
    57 gateway tunnel configure
    tunnel.
    <TUNNEL>
    Enable debugging for
    debug global-protect-
    58 configure GlobalProtect satellites on
    satellite on dp
    dataplane.
    show global-protect-
    Display information about a
    59 clientless-vpn tunnel enable
    specific Clientless VPN tunnel.
    <TUNNEL>
    clear global-protect-
    Clear a specific GlobalProtect
    60 gateway tunnel configure
    tunnel.
    <TUNNEL>
    debug global-protect- Enable debugging for
    61 configure
    gateway on mp GlobalProtect gateways on MP.

    CLI For Paloalto| info@networkjourney.com | +91 9739521088 || P a g e 12 | 12

    You might also like