PALO ALTO NETWORKS CLI QUICK REFERENCE

PAN-OS CLI A DS PAN-OS CLI A DS

General System Health Turn off packet capture and filter.
debug dataplane packet-diag set capture off
Display the system’s management IP, serial #, and code version.
show system info Capture PCAP on management interface.
tcpdump filter “src net
Display when commits, downloads, upgrades, etc are completed.
<ip/netmask>” view-pcap mgmt-
show jobs processed
pcap mgmt.pcap
Display percent usage of disk partitions.
show system disk-space
Log/Forward Device issues
Display the maximum log file sizes.
show system logdb-quota Display the log statistics, like logging incoming rate, log written
rate, corrupted packets and logs discarded due to full queue.
Display running processes.
debug log-receiver statistics
show system software status
Display debug logging issues on the device.
less mp-log logrcvr.log
Monitor CPUs Restart log-receiver process.
Display processes running in the Management Plane. debug software restart log-receiver
show system resources
Display the resource utilization in the Dataplane.
show running resource-monitor Monitor Management or Device Server
Display management server messages for commit failures,
Dropped Packet Troubleshooting updates, licenses, link status, policy details, etc.
Ping from a specified device source interface to destination IP. show system resources follow
tail follow yes mp-log ms.log
ping source <IP_addr_src_int> host <IP_addr_host>
Ping from the management interface. Display device server message for commit failures, updates,
ping host <IP>
licenses, link status, policy details, etc.
tail follow yes mp-log devsrv.log
Display the specific sessions in the session table that match the
source and destination IPs.
show session all filter source <source-IP> destination Authentication Logs
Display the detail authentication logs on the device.
Display session usage, pps rates, etc. less mp-log authd.log
show session info
Display session details by entering the session ID number. NAT
show session id <id-number> Display current NAT policy table.
show running nat-policy
Packet Filters and C pt r Display NAT pool leaks.
WARNING: Running debug commands on a production device may show running ippool
cause undesirable results. show running global-ippool
Clear/delete settings and files previously created.
debug dataplane packet-diag clear all Routing
debug dataplane packet-diag clear log log Display routing table.
Remove all files. show routing route
delete debug-filter file *
Set filter with the source IP and destination IP to capture packets Policies
from/to.
Display current policy set.
debug dataplane packet-diag set filter match source
show running security-policy
x.x.x.x destination y.y.y.y
debug dataplane packet-diag set filter match source
y.y.y.y destination x.x.x.x User-ID Agent
debug dataplane packet-diag set filter on
Display agent’s status. Status should be connected OK and there
Configure the different stage of capture types to be executed. should be numbers shown under users, groups and IPs.
debug dataplane packet-diag set capture stage receive show user user-id-agent state all
file pantac-rx.pcap show user user-id-agent statistics
debug dataplane packet-diag set capture stage transmit
file pantac-tx.pcap Display the groups pulled from User-ID Agent.
debug dataplane packet-diag set capture stage drop file show user user-IDs
pantac-drop.pcap show user group-mapping state all
debug dataplane packet-diag set capture stage firewall show user group-mapping statistics
file pantac-fw.pcap show user group list
debug dataplane packet-diag set capture on show user group name <value>
Verify packet capture is setup correctly. Display IP to username mappings.
debug dataplane packet-diag show setting show user ip-user-mapping
While test is running, run the command every 2-3 seconds for 20 Clear the user-ID cache.
seconds and save the output to a text file. clear user-cache all
show counter global filter packet-filter yes delta yes clear user-cache ip <ip/netmask>
Reset the device’s connection to the specified agent.
debug user-id reset user-id-agent <name>

Ş»­˛żňĽ«µ·˝ŕ®»˝®±ó˛»¬ň¸®
Feb14
PAN-OS CLI A DS PAN-OS CLI A DS

Log Viewing/Deleting Display the URL log, most recent entries first.
Go to the beginning/end of a log. show log url direction equal backward
show log [system | traffic | threat] direction equal Test connectivity to the BrightCloud servers.
[forward ping host service.brightcloud.com
Note: Arguments shown with square brackets and pipe symbol
mean choose one of the arguments listed. PAN-DB URL Filtering
IPSEC Check URL cloud status.
The following commands display VPN configuration. show url-cloud status
Display encap/decap counters. Test categorization of a URL
show vpn flow On Dataplane cache
Display list of IKE gateway configurations. test url-resolve-path <url>
show vpn gateway On Management Plane cache
Display IKE Phase 1 SA. test url-info-host <url>
show vpn ike-sa On Cloud
Display IPSec Phase 2 SA. test url-info-cloud <url>
show vpn ipsec-sa Delete URLs from the a he
Display list of auto-key IPSec tunnel configurations. On Dataplane cache
show vpn tunnel clear url-cache url <url>
Display detail debug information for IPSec tunneling. On Management Plane cache
show log system subtype equal vpn direction equal delete url-database url <url>
backward Show statistics on URL a he
debug ike global on debug
less mp-log ikemgr.log On Dataplane cache
show running url-cache statistics

High Availability On Management Plane cache

debug device-server pan-url-db show-stats
Display the HA state of the device.
show high-availability state
Display the HA settings configured on the device and peer. Miscellaneous
show high-availability all Ignore SYN when creating sessions.
Display if the devices are synchronized. configure
set deviceconfig setting session tcp-reject-non-syn no
show high-availability state-synchronization
commit
Suspend active device and make passive device active. Confirm command took effect.
request high-availability state suspend
show session info
Change the state from suspend to passive. Make all packets go through CPU, otherwise all fastpath packets go
request high-availability state functional
through the chip. Turns off session offload to fastpath.
configure
Software, Content and Licenses set deviceconfig setting session offload no
Reboot the system. commit
request restart system Confirm command too effect.
Upgrade content. show session info
request content upgrade Display the different dataplane buffers and see if the system is
> check Gets info from Palo Alto Networks server. nearing capacity.
Downloads content packages. debug dataplane pool statistics
Displays available content packages info.
Installs content packages.
Show statistics on Panorama
Downgrade to previous content version.
Displays pushed template and local config merge
request content downgrade install previous
show config merged
Display the license installed on the device.
request license info Displays shared policy pushed to the device
show config pushed-shared-policy’
Delete a license file.
delete license key Displays template pushed to the device
show config pushed-template
Note: If having issues and want to retrieve new licenses, use
question mark to list file names then delete the specific file.

URL
Test the categorization of a URL on the device.
test url <url or IP>
4401 Great America Parkway
Display the BrightCloud database update logs. Santa Clara, CA 95054
tail follow yes mp-log pan_bc_download.log
Display statistics on the URL cache. Main: +1.408.753.4000
debug dataplane show url-cache statistics Sales: +1.866.320.4788
Clear URL cache. Support: +1.866.898.9087
clear url-cache all
clear url-cache url (value> www.paloaltonetworks.com
Note: Cache contains 100k of the most popular URLs on the Copyright ©2014,Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto
network. Networks Logo, PAN OS, App ID, and Panorama are trademarks of Palo Alto Networks, Inc. All
specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for
any inaccuracies in this document or for any obligation to update information in this document. Palo
Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication
without notice.

Ş»­˛żňĽ«µ·˝ŕ®»˝®±ó˛»¬ň¸®
Feb14