Useful Palo Alto CLI Commands
I promise more to come on this, just really busy at work these days.
Sharing my notes.
admin@PA-500> show session all
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
6636 facebook-base ACTIVE FLOW NS 192.168.3.50[4227]/Trust-L3/6 (172.16.1.3[7206])
vsys1 66.220.149.67[80]/Untrust-L3 (66.220.149.67[80])
admin@PA-500> show session id 6636
Session 6636
c2s flow:
source: 192.168.3.50 [Trust-L3]
dst: 66.220.149.67
proto: 6
sport: 4227 dport: 80
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
s2c flow:
source: 66.220.149.67 [Untrust-L3]
dst: 172.16.1.3
proto: 6
sport: 80 dport: 7206
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
start time : Tue Feb 7 11:46:55 2012
timeout : 3600 sec
time to live : 3537 sec
total byte count(c2s) : 1002
total byte count(s2c) : 11393
layer7 packet count(c2s) : 8
layer7 packet count(s2c) : 11
vsys : vsys1
application : facebook-base
rule : Log_All
session to be logged at end : True
session in session ager : True
session synced from HA peer : False
address/port translation : source + destination
nat-rule : student source nat(vsys1)
layer7 processing : enabled
URL filtering enabled : False
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
captive portal session : False
ingress interface : ethernet1/2
egress interface : ethernet1/1
session QoS rule : N/A (class 4)
admin@PA-500> show system statistics application
Virtual System: vsys1
application sessions packets bytes
-------------------------------- ---------- ------------ ------------
web-browsing 84 2880 1904869
ssl 8 453 290967
ping 1100 1128 108888
dns 92 313 25490
facebook-base 2 45 25227
ntp 58 63 5670
dhcp 1 2 697
References:
https://live.paloaltonetworks.com/docs/DOC-1973
https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/1973-1...
https://live.paloaltonetworks.com/docs/DOC-1974
Understanding Zone Protection Profile: https://live.paloaltonetworks.com/docs/DOC-1546
User Identification Tech note - PANOS 4.0 https://live.paloaltonetworks.com/docs/DOC-1807
User-ID_Upgrade_4.1 https://live.paloaltonetworks.com/docs/DOC-1980
Cli Commands for User Agents
show user group list
show user group-mapping statistics
show user user-IDs
show user group-selection
show user ip-user-mapping
show
Decryption CLI
Verify the outbout proxy is ready >show system setting ssl-decrypt setting
Check the exclude cache for the destination IP or Cert >show system setting ssl-decrypt exclude-cache
Check counters for warnings >show counter global filter category proxy
Check memory pools >debug dataplane pool statistics
Manually add/delete entries to the exclude cache
#set shared ssl-decrypt ssl-exclude-cert example.com
#delete shared ssl-decrypt ssl-exclude-cert example.com
VPN
GlobalProtect - https://live.paloaltonetworks.com/docs/DOC-1999
High Availabiltity
More to come these are just notes right now, but I will shore these up so they make better sense.
- moomba's blog
- Login to post comments
