https://live.paloaltonetworks.com/t5/general-topics/how-to-see-all-the-set-commands-for-an-ipsec-tunnel/m-p/321767#M82327 <P>I need to get the display set of all the commands for an IPsec tunnel, like I'd do with a Juniper SRX, but get no return whenever I try to see the commands set for the tunnel. Seems like the tunnel hasn't even been configured, but it shows under ike sa and ipsec sa. I'm sure that's because I'm new to PA. I just need to duplicate a tunnel and everything but just change the GW IP, so getting the display set of the tunnel, gateway, and routes, would really help.</P><P>Let me add that I'm trying to get it from a firewall that's on a HA pair and is linked to Panorama. I dont see any local ipsec config on the firewall!!</P> Thu, 09 Apr 2020 04:51:37 GMT Raydar 2020-04-09T04:51:37Z https://live.paloaltonetworks.com/t5/general-topics/how-to-see-all-the-set-commands-for-an-ipsec-tunnel/m-p/321767#M82327 <P>I need to get the display set of all the commands for an IPsec tunnel, like I'd do with a Juniper SRX, but get no return whenever I try to see the commands set for the tunnel. Seems like the tunnel hasn't even been configured, but it shows under ike sa and ipsec sa. I'm sure that's because I'm new to PA. I just need to duplicate a tunnel and everything but just change the GW IP, so getting the display set of the tunnel, gateway, and routes, would really help.</P><P>Let me add that I'm trying to get it from a firewall that's on a HA pair and is linked to Panorama. I dont see any local ipsec config on the firewall!!</P> Thu, 09 Apr 2020 04:51:37 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-see-all-the-set-commands-for-an-ipsec-tunnel/m-p/321767#M82327 Raydar 2020-04-09T04:51:37Z https://live.paloaltonetworks.com/t5/general-topics/how-to-see-all-the-set-commands-for-an-ipsec-tunnel/m-p/321807#M82334 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/137915">@Raydar</a> ,</P> <P>&nbsp;</P> <P>To view the set command you would normally use the "<SPAN><SPAN class="richTextArea slds-text-longform tile__title red-txt"><SPAN style="font-family: courier new, courier;">&gt; set cli config-output-format"</SPAN></SPAN></SPAN> command.</P> <P>However, this command is only useful for local config.&nbsp; It will not show anything configured through panorama.</P> <P>&nbsp;</P> <P>To view only the Panorama pushed configurations, which displays policies and objects pushed from Panorama:</P> <P><SPAN style="font-family: courier new, courier;">&gt; show config pushed-shared-policy</SPAN></P> <P>&nbsp;</P> <P>To view the template pushed to the device:</P> <P><SPAN style="font-family: courier new, courier;">&gt; show config pushed-template</SPAN></P> <P><LI-WRAPPER></LI-WRAPPER></P> <P>&nbsp;</P> <P><SPAN><SPAN class="richTextArea slds-text-longform tile__title red-txt">Unfortunately the above CLI outputs are displayed in XML format so I'm not sure if they can help you.<BR /></SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN>That said, there is a feature request to view the set commands pushed from Panorama.&nbsp; I'd reach out to your local SE and have him add your vote to the feature request.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Hope this helps,</SPAN></P> <P><SPAN>-Kiwi.</SPAN></P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 09 Apr 2020 07:45:15 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-see-all-the-set-commands-for-an-ipsec-tunnel/m-p/321807#M82334 kiwi 2020-04-09T07:45:15Z