How to find a IP range by DMZ?

Reply
Highlighted
L0 Member

How to find a IP range by DMZ?

I am trying to find a range by DMZ. For example in ASA we can show-

show route | inc 10.10.10

and it will show the DMZ where that route belong.

 

Is there a way to find that in PAN OS 7.1?

Tags (1)
Community Manager

Re: How to find a IP range by DMZ?

The Palo Alto Networks firewall is zone based, this means routes are subordinate to zones and not directly related

 

so the first thing you could do is

> show routing route | match 10.0.0

to find the interface associated to the subnet you are looking for, then do

> show interface ethernet1/X | match Zone (capital Z)

 

reaper@myNGFW> show routing route | match 10.0.0                  
10.0.0.0/24                                 10.0.0.1                                0      A C              ethernet1/11                                       
reaper@myNGFW> show interface ethernet1/11 | match Zone
Zone: trust, virtual system: vsys3

Help the community: Like helpful comments and mark solutions
Reaper out
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!