Quick Reference Guide: Helpful Commands

Printer Friendly Page

Quick Reference Guide contains helpful PAN-OS CLI Commands.

 

COMMAND DESCRIPTION
General System Health
show system info Shows the system’s management IP, serial #, and code version
show jobs processed Shows when commits, downloads, upgrades are completed
show system disk-space Shows percent usage of disk partitions
show system logdb-quota Shows the maximum log file sizes
show system software status Shows running processes
Monitor CPUs
show system resources Shows processes running in the Management Plane
show running resource-monitor Shows the resource utilization in the Dataplane
Dropped Packet Troubleshooting
ping source <IP_addr_src_int> host <IP_addr_host> Ping from a specified device source interface to destination IP
ping host <IP>  Ping from the management interface
show session all filter source <source-IP> destination <destination-IP>  Shows specific sessions in the sessions table for source and destination IPs.
show session info  Shows usage, pps rates, etc
show session id <id-number> Shows session details by entering the session ID number.
Packet Filters and Capture - WARNING: Running debug commands on a production device may cause instability or other undesirable results!

debug dataplane packet-diag clear all

debug dataplane packet-diag clear log log

Clear/delete settings and files previously created.
delete debug-filter file * Removes all packet capture files

debug dataplane packet-diag set filter match source x.x.x.x destination y.y.y.y destination-port

debug dataplane packet-diag set filter match source y.y.y.y destination x.x.x.x destination-port debug dataplane packet-diag set filter on

Sets filter with the source IP, destination IP and port to capture from/to packets.

debug dataplane packet-diag set capture stage receive file pantacrx.pcap

debug dataplane packet-diag set capture stage transmit file pantactx.pcap

debug dataplane packet-diag set capture stage drop file pantacdrop.pcap

debug dataplane packet-diag set capture stage firewall file pantacfw.pcap

debug dataplane packet-diag set capture on

Configures the different stage of capture types to be executed.
debug dataplane pack-diag show setting Verifies packet filters are setup correctly.
show counter global filter delta yes packet-filter yes  While test is running, run the command 2-3 times to verify filtered traffic is being captured.
debug dataplane packet-diag set capture off Turns off packet capture and filter

tcpdump filter “src net <ip/netmask>”

tcpdump snaplen 1500 filter “src net <ip/netmask>”

view-pcap mgmt-pcap mgmt.pcap

Captures PCAP on management interface.
Packet Flow Logs - WARNING: Always set specific packet filters to minimize CPU usage. See above Packet Filters and Capture commands.
debug dataplane packet-diag set log feature flow basic Set packet-diag log to capture flow basic
debug dataplane packet-diag set log on Turns on packet-diag log.
debug dataplane packet-diag set log off Capture traffic then immediately disable packet-diag log.
debug dataplane packet-diag aggregate-logs Aggregates pack-diag logs to a single file. After disabling packet-diag log, wait 1-2 minutes before running this command.
less dp-log pan_packet_diag.log View packet-diag log output. Note: PA-5000 series writes to individual dp0-log, dp1-log or dp2-log
Log/Forward Device Issues
debug log-receiver statistics Shows the log statistics, like logging incoming rate, log written rate, corrupted packets and logs discarded due to a full queue.
less mp-log logrcvr.log Shows debug logging issues on the device.
debug software restart log-receiver Restarts log-receiver process.
Log Viewing/Deleting
show log [system | traffic | threat] direction equal [forward | backward] Goes to the beginning/end of a log. Note: Arguments shown with square bracket [] and pipe | symbols mean choose one of the arguments listed.
Monitor Management or Device Server

show system resources follow

tail follow yes mp-log ms.log

Shows management server messages for commit failures, updates, licenses, link status, policy details, etc.
tail follow yes mp-log devsrv.log Shows device server message for commit failures, updates, licenses, link status, policy details, etc.
Authentication Logs
less mp-log authd.log  Shows the detail authentication logs on the device.
NAT
show running nat-policy Shows current NAT policy table.

show running ippool

show running global-ippool

Shows NAT pool utilization.
Routing
show routing route Shows routing table.
Policies
show running security-policy Shows current policy set.
User-ID Agent

show user user-id-agent state all

show user user-id-agent statistics

Shows agent’s status. Status should be connected OK and there should be numbers shown under users, groups, and IPS.

show user user-ids show user user-IDs

show user group-mapping state all

show user group-mapping statistics

show user group list

show user group name <value>

Shows the groups pulled from User-ID Agent.
show user ip-user-mapping all Shows IP to username mappings.

clear user-cache all

clear user-cache ip <ip/netmask>

Clears user-ID cache.
BrightCloud URL Filtering
test url <url or IP> Tests categorization of a URL on the device.
tail follow yes mp-log pan_bc_download.log Shows the BrightCloud database update logs.
debug dataplane show url-cache statistics Shows statistics on the URL cache
clear url-cache url <url> Clears URL cache for a site.
show log url direction equal backward

Shows the URL log, most recent entries first.

Note: Cache contains 100k of the most popular URLs on the network.

ping host service.brightcloud.com Tests connectivity to the BrightCloud servers.
PAN-DB URL Filtering
show url-cloud status  Check URL cloud status.

debug dataplane test url-resolve-path <url>

test url-info-host <url>

test url-info-cloud <url>

Tests categorization of a URL on Dataplane cache.

Tests categorization of a URL on Management Plane cache.

Tests categorization of a URL on Cloud.

clear url-cache url <url>

delete url-database url <url>

Clears URLs from the Dataplane cache.

Clears URLs from the Management Plane cache

show running url-cache statistics

debug device-server pan-url-db show-stats

Show statistics on URL Dataplane cache.

Show statistics on URL Management Plane cache

IPSEC
show vpn flow Shows encap/decap counters
show vpn gateway Shows list of IKE gateway configurations.
show vpn ike-sa Shows IKE Phase 1 SA
show vpn ipsec-sa Shows IPSEC Phase 2 SA.
show vpn tunnel Shows list of auto-key IPSec tunnel configurations.

show log system subtype equal vpn direction equal backward

debug ike global on debug

less mp-log ikemgr.log

Shows detail debug information for IPSec tunneling.
High Availability
show high-availability state Shows the HA state of the device.
show high-availability all Shows the HQ settings configured on the device and peer.
show high-availability state-synchronization Shows if the devices are synchronized
request high-availability state suspend Suspends active device and makes passive device active
request high-availability state functional Changes the state from suspend to passive.
Software, Content and Licenses
request restart system Reboots the system.

request content upgrade

> check

> download

> info

> install

Upgrades content.

Gets info from Palo Alto Networks server.

Downloads content packages.

Displays available content packages info.

Installs content packages.

request content downgrade install previous Downgrades to previous content version
request license info Shows the license installed on the device.
delete license key Deletes a license file.
Miscellaneous

configure

set deviceconfig setting session tcp-reject-non-syn no

commit

show session info

 

Ignore SYN when creating sessions.

 

Confirms command took effect

configure

set deviceconfig setting session offload no

commit

show session info

Make all packets go through CPU, otherwise all fastpath packets go through the chip. Turns session offload to fastpath.

Confirms command took effect.

debug dataplane pool statistics Shows the different dataplane buffers and capacity
Tags (6)
Comments

This was helpful.

Thanks!

all in a nutshell. Thx

That was very helpful

Excellent!

please  add a "debug software restart management-server"