10-04-2017 05:53 AM - edited 10-04-2017 05:54 AM
I am trying to find a range by DMZ. For example in ASA we can show-
show route | inc 10.10.10
and it will show the DMZ where that route belong.
Is there a way to find that in PAN OS 7.1?
10-05-2017 01:11 AM
The Palo Alto Networks firewall is zone based, this means routes are subordinate to zones and not directly related
so the first thing you could do is
> show routing route | match 10.0.0
to find the interface associated to the subnet you are looking for, then do
> show interface ethernet1/X | match Zone (capital Z)
reaper@myNGFW> show routing route | match 10.0.0 10.0.0.0/24 10.0.0.1 0 A C ethernet1/11 reaper@myNGFW> show interface ethernet1/11 | match Zone Zone: trust, virtual system: vsys3
10-05-2017 01:11 AM
The Palo Alto Networks firewall is zone based, this means routes are subordinate to zones and not directly related
so the first thing you could do is
> show routing route | match 10.0.0
to find the interface associated to the subnet you are looking for, then do
> show interface ethernet1/X | match Zone (capital Z)
reaper@myNGFW> show routing route | match 10.0.0 10.0.0.0/24 10.0.0.1 0 A C ethernet1/11 reaper@myNGFW> show interface ethernet1/11 | match Zone Zone: trust, virtual system: vsys3
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
