04-08-2020 08:40 PM - edited 04-08-2020 09:51 PM
I need to get the display set of all the commands for an IPsec tunnel, like I'd do with a Juniper SRX, but get no return whenever I try to see the commands set for the tunnel. Seems like the tunnel hasn't even been configured, but it shows under ike sa and ipsec sa. I'm sure that's because I'm new to PA. I just need to duplicate a tunnel and everything but just change the GW IP, so getting the display set of the tunnel, gateway, and routes, would really help.
Let me add that I'm trying to get it from a firewall that's on a HA pair and is linked to Panorama. I dont see any local ipsec config on the firewall!!
04-09-2020 12:45 AM
Hi @Raydar ,
To view the set command you would normally use the "> set cli config-output-format" command.
However, this command is only useful for local config. It will not show anything configured through panorama.
To view only the Panorama pushed configurations, which displays policies and objects pushed from Panorama:
> show config pushed-shared-policy
To view the template pushed to the device:
> show config pushed-template
Unfortunately the above CLI outputs are displayed in XML format so I'm not sure if they can help you.
That said, there is a feature request to view the set commands pushed from Panorama. I'd reach out to your local SE and have him add your vote to the feature request.
Hope this helps,
-Kiwi.
04-09-2020 12:45 AM
Hi @Raydar ,
To view the set command you would normally use the "> set cli config-output-format" command.
However, this command is only useful for local config. It will not show anything configured through panorama.
To view only the Panorama pushed configurations, which displays policies and objects pushed from Panorama:
> show config pushed-shared-policy
To view the template pushed to the device:
> show config pushed-template
Unfortunately the above CLI outputs are displayed in XML format so I'm not sure if they can help you.
That said, there is a feature request to view the set commands pushed from Panorama. I'd reach out to your local SE and have him add your vote to the feature request.
Hope this helps,
-Kiwi.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
