Need help in CLI command

cancel
Showing results for 
Search instead for 
Did you mean: 

Need help in CLI command

L4 Transporter

Hello

I have to make some order on my PAN device.

I'm looking for CLI command:

- that will show me all addresses and groups defined on my device

- that will show me all services and groups defined on my device

- how to list aplications from one policy and put the list of aplication to aplication group

I hope that for You it is easy Smiley Wink

With regards

Slawek

1 ACCEPTED SOLUTION

Accepted Solutions

L7 Applicator

Hello Slawek,

As per your requirement, please find below sets of CLI command:

----- - that will show me all addresses and groups defined on my device

Ans:

admin@DADA> configure

Entering configuration mode

admin@DADA# show address   >>>>>>>>>>>>>>>>>>>>> show configured address-object in this PAN firewall.

admin@DADA# show address-group >>>>>>>>>>>>>>>>  show configured address-group in this PAN firewall.

---- - that will show me all services and groups defined on my device

Ans:

admin@DADA# show service

admin@DADA# show service-group

-------- how to list aplications from one policy and put the list of aplication to aplication group.


Note: for better understanding, i have set CLI output in SET format ( admin@DADA> set cli config-output-format set )

Ans:

admin@DADA# show rulebase security rules rule1

set rulebase security rules rule1 from Trust-LAN

set rulebase security rules rule1 to Untrust-ISP

set rulebase security rules rule1 source any

set rulebase security rules rule1 destination any

set rulebase security rules rule1 source-user any

set rulebase security rules rule1 category social-networking

set rulebase security rules rule1 application [ facebook twitter web-browsing ]  >>>>>>>>>>>>>>>>>> List of aapplications defined on a security rule

set rulebase security rules rule1 service application-default

set rulebase security rules rule1 hip-profiles any

set rulebase security rules rule1 action deny

set rulebase security rules rule1 disabled no

The command to set above mentioned applications on a "Application-group".

admin@DADA# set application-group test-application-group [ facebook twitter web-browsing ]

Hope this helps.

Thanks

View solution in original post

5 REPLIES 5

Cyber Elite
Cyber Elite

Hi Slawek

in CLI if you go into configure mode:

admin@PA-5050> configure

Entering configuration mode

[edit]                                                                        

admin@PA-5050# show address

address {

  test {

    ip-netmask 192.168.0.70/32;

  }

  google.com {

    fqdn www.google.com;

  }

  yahoo.com {

    fqdn www.yahoo.com;

  }

[edit]

admin@PA-5050# show address-group

address-group {

  grp {

    test;

  }

[edit]

admin@PA-5050# show service

service {

  test82 {

    protocol {

      tcp {

        port 82;

      }

    }

  }

}

[edit]                                                                                                                                              

admin@PA-5050# show service-group

service-group {

  testgrp {

    members test82;

  }

}

[edit]             

and for your last one, i'd guess you could do

admin@PA-5050# show rulebase security rules mcafee

mcafee {

  from any;

  to any;

  source any;

  destination any;

  source-user any;

  category any;

  application mcafee-update;

  service application-default;

  hip-profiles any;

  action allow;

}

[edit]                   

admin@PA-5050# set application-group mynewgroup mcafee-update

[edit]

admin@PA-5050# show application-group mynewgroup

mynewgroup mcafee-update

;

[edit]

hope this helps

Tom

Tom Piens
PANgurus

L7 Applicator

Hello Slawek,

As per your requirement, please find below sets of CLI command:

----- - that will show me all addresses and groups defined on my device

Ans:

admin@DADA> configure

Entering configuration mode

admin@DADA# show address   >>>>>>>>>>>>>>>>>>>>> show configured address-object in this PAN firewall.

admin@DADA# show address-group >>>>>>>>>>>>>>>>  show configured address-group in this PAN firewall.

---- - that will show me all services and groups defined on my device

Ans:

admin@DADA# show service

admin@DADA# show service-group

-------- how to list aplications from one policy and put the list of aplication to aplication group.


Note: for better understanding, i have set CLI output in SET format ( admin@DADA> set cli config-output-format set )

Ans:

admin@DADA# show rulebase security rules rule1

set rulebase security rules rule1 from Trust-LAN

set rulebase security rules rule1 to Untrust-ISP

set rulebase security rules rule1 source any

set rulebase security rules rule1 destination any

set rulebase security rules rule1 source-user any

set rulebase security rules rule1 category social-networking

set rulebase security rules rule1 application [ facebook twitter web-browsing ]  >>>>>>>>>>>>>>>>>> List of aapplications defined on a security rule

set rulebase security rules rule1 service application-default

set rulebase security rules rule1 hip-profiles any

set rulebase security rules rule1 action deny

set rulebase security rules rule1 disabled no

The command to set above mentioned applications on a "Application-group".

admin@DADA# set application-group test-application-group [ facebook twitter web-browsing ]

Hope this helps.

Thanks

View solution in original post

L4 Transporter

Thank You for detailed informations.

Yesterday was created doc Export a List of Address Objects or Security Policies and Import into a Spreadsheet

that could be helpfull if You prefer do it without CLI.

Regards

Slawek

Hi

One more question.

How to filter output ie. "admin@DADA# show service | grep 192.168" << this is incorect command.

What is the correct one?

Regards

Slawek

Try something along the lines of

show service | match 1492

tab complete will also work to show you the remaining available command strings

show service {hit the tab key on your keyboard}

  <name>   <name>

  |        Pipe through a command

  <Enter>  Finish input

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!