Skip to content

paloalto_panos#

Warning

This is automatically generated. In case of any issues, please refer to the source code or, even better, open an issue on the GitHub repository. Thanks! 🤗📖

Platforms:#

Commands#

enable#

Output: None

Help: enter enable mode

Prompt: - paloalto_panos>

set cli scripting-mode on#

Output: None

Help: set the terminal width to full

Prompt: - paloalto_panos> - paloalto_panos#

ex#

Output:

True

Help: exit the terminal

Prompt: - paloalto_panos> - paloalto_panos#

show interface logical#

Output:

total configured logical interfaces: 38
​
name                id    vsys zone             forwarding               tag    address                                         
------------------- ----- ---- ---------------- ------------------------ ------ ------------------
ethernet1/1         16    1                     N/A                      0      N/A               
ethernet1/2         17    1                     N/A                      0      N/A               
ethernet1/2.100     275   1    ISP1         vr:default               100    65.5.44.46/30  
ethernet1/3         18    1                     N/A                      0      N/A               
ethernet1/3.101     278   1    ISP2         vr:default               101    65.5.26.46/30  
ethernet1/4         19    1                     N/A                      0      N/A               
ethernet1/4.102     256   1    WAN     vr:default               102    10.10.134.1/24  
ethernet1/5         20    1                     N/A                      0      N/A               
ethernet1/5.103     261   1    Voice            vr:default               101    10.10.248.49/24
ethernet1/6         21    1                     N/A                      0      N/A               
ethernet1/6.104     265   1    Video            vr:default               901    10.10.10.1/24    
ethernet1/7         22    1    Guest1   N/A                      0      N/A               
ethernet1/7.700     267   1    Guest1   vr:default               700    10.10.100.1/23     
dedicated-ha1       5     1                     ha                       0      10.1.1.1/30       
dedicated-ha2       6     1                     ha                       0      10.2.2.1/30       
vlan                1     1                     N/A                      0      N/A               
loopback            3     1                     N/A                      0      N/A               
tunnel              4     1                     N/A                      0      N/A   

Help: execute the command "show interface logical"

Prompt: - paloalto_panos> - paloalto_panos#

show running nat-policy#

Output:

"DMZ-PROXY-NAT; index: 1" {{
        nat-type ipv4;
        from DMZ-APPS;
        source [ 10.1.1.1 10.1.1.2 ];
        to UNTRUSTED;
        to-interface ethernet1/5 ;
        destination any;
        service 0:any/any/any;
        translate-to "src: 2.2.2.2 (dynamic-ip-and-port) (pool idx: 1)";
        terminal no;
}}

Help: execute the command "show running nat-policy"

Prompt: - paloalto_panos> - paloalto_panos#

debug swm status#

Output:

Partition         State             Version
--------------------------------------------------------------------------------
sysroot0          RUNNING-ACTIVE    9.0.5.xfr
sysroot1          PENDING-CHANGE    9.1.2
maint             READY             9.1.2

Help: execute the command "debug swm status"

Prompt: - paloalto_panos> - paloalto_panos#

show mac all#

Output:

maximum of entries supported :      1500
default timeout :                   1800 seconds
total MAC entries in table :        3
total MAC entries shown :           3
status: s - static, c - complete, i - incomplete

vlan                hw address        interface         status   ttl
--------------------------------------------------------------------------------
Test                00:50:00:00:07:00 ethernet1/2.110     c      1778
Test                00:50:00:00:08:00 ethernet1/2.111     c      1796
Test                50:00:00:02:00:01 ethernet1/2.110     c      704

Help: execute the command "show mac all"

Prompt: - paloalto_panos> - paloalto_panos#

show system info#

Output:

hostname: pa1
ip-address: 10.0.0.90
netmask: 255.255.255.0
default-gateway: 10.0.0.2
ipv6-address: unknown
ipv6-link-local-address: fe80::20c:29ff:fe6d:c67e/64
 ipv6-default-gateway: 
mac-address: 00:0c:29:6d:c6:7e
time: Thu Apr 28 06:33:12 2016
uptime: 2 days, 2:38:49
family: vm
model: PA-VM
serial: unknown
vm-mac-base: BA:DB:EE:FB:AD:00
vm-mac-count: 255
vm-uuid: 564D8B6D-7BDB-75AF-400F-B062016DC67E
 vm-cpuid: FB060000FDFB8B07
vm-license: none
vm-mode: VMWare ESXi
sw-version: 7.0.1
global-protect-client-package-version: 0.0.0
app-version: 497-2688
 app-release-date: unknown
av-version: 0
av-release-date: unknown
threat-version: 0
threat-release-date: unknown
wf-private-version: 0
wf-private-release-date: unknown
url-db: paloaltonetworks
wildfire-version: 0
wildfire-release-date: unknown
url-filtering-version: 0000.00.00.000
global-protect-datafile-version: 0
global-protect-datafile-release-date: unknown
logdb-version: 7.0.9
platform-family: vm
vpn-disable-mode: off
multi-vsys: off
operational-mode: normal

Help: execute the command "show system info"

Prompt: - paloalto_panos> - paloalto_panos#

show high-availability all#

Output:

Group 1: 
  Mode: Active-Passive
  Local Information:
    Version: 1
    Mode: Active-Passive
    State: active (last 45 days)
    Device Information:
      Model: PA-5020
      Management IPv4 Address: 10.10.186.197/24
      Management IPv6 Address: 
      Jumbo-Frames disabled; MTU 1500
    HA1 Control Links Joint Configuration:
      Link Monitor Interval: 3000 ms
      Encryption Enabled: no
    HA1 Control Link Information:
      IP Address: 10.1.1.1/30
      MAC Address: 00:90:0b:33:3d:53
      Interface: dedicated-ha1
      Link State: Up; Setting: 1Gb/s-full
      Key Imported : no
    HA2 Data Link Information:
      IP Address: 10.2.2.1/30
      MAC Address: 58:49:3b:1e:69:16
      Interface: dedicated-ha2
      Link State: Up; Setting: 1Gb/s-full
    Election Option Information:
      Priority: 50
      Preemptive: yes
      Promotion Hold Interval: 2000 ms
      Hello Message Interval: 8000 ms
      Heartbeat Ping Interval: 1000 ms
      Max # of Flaps: 3
      Preemption Hold Interval: 1 min
      Monitor Fail Hold Up Interval: 0 ms
      Addon Master Hold Up Interval: 500 ms
    Active-Passive Mode:
      Passive Link State: auto
      Monitor Fail Hold Down Interval: 1 min
    Version Information:
      Build Release: 6.1.10
      URL Database: 4773
      Application Content: 580-3287
      Anti-Virus: 1858-2337
      Threat Content: 580-3287
      VPN Client Software: Not Installed
      Global Protect Client Software: Not Installed
    Version Compatibility:
      Software Version: Match
      Application Content Compatibility: Match
      Anti-Virus Compatibility: Match
      Threat Content Compatibility: Match
      VPN Client Software Compatibility: Match
      Global Protect Client Software Compatibility: Match
    State Synchronization: Complete; type: ethernet
  Peer Information:
    Connection status: up
    Version: 1
    Mode: Active-Passive
    State: passive (last 45 days)
    Device Information:
      Model: PA-5020
      Management IPv4 Address: 10.10.186.198/24
      Management IPv6 Address: 
      Jumbo-Frames disabled; MTU 1500
    HA1 Control Link Information:
      IP Address: 10.1.1.2
      MAC Address: 00:90:0b:33:44:53
      Connection up; Primary HA1 link
    HA2 Data Link Information:
      IP Address: 10.2.2.2
      MAC Address: 58:49:3b:1e:55:16
    Election Option Information:
      Priority: 100
      Preemptive: yes
    Version Information:
      Build Release: 6.1.10
      URL Database: 4773
      Application Content: 580-3287
      Anti-Virus: 1858-2337
      Threat Content: 580-3287
      VPN Client Software: Not Installed
      Global Protect Client Software: Not Installed
  Initial Monitor Hold inactive; Allow Network/Links to Settle:
    Link and path monitoring failures honored
  Link Monitoring Information:
    Enabled: yes
    Failure condition: any
    Group Link:
      Enabled: yes
      Failure condition: any
      Interface ethernet1/1: up
      Interface ethernet1/2: up
      Interface ethernet1/3: up
      Interface ethernet1/4: up
      Interface ethernet1/5: up
      Interface ethernet1/6: up
      Interface ethernet1/7: up
      Interface ethernet1/8: up
  Path Monitoring Information:
    Enabled: yes
    Failure condition: any
    Virtual-Wire Groups:
      No Virtual-Wire path monitoring groups
    VLAN Groups:
      No VLAN path monitoring groups
    Virtual-Router Groups:
      No Virtual-Router path monitoring groups
  Configuration Synchronization:
    Enabled: yes
    Running Configuration: synchronized

Help: execute the command "show high-availability all"

Prompt: - paloalto_panos> - paloalto_panos#

show counter global#

Output:

Global counters:
Elapsed time since last sampling: 349.576 seconds

name                                   value     rate severity  category  aspect    description
--------------------------------------------------------------------------------
pkt_recv                                  29        0 info      packet    pktproc   Packets received
pkt_sent                                  21        0 info      packet    pktproc   Packets transmitted
pkt_sock_recv                              1        0 info      packet    pktproc   Packets received at socket level - delayed counter
pkt_lldp_sent                              1        0 info      packet    pktproc   LLDP Packets transmitted
flow_rcv_dot1q_tag_err                     1        0 drop      flow      parse     Packets dropped: 802.1q tag not configured
flow_no_interface                          1        0 drop      flow      parse     Packets dropped: invalid interface
ssl_hsm_up_down_event_rcv                  1        0 info      ssl       pktproc   The number of HSM up/down events received
--------------------------------------------------------------------------------
 Total counters shown: 7
--------------------------------------------------------------------------------

Help: execute the command "show counter global"

Prompt: - paloalto_panos> - paloalto_panos#

show jobs all#

Output:

Enqueued              Dequeued           ID  PositionInQ                              Type                         Status Result Completed
 ------------------------------------------------------------------------------------------------------------------------------------------
 2017/02/28 10:19:48   10:19:48            7                                    FqdnRefresh                            FIN     OK 10:20:11
2017/02/28 10:13:49   10:13:49            6                                    FqdnRefresh                            FIN     OK 10:14:21
2017/02/28 10:13:22   10:13:22            5                                         Commit                            FIN     OK 10:13:49
2017/02/27 12:06:50   12:06:50            4                                         Commit                            FIN     OK 12:07:18
2017/02/27 12:02:54   12:02:54            3                                         Commit                            FIN     OK 12:03:20
2017/02/27 11:55:15   11:55:15            2                                         Commit                            FIN     OK 11:55:42
 2017/02/23 08:31:14   08:31:14            1                                        AutoCom                            FIN     OK 08:32:06

Help: execute the command "show jobs all"

Prompt: - paloalto_panos> - paloalto_panos#

show arp all#

Output:

maximum of entries supported :      1500
default timeout:                    1800 seconds
total ARP entries in table :        5
total ARP entries shown :           5
status: s - static, c - complete, e - expiring, i - incomplete

interface         ip address      hw address        port              status   ttl
--------------------------------------------------------------------------------
ethernet1/1       172.25.1.254    08:30:6b:26:43:30 ethernet1/1         c      627
vlan.1            172.25.2.195    00:50:00:00:07:00 ethernet1/2.110     c      1012
vlan.1            172.25.2.196    00:50:00:00:08:00 ethernet1/2.111     c      1016
vlan.1            172.25.2.197    (incomplete)      ethernet1/2.111     c      1016

Help: execute the command "show arp all"

Prompt: - paloalto_panos> - paloalto_panos#

show interface hardware#

Output:

total configured hardware interfaces: 26

name                    id    speed/duplex/state        mac address
--------------------------------------------------------------------------------
ethernet1/1             64    1000/full/up              c4:24:56:d7:30:40
ethernet1/2             65    ukn/ukn/down(autoneg)     c4:24:56:d7:30:41
ethernet1/3             66    ukn/ukn/down(autoneg)     c4:24:56:d7:30:42
ethernet1/4             67    ukn/ukn/down(autoneg)     c4:24:56:d7:30:43
ethernet1/5             68    ukn/ukn/down(autoneg)     c4:24:56:d7:30:44
ethernet1/6             69    ukn/ukn/down(autoneg)     c4:24:56:d7:30:45
ethernet1/7             70    ukn/ukn/down(autoneg)     c4:24:56:d7:30:46
ethernet1/8             71    ukn/ukn/down(autoneg)     c4:24:56:d7:30:47
ethernet1/9             72    ukn/ukn/down(autoneg)     c4:24:56:d7:30:48
ethernet1/10            73    ukn/ukn/down(autoneg)     c4:24:56:d7:30:49
ethernet1/11            74    ukn/ukn/down(autoneg)     c4:24:56:d7:30:4a
ethernet1/12            75    ukn/ukn/down(autoneg)     c4:24:56:d7:30:4b
ethernet1/13            76    ukn/ukn/down(autoneg)     c4:24:56:d7:30:4c
ethernet1/14            77    ukn/ukn/down(autoneg)     c4:24:56:d7:30:4d
ethernet1/15            78    ukn/ukn/down(autoneg)     c4:24:56:d7:30:4e
ethernet1/16            79    ukn/ukn/down(autoneg)     c4:24:56:d7:30:4f
ethernet1/17            80    10000/full/up             c4:24:56:d7:30:50
ethernet1/18            81    10000/full/up             c4:24:56:d7:30:51
ethernet1/19            82    ukn/ukn/down(autoneg)     c4:24:56:d7:30:52
ethernet1/20            83    ukn/ukn/down(autoneg)     c4:24:56:d7:30:53
ha1-a                   5     ukn/ukn/down(autoneg)     08:66:1f:02:04:a2
ha1-b                   7     ukn/ukn/down(autoneg)     c4:24:56:d7:30:07
vlan                    1     [n/a]/[n/a]/up            c4:24:56:d7:30:01
loopback                3     [n/a]/[n/a]/up            c4:24:56:d7:30:03
tunnel                  4     [n/a]/[n/a]/up            c4:24:56:d7:30:04
hsci                    8     ukn/ukn/down(autoneg)     c4:24:56:d7:30:08

 aggregation groups: 0

Help: execute the command "show interface hardware"

Prompt: - paloalto_panos> - paloalto_panos#

show running security-policy#

Output:

"Outside Web Server" {{
        from Trust;
        source 10.1.1.0/24;
        source-region none;
        to Untrust;
        destination 200.10.10.10;
        destination-region none;
        user any;
        category any;
        application/service [ any/tcp/any/8000 any/tcp/any/80 any/tcp/any/8080 ];
        action allow;
        icmp-unreachable: no
        terminal yes;
}}

"ICMP Any" {{
        from Trust;
        source any;
        source-region none;
        to Untrust;
        destination any;
        destination-region none;
        user any;
        category any;
        application/service [ icmp/icmp/any/any ping/icmp/any/any ];
        action allow;
        icmp-unreachable: no
        terminal yes;
}}

"DNS Outbound" {{
        from Trust;
        source 10.1.1.0/24;
        source-region none;
        to Untrust;
        destination [ 8.8.8.8 8.8.4.4 ];
        destination-region none;
        user any;
        category any;
        application/service  dns/udp/any/53;
        action allow;
        icmp-unreachable: no
        terminal yes;
}}

"Inbound to DMZ Web" {{
        from Untrust;
        source any;
        source-region none;
        to DMZ;
        destination 200.10.10.100;
        destination-region none;
        user any;
        category any;
        application/service [ any/tcp/any/8000 any/tcp/any/80 any/tcp/any/8080 ];
        action allow;
        icmp-unreachable: no
        terminal yes;
}}

"Inbound to DMZ Deny" {{
        from Untrust;
        source any;
        source-region none;
        to DMZ;
        destination any;
        destination-region none;
        user any;
        category any;
        application/service  any/any/any/any;
        action deny;
        icmp-unreachable: no
        terminal no;
}}

intrazone-default {{
        from any;
        source any;
        source-region none;
        to any;
        destination any;
        destination-region none;
        category any;
        application/service  any/any/any/any;
        action allow;
        icmp-unreachable: no
        terminal yes;
        type intrazone;
}}

interzone-default {{
        from any;
        source any;
        source-region none;
        to any;
        destination any;
        destination-region none;
        category any;
        application/service  any/any/any/any;
        action deny;
        icmp-unreachable: no
        terminal yes;
        type interzone;
}}

dynamic url: no
pol objs matched

Help: execute the command "show running security-policy"

Prompt: - paloalto_panos> - paloalto_panos#

test security-policy-match#

Output:

"Allow 10.125.100.58-To-Google DNS; index: 1" {{
        from Internal;
        source 10.125.100.58;
        source-region none;
        to External;
        destination 8.8.8.8;
        destination-region none;
        user any;
        source-device any;
        destinataion-device any;
        category any;
        application/service 0:any/tcp/any/59;
        action allow;
        icmp-unreachable: no
        terminal yes;
}}

"Allow 10.125.100.58-To-1.1.1.1; index: 2" {{
        from Internal;
        source 10.125.100.58;
        source-region none;
        to External;
        destination 1.1.1.1;
        destination-region none;
        user any;
        source-device any;
        destinataion-device any;
        category any;
        application/service 0:any/tcp/any/53;
        action allow;
        icmp-unreachable: no
        terminal yes;
}}

"Allow DNS_Objects-To-192.0.2.10; index: 4" {{
        from Internal;
        source [ 1.1.1.1 8.8.8.8 ];
        source-region none;
        to External;
        destination 192.0.2.10;
        destination-region none;
        user any;
        source-device any;
        destinataion-device any;
        category any;
        application/service [0:any/tcp/any/53 1:any/tcp/any/54 ];
        action allow;
        icmp-unreachable: no
        terminal yes;
}}

Help: execute the command "test security-policy-match"

Prompt: - paloalto_panos> - paloalto_panos#

show interface management#

Output:

-------------------------------------------------------------------------------
 Name: Management Interface
Link status:
  Runtime link speed/duplex/state: 1000/full/up
  Configured link speed/duplex/state: auto/auto/auto
MAC address:
  Port MAC address 08:66:1f:02:04:a3

Ip address: 10.0.1.5
Netmask: 255.255.255.0
 Default gateway: 10.0.1.1
Ipv6 address: unknown
Ipv6 link local address: fe80::a66:1fff:fe02:4a3/64
 Ipv6 default gateway:
-------------------------------------------------------------------------------


-------------------------------------------------------------------------------
 Logical interface counters:
-------------------------------------------------------------------------------
 bytes received                    264279971
bytes transmitted                 238725455
packets received                  279836
packets transmitted               291248
receive errors                    0
transmit errors                   0
receive packets dropped           0
transmit packets dropped          0
multicast packets received        0
-------------------------------------------------------------------------------

Help: execute the command "show interface management"

Prompt: - paloalto_panos> - paloalto_panos#