PAN-OS Command Line Interface Reference GuideRelease 2.1 PAN-OS™ Command Line Interface Reference Guide Release 2.1 11/4/08 Final Review Draft- Palo Alto Networks COMPANY CONFIDENTIAL Palo Alto Networks, Inc. www.paloaltonetworks.com © 2008 Palo Alto Networks. All rights reserved. Palo Alto Networks, PAN-OS, and Panorama are trademarks of Palo Alto Networks, Inc. All other trademarks are the property of their respective owners Part number: 810-000033-00A November 4, 2008 - Palo Alto Networks COMPANY CONFIDENTIAL Table of Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Typographical Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Notes, Cautions, and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Obtaining More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7 7 8 9 9 9 9 Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Understanding the PAN-OS CLI Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Accessing the PAN-OS CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Understanding the PAN-OS CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . 13 Understanding the PAN-OS CLI Command Conventions . . . . . . . . . . . . . . . . . . . . 13 Understanding Command Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Using Operational and Configuration Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Displaying the PAN-OS CLI Command Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Using Keyboard Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Understanding Command Option Symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Restricting Command Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Understanding Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Referring to Firewall Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Chapter 2 Understanding CLI Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Understanding Configuration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Using Configuration Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Understanding the Configuration Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Navigating Through the Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Understanding Operational Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Palo Alto Networks • 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . load . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . up . . . . . . . . . . . . . . . . . . . delete . . . save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 51 52 54 55 56 57 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 79 80 82 83 84 4 • Palo Alto Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . debug swm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . grep . debug dataplane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . request high-availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . debug dhcpd . . . . . . . . . . . . . . . . . . . . . . debug cli . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 Chapter 4 Operational Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . less . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . request content upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . debug tac-login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . debug high-availability-agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . edit . . . . . . . . . . . . . . . set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . debug netconfig-agent . . . . . debug vardata-receiver . . . . . . . . . . . . . . . . . . . . . . . .Chapter 3 Configuration Mode Commands . debug software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . debug keymgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . debug device-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . exit . . . . . . . . . . . . debug ez . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . request certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . quit . . . . . . . . . . . . . . debug ike . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . run . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . debug master-service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . debug log-receiver . . . . . . . . . . . . . . . request license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . rename . . . . . . . . . . . . . . . move . . . . . . . . . . . . . . . . . . . . . . . . . debug captive-portal . . . . debug routing . . . . . . . . . . . . . . . . . . . . . debug management-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 commit . . . . . . . . . . . . . . . . . . . . . exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . debug cpld . . . . . . . . . . . . . . . . top . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 show clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 request system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 show location . . . . . . . . . . . . . . . . . 105 show device-messages . . . . . . . . 112 show log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 show zone-protection . . . . . . . . . . . . . . . 123 show route . . . . . . . . . . . . . . 88 set application dump . . . . . . . . . . . . . . . . . 132 show target-vsys . . . . 102 show counter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 set zip . . 99 show cli . . 119 show proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 show arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 show multi-vsys . . . . . . . . 128 show statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 scp . . . 108 show high-availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 show pan-agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 show management-clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 set session . . 144 Palo Alto Networks • 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 set serial-number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 show report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 show logging . . . . . . . . . . . . . . . . 90 set cli . . . . . 109 show interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 show threat . . . . . . . . . . . . . . . . . . . . . . . . .request restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 show config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 show mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 show vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 show devicegroups . . . . . . . . . . . . . . . 135 show virtual-wire . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 show device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 tail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 show ctd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 show routing . . . . . . . . . . . 136 show vlan . . . . . 94 set target-vsys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 request support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 show admins . . . . . . . . . 98 show chassis-ready . . . . . . . . . . . . . . . . . . . . . . . . . 110 show jobs . . . . . . . 127 show session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 show dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 set logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 show zip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 show query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Index . . . . . . . . . . . . . . . . . . . . . tftp . . . . . . . . . . . . 249 253 6 • Palo Alto Networks . . .test . . . . . . . . . . . . . . . . . . . . . . . . . . . . view-pcap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Firewall Hierarchy . . . . . . . . 153 Panorama Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Appendix B PAN-OS CLI Keyboard Shortcuts . . . . . . . . . . . . . . traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 146 148 150 Appendix A Configuration Hierarchy . . . . . . . . . . . . . . . . . . “Configuration Mode Commands”—Contains command reference pages for Configuration mode commands. “Understanding CLI Command Modes”—Describes the modes used to interact with the PAN-OS CLI. “Operational Mode Commands”—Contains command reference pages for Operational mode commands. “Introduction”—Introduces and describes how to use the PAN-OS CLI. and provides command reference pages for each of the CLI commands. Chapter 2. Chapter 4. Palo Alto Networks Preface • 7 . 2008 . refer to the Palo Alto Networks Administrator’s Guide.Palo Alto Networks COMPANY CONFIDENTIAL Preface This preface contains the following sections: • • • • • • “About This Guide” in the next section “Organization” on page 7 “Typographical Conventions” on page 8 “Related Documentation” on page 9 “Obtaining More Information” on page 9 “Technical Support” on page 9 About This Guide This guide provides an overview of the PAN-OS™ command line interface (CLI). and maintaining the firewall and who require reference information about the PAN-OS CLI commands that they want to execute on a per-device basis. operating. Chapter 3. For an explanation of features and concepts.November 4. Organization This guide is organized as follows: • • • • Chapter 1. describes how to access and use the CLI. This guide is intended for system administrators responsible for deploying. element2 is a required variable for the move command. code examples. and screen output Example Use the configure command to enter Configuration mode. directories. Choice of values.static. indicated by a pipe symbol-separated list. Convention boldface Meaning Names of commands. “Configuration Hierarchy”—Contains command reference pages for Operational mode commands.com. i . or Uniform Resource Locators (URLs) Command syntax. and selectable items in the web interface Name of variables. [ ] (text enclosed in angle brackets) < > (text enclosed in square brackets) | (pipe symbol) Special keys or choice of required options. c . keywords.paloaltonetworks. files. > telnet [8bit] [port] host <tab> indicates that the tab key is pressed. configuration elements. 8bit and port are optional parameters. 8 • Preface Palo Alto Networks . The address of the Palo Alto Networks home page is http://www. The show arp all command yields this output: username@hostname> show arp all maximum of entries supported: 8192 default timeout: 1800 seconds total ARP entries in table: 0 total ARP entries shown: 0 status: s .complete.incomplete Enter the following command to exit from the current PAN-OS CLI level: # exit In the following command. “PAN-OS CLI Keyboard Shortcuts”—Describes the keyboard shortcuts supported in the PAN-OS CLI.• • Appendix A. Appendix B. > delete core <control-plane | data-plane> file filename The request support command includes options to get support information from the update server or show downloaded support information: > request support [check | info] italics courier font courier bold font Text that you enter at the command prompt Optional parameters. Typographical Conventions This guide uses the following typographical conventions for special terms and instructions. cautions. Online help—Click Help in the upper right corner of the GUI to access the online help system. Symbol Description NOTE Indicates helpful suggestions or supplementary information. Call 1-866-898-9087 (U.Notes.com.S. Technical Support For technical support.paloaltonetworks. and Warnings This guide uses the following symbols for notes. refer to: • • Palo Alto Networks website—Go to http://www.com.com. CAUTION Indicates information about which the reader should be careful to avoid data loss or equipment failure. and warnings. use the following methods: • • • Go to http://support. Cautions. and Mexico). Email us at: support@paloaltonetworks. WARNING Indicates potential danger that could involve bodily injury. Palo Alto Networks Preface • 9 . Canada. Related Documentation The following additional documentation is provided with the firewall: • • • Quick Start Hardware Reference Guide Palo Alto Networks Administrator’s Guide Obtaining More Information To obtain more information about the firewall.paloaltonetworks. 10 • Preface Palo Alto Networks . November 4. Access to the PAN-OS CLI is provided through SSH. and enter configuration mode. Chapter 3 describes each mode in detail. Telnet. Configuration mode—View and modify the configuration hierarchy. or direct console access. and modify the configuration. 2008 . Palo Alto Networks Introduction • 11 . The PAN-OS CLI operates in two modes: • • Operational mode—View the state of the system.Palo Alto Networks COMPANY CONFIDENTIAL Chapter 1 Introduction This chapter introduces and describes how to use the PAN-OS command line interface (CLI): • • • “Understanding the PAN-OS CLI Structure” in the next section “Getting Started” on page 12 “Understanding the PAN-OS CLI Commands” on page 13 Understanding the PAN-OS CLI Structure The PAN-OS CLI allows you to access the firewall. navigate the PAN-OS CLI. view status and configuration information. Telnet. or direct console connection is established. The default is admin. Open the console connection. Enter the administrative user name. 3. Note: Refer to the Hardware Reference Guide for hardware installation information and to the Quick Start for information on initial device configuration. Enter the administrative password. Use the following settings for direct console connection: • • • • • Data rate: 9600 Data bits: 8 Parity: none Stop bits: 1 Flow control: None Accessing the PAN-OS CLI To access the PAN-OS CLI: 1. and the CLI prompt is displayed: username@hostname> 12 • Introduction Palo Alto Networks . 4.Getting Started This section describes how to access and begin using the PAN-OS CLI: • • “Before You Begin” in the next section “Accessing the PAN-OS CLI” on page 12 Before You Begin Verify that the firewall is installed and that a SSH. The PAN-OS CLI opens in Operational mode. 2. The default is admin. the current hierarchy context is shown by the [edit.] banner presented in square brackets when a command is issued. Palo Alto Networks Introduction • 13 . the prompt changes from > to #: username@hostname> (Operational mode) username@hostname> configure Entering configuration mode [edit] (Configuration mode) username@hostname# In Configuration mode.Understanding the PAN-OS CLI Commands This section describes how to use the PAN-OS CLI commands and display command options: • • • • • • • • “Understanding the PAN-OS CLI Command Conventions” in the next section “Understanding Command Messages” on page 14 “Using Operational and Configuration Modes” on page 15 “Displaying the PAN-OS CLI Command Options” on page 15 “Using Keyboard Shortcuts” on page 16 “Understanding Command Option Symbols” on page 17 “Understanding Privilege Levels” on page 18 “Referring to Firewall Interfaces” on page 19 Understanding the PAN-OS CLI Command Conventions The basic command prompt incorporates the user name and model of the firewall: username@hostname> Example: username@hostname> When you enter Configuration mode.. Refer to “Using the Edit Command” on page 26 for additional information on the edit command.. the command is executed.1. The messages provide context information and can help in correcting invalid commands. and the candidate hierarchy changes are recorded. username@hostname> Each time you enter a command the syntax is checked. Example: Unknown command username@hostname# application-group Unknown command: application-group [edit network] username@hostname# Example: Changing modes username@hostname# exit Exiting configuration mode username@hostname> Example: Invalid syntax username@hostname> debug 17 Unrecognized command Invalid syntax.2.Understanding Command Messages Messages may be displayed when you issue a command. an invalid syntax message is presented. [edit] username@hostname# 14 • Introduction Palo Alto Networks . If the syntax is incorrect. If the syntax is correct.2 Unrecognized command Invalid syntax. as in the following example: username@hostname# set zone application 1. In the following examples. the message is shown in bold. • To enter Configuration mode from Operational mode. Displaying the PAN-OS CLI Command Options Use ? (or Meta-H) to display a list of command option. use the run command.Using Operational and Configuration Modes When you log in. use the quit or exit command: username@hostname# quit Exiting configuration mode username@hostname> • To enter an Operational mode command while in Configuration mode. as described in “run” on page 39. based on context: • To display a list of operational commands. username@hostname> ? clear Clear runtime parameters configure Manipulate software configuration information debug Debug and diagnose exit Exit this session grep Searches file for lines containing a pattern match less Examine debug file content ping Ping hosts and networks quit Exit this session request Make system-level requests scp Use ssh to copy file to another host set Set operational parameters show Show operational parameters ssh Start a secure shell to another host tail Print the last 10 lines of debug file content telnet Start a telnet session to another host username@hostname> Palo Alto Networks Introduction • 15 . You can move between Operational and Configuration modes at any time. enter ? at the command prompt. use the configure command: username@hostname> configure Entering configuration mode [edit] username@hostname# • To leave Configuration mode and return to Operational mode. the PAN-OS CLI opens in Operational mode. use specified interface + count Number of requests to send (1... for some it is the Esc key. all-ones.• To display the available options for a specified command. the Meta key is the Control key. For a complete list.. Example: admin@localhost> ping ? username@hostname> ping + bypass-routing Bypass routing table. For some clients. “PAN-OS CLI Keyboard Shortcuts”. Note: Some shortcuts depend upon the SSH client that is used to access the PAN-OS CLI.65468 bytes) + source Source address of echo request + tos IP type-of-service value (0. refer to Appendix B. 16 • Introduction Palo Alto Networks ..255 hops) + verbose Display detailed output + wait Delay after sending last packet (seconds) <host> Hostname or IP address of remote host username@hostname> ping Using Keyboard Shortcuts The PAN-OS CLI supports a variety of keyboard shortcuts. enter the command followed by ?.2000000000 packets) + do-not-fragment Don't fragment echo request packets (IPv4) + inet Force to IPv4 destination + interface Source interface (multicast.255) + ttl IP time-to-live value (IPv6 hop-limit value) (0. unrouted packets) + interval Delay between requests (seconds) + no-resolve Don't attempt to print addresses symbolically + pattern Hexadecimal fill pattern + record-route Record and report packet's path (IPv4) + size Size of request packets (0. username@hostname# set + action + application + description + destination + disabled + from + log-end + log-setting + log-start + negate-destination + negate-source + schedule + service + source + to > profiles <Enter> [edit] username@hostname# set rulebase security rules rule1 ? action application description destination disabled from log-end log-setting log-start negate-destination negate-source schedule service source to profiles Finish input rulebase security rules rule1 Each option listed with + can be added to the command. Table 1. the keyword from is required: username@hostname> scp import configuration ? + remote-port SSH port number on remote host * from Source (username@host:path) username@hostname> scp import configuration Example: This command output shows options designated with + and >. There are additional nested options for this command. as described in Table 1. There are additional command options for this command at this level. Example: In the following command.Understanding Command Option Symbols The symbol preceding an option can provide additional information about command syntax. The profiles keyword (with >) has additional options: username@hostname# set rulebase security rules rule1 profiles ? + virus Help string for virus + spyware Help string for spyware + vulnerability Help string for vulnerability + group Help string for group <Enter> Finish input [edit] username@hostname# set rulebase security rules rule1 profiles Palo Alto Networks Introduction • 17 . Option Symbols Symbol * > + Description This option is required. The following example shows how these symbols are used. 23:19:23 devicename: PA-HDF family: i386 model: pa-4050 serial: unknown sw-version: 1. 18 • Introduction Palo Alto Networks .0.10 netmask: 255. Table 2.Restricting Command Output Some operational commands include an option to restrict the displayed output. Privilege Levels Level superuser superreader vsysadmin vsysreader Description Has full access to the firewall and can define new administrator accounts and virtual systems.0-519 app-version: 25-150 threat-version: 0 url-filtering-version: 0 logdb-version: 1.8 username@hostname> The following sample displays only the system model information: username@hostname> show system info | match model model: pa-4050 username@hostname> Understanding Privilege Levels Privilege levels determine which commands the user is permitted to execute and the information the user is permitted to view.7.5.1. Has full access to a selected virtual system on the firewall. Table 2 describes the PAN-OS CLI privilege levels.255.0.0.1.0 default-gateway: 10. Has complete read-only access to the firewall.0. enter a pipe symbol followed by except or match and the value that is to be excluded or included: Example: The following sample output is for the show system info command: username@hostname> show system info hostname: PA-HDF ip-address: 10. Has read-only access to a selected virtual system on the firewall. To restrict the output.1 mac-address: 00:15:E9:2E:34:33 time: Fri Aug 17 13:51:49 2007 uptime: 0 days. as shown in Figure 1. as in the following example: username@hostname# set network interface ethernet ethernet1/4 virtual-wire Palo Alto Networks Introduction • 19 . ethernet1/1 1 3 5 7 9 11 13 ethernet1/15 15 2 4 6 8 10 12 14 16 ethernet1/2 ethernet1/16 Figure 1. Firewall Ethernet Interfaces Use these names when referring to the Ethernet interfaces within the PAN-OS CLI commands.Referring to Firewall Interfaces The Ethernet interfaces are numbered from left to right and top to bottom on the firewall. 20 • Introduction Palo Alto Networks . and values. commit command—Applies the candidate configuration to the firewall. The saved configuration is retained until overwritten by subsequent save commands. Entering a command makes changes to the candidate configuration. options.Palo Alto Networks COMPANY CONFIDENTIAL Chapter 2 Understanding CLI Command Modes This chapter describes the modes used to interact with the PAN-OS CLI • • “Understanding Configuration Mode” in the next section “Understanding Operational Mode” on page 27 Understanding Configuration Mode When you enter Configuration mode and enter commands to configure the firewall. Each configuration command involves an action. and may also include keywords. A committed configuration becomes the active configuration for the device. Note that this command does not make the configuration active. 2008 .November 4. The modified candidate configuration is stored in firewall memory and maintained while the firewall is running. • • • Palo Alto Networks Understanding CLI Command Modes • 21 . load command—Assigns the last saved configuration or a specified configuration to be the candidate configuration. This section describes Configuration mode and the configuration hierarchy: • • • “Using Configuration Mode Commands” in the next section “Understanding the Configuration Hierarchy” on page 23 “Navigating Through the Hierarchy” on page 25 Using Configuration Mode Commands Use the following commands to store and apply configuration changes (see Figure 2): • save command—Saves the candidate configuration in firewall non-volatile storage. you are modifying the candidate configuration. set command—Changes a value in the candidate configuration. your configuration changes could be lost if power is lost to the firewall. [edit] username@hostname# commit [edit] username@hostname# Note: If you exit Configuration mode without issuing the save or commit command.xml [edit] username@hostname# (enter a configuration Example: Make a change to the candidate configuration. Configuration Mode Command Relationship 22 • Understanding CLI Command Modes Palo Alto Networks .4/24 [edit] username@hostname# Example: Make the candidate configuration active on the device. [edit] username@hostname# set network interface vlan ip 1. Active Configuration Candidate Configuration Saved Configuration Commit Save Load Set Figure 2.snapshot. username@hostname# rename zone untrust to untrust1 command) [edit] username@hostname# save config to snapshot.xml Config saved to .1.Example: Make and save a configuration change.1. all the authorized changes to the candidate configuration will be consistent with each other. and then implement the new policy without leaving a window of vulnerability. if you are configuring two Ethernet interfaces.1. modify only the interface and IP address. } [edit] username@hostname# Palo Alto Networks Understanding CLI Command Modes • 23 . } ethernet1/3 { layer2 { units { ethernet1/3. With the PAN-OS approach. Understanding the Configuration Hierarchy The configuration for the firewall is organized in a hierarchical structure. and then apply the change to the second interface. copy the command. you can edit the configuration for the first interface.Maintaining a candidate configuration and separating the save and commit steps confers important advantages when compared with traditional CLI architectures: • Distinguishing between the save and commit concepts allows multiple changes to be made at the same time and reduces system vulnerability. For example. • The command structure is always consistent. Entering show displays the complete hierarchy. the following command displays the configuration hierarchy for the ethernet interface segment of the hierarchy: username@hostname# show network interface ethernet ethernet { ethernet1/1 { virtual-wire. } ethernet1/2 { virtual-wire. each with a different IP address. For example. } } } ethernet1/4. using a traditional CLI command structure would leave the system vulnerable for the period of time between removal of the existing security policy and addition of the new one. use the show command. Because the candidate configuration is always unique. • You can easily adapt commands for similar functions. To display a segment of the current hierarchy. while entering show with keywords displays a segment of the hierarchy. you configure the new security policy before the existing policy is removed. if you want to remove an existing security policy and add a new one. For example. .. Sample Hierarchy Segment For example.12/24. .12/24 to the Layer 3 interface for the Ethernet port ethernet1/4: [edit] username@hostname# set network interface ethernet ethernet1/4 layer3 ip 10.1. as shown in Figure 4 and in the output of the following show command: [edit] username@hostname# show network interface ethernet ethernet1/4 ethernet1/4 { layer3 { ip { 10. .1.1. as shown in Figure 3.... the following command assigns the IP address/netmask 10. network profiles interface vlan virtual-wire virtual-router ..1.... } } } [edit] username@hostname# 24 • Understanding CLI Command Modes Palo Alto Networks .1. loopback aggregate-ethernet vlan .1.Understanding Hierarchy Paths When you enter a command. ethernet . .... path is traced through the hierarchy. ethernet1/1 ethernet1/2 ethernet1/3 ethernet1/4 link-duplex auto link-state up virtual-wire link-speed 1000 Figure 3... .12/24 [edit] username@hostname# This command generates a new element in the hierarchy. 1.. Palo Alto Networks Understanding CLI Command Modes • 25 .. Navigation Commands Command edit up top Description Sets the context for configuration within the command hierarchy. Use the commands listed in Table 3 to navigate through the configuration hierarchy..1.. the banner [edit] indicates that the relative context is the top level of the hierarchy.. Table 3. .12/24 Figure 4... .. loopback aggregate-ethernet vlan .network profiles interface vlan virtual-wire virtual-router ..... . ethernet1/1 ethernet1/2 ethernet1/3 ethernet1/4 ip 10. whereas [edit network profiles] indicates that the relative context is at the network profiles node. Changes the context to the highest level in the hierarchy.. . Changes the context to the next higher level in the hierarchy. For example... ethernet . Sample Hierarchy Segment Navigating Through the Hierarchy The [edit..] banner presented below the Configure mode command prompt line shows the current hierarchy context. 26 • Understanding CLI Command Modes Palo Alto Networks . Example: [edit network interface vlan] username@hostname# top [edit] username@hostname# (network vlan level) (now at network vlan level) Note: The set command issued after using the up and top commands starts from the new context. as in the following examples: • Move from the top level to a lower level: [edit] (top level) username@hostname# edit network [edit network] username@hostname# (now at the network [edit network] level) • Move from one level to a lower level: [edit network] (network level) username@hostname# edit interface [edit network interface] admin@abce# (now at the network interface level) Using the Up and Top Commands Use the up and top commands to move to higher levels in the hierarchy: • up—changes the context to one level up in the hierarchy.Using the Edit Command Use the edit command to change context to lower levels of the hierarchy. Example: [edit network interface] admin@abce# up [edit network] username@hostname# (network level) (now at the network level) • top—changes context to the top level of the hierarchy. PAN-OS CLI navigation commands—Enter Configure mode or exit the PAN-OS CLI. Operational mode commands are of several types: • • • • • Network access—Open a window to another host. Monitoring and troubleshooting—Perform diagnosis and analysis. Includes ssh and telnet commands. Includes clear and show commands. and quit commands. Operational mode commands involve actions that are executed immediately. exit. the PAN-OS CLI opens in Operational mode. They do not involve changes to the configuration. Display commands—Display or clear current information. and do not need to be saved or committed. Palo Alto Networks Understanding CLI Command Modes • 27 . Includes set and request commands.Understanding Operational Mode When you first log in. Includes configure. System commands—Make system-level requests or restart. Includes debug and ping commands. 28 • Understanding CLI Command Modes Palo Alto Networks . Palo Alto Networks COMPANY CONFIDENTIAL Chapter 3 Configuration Mode Commands This chapter contains command reference pages for the following Configuration mode command types: • • • • • • • • • • • • • • • “commit” on page 30 “copy” on page 31 “delete” on page 32 “edit” on page 33 “exit” on page 34 “load” on page 35 “move” on page 36 “quit” on page 37 “rename” on page 38 “run” on page 39 “save” on page 40 “set” on page 41 “show” on page 42 “top” on page 43 “up” on page 44 Palo Alto Networks Configuration Mode Commands • 29 . 2008 .November 4. vsysadmin. # commit Required Privilege Level superuser. deviceadmin 30 • Configuration Mode Commands Palo Alto Networks . Syntax commit Options None Sample Output The following command makes the current candidate configuration the active configuration.commit commit Make the current candidate configuration the active configuration on the firewall. destination 1. [edit rulebase security] username@hostname# copy rules rule1 to rule2 [edit rulebase security] username@hostname# The following command shows the location of the new rule in the hierarchy. and add the copy to the same hierarchy level. Syntax copy [node1] to [node2] Options node1 node2 Specifies the node to be copied. deviceadmin Palo Alto Networks Configuration Mode Commands • 31 . Specifies the name of the copy.copy copy Make a copy of a node in the hierarchy along with its children. executed from the rule base security level of the hierarchy. vsysadmin.1/32 ].2/32.1.1. [edit rulebase security] username@hostname# show security { rules {s rule1 { source [ any 1.1.1.1.1.1/32 ].1. makes a copy of rule1. } } } Required Privilege Level superuser. called rule2. } rule2 { source [ any 1. destination 1. Sample Output The following command.1.2/32. username@hostname# delete application myapp [edit] username@hostname# Required Privilege Level superuser. vsysadmin.delete delete Remove a node from the candidate configuration along with all its children. Sample Output The following command deletes the application myapp from the candidate configuration. Syntax delete [node] Options node Specifies the hierarchy node to delete. Note: No confirmation is requested when this command is entered. deviceadmin 32 • Configuration Mode Commands Palo Alto Networks . [edit] username@hostname# edit rulebase [edit rulebase] username@hostname# Required Privilege Level superuser. deviceadmin Palo Alto Networks Configuration Mode Commands • 33 . vsysadmin. Sample Output The following command changes context from the top level to the network profiles level of the hierarchy. Syntax edit [context] Options context Specifies a path through the hierarchy.edit edit Change context to a lower level in the configuration hierarchy. exit exit Exit from the current PAN-OS CLI level. Provides the same result as the up command. From Configuration mode. Syntax exit Options None Sample Output The following command changes context from the network interface level to the network level. Note: The exit command is the same as the quit command. [edit network interface] username@hostname# exit [edit network] username@hostname# The following command changes from Configuration mode to Operational mode. top hierarchy level—Exits Configuration mode. From Configuration mode. lower hierarchy levels—Changes context to one level up in the hierarchy. • • • From Operational mode—Exits the PAN-OS CLI. returning to Operational mode. [edit] username@hostname# exit Exiting configuration mode username@hostname> Required Privilege Level All 34 • Configuration Mode Commands Palo Alto Networks . deviceadmin Palo Alto Networks Configuration Mode Commands • 35 .xml command succeeded [edit] username@hostname# Required Privilege Level superuser. Sample Output The following command assigns output.load load Assigns the last saved configuration or a specified configuration to be the candidate configuration. vsysadmin. [edit] username@hostname# load config from output.xml to be the candidate configuration. Syntax load config [from filename] Options filename Specifies the filename from which the configuration will be loaded. Moves element to be before element2. Sample Output The following command moves the security rule rule1 to the top of the rule base. deviceadmin 36 • Configuration Mode Commands Palo Alto Networks . Syntax move element [bottom | top | after element | before element] Options element element placement Specifies the items to be moved. Specifies the new location of the element: Option bottom top after before Description Makes the element the last entry of the hierarchy level. vsysadmin.move move Relocate a node in the hierarchy along with its children to be at another location at the same hierarchy level. Makes the element the first entry of the hierarchy level. element2 Indicates the element after or before which element1 will be placed. username@hostname# move rulebase security rules rule1 top [edit] username@hostname# Required Privilege Level superuser. Moves element to be after element2. quit quit Exit from the current PAN-OS CLI level. • • • From Operational mode—Exits the PAN-OS CLI. From Configuration mode, top hierarchy level—Exits Configuration mode, returning to Operational mode. From Configuration mode, lower hierarchy levels—Changes context to one level up in the hierarchy. Provides the same result as the up command. Note: The exit and quit commands are interchangeable. Syntax quit Options None Sample Output The following command changes context from the network interface level to the network level. [edit log-settings] username@hostname# quit [edit] username@hostname# The following command changes from Configuration mode to Operational mode. [edit] username@hostname# quit Exiting configuration mode username@hostname> Required Privilege Level All Palo Alto Networks Configuration Mode Commands • 37 rename rename Change the name of a node in the hierarchy. Syntax rename [node1] to [node2] Options node1 node2 Indicates the original node name. Indicates the new node name. Sample Output The following command changes the name of a node in the hierarchy from 1.1.1.1/24 to 1.1.1.2/24. username@hostname# rename network interface vlan ip 1.1.1.1/24 to 1.1.1.2/24 Required Privilege Level superuser, vsysadmin, deviceadmin 38 • Configuration Mode Commands Palo Alto Networks run run Execute an Operational mode command while in Configuration mode. Syntax run [command] Options command Specifies an Operational mode command. Sample Output The following command executes a ping command to the IP address 1.1.1.2 from Configuration mode. username@hostname# run ping 1.1.1.2 PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data. ... username@hostname# Required Privilege Level superuser, vsysadmin, deviceadmin Palo Alto Networks Configuration Mode Commands • 39 save save Saves a snapshot of the firewall configuration. Note: This command saves the configuration on the firewall, but does not make the configuration active. Use the commit command to make the current candidate configuration active. Syntax save config [to filename] Options filename Specifies the filename to store the configuration. The filename cannot include a hyphen (-). Sample Output The following command saves a copy of the configuration to the file savefile. [edit] username@hostname# save config to savefile Config saved to savefile [edit] username@hostname# Required Privilege Level superuser, vsysadmin, deviceadmin 40 • Configuration Mode Commands Palo Alto Networks set set Changes a value in the candidate configuration. Changes are retained while the firewall is powered until overwritten. Note: To save the candidate configuration in non-volatile storage, use the save command. To make the candidate configuration active, use the commit command. Syntax set [context] Options context Specifies a path through the hierarchy. Sample Output The following command assigns the ethernet1/4 interface to be a virtual wire interface. [edit] username@hostname# set network interface ethernet ethernet1/1 virtual-wire [edit] username@hostname# The following command sets the VLAN IP address to 1.1.1.4/32 from the network interface vlan level of the hierarchy. [edit network interface vlan] username@hostname# set ip 1.1.1.4/32 [edit network interface vlan] username@hostname# The following command locks an administrative user out for 15 minutes after 5 failed login attempts. username@hostname# set deviceconfig setting management admin-lockout 5 lockout-time 15 Required Privilege Level superuser, vsysadmin, deviceadmin Palo Alto Networks Configuration Mode Commands • 41 deviceadmin 42 • Configuration Mode Commands Palo Alto Networks . username@hostname# show The following commands can be used to display the hierarchy segment for network interface.show show Display information about the current candidate configuration. Syntax show [context] Options context Specifies a path through the hierarchy. • Specify context on the command line: show network interface • Use the edit command to move to the level of the hierarchy. and then use the show command without specifying context: edit network interface [edit network interface] show Required Privilege Level superuser. Sample Output The following command shows the full candidate hierarchy. vsysadmin. top top Change context to the top hierarchy level. [edit network] username@hostname# top [edit] username@hostname# Required Privilege Level All Palo Alto Networks Configuration Mode Commands • 43 . Syntax top Options None Sample Output The following command changes context from the network level of the hierarchy to the top level. Syntax up Options None Sample Output The following command changes context from the network interface level of the hierarchy to the network level.up up Change context to the next higher hierarchy level. [edit network interface] username@hostname# up [edit network] username@hostname# Required Privilege Level All 44 • Configuration Mode Commands Palo Alto Networks . 2008 .Palo Alto Networks COMPANY CONFIDENTIAL Chapter 4 Operational Mode Commands This chapter contains command reference pages for the following operational mode commands: • • • • • • • • • • • • • • • • • • • • “clear” on page 49 “configure” on page 51 “delete” on page 52 “debug captive-portal” on page 54 “debug cli” on page 55 “debug cpld” on page 56 “debug dataplane” on page 57 “debug device-server” on page 59 “debug dhcpd” on page 60 “debug ez” on page 61 “debug high-availability-agent” on page 62 “debug ike” on page 63 “debug keymgr” on page 64 “debug log-receiver” on page 65 “debug management-server” on page 66 “debug master-service” on page 67 “debug netconfig-agent” on page 68 “debug routing” on page 69 “debug software” on page 70 “debug swm” on page 71 Palo Alto Networks Operational Mode Commands • 45 .November 4. • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • “debug tac-login” on page 72 “debug vardata-receiver” on page 73 “exit” on page 74 “grep” on page 75 “less” on page 76 “ping” on page 77 “quit” on page 79 “request certificate” on page 80 “request content upgrade” on page 82 “request high-availability” on page 83 “request license” on page 84 “request restart” on page 85 “request support” on page 86 “request system” on page 87 “scp” on page 88 “set application dump” on page 90 “set cli” on page 91 “set logging” on page 92 “set serial-number” on page 93 “set session” on page 94 “set target-vsys” on page 95 “set zip” on page 96 “show admins” on page 97 “show arp” on page 98 “show chassis-ready” on page 99 “show cli” on page 100 “show clock” on page 101 “show config” on page 102 “show counter” on page 103 “show ctd” on page 104 “show device” on page 105 46 • Operational Mode Commands Palo Alto Networks . • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • “show device-messages” on page 106 “show devicegroups” on page 107 “show dhcp” on page 108 “show high-availability” on page 109 “show interface” on page 110 “show jobs” on page 111 “show location” on page 112 “show log” on page 113 “show logging” on page 115 “show mac” on page 116 “show management-clients” on page 117 “show multi-vsys” on page 118 “show pan-agent” on page 119 “show proxy” on page 120 “show query” on page 121 “show report” on page 122 “show routing” on page 123 “show route” on page 127 “show session” on page 128 “show statistics” on page 130 “show system” on page 132 “show target-vsys” on page 134 “show threat” on page 135 “show vlan” on page 137 “show vpn” on page 138 “show zip” on page 140 “show zone-protection” on page 141 “ssh” on page 142 “tail” on page 143 “telnet” on page 144 “test” on page 145 Palo Alto Networks Operational Mode Commands • 47 . • • • “tftp” on page 146 “traceroute” on page 148 “view-pcap” on page 150 48 • Operational Mode Commands Palo Alto Networks . clear clear Reset information. or statistics. sessions. Syntax clear application-signature statistics clear arp <all | interfacename> clear counter <all | global | interface> clear dhcp lease <all | interface name interfacename [ip ipaddr]> clear high-availability control-link statistics clear job jobid clear log type clear mac <value | all> clear query <all-by-session | id queryid> clear report <all-by-session | id reportid> clear session <id sessionid | all [filter rule]> clear statistics clear vpn <flow [tunnel-id tunnelid] | ike-sa [gateway gatewayid] | ipsec-sa [tunnel tunnelid]> Palo Alto Networks Operational Mode Commands • 49 . counters. Clears a specified session or all sessions. ike-sa ipsec-sa Sample Output The following command clears the session with ID 2245. Clears IKE or IPSec VPN run-time objects: flow Clears the VPN tunnel on the data plane.clear Options applicationsignature statistics arp counter dhcp lease job log mac session statistics vpn Clears application-signature statistics. Clears Address Resolution Protocol (ARP) information for a specified interface. or traffic. Clears download jobs. threat. global counters. Remove log files from disk. Clears interface counters. Specify the tunnel or press Enter to apply to all tunnels. Clears DHCP leases. Removes the active IKE SA and stops all ongoing key negotiations. config. username@hostname> clear session id 2245 Session 2245 cleared username@hostname> Required Privilege Level superuser. Specify the gateway or press Enter to apply to all gateways. deviceadmin 50 • Operational Mode Commands Palo Alto Networks . Refer to “show session” on page 128 for a description of the filter options when clearing all sessions. vsysadmin. Clears MAC address information for a specified VLAN or all addresses. Deactivate the IPsec SA for a tunnel or all tunnels. Specify the tunnel or press Enter to apply to all tunnels. or interface counters. or all. Specify all counters. Specify all or specify an interface and optional IP address. loopback. system. Specify the log type: acc. or VLAN. Clears all statistics. Specify the job id. username@hostname> configure Entering configuration mode [edit] username@hostname# Required Privilege Level superuser. vsysadmin.configure configure Enter Configuration mode. deviceadmin Palo Alto Networks Operational Mode Commands • 51 . enter the following command. Syntax configure Options None Sample Output To enter Configuration mode from Operational mode. ssl-optout-text threat-pcap directory directoryname unknown-pcap url-block-page user-file ssh-known-hosts virus-block-page 52 • Operational Mode Commands Palo Alto Networks . Cached policy compilations SSL reverse proxy keys. Control or data plane cores. Root certificates. License key file. Page presented to users when a web session is to be decrypted. Page presented to users when web pages are blocked due to spyware. SSH known hosts file. Page presented to users when web pages are blocked. Restores default page. Restores default page. Software image. Packet capture files for unknown sessions. Option captive-portal-text config saved filename content update filename core <control-plane | dataplan> file filename debug-filter file filename file-block-page license key filename pcap file filename policy-cache reverse-key file filename root-certificate file filename software image imagename spyware-block-page Description Text included in a captive portal. Page presented to users when web pages are blocked. Page presented to users when files are blocked. Content updates. Restores default page. Threat packet capture files in a specified directory. Saved configuration file. Debugging capture files. Restores default page. Syntax delete item Options item Specifies the type of file to be deleted.delete delete Remove files from disk or restores default comfort pages. Restores default page. which are presented when files or URLs are blocked. Packet capture files. deviceadmin Palo Alto Networks Operational Mode Commands • 53 . vsysadmin. username@hostname> delete spyware-block-page username@hostname> Required Privilege Level superuser.delete Sample Output The following command deletes the custom page presented to users when web pages are blocked due to spyware. Turns the debugging option off.debug captive-portal debug captive-portal Define settings for debugging the captive portal daemon. admin@PA-HDF> debug captive-portal on admin@PA-HDF> Required Privilege Level superuser vsysadmin 54 • Operational Mode Commands Palo Alto Networks . Turns the debugging option on. Sample Output The following command turns the debugging option on. Syntax debug captive-portal option Options show off on Shows whether this command is on or off. /var/mail/admin) (SHELL . /usr/local/bin:/bin:/usr/bin) (MAIL . Syntax debug cli option Options detail show off on Shows details information about the CLI connection.7. /opt/pancfg/mgmt) PAN_BUILD_TYPE : DEVELOPMENT Total Heap : 7.2 22) (SSH_TTY . /dev/pts/0) (TERM . admin) (LOGNAME .104 1109 10. /bin/bash) (SSH_CLIENT . vt100) (LINES .104 1109 22) (SSH_CONNECTION . 10.1.12 M admin@PA-HDF> Required Privilege Level superuser vsysadmin Palo Alto Networks Operational Mode Commands • 55 .debug cli debug cli Define settings and display information for debugging the CLI connection. admin@PA-HDF> debug cli detail Environment variables : (USER . 80) (PAN_BASE_DIR .1.31. 24) (COLUMNS .31.1. Sample Output The following command shows details of the CLI connection. Shows whether this command is on or off. Turns the debugging option on. admin) (HOME .00 M Used : 5. Turns the debugging option off.51 M Nursery : 0. 10. /home/admin) (PATH . Syntax debug cpld Options None Sample Output N/A Required Privilege Level superuser vsysadmin 56 • Operational Mode Commands Palo Alto Networks .debug cpld debug cpld Debug the complex programmable logic device (CPLD). Turn on dataplane debug logging. Debug dataplane task heartbeat.pcap Palo Alto Networks Operational Mode Commands • 57 . Reset settings for debugging the data plane. Specify parameters for dataplane debugging Show dataplane running information.1 11.2. Show current dataplane debug settings. admin@PA-HDF> debug dataplane pool statistics The following command turns dataplane filtering on and sets filter parameters. including checks of hardware and software utilization and buffer pool statistics. Turn off dataplane debug logging. Debug dataplane hardware component. clear device drop-filter filter fpga get internal memory mode off on pool pow process reset set show task-heartbeat unset Clear all dataplane debug logs. Debug the dataplane process for the high-availability agent (ha-agent) and management plane relay agent (mprelay). Debug packet scheduling engine. Debug buffer pools. Debug the field programmable gate array (FPGA). Syntax debug dataplane option Options The available sub-options depend on the specified option. Debug the dataplane internal state. Define a filter to capture dropped packets. Determine the packets to capture or send to a debug log file. Control dataplane debug logging mode. admin@PA-HDF> debug dataplane filter on admin@PA-HDF> debug dataplane filter set source 10. Examine dataplane memory.3 file abc. Clear the previously-set parameters for dataplane debugging Sample Output The following command shows the statistics for the dataplane buffer pools.debug dataplane debug dataplane Configure settings for debugging the data plane. debug dataplane Required Privilege Level superuser vsysadmin 58 • Operational Mode Commands Palo Alto Networks . Turn off debug logging. Display current debug log settings. Syntax debug device-server option Options clear dump off on reset set show test uset Clear all debug logs. admin@PA-HDF> debug device-server off tdb is on admin@PA-HDF> Required Privilege Level superuser vsysadmin Palo Alto Networks Operational Mode Commands • 59 . Dump the debug data. Turn on debug logging. Set debugging values. Remove current settings. Sample Output The following command turns off debug logging for the device server. Test the current settings.debug device-server debug device-server Configure settings for debugging the device server. Clear logging data. Syntax debug dhcpd option Options global pcap Define settings for the global DHCP daemon.debug dhcpd debug dhcpd Configure settings for debugging the Dynamic Host Configuration Protocol (DHCP) daemon. admin@PA-HDF> debug dhcpd global show tdb is on admin@PA-HDF> Required Privilege Level superuser vsysadmin 60 • Operational Mode Commands Palo Alto Networks . Sample Output The following command shows current global DHCP daemon settings. Define settings for debugging packet capture. Set parameters for EZ debugging. Sample Output The following command disables debugging of the EZ chip. Syntax debug ez option Options disable enable set show Turn EZ debugging off. Turn EZ debugging on. admin@PA-HDF> debug ez enable tdb is on admin@PA-HDF> Required Privilege Level superuser vsysadmin Palo Alto Networks Operational Mode Commands • 61 .debug ez debug ez Configure settings for debugging the EZ chip. Show EZ debugging information. Shows whether this command is on or off. Turn model checking with the peer on or off. Dump the internal state of the agent to its log. admin@PA-HDF> debug high-availability-agent model-check on tdb is on admin@PA-HDF> Required Privilege Level superuser vsysadmin 62 • Operational Mode Commands Palo Alto Networks . Turns the debugging option on. Sample Output The following command turns modeling checking on for the high availability agent. Turns the debugging option off. Syntax debug high-availability-agent option Options clear internal-dump model-check off on show Clear the debug logs.debug high-availability-agent debug high-availability-agent Configure settings for debugging the high availability agent. Sample Output The following command turns on the global options for debugging the IKE daemon. Configure packet capture settings. Configure socket settings. admin@PA-HDF> debug ike global on tdb is on admin@PA-HDF> Required Privilege Level superuser vsysadmin Palo Alto Networks Operational Mode Commands • 63 . Syntax debug ike option Options global pcap socket stat Configure global settings.debug ike debug ike Configure settings for debugging Internet Key Exchange (IKE) daemon. Show IKE daemon statistics. admin@PA-HDF> debug keymgr show sw.debug. Turn the settings off. Show key manager daemon information.keymgr. Turn the settings on.debug keymgr debug keymgr Configure settings for debugging the key manager daemon. Sample Output The following command shows the current information on the key manager daemon.global: normal admin@PA-HDF> Required Privilege Level superuser vsysadmin 64 • Operational Mode Commands Palo Alto Networks . Syntax debug keymgr option Options list-sa off on show Lists the IPSec security associations (SAs) that are stored in the key manager daemon. Show log receiver daemon statistics. Sample Output The following command turns log receiver debugging on. Turns the debugging option on. Syntax debug log-receiver option Options off on show statistics Turns the debugging option off. Shows whether this command is on or off. admin@PA-HDF> debug log-receiver on tdb is on admin@PA-HDF> Required Privilege Level superuser vsysadmin Palo Alto Networks Operational Mode Commands • 65 .debug log-receiver debug log-receiver Configure settings for debugging the log receiver daemon. debug management-server debug management-server Configure settings for debugging the management server. Debug the management server client. Syntax debug management-server option Options clear client off on show Clear all debug logs. Sample Output The following example turns management server debugging on. admin@PA-HDF> debug management-server on (null) admin@PA-HDF> Required Privilege Level superuser vsysadmin 66 • Operational Mode Commands Palo Alto Networks . Show management server debug statistics. Turn debugging off Turn debugging on. Syntax debug master-service option Options clear internal-dump off on show Clear all debug logs. Show debug settings. Sample Output The following command dumps the internal state of the master server to the log. Dump the internal state of the server to the log. admin@PA-HDF> debug master-service internal-dump tdb is on admin@PA-HDF> Required Privilege Level superuser vsysadmin Palo Alto Networks Operational Mode Commands • 67 .debug master-service debug master-service Configure settings for debugging the master service. Turn debugging off Turn debugging on. netconfig-agent. Syntax debug netconfig-agent option Options show off on Show whether this command is on or off.debug: off admin@PA-HDF> Required Privilege Level superuser vsysadmin 68 • Operational Mode Commands Palo Alto Networks . admin@PA-HDF> debug netconfig-agent show sw. Turn the debugging option off. Sample Output The following command shows the debug settings for the network configuration agent. Turn the debugging option on.debug netconfig-agent debug netconfig-agent Configure settings for debugging the network configuration agent. . mib pcap socket Show the MIB tables. list-mib Show the routing list with management information base (MIB) names. Turn on global debugging.debug routing debug routing Configure settings for debugging the route daemon. admin@PA-HDF> Required Privilege Level superuser vsysadmin Palo Alto Networks Operational Mode Commands • 69 . Show socket data. Sample Output The following command displays the MIB tables for routing. admin@PA-HDF> debug routing list-mib i3EmuTable (1 entries) ========================== sckTable (0 entries) sckSimInterfaceTable (0 entries) sckEiTable (0 entries) sckEaTable (0 entries) i3Table (0 entries) i3EiTable (0 entries) i3EaTable (0 entries) i3EtTable (0 entries) i3EmTable (0 entries) dcSMLocationTable (0 entries) dcSMHMTestActionObjects (0 entries) siNode (0 entries) siOSFailures (0 entries) siTraceControl (0 entries) siExecAction (0 entries) .. Show packet capture data. Syntax debug routing option Options fib global Turn on debugging for the forwarding table. Syntax debug software restart option Options device-server management-server web-server Restart the device server. admin@PA-HDF> debug software restart web-server tdb is on admin@PA-HDF> Required Privilege Level superuser vsysadmin 70 • Operational Mode Commands Palo Alto Networks . Restart the management server. Sample Output The following command restarts the web server. Restart the web server.debug software debug software Restart software processes to aid debugging. 0. Syntax debug swm option Options command history list refresh revert status unlock Run a software manager command.0.0-c206 admin@PA-HDF> Required Privilege Level superuser vsysadmin Palo Alto Networks Operational Mode Commands • 71 .0-c207 2.dev_base 2. Show the history of software installation operations.1.debug swm debug swm Configure settings for debugging the Palo Alto Networks software manager. Sample Output The following command shows the list of available software versions. Unlock the software manager.0-c1. Revert back to the last successfully installed software. admin@PA-HDF> debug swm list 2.1. Revert back to the last successfully installed content. List software versions that are available for installation. Show the status of the software manager.0-c4.dev 2. Disable TAC login. Turn off TAC login debugging permanently.debug tac-login debug tac-login Configure settings for debugging the Palo Alto Networks Technical Assistance Center (TAC) connection. admin@PA-HDF> debug tac-login on admin@PA-HDF> Required Privilege Level superuser vsysadmin 72 • Operational Mode Commands Palo Alto Networks . Syntax debug tac-login option Options enable disable permanently-disable Enable TAC login. Sample Output The following command turns TAC login debugging on. Turns the debugging option on. Sample Output The following command shows statistics for the variable data daemon. admin@PA-HDF> debug vardata-receiver statistics tdb is on admin@PA-HDF> Required Privilege Level superuser vsysadmin Palo Alto Networks Operational Mode Commands • 73 . Show log receiver daemon statistics. Shows whether this command is on or off.debug vardata-receiver debug vardata-receiver Configure settings for debugging the variable data daemon. Syntax debug vardata-receiver option Options off on show statistics Turns the debugging option off. Note: The exit command is the same as the quit command. Syntax exit Options None Sample Output N/A Required Privilege Level All 74 • Operational Mode Commands Palo Alto Networks .exit exit Exit the PAN-OS CLI. Prints the file name for each match.log file for occurrences of the string id:admin.log username@hostname> Required Privilege Level All Palo Alto Networks Operational Mode Commands • 75 . Indicates the log file to be searched. Prints the matching lines plus the specified number of lines that precede the matching lines. Ignores case distinctions. Prints the specified number of lines in the file for output context. Selects non-matching lines instead of matching lines. Sample Output The following command searches the ms. Prints a count of matching files for each input file. username@hostname> grep id:admin /var/log/pan/ms. Indicates the string to be matched. Stops reading a file after the specified number of matching lines.grep grep Find and list lines from log files that match a specified pattern. Syntax grep [after-context number] [before-context number] [context number] [count] [ignore-case] [invert-match] [line-number] [max-count] [nofilename] [with-filename] pattern file Options after-context before-context context count ignore-case invert-match line-number max-count no-filename with-filename pattern file Prints the matching lines plus the specified number of lines that follow the matching lines. Adds the line number at the beginning of each line of output. Does not add the filename prefix for output. .log /var/log/pan/devsrv.. Sample Output The following command lists the contents of the web application log. 1249 65009 2092 166 749 Required Privilege Level All 76 • Operational Mode Commands Palo Alto Networks .log /var/log/pan/pan_netconfig_agent.log /var/log/pan/masterd.less less Find and l List the contents of the specified log file. username@hostname> less ? /var/log/pan/appWeb.log /var/log/pan/ms. Syntax less file Options file Indicates the log file to be searched.log . record-route size source tos ttl verbose wait host Sample Output The following command checks network connectivity to the host 66.102. Specifies the number of ping requests to be sent. username@hostname> ping count 4 verbose 66. 4 received. 64 bytes from 66.66. Specifies the type of service (TOS) treatment for the packets by way of the TOS bit for the IP header in the ping packet. Specifies that the ping packets will use IP version 4.104: icmp_seq=1 ttl=243 time=476 64 bytes from 66. Specifies a delay in transmission of the ping request (seconds).7.104) 56(84) bytes of data.102. Specifies the size of the ping packets.104 PING 66.102. Specifies the host name or IP address of the remote host.7.7.104 (66.102.102. Requests a report on the path traveled by the ping packets.7.7.7. Requests complete details of the ping request. Provides IP address only without resolving to hostnames.7.102. Specifies the source IP address for the ping command.7. time 3023ms Palo Alto Networks Operational Mode Commands • 77 . specifying 4 ping packets and complete details of the transmission. Specifies the time-to-live (TTL) value for the ping packet (IPv6 hop-limit value) (0-255 hops). 0% packet loss. You can specify up to 12 padding bytes to fill out the packet that is sent as an aid in diagnosing datadependent problems. Syntax ping [bypass-routing] [count] [do-not-fragment] [inet] [no resolve] [pattern] [record-route] [size] [source] [tos] [ttl] [wait] host Options bypass-routing count do-not-fragment inet interval no-resolve pattern Sends the ping request directly to the host on a direct attached network. Specifies a custom string to include in the ping request.104: icmp_seq=2 ttl=243 time=376 64 bytes from 66.104. Specifies how often the ping packets are sent (0 to 2000000000 seconds).104: icmp_seq=3 ttl=243 time=201 ms ms ms ms --.102.102.ping ping Check network connectivity to a host.7.104 ping statistics --4 packets transmitted.102. Prevents packet fragmentation by use of the do-not-fragment bit in the packet’s IP header.104: icmp_seq=0 ttl=243 time=316 64 bytes from 66. bypassing usual routing table. deviceadmin 78 • Operational Mode Commands Palo Alto Networks .ping rtt min/avg/max/mdev = 201.595/99.521 ms. vsysadmin.816/476. pipe 2 username@hostname> Required Privilege Level superuser.718/342. Syntax quit Options None Sample Output N/A Required Privilege Level All Palo Alto Networks Operational Mode Commands • 79 . Note: The quit command is the same as the exit command.quit quit Exit the current session for the firewall. City. Passphrase for encrypting the private key. web-interface Sample Output The following command requests a self-signed certificate for the web interface with length 1024 and IP address 1. username@hostname> request certificate self-signed nbits 1024 name 1. Number of bits in the certificate (512 or 1024). country-code email locality nbits value organization organization unit state name passphrase Two-character code for the country in which the certificate will be used. campus. Organization using the certificate. Multiple options are supported. Generates the self-signed certificate.request certificate request certificate Generate a self-signed security certificate.1. Two-character code for the state or province in which the certificate will be used. IP address or fully qualified domain name (FQDN) to appear on the certificate. Email address of the contact person. purpose Requests the certificate for the specified purpose.1.1 for-use-by web-interface 80 • Operational Mode Commands Palo Alto Networks . or other local area. Specifies information to include in the certificate. Syntax request certificate [install for-use-by purpose | self-signed option for-use-by purpose] Options install self-signed option Installs the generated certificate.1. panorama-server Panorama server machine (used by Panorama to communicate with managed devices).1. Department using the certificate.1. Embedded web interface. vsysadmin. deviceadmin Palo Alto Networks Operational Mode Commands • 81 .request certificate Required Privilege Level superuser. vsysadmin. Show information about available application ID packages. Sample Output The following command lists information about the firewall server software. username@hostname> request content upgrade check Version Size Released on Downloaded ------------------------------------------------------------------------13-25 username@hostname> 10MB 2007/04/19 15:25:02 yes Required Privilege Level superuser. deviceadmin 82 • Operational Mode Commands Palo Alto Networks .request content upgrade request content upgrade Perform application level upgrade operations. Download application identification packages. Install application identification packages. Syntax request content upgrade [check | download latest | info | install latest] Options check download latest info install latest Obtain information from the Palo Alto Networks server. • disk-state—Synchronize the required on-disk state to the peer device. Set the high availability state of the device: • functional—Set the device to the functioning state. • running-config—Synchronize the running configuration to the peer device. deviceadmin Palo Alto Networks Operational Mode Commands • 83 . username@hostname> request high-availability state suspend Required Privilege Level superuser. • runtime-state—Synchronize the runtime synchronization state to the peer device.request high-availability request high-availability Perform operations related to high availability. • clock—Synchronize the local time and date to the peer device. vsysadmin. sync-toremote Perform configuration synchronization operations: • candidate-config—Synchronize the candidate configuration to the peer device. • suspend—Set the device to the suspended state. Syntax request high-availability clear-alarm-led request high-availability state <functional | suspend> request high-availability sync-to-remote <candidate-config | clock | disk-state | running-config | runtime-state> Options clearalarm-led state Clear the high-availability alarm LED. Sample Output The following command sets the high-availability state of the device to suspend. Displays information about currently owned licenses. vsysadmin. deviceadmin 84 • Operational Mode Commands Palo Alto Networks . Syntax request license [fetch [auth-code] | info | install] Options fetch info install Gets a new license key using an authentication code. Sample Output The following command requests a new license key with the authentication code 123456.request license request license Perform license-related operations. Installs a license key. username@hostname> request fetch auth-code 123456 Required Privilege Level superuser. vsysadmin. username@hostname> request restart software Required Privilege Level superuser. CAUTION: Using this command causes the firewall to reboot. resulting in the temporary disruption of network traffic. Sample Output The following command restarts all the firewall software.request restart request restart Restart the system or software modules. Restarts all system software Reboots the system. deviceadmin Palo Alto Networks Operational Mode Commands • 85 . Syntax request restart [dataplane | software | system] Options dataplane software system Restarts the dataplane software. Unsaved or uncommitted changes will be lost. Syntax request support [check | info] Options check info Get support information from the Palo Alto Networks update server. Sample Output The following command restarts the firewall software. Show downloaded support information. username@hostname> request support info Required Privilege Level superuser. vsysadmin.request support request support Obtain technical support information. deviceadmin 86 • Operational Mode Commands Palo Alto Networks . 0. Specifies the software version to download or install.0.gz 122MB 2007/02/13 00:00:00 no 1.2 panos.0.request system request system Download system software or request information about available software packages.tar.4050-1. Shows information about available software packages. username@hostname> request system software info Version Filename Size Released Downloaded ------------------------------------------------------------------------1.0-1746 PANOS-DEV-1746.tgz 122MB 2007/02/13 00:00:00 no username@hostname> Required Privilege Level superuser. Syntax request system [factory-reset | software [check | download [file | version] name] | info | install [file | version] name]] Options factoryreset check download info install file version name Resets the configuration to factory defaults. Downloads software packages.tar.0-20 PANOS-QA-20.4050-1. Sample Output The following command requests information about the software packages that are available for download. Specifies the file to download or install.0.tar. vsysadmin.2.1. deviceadmin Palo Alto Networks Operational Mode Commands • 87 .gz 127MB 2007/02/07 00:00:00 no 1. Downgrades to a downloaded software package.1 panos.gz 127MB 2007/02/07 00:00:00 no 1.0. Specifies the file or version name.0. Gets information from the Palo Alto Networks server. option Option application captive-portaltext configuration core-file debug pcap file-block-page filter log-file log-db packet-log spyware-blockpage ssl-optout-text tech-support trusted-cacertificate url-block-page virus-block-page web-interfacecertificate Description Application packet capture file. Enables downloading of a customizable HTML replacement message (comfort page) in place of a malware infected file. Comfort page to be presented when files are blocked due to spyware. Syntax scp export export-option [control-plane | data-plane] to target from source [remote-port portnumber] [source-ip address] scp import import-option [source-ip address] [remote-port portnumber] from source Options export export. Text to be included in a captive portal. 88 • Operational Mode Commands Palo Alto Networks . Log files. Configuration file. Comfort page to be presented when files are blocked due to a virus. Core file. Comfort page to be presented when files are blocked due to a blocked URL. IKE negotiation packet capture file. Certificate Authority (CA) security certificate.Specifies the type of file to export to the other host. Technical support information. File containing comfort pages to be presented when files are blocked. Logs of packet data. Filter definitions.scp scp Copy files between the firewall and another host. Web interface certificate. Log database. SSL optout text. 3. deviceadmin Palo Alto Networks Operational Mode Commands • 89 . SSL optout text. vsysadmin. Specifies the destination user in the format username@host:path. Technical support information. control-plane data-plane remote-port portnumber source-ip address to from Indicates that the file contains control information. Text to be included in a captive portal.4:/tmp/ certificatefile Required Privilege Level superuser. Specifies the source user in the format username@host:path. Log files.Specifies the type of file to import from the other host. option Option Description application captive-portaltext configuration core-file file-block-page filter ike-pcapc-file log-file log-db packet-log spyware-blockpage ssl-optout-text tech-support trusted-cacertificate url-block-page Application packet capture file. Comfort page to be presented when files are blocked due to spyware. Log database. Specifies the port number on the remote host. Configuration file. Core file.0. Indicates that the file contains information about data traffic. username@hostname> scp import ssl-certificate from user1@10. File containing comfort pages to be presented when files are blocked.0. IKE negotiation packet capture file.3. Logs of packet data.4. Comfort page to be presented when files are blocked due to a blocked URL. Specifies the source IP address.scp import import. Certificate Authority (CA) security certificate. Filter definitions. Sample Output The following command imports a license file from a file in user1’s account on the machine with IP address 10. set application dump set application dump Captures session packets for unknown applications. Specifies the zone. Specifies the application. Specifies the source user. Specifies the destination IP address. Turns application dump on. username@hostname> set application dump off username@hostname> Required Privilege Level superuser. Specifies the source port. Sample Output The following command turns packet capture for unknown applications off. Specifies the source IP address. Specifies the destination port. Specifies the destination user. deviceadmin 90 • Operational Mode Commands Palo Alto Networks . Specifies the limit. Specifies the protocol. Syntax set application dump [off | [on [application appname][destination destname][destination-port destport] [destination-user destuser] [from zone zonename][limit value][protocol protnumber][source-port sourcename][source-port sourceport][source-user sourceuser][to zone zonename] off on application appname destination destname destinationuser destuser destinationport destport zone zonename protocol protname limit value source sourcename source-user sourceuser source-port sourceport Turns application dump off. vsysadmin. username@hostname> set cli pager off username@hostname> Required Privilege Level superuser. Sample Output The following command turns the PAN-OS CLI pager option off. Syntax set cli [scripting-mode | pager | timeout [idle idle-value] [session session-value]] off | on Options scripting-mode pager timeout idle-value session-value off on Enables or disables scripting mode. Sets administrative session timeout values. Enables or disables pages. deviceadmin Palo Alto Networks Operational Mode Commands • 91 .set cli set cli Set scripting and pager options for the PAN-OS CLI. Turns the option on. Specifies the administrative session timeout (0-86400 seconds). vsysadmin. Specifies the idle timeout (0-86400 seconds). Turns the option off. vsysadmin. deviceadmin 92 • Operational Mode Commands Palo Alto Networks . Syntax set logging option value Options option Determines which of the following logging options is set.set logging set logging Set logging options for traffic and event logging. the queues may build up and eventually drop log messages. value Sets the value of the rate for the logging option: 0-5120 Sample Output The following command sets the logging rate to be a maximum of 1000 KB/second. Enables or disables suppression of log information. Specifies the maximum packet rate (0-5120 KB/s) Specifies the maximum logging rate (0-5120 KB/s) Note: max-packet-rate and max-log rate both affect the rate at which log messages are forwarded. and the log forwarding engine forwards the generated logs based on the log and packet rates. Generated log messages are kept in priority queues. username@hostname> set logging max-log-rate 1000 Logging rate changed to 1000 KB/s username@hostname> Required Privilege Level superuser. Option default log-suppression [yes | no] max-packet-rate max-log-rate Description Restores all log settings to default. If the rates are set too low. The serial number must be set for Panorama to connect to the update server. Sample Output The following command sets the Panorama serial number to 123456. Panorama admin Palo Alto Networks Operational Mode Commands • 93 . superuser (read only).set serial-number set serial-number (Panorama™ only) Configure the serial number of the Panorama machine. Syntax set serial-number value Options value Specifies the serial number or software license key. username@hostname> set serial-number 123456 username@hostname> Required Privilege Level superuser. Sets the accelerated aging threshold as a percentage of session utilization. Rejects non-synchronized TCP packets for session setup. Sets the session timeout value for UDP commands. Sets the session timeout value for ICMP commands. Sets the session timeout value for TCP commands. Sets the accelerated session aging scaling factor (power of 2). Specifies the debugging target or level. vsysadmin. Option acceleratedaging-enable acceleratedaging-scalingfactor acceleratedaging-threshold tcp-reject-nonsyn timeout-default Value no | yes Power of 2 Description Enables or disables accelerated session aging. Syntax set session [default | item value] Options default item value Restores all session settings to the default values. Power of 2 (1-100) no | yes Number of seconds timeout-icmp timeout-tcp timeout-tcpwait timeout-udp 1-15999999 1-15999999 Number of seconds 1-15999999 Sample Output The following command sets the TCP timeout to 1 second. username@hostname> set session timeout-tcpwait 1 username@hostname> Required Privilege Level superuser. Sets the session TCP wait timeout value in seconds.set session set session Set parameters for the networking session. deviceadmin 94 • Operational Mode Commands Palo Alto Networks . Sets the session default timeout value in seconds. the CLI prompt incorporates the vsys name. Note: When the target virtual system is set. username@hostname> set target-vsys vsys1 Session target vsys changed to vsys1 username@hostname vsys1>> Required Privilege Level superuser. In this mode. the page is imported or exported for the vsys. if possible. Commands that are not virtual-system-specific continue to work normally. if any command is executed. it executes for the vsys. Syntax set target-vsys vsys Options vsys Specifies the name of the target virtual system. Sample Output The following command shows information about target virtual systems. if you use secure copy to import or export a comfort page.set target-vsys set target-vsys Sets the target virtual system. For example. deviceadmin Palo Alto Networks Operational Mode Commands • 95 . vsysadmin. vsysreader 96 • Operational Mode Commands Palo Alto Networks . Disables automatic unzipping and inspection of zipped files. superreader. username@hostname> set zip enable yes username@hostname> Required Privilege Level superuser. deviceadmin. vsysadmin. Sample Output The following command enables automatic unzipping and inspection of zipped files.set zip set zip Determines whether zipped files are automatically unzipped and policies are applied to the unzipped contents. Syntax set zip enable <yes | no> Options yes no Enables automatic unzipping and inspection of zipped files. vsysadmin. Syntax show admins [all] Options all Lists the names of all administrators.0.132 Web 02/19 09:33:07 00:00:12s username@hostname> Required Privilege Level superuser.0. Sample Output The following command displays administrator information for the 10.0.32 firewall. username@hostname> show admins | match 10. vsysreader Palo Alto Networks Operational Mode Commands • 97 . superreader.0 Admin From Type Session-start Idle-for -------------------------------------------------------------------------admin 10.0.show admins show admins Display information about the active firewall administrators.0. deviceadmin. all ethernetn/m loopback vlan Shows information for all ARP tables. username@hostname> show arp ethernet1/1 maximum of entries supported : default timeout: total ARP entries in table : total ARP entries shown : status: s . vsysadmin.incomplete Required Privilege Level superuser.complete. i username@hostname> 8192 1800 seconds 0 0 . Sample Output The following command displays ARP information for the ethernet1/1 interface.show arp show arp Shows current Address Resolution Protocol (ARP) entries. Shows information for the specified interface. c . Syntax show arp interface Options interface Specifies the interface for which the ARP table is displayed. Shows VLAN information. superreader. deviceadmin.static. Shows loopback information. vsysreader 98 • Operational Mode Commands Palo Alto Networks . show chassis-ready show chassis-ready Shows whether the dataplane has a running policy. vsysreader Palo Alto Networks Operational Mode Commands • 99 . vsysadmin. deviceadmin. Syntax show chassis-ready Options None Sample Output The following command shows that the dataplane has a currently running policy. superreader. username@hostname> show chassis-ready yes username@hostname> Required Privilege Level superuser. superreader. vsysadmin. username@hostname> show cli info Process ID : 2045 Pager : enabled Vsys configuration mode : disabled username@hostname> Required Privilege Level superuser. vsysreader 100 • Operational Mode Commands Palo Alto Networks .show cli show cli Shows information about the current CLI session. Syntax show cli info Options None Sample Output The following command shows information about the current CLI session. deviceadmin. vsysreader Palo Alto Networks Operational Mode Commands • 101 . deviceadmin. superreader. vsysadmin. Syntax show clock Options None Sample Output The following command shows the current time.show clock show clock Shows the current time on the firewall. username@hostname> show clock Sun Feb 18 10:49:31 PST 2007 username@hostname> Required Privilege Level superuser. username@hostname> Required Privilege Level superuser. superreader.show config show config Shows the active configuration. vsysreader 102 • Operational Mode Commands Palo Alto Networks . deviceadmin. vsysadmin. username@hostname> show config | match vlan vlan { vlan. Syntax show config Options None Sample Output The following command shows the configuration lines that pertain to VLANs. vsysadmin. Syntax show counter [global | interface] Options global interface Shows global system counter information. deviceadmin. username@hostname> show counter interface hardware interface counters: -----------------------------------------------------------------------interface: ethernet1/1 -----------------------------------------------------------------------bytes received 0 bytes transmitted 0 packets received 0 packets transmitted 0 receive errors 0 packets dropped 0 -----------------------------------------------------------------------. superreader.. Shows system counter information grouped by interface. username@hostname> Required Privilege Level superuser. vsysreader Palo Alto Networks Operational Mode Commands • 103 .. Sample Output The following command displays all configuration counter information grouped according to interface.show counter show counter Display system counter information. Syntax show ctd threat threat_id application appid profile pfid Options threat_id application appid profile pfid Uniquely identifies the threat. superreader. action 0 action 0 means “default” action. username@hostname> Required Privilege Level superuser. admin@PA-HDF> show ctd threat 100000 application 108 profile 1 Profile 1 appid 108 . Identifies the profile.show ctd show ctd Show the threat signature information on the system. vsysadmin. Sample Output The following command shows an example with the default threat action. Shows the action of the threat action in the application. The following command shows an example with the no threat action. action ffff action “ffff” means “no” action. deviceadmin. username@hostname> show ctd threat 100000 application 109 profile 1 Profile 1 appid 109 . vsysreader 104 • Operational Mode Commands Palo Alto Networks . superuser (read only).7. Sample Output The following command shows information for connected devices. Panorama admin Palo Alto Networks Operational Mode Commands • 105 .show device show device (Panorama only) Show the state of managed devices. Shows information for all connected devices.1. Syntax show device-messages [all | connected] Options all connected Shows information for all managed devices. username@hostname> show devices connected Serial Hostname IP Connected -------------------------------------------------------------------------PA04070001 pan-mgmt2 10.2 yes last push state: none username@hostname> Required Privilege Level superuser. show device-messages show device-messages (Panorama only) Show information on the policy messages for devices. Panorama admin 106 • Operational Mode Commands Palo Alto Networks . Shows the messages only for the specified device group. superuser (read only). username@hostname> show device-messages device pan-mgmt2 group dg1 username@hostname> Required Privilege Level superuser. Syntax show device-messages [device] [group] Options device group Shows the messages only for the specified device. Sample Output The following command shows the device messages for the device pan-mgmt2 and the group dg1. superuser (read only). Syntax show devicegroups [name] Options name Shows the information only for the specified device group. Sample Output The following command shows information for the device group dg1.show devicegroups show devicegroups (Panorama only) Show information on device groups. Panorama admin Palo Alto Networks Operational Mode Commands • 107 .2 yes last push state: push succeeded vsys3 shared policy md5sum:dfc61be308c23e54e5cde039689e9d46(In Sync) username@hostname> Required Privilege Level superuser.1. username@hostname> show devicegroups dg1 ========================================================================== Group: dg3 Shared policy md5sum:dfc61be308c23e54e5cde039689e9d46 Serial Hostname IP Connected -------------------------------------------------------------------------PA04070001 pan-mgmt2 10.7. Syntax show dhcp lease <value | all> Options value all Identifies the interface (ethernetn/m) Shows all the lease information.66.66.1 00:15:c5:60:a5:b0 Tue Mar 11 16:12:09 2008 66.2 00:15:c5:e1:0d:b0 Tue Mar 11 16:08:01 2008 username@hostname> Required Privilege Level superuser.show dhcp show dhcp Show information on Dynamic Host Control Protocol (DHCP) leases. deviceadmin. superreader. vsysreader 108 • Operational Mode Commands Palo Alto Networks . vsysadmin.66.66. username@hostname> show dhcp all interface: ethernet1/9 ip mac expire 66. Sample Output The following command shows all lease information. vsysreader Palo Alto Networks Operational Mode Commands • 109 . vsysadmin. username@hostname> show high-availability path-monitoring ---------------------------------------------------------------------------path monitoring: disabled total paths monitored: 0 ---------------------------------------------------------------------------username@hostname> Required Privilege Level superuser. Syntax show high-availability [all | control-link statistics| linkmonitoring | path-monitoring | state | state-synchronization] Options all control-link statistics link-monitoring path-monitoring state statesynchronization Shows all high-availability information. Shows the link-monitoring state.show high-availability show high-availability Show runtime information for the high-availability subsystem. deviceadmin. Shows high-availability state information. Shows state synchronization statistics. superreader. Shows control-link statistic information. Sample Output The following command information for the high-availability subsystem. Shows path-monitoring statistics. Shows VLAN information. virtual system: (null) username@hostname> Required Privilege Level superuser. vsysreader 110 • Operational Mode Commands Palo Alto Networks . Sample Output The following command displays information about the ethernet1/2 interface. ID: 17 Operation mode: virtual-wire Virtual wire: default-vwire. Shows hardware information. peer interface: ethernet1/1 Interface management profile: N/A Zone: trust. Shows information for the specified interface. deviceadmin. ID: 17 Link status: Runtime link speed/duplex/state: auto/auto/auto Configured link speed/duplex/state: auto/auto/auto MAC address: Port MAC address 0:f:b7:20:2:11 Operation mode: virtual-wire ---------------------------------------------------------------------------Name: ethernet1/2. Shows logical interface information. all ethernetn/m hardware logical loopback vlan Shows information for all ARP tables. vsysadmin. superreader. Syntax show interface interface Options element Specifies the interface. Shows loopback information. username@hostname> show interface ethernet1/2 ---------------------------------------------------------------------------Name: ethernet1/2.show interface show interface Display information about system interfaces. username@hostname> show jobs processed Enqueued ID Type Status Result Completed -------------------------------------------------------------------------2007/02/18 09:34:39 2 AutoCom FIN OK 2007/02/18 09:34:40 2007/02/18 09:33:00 1 AutoCom FIN FAIL 2007/02/18 09:33:54 username@hostname> Required Privilege Level superuser. Identifies the process by number. vsysadmin. deviceadmin. Shows recent jobs that are waiting to be executed. superreader. Syntax show jobs [all | id number | pending | processed] Options all id number pending processed Shows information for all jobs.show jobs show jobs Display information about current system processes. Sample Output The following command lists jobs that have been processed in the current session. vsysreader Palo Alto Networks Operational Mode Commands • 111 . Shows recent jobs that have been processed. superreader. Syntax show location ip address Options address Specifies the IP address of the firewall.0 Brazil username@hostname> Required Privilege Level superuser. Sample Output The following command shows location information for the firewall 10.52. vsysadmin.0 201. username@hostname> show location ip 10.0.1 show location ip 201.1.1.1. deviceadmin.52.1.1.show location show location Show the geographic location of a firewall. vsysreader 112 • Operational Mode Commands Palo Alto Networks .0. or unauthorized). system. Indicates that the option is not equal to the specified value. Displays traffic logs. Indicates that the option is equal to the specified value. allow. Destination port. Option action app client command dport dst from receivetime in result rule severity sport src to Description Type of alarm action (alert. Displays system logs. informational) Source port. traffic). Destination IP address. Level of importance (critical. Rule name. high. medium. Type of client (CLI or web). succeeded. greater-thanor-equal less-than-orequal equal not-equal Indicates that the option is equal to the specified value.show log show log Display system logs. Restricts the output (the available options depend upon the keyword used in the command (threat. config. Result of the action (failed. Displays configuration logs. Palo Alto Networks Operational Mode Commands • 113 . low. Destination zone. Indicates that the option is not equal to the specified value. or drop) Application. Source IP address. Command. Syntax show log [threat | config | system | traffic] [equal | not-equal] option value Options threat config system traffic option value Displays threat logs. Time interval in which the information was received. Source zone. 135 create admin Web Succeeded 03/05 21:56:58 10.. username@hostname> Required Privilege Level superuser..135 edit admin Web Succeeded 03/05 22:03:22 10. vsysreader 114 • Operational Mode Commands Palo Alto Networks .0. superreader.135 edit admin Web Succeeded .0. deviceadmin.0.0.show log Sample Output The following command shows the configuration log.135 edit admin Web Succeeded 03/05 22:03:22 10. username@hostname> show log config Time Host Command Admin Client Result ============================================================================ === 03/05 22:04:16 10. vsysadmin.0.0.0.0. show logging show logging Show whether logging is enabled. vsysreader Palo Alto Networks Operational Mode Commands • 115 . superreader. username@hostname> show logging on username@hostname> Required Privilege Level superuser. deviceadmin. vsysadmin. Syntax show logging Options None Sample Output The following command shows that logging is enabled. MAC address (aa:bb:cc:dd:ee:ff format).incomplete vlan hw address interface status ttl --------------------------------------------------------------------------Vlan56 0:0:1:0:0:3 ethernet1/5 c 1087 Vlan56 0:0:1:0:0:4 ethernet1/6 c 1087 Vlan11-12 0:0:1:0:0:9 ethernet1/12 c 487 Vlan11-12 0:0:1:0:0:10 ethernet1/11 c 487 username@hostname> Required Privilege Level superuser.complete. Sample Output The following command lists all currently MAC address information. c . superreader. vsysadmin. i .static. username@hostname> show mac all maximum of entries supported : 8192 default timeout : 1800 seconds total MAC entries in table : 4 total MAC entries shown : 4 status: s . deviceadmin.show mac show mac Display MAC address information. vsysreader 116 • Operational Mode Commands Palo Alto Networks . Syntax show mac [value | all] Options value all Specifies a MAC address (aa:bb:cc:dd:ee:ff format). deviceadmin. vsysadmin. vsysreader Palo Alto Networks Operational Mode Commands • 117 . Syntax show management-clients Options None Sample Output The following command shows information about the internal management server clients. Progress: 0 Warnings: Errors: Required Privilege Level superuser. superreader.show management-clients show management-clients Show information about internal management server clients. username@hostname> show management-clients Client PRI State Progress ------------------------------------------------------------------------routed 30 P2-ok 100 device 20 P2-ok 100 ikemgr 10 P2-ok 100 keymgr 10 init 0 (op cmds only) dhcpd 10 P2-ok 100 ha_agent 10 P2-ok 100 npagent 10 P2-ok 100 exampled 10 init 0 (op cmds only) Overall status: P2-ok. deviceadmin. vsysadmin.show multi-vsys show multi-vsys Show if multiple virtual system mode is set. username@hostname> show multi-vsys on username@hostname> Required Privilege Level superuser. vsysreader 118 • Operational Mode Commands Palo Alto Networks . superreader. Syntax show multi-vsys Options None Sample Output The following command shows the current status of multiple virtual systems. deviceadmin.0.show pan-agent show pan-agent Show statistics or user information for the Palo Alto Networks agent. superreader. username@hostname> show pan-agent statistics IP Address Port Vsys State Users Grps IPs Recei ved Pkts ---------------------------------------------------------------------------10.22 2009 vsys1 connected. ok 5 864 2 1097 Required Privilege Level superuser. vsysadmin. Displays user information for the Palo Alto Networks agent.1. vsysreader Palo Alto Networks Operational Mode Commands • 119 .200.0. ok 134 77 95 5757 10. Sample Output The following command shows information about the Palo Alto Networks agent.100 2011 vsys1 connected. Syntax show pan-agent <statistics | user-IDs> Options statistics user-IDs Displays full information about the Palo Alto Networks agent. vsysreader 120 • Operational Mode Commands Palo Alto Networks . Sample Output The following command shows the current proxy settings. Displays the current proxy settings. Syntax show [certificate-cache | notify-cache | setting] Options certificate-cache notify-cache setting Displays the proxy certificate cache. username@hostname> show proxy setting Ready: Enable proxy: Enable ssl: Notify user: no yes yes yes username@hostname> Required Privilege Level superuser. Displays the proxy notification cache. superreader. vsysadmin. deviceadmin.show proxy show proxy Displays information about the proxy that is used for the Secure Socket Layer (SSL) decryption function. Syntax show query <jobs | id value> Options jobs id value Displays all job information. Displays job information for the specified ID. username@hostname> show query jobs Enqueued ID Last Upd -------------------------------------------------------------------------13:58:19 16 13:58:19 Type ID Dequeued? ----------------------------------------------------- Required Privilege Level superuser. superreader.show query show query Show information about query jobs. vsysadmin. Sample Output The following command shows information about all current query jobs. deviceadmin. vsysreader Palo Alto Networks Operational Mode Commands • 121 . username@hostname> show report jobs Enqueued ID Last Updated dev/skip/req/resp/proc -------------------------------------------------------------------------username@hostname> username@hostname> Required Privilege Level superuser. Sample Output The following command shows the current jobs. Displays information on all jobs. deviceadmin. vsysreader 122 • Operational Mode Commands Palo Alto Networks . superreader. vsysadmin.show report show report Displays information about process jobs. Syntax show [id number | jobs] Options id number jobs Displays information about the job with the specified ID number. Palo Alto Networks Operational Mode Commands • 123 . Specify an individual virtual router or all. Shows the OSPF LS database details. Shows OSPF interface status. Shows status of virtual links. Specify one of the following (virtual router is optional). area dumplsdb interface lsdb neighbor summary virt-link virt-neighbor Show OSPF area status. Shows the LS database status. ospf rip all Shows OSPF rules Shows RIP rules. Specify one of the following (virtual router is optional). Shows OSPF summary status. Shows neighbor status. Shows all redistribution rules. Shows OSPF virtual neighbor status. Syntax show routing fib [virtual-router name] show routing protocol [virtual-router name] ospf <area | dumplsdb | interface | lsdb | neighbor | summary | virt-link | virt-neighbor> show routing protocol [virtual-router name] redist <all | ospf | rip> show routing protocol [virtual-router name] rip <database | interface | peer | summary> show routing resource show routing route [destination ip/netmask][interface interfacename] [nexthop ip/netmask][type <connect | ospf | rip | static>] [virtual-router name] show routing summary Options fib protocol ospf Shows forwarding table entries. protocol redist Shows redistribution rule entries.show routing show routing Display routing run-time objects. Shows OSPF information. 5. resources route Shows resource usage.54.22. Shows the RIP summary information. Restricts the result according to type of route: connect and host routes.1.1.22 interface: 35.1.1 interface: 1. Optionally specify any of the following options.1. Specify one of the following options (virtual router is optional). or static.1. username@hostname> show routing summary virtual-router vr1 VIRTUAL ROUTER: vr1 (id 1) ========== OSPF area id: 0.1.1 interface: 1.1.1.1 interface: 2.22.0. ospf.3.254 dynamic neighbors: IP 35.1.1.54. rip.1.6.1 ID 200.35.15.2. Shows RIP peer status.168.1.33 ID *down* static neighbor: IP 65.35 ========== RIP interface: 2.168.1.1 ID 35. Sample Output The following command shows summary routing information for the virtual router vrl.0 interface: 192.77.1. destination interface nexthop type virtual-router Restricts the result to a specified subnet (IP address/mask).1. Restricts the result to a specified network interface.1 124 • Operational Mode Commands Palo Alto Networks .88 ID *down* interface: 22. Restrict the result to a specified virtual router. summary Shows summary information.1.1 area id: 1.35.1 interface: 1.0.1 static neighbor: IP 65.7. Restricts the result to a the next hop from the firewall (IP address/mask). Shows RIP interface status.show routing protocol rip Shows RIP information. database interface peer summary Shows RIP route database.15.2 dynamic neighbors: IP 200. Shows route entries.1.1.40 interface: 192.254 interface: 200. 1.22/24 35.15.7.22.1/24 1.254/24 ethernet1/18 33 vr1 down 2.22.1/24 ethernet1/15 30 vr1 up 192.254/24 ethernet1/16 31 vr1 up 192.1.254 200.6.show routing interface: interface: interface: interface: ========== INTERFACE ========== interface name: interface index: virtual router: operation status: IPv4 address: IPv4 address: ========== interface name: interface index: virtual router: operation status: IPv4 address: ========== interface name: interface index: virtual router: operation status: IPv4 address: IPv4 address: IPv4 address: ========== interface name: interface index: virtual router: operation status: IPv4 address: ========== interface name: interface index: virtual router: operation status: IPv4 address: ========== interface name: interface index: virtual router: operation status: IPv4 address: username@hostname> 22.22.1.1/24 1.2/24 ethernet1/7 22 vr1 up 1.1.1.1/24 Palo Alto Networks Operational Mode Commands • 125 .1.168.1.1.2 ethernet1/1 16 vr1 up 22.1.2.1.1.40 192.6.15.40/24 ethernet1/3 18 vr1 up 200.22 35.3.168.168.22.1. 22 35.22.6.152.1. vsysadmin.1.15. username@hostname> show routing protocol rip summary ========== virtual router: reject default route: interval seconds: update intervals: expire intervals: delete intervals: interface: interface: interface: interface: interface: ========== virtual router: reject default route: interval seconds: update intervals: expire intervals: delete intervals: interface: interface: interface: vr1 yes 1 30 180 120 2.1.0 30.show routing The following command shows dynamic routing protocol information for RIP.0. superreader.2 newr yes 1 30 180 120 0.1. vsysreader 126 • Operational Mode Commands Palo Alto Networks .168.31 151.153.22.1.0. deviceadmin.30.40 192.30.254 200.154 Required Privilege Level superuser.1 22. show route show route Display current Secure Socket Layer (SSL) proxy settings. deviceadmin. Syntax show route ip address virtual-router name Options ip address virtual-router name Specifies the destination IP address. vsysreader Palo Alto Networks Operational Mode Commands • 127 . Sample Output The following command shows the current SSL proxy settings for the virtual router vrouter. vsysadmin. Specifies the name of the virtual router. superreader. username@hostname> show route ip address virtual-router vrouter on username@hostname> Required Privilege Level superuser. Sample Output The following command displays summary statistics about current sessions. Specifies the flow type (regular or predict). Specifies the destination port. Specifies the sourced IP address. closing. Specifies the condition for the filter (active. Specifies the destination IP address.show session show session Show session information. Displays session statistics. Specifies the source port. Specifies the application. or opening). Specifies the source user name. Specifies the destination user name. Specifies the protocol. Specifies the source. discard. initial. username@hostname> show session info ------------------------------------------------------------------------number of sessions supported: 2097151 number of active sessions: 8 session table utilization: 0% number of sessions created since system bootup: 21 128 • Operational Mode Commands Palo Alto Networks . closed. Syntax show session [all | info] [filter [application appname][destination destname][destination-port destport][destination-user destuser][from zone zonename][limit value][protocol protnumber][source-port sourcename][source-user sourceuser][state state]] [type type]] Options all info application appname destination destname destination-port destport destination-user destuser from protocol protname source sourcename source-port sourceport source-user sourceuser state state to type type Displays all active sessions. Specifies the destination. 191[138]/1/17 192.191[4069]/1/6 192.168.168.10.10[6667]/2 ACTIVE FLOW app.10.199[1025]/1/17 4.10[6667]/2 ACTIVE FLOW 20 192.168. deviceadmin.2.10.reject non-SYN first packet: yes --------------------------------------------------------------------------- The following command lists all current sessions.10. 0 ms-ds-smb 0 netbios-dg netbios-dg dns 0 0 Required Privilege Level superuser.199[2219]/1/6 10.2.10.168.10.10.255[138]/2 ACTIVE FLOW 6 192.10.10.10[6667]/2 ACTIVE FLOW 4 192.168. vsysadmin.10.10.10.show session --------------------------------------------------------------------------session timeout TCP default timeout: 3600 seconds TCP session timeout after FIN/RST: 5 seconds UDP default timeout: 600 seconds ICMP default timeout: 6 seconds other IP default timeout: 1800 seconds ---------------------------------------------------------------------------session accelerated aging: enabled accelerated aging threshold: 80% of utilization scaling factor: 2 X --------------------------------------------------------------------------session setup TCP .10. vsysreader Palo Alto Networks Operational Mode Commands • 129 .10[6667]/2 ACTIVE FLOW 13 192.168.168.199[2261]/1/6 10. username@hostname> show session all number of sessions: 8 ID/vsys src[sport]/zone/proto dest[dport]/zone state type 19 192.10.10.199[2195]/1/6 10.168.1[53]/2 CLOSING FLOW 9 192.10.10.168.199[138]/1/17 192.199[2187]/1/6 10.168.168. superreader.199[139]/2 DISCARD FLOW 22 192.10.10.255[138]/2 ACTIVE FLOW 21 192. show statistics show statistics Show firewall statistics. Syntax show statistics Options None Sample Output The following command displays firewall statistics. username@hostname> show statistics TASK PID N_PACKETS CONTINUE ERROR DROP BYPASS TERMINATE 0 0 0 0 0 0 0 0 1 806 6180587 6179536 39 0 0 1012 2 807 39312 37511 0 0 0 1801 3 808 176054840 173273080 2289 2777524 0 1947 4 809 112733251 111536151 1744 1194906 0 450 5 810 66052142 65225559 1271 825010 0 302 6 811 49682445 49028991 909 652227 0 318 7 812 43618777 43030638 712 587129 0 298 8 813 41255949 40706957 708 548031 0 253 9 814 42570163 42010404 714 558773 0 272 10 815 7332493 7332494 0 0 0 0 11 816 19620028 19620028 0 0 0 0 12 817 12335557 12335557 0 0 0 0 13 818 0 0 0 0 0 0 14 819 6105056 6105056 0 0 0 0 task 1(pid: 806) flow_mgmt task 2(pid: 807) flow_ctrl flow_host task 3(pid: 808) flow_lookup flow_fastpath flow_slowpath flow_forwarding flow_np task 4(pid: 809) flow_lookup flow_fastpath flow_slowpath flow_forwarding flow_np task 5(pid: 810) flow_lookup flow_fastpath flow_slowpath flow_forwarding flow_np task 6(pid: 811) flow_lookup flow_fastpath flow_slowpath flow_forwarding flow_np task 7(pid: 812) flow_lookup flow_fastpath flow_slowpath flow_forwarding flow_np task 8(pid: 813) flow_lookup flow_fastpath flow_slowpath flow_forwarding flow_np task 9(pid: 814) flow_lookup flow_fastpath flow_slowpath flow_forwarding flow_np task 10(pid: 815) appid_result task 11(pid: 816) ctd_nac ctd_token ctd_detector task 12(pid: 817) ctd_nac ctd_token ctd_detector task 13(pid: 818) proxy_packet task 14(pid: 819) pktlog_forwarding 130 • Operational Mode Commands Palo Alto Networks . show statistics Required Privilege Level superuser, vsysadmin, deviceadmin, superreader, vsysreader Palo Alto Networks Operational Mode Commands • 131 show system show system Show system information. Syntax show system type Options type Specifies the type of system information to be displayed. info services software status state [browser | filter | value] Shows network address and security information. Shows the current system services and whether they are running. Shows software version information. Shows the system tree. The browser displays the information in a text-mode browser. The filter option allows you to limit the information that is displayed. The * wildcard can be used. Shows device, packet rate, throughput, and session information. Enter q to quit or h to get help. statistics Sample Output The following command displays system information. username@hostname> show system info hostname: mgmt-device ip-address: 10.1.7.1 netmask: 255.255.0.0 default-gateway: 10.1.0.1 radius-server: 127.0.0.1 radius-secret: xxxxxxxx 132 • Operational Mode Commands Palo Alto Networks show system The following command displays the system tree entries that begin with the string cfg.env.slot1. username@hostname> show system state filter cfg.env.slot1* cfg.env.slot1.power0.high-limit: “1.26” cfg.env.slot1.power0.low-limit: “1.0” cfg.env.slot1.power1.high-limit: “1.26” cfg.env.slot1.power1.low-limit: “1.14” cfg.env.slot1.power2.high-limit: “1.575” cfg.env.slot1.power2.low-limit: “1.425” cfg.env.slot1.power3.high-limit: “1.89” cfg.env.slot1.power3.low-limit: “1.71” ... Required Privilege Level superuser, vsysadmin, deviceadmin, superreader, vsysreader Palo Alto Networks Operational Mode Commands • 133 show target-vsys show target-vsys Show information about the target virtual systems. Syntax show target-vsys Options None Sample Output The following command shows information about target virtual systems. username@hostname> show target-vsys vsys1 username@hostname> Required Privilege Level superuser, vsysadmin, deviceadmin, superreader, vsysreader 134 • Operational Mode Commands Palo Alto Networks show threat show threat Show threat ID descriptions. Syntax show threat id value Options value Specifies the threat ID. Sample Output The following command shows threat ID descriptions for ID 11172. username@hostname> show threat id 11172 This signature detects the runtime behavior of the spyware MiniBug. MiniBug, also known as Weatherbug, installs other spyware, such as WeatherBug, and My Web Search Bar. It is also adware program that displays advertisements in its application window. medium http://www.spywareguide.com/product_show.php?id=2178 http://www.spyany.com/program/article_spw_rm_Minibug.htm username@hostname> Required Privilege Level superuser, vsysadmin, deviceadmin, superreader, vsysreader Palo Alto Networks Operational Mode Commands • 135 Sample Output The following command displays information for the default virtual wire interface. Shows information for all virtual wire interfaces. deviceadmin. superreader. vsysadmin. username@hostname> show virtual-wire default-vwire total virtual-wire shown : 1 name interface1 interface2 -----------------------------------------------------------------------------default-vwire ethernet1/1 ethernet1/2 username@hostname> Required Privilege Level superuser. vsysreader 136 • Operational Mode Commands Palo Alto Networks . Syntax show virtual-wire [value | all] Options value all Specifies a virtual wire interface.show virtual-wire show virtual-wire Show information about virtual wire interfaces. no. username@hostname> show vlan all vlan { Vlan56 { interface [ stp { enabled } rstp { enabled } } Vlan11-12 { interface [ stp { enabled } rstp { enabled } } } username@hostname> ethernet1/5 ethernet1/6 ]. vsysreader Palo Alto Networks Operational Mode Commands • 137 . Shows information for all virtual wire interfaces. no. Sample Output The following command displays information for all VLANs. superreader. no.show vlan show vlan Show VLAN information. ethernet1/11 ethernet1/12 ]. deviceadmin. Syntax show vlan [value | all] Options value all Specifies a virtual wire interface. Required Privilege Level superuser. no. vsysadmin. Syntax show show show show show vpn vpn vpn vpn vpn flow [tunnel-id tunnelid] gateway [gateway gatewayid] ike-sa [gateway gatewayid] ipsec-sa [tunnel tunnelid] tunnel [name tunnelid] Options flow gateway ike-sa ipsec-sa tunnel name Shows information about the VPN tunnel on the data plane.3DES][SHA1] 90-sec Total 1 tunnels found.show vpn show vpn Show VPN information.0. Shows information about the active IKE SA. Sample Output The following command shows VPN information for the auto key IPsec tunnel k1.1 35. Shows information about the VPN tunnel. username@hostname> show vpn tunnel name g2 GwID Name Peer Address/ID Local Address/ID ---. Specify the tunnel or press Enter to apply to all tunnels. Specify the tunnel or press Enter to apply to all tunnels. Specify the gateway or press Enter to apply to all gateways. username@hostname> Protocol Proposals ---------------Auto(main) 138 • Operational Mode Commands Palo Alto Networks . 0 error username@hostname> The following command shows VPN information for the IKE gateway g2.3DES][SHA1] 28800-sec Total 1 gateways found. Shows information about IPsec SA tunnels.--------------------------------3 falcon-kestrel 35.0/0 ESP tunl [DH2][AES128. Specify the tunnel or press Enter to apply to all tunnels.15.0.0/0 0.15. username@hostname> show vpn tunnel name k1 TnID Name(Gateway) Local Proxy ID Local Proxy ID Proposals ------------------------------------------7 pan5gt(pan-5gt) 0.0. 0 ipsec sa found.1. Specify the gateway or press Enter to apply to all gateways.1. 0 error.40 [PSK][DH2][AES128. Shows information about auto-key IPSec tunnels.0. Shows IKE gateway information. Specify the tunnel or press Enter to apply to all tunnels. 0 ike sa found. superreader. deviceadmin. vsysadmin.show vpn Required Privilege Level superuser. vsysreader Palo Alto Networks Operational Mode Commands • 139 . vsysadmin. username@hostname> show zip setting zip engine is enabled username@hostname> Required Privilege Level superuser.show zip show zip Shows whether ability to unzip a file and apply the policy on the uncompressed content is enabled. The default is enable. deviceadmin. superreader. Syntax show zip setting Options None Sample Output The following command shows that the unzip option is enabled. vsysreader 140 • Operational Mode Commands Palo Alto Networks . show zone-protection show zone-protection Shows the running configuration status and run time statistics for zone protection elements. Sample Output The following command shows statistics for the trust zone. vsysreader Palo Alto Networks Operational Mode Commands • 141 . Syntax show zone-protection [zone zonename] Options zonename Specifies the name of a zone. vsys vsys1. deviceadmin. profile custom-zone-protection ---------------------------------------------------------------------------tcp-syn enabled: no ---------------------------------------------------------------------------udp RED enabled: no ---------------------------------------------------------------------------icmp RED enabled: no ---------------------------------------------------------------------------other-ip RED enabled: no ---------------------------------------------------------------------------packet filter: discard-ip-spoof: enabled: no discard-ip-frag: enabled: no discard-icmp-ping-zero-id: enabled: no discard-icmp-frag: enabled: no discard-icmp-large-packet: enabled: no reply-icmp-timeexceeded: enabled: no username@hostname> Required Privilege Level superuser. vsysadmin. superreader. username@hostname> show zone-protection zone trust --------------------------------------------------------------------------Zone trust. ssh ssh Open a secure shell (SSH) connection to another host.0.250 user@10. username@hostname> ssh v2
[email protected] using SSH version 2.0.250's password: # Required Privilege Level superuser.0. Sample Output The following command opens an SSH connection to host 10. vsysadmin. Specifies the IP address of the other host. (default 22) Specifies a source IP address. Specifies SSH version 1 or 2 (default is version 2) Specifies a user name on the other host. Syntax ssh [inet] [port number] [source address] [v1 | v2] [user@]host Options inet port source version user@ host Specifies that IP version 4 be used.0. Specifies a port on the other host.0.0. deviceadmin 142 • Operational Mode Commands Palo Alto Networks . Specifies the debug file. deviceadmin Palo Alto Networks Operational Mode Commands • 143 . Sample Output The following command displays the last 10 lines of the /var/log/pan/masterd. instead of the last 10. vsysadmin. username@hostname> tail /var/log/pan/masterd. Syntax tail [follow] [lines] file Options follow lines file Adds appended data as the file grows.log file.tail tail Print the last 10 lines of a debug file. Lists the last N lines.log [09:32:46] Successfully started process 'mgmtsrvr' instance '1' [09:32:47] Successfully started process 'appWeb' instance '1' [09:32:47] Started group 'pan' start script 'octeon' with options 'start' [09:32:48] Process 'appWeb' instance '1' exited normally with status '7' [09:32:48] Process 'appWeb' instance '1' has no further exit rules [09:32:53] Successfully started process 'pan-ez-agent' instance '1' [09:32:53] Process 'pan-ez-agent' instance '1' exited normally with status '0' [09:32:53] Process 'pan-ez-agent' instance '1' has no further exit rules [09:32:54] Successfully started process 'pan_netconfig_agent' instance '1' [09:32:54] Finished initial start of all processes username@hostname> Required Privilege Level superuser. deviceadmin 144 • Operational Mode Commands Palo Alto Networks .2.5.5 Required Privilege Level superuser.2.5 using 8-bit data.5. vsysadmin. Specifies the port number for the other host. Syntax telnet [8bit] [port] host Options 8bit port host Indicates that 8-bit data will be used. Specifies the IP address of the other host. username@hostname> telnet 8bit 1.telnet telnet Open a Telnet session to another host. Sample Output The following command opens a Telnet session to the host 1. Specifies the source IP address for the test. Syntax test nat policy-match source src-ip destination dst-ip destination-port port protocol protocol from zone1 to zone2 test nat policy-match application name source src-ip destination dst-ip destination-port port protocol protocol from zone1 to zone2 test routing fib-lookup ip ipaddress virtual router virtualrouterid test vpn flow [ike-sa [gateway gatewayid] | ipsec-sa [tunnel tunnelid]> Options name src-ip dst-ip port zone1 zone2 fib-lookup ike-sa ipsec-sa Specifies the name of an application.test test Run tests based on installed security policies. Performs the tests for IPsec SA (and IKE SA if necessary).1 destination 192. Specifies the destination security zone. Specifies the source security zone. Enter any to include all applications. Specify a tunnel or press Enter to run the test for all tunnels. Specifies the route to test within the active routing table.1 protocol 6 destination-port 80 source-user known-user Matched rule: 'rule1' action: allow username@hostname> Required Privilege Level superuser.0. vsysadmin. deviceadmin Palo Alto Networks Operational Mode Commands • 145 .0.0. Specifies the destination port for the test. Performs the tests only for the negotiated IKE SA. Sample Output The following command tests whether the set of criteria will match any of the existing rules in the security rule base. Specify an IP address and virtual router. Specifies the destination IP address for the test.168. username@hostname> test security-policy-match from trust to untrust application google-talk source 10. Specify a gateway or press Enter to run the test for all gateways. Comfort page to be presented when files are blocked due to spyware.Specifies the type of file to export to the other host. Text to be included in a captive portal. IKE negotiation packet capture file. Log database. Web interface certificate 146 • Operational Mode Commands Palo Alto Networks . Log files. Configuration file. Comfort page to be presented when files are blocked due to a blocked URL.tftp tftp Use Trivial File Transfer Protocol (TFTP) to copy files between the firewall and another host. SSL optout text. Logs of packet data. Certificate Authority (CA) security certificate. File containing comfort pages to be presented when files are blocked. Comfort page to be presented when files are blocked due to a virus. Technical support information. Core file. option Option application captive-portaltext configuration core-file debug-pcap file-block-page filter log-file log-db packet-log spyware-blockpage ssl-optout-text tech-support trusted-cacertificate url-block-page virus-block-page web-interfacecertificate Description Application packet capture file. Syntax tftp [export export-option [control-plane | data-plane] to target | import import-option] [remote-port portnumber] [from source] Options export export. Filter definitions. username@hostname> tftp import ssl-certificate from user1@10. Configuration file. Certificate Authority (CA) security certificate.3. SSL private key file.4:/tmp/ certificatefile Required Privilege Level superuser. License key file. Specifies the port number on the remote host. The following command imports a license file from a file in user1’s account on the machine with IP address 10. File containing comfort pages to be presented when files are blocked. Comfort page to be presented when files are blocked due to spyware.4. SSL optout text.0. Web interface certificate control-plane data-plane port-number target source Indicates that the file contains control information. deviceadmin Palo Alto Networks Operational Mode Commands • 147 . Specifies the destination in the format username@host:path.tftp import import. Indicates that the file contains information about data traffic. vsysadmin. Specifies the file to be copied in the format username@host:path. option Option Description captive-portal-text configuration content file-block-page license private-key software spyware-block-page ssl-decryptioncertificate ssl-optout-text trusted-cacertificate url-block-page virus-block-page web-interfacecertificate Text to be included in a captive portal.0.3. SSL decryption certificate. Database content. Comfort page to be presented when files are blocked due to a virus. Software package. Comfort page to be presented when files are blocked due to a blocked URL.Specifies the type of file to import from the other host. Specifies the source IP address for the command. Does not attempt to print resolved domain names.traceroute traceroute Display information about the route packet taken to another host. Sends the request directly to the host on a direct attached network. Sets the time to pause between probes (milliseconds). Sets the do-not-fragment bit. Enables socket level debugging. Specifies the type of service (TOS) treatment for the packets by way of the TOS bit for the IP header in the ping packet (0-255). Specifies a loose source router gateway (maximum 8). bypassing usual routing table. 148 • Operational Mode Commands Palo Alto Networks . Syntax traceroute [base-udp-port port][bypass-routing][debug-socket][do-notfragment][first-ttl ttl][gateway][icmp-echo][max-ttl ttl][noresolve][pause][source ip][toggle-ip-checksums][tos][verbose][wait] host Options base-udp-port port bypass-routing debug-socket do-not-fragment first-ttl ttl gateway icmp-echo max-ttl ttl no-resolve pause source ip toggle-ipchecksums tos verbose wait host Specifies the base UDP port used in probes (default is 33434). Toggles the IP checksum of the outgoing packets for the traceroute command. Sets the time-to-live in the first outgoing probe packet in number of hops. Sets the maximum time-to-live in number of hops. Uses ICMP ECHO requests instead of UDP datagrams. Requests complete details of the traceroute request. Specifies the IP address or domain name of the other host. Specifies a delay in transmission of the traceroute request (seconds). available.xo.att.246) 12.146) 93.795 ms 7 so-0-0-0.352 ms ge5-0-0.att.0.122.xo.19) 58.dfw2.1 (10.dsl.ip.246) 556.dlrtx.ip.122.125.12.212 ms so-1-21.speakeasy.069 ms 206.32.53 (72.xo.097 ms 60.12.sfo1.above.1) 16.us.88.124.186.124.speakeasy.us.190 ms 4 ge5-0-0.ptr.0.13.32.141) 13.net (64.012 ms 64.core1.106.146.462 ms MPLS Label=32537 CoS=0 TTL=1 S=1 9 64.12.us.6.768 ms 581.sffca.5.111.6) 60.sfo1.mar2.net (206.net (12.10.37) 219.ptr.865 ms 3 dsl027-182-001.182.17.6) 74.278 ms so-0-00.att.142.189) 1.551 ms 110.net (64.348 ms p1-0.123.com (72.399 ms 1.32.5.437 ms 2 64.ip.us.available.16. 30 hops max.traceroute Sample Output The following command displays information about the route from the firewall to www.3.26) 62.us.net (207. username@hostname> traceroute www.mpr3.com traceroute to www.123.paloalto-ca.cr1.1.net (65.977 ms 557.225.125.27.169) 173.54) 61.225) 1.sfo1.875 ms tbr1p013201.sffca.137) 273.xo. deviceadmin Palo Alto Networks Operational Mode Commands • 149 .fremont-ca.3.313 ms 6 p1-0.dsl.net (64.us.225.27.above. vsysadmin.123.ge-0-00.us.28.sjc2.27.net (12.935 ms 221.pao1.178) 92.29.net (64.27.288 ms 0.sjc2.mar2.la2ca.124.12.13.199.129.66) 58.above. 38 byte packets 1 10.66) 52.123.net (64.83.53) 342.142.paloaltoca.3.049 ms gar1p360.net (65.0.speakeasy.547 ms 5 ge-5-3-0.net (72.net (207.com (72.ip.177) 13.paloaltonetworks.net (216.189) 12.37.169) 108.0.rar2.sanjose-ca.dfw1.google.net (64.5.net (69.net (12.617 ms vlan901.mpr2.27.att.27.49) 60.429 ms 11 gar1p360.0.033 ms 8 tbr1p013201.above.net (64.dlstx.21) 218.ptr.ptr.80.us.27.net (64.mpr1.xo.ip.21) 59.53).125.above.dfw1.726 ms so-3-20.xo.11.com.net (12.us.xo.net (209.1.16.1) 0.420 ms 64.net (12.above.910 ms dsl027-186189.199.dlrtx.537 ms 10 tbr1cl20.27.128.net (12.881 ms 60.3.att.80.net (65.12.rackspace.10.xo.106.178) 139.6.21) 228.124.ir1.mpr2.us.199.net (216.us.102 ms 12 72.106.above.713 ms aggr5a.12.88.125.net (64.111.fremontca.533 ms 64.us.cr1.us.899 ms username@hostname> Required Privilege Level superuser.xo.828 ms tbr1cl3.paloaltonetworks.rackspace.ir1.225) 1.212 ms p4-00.att.ip.0.sjc2.249.us. Syntax view-pcap option filename Options option Specifies the type of information to report. Displays the maximum output details. Displays each packet (minus link header) in hex. Does not print domain name qualification of host names.. Option absolute-seq delta hex hex-ascii hex-ascii-link hex-link link-header no-dns-lookup no-port-lookup no-qualification timestamp undecoded-nfs unformattedtimestamp verbose verbose+ verbose++ filename Description Displays absolute TCP sequence numbers. Displays verbose output. Displays each packet (minus link header) in hex and ASCII. Displays an unformatted timestamp. Displays a delta (in micro-seconds) between current and previous line. 150 • Operational Mode Commands Palo Alto Networks . Displays each packet (including link header) in hex. Does not convert host addresses to names. Displays timestamp proceeded by date. Displays more verbose output.view-pcap view-pcap Examine the content of packet capture files. Does not convert protocol and port numbers to names. Displays each packet (including link header) in hex and ASCII. Name of the packet capture file. Displays the link-level header on each dump line. Displays undecoded NFS handles. l2-lan-o 0x0090: 7574 2c77 6562 2d62 726f 7773 696e 672c
[email protected]: UDP...1.. deviceadmin Palo Alto Networks Operational Mode Commands • 151 ..0.08:34:34.c<117 0x0020: 3e41 7072 2020 3233 2030 383a 3334 3a33 >Apr.search-en 0x0140: 6769 6e65 732c 696e 666f 726d 6174 696f gines.0.. 0x00a0: 7673 7973 312c 6c32 2d6c 616e 2d74 7275 vsys1...Forw 0x00e0: 6172 6420 746f 204d 696b 652c 3034 2f32 ard.0.08:34:3 0x0030: 3420 312c 3034 2f32 3320 3038 3a33 343a 4.0.0.l2-lan-untrus 0x00c0: 742c 6574 6865 726e 6574 312f 3132 2c65 t.local.alert 0x0120: 2c77 7777 2e79 6168 6f6f 2e63 6f6d 2f70 .80.08:34: 0x0040: 3334 2c54 4852 4541 542c 7572 6c2c 312c 34.gif?. 0x0010: 0a00 006c 8074 0202 0142 d163 3c31 3137 .209.83645 0x0100: 372c 322c 3438 3632 2c38 302c 302c 302c 7.. 0x0080: 302e 302e 302e 302c 6c32 2d6c 616e 2d6f 0.0.0.view-pcap Sample Output The following command displays the contents of the packet capture file /var/session/pan/ filters/syslog.www.pcap reading from file /var/session/pan/filters/syslog.0.0.tcp(6)..l2-lan-tru 0x00b0: 7374 2c6c 322d 6c61 6e2d 756e 7472 7573 st. username@hostname> view-pcap hex-ascii /var/session/pan/filters/syslog.ethernet1/12.131 0x0070: 2e33 362e 3135 382c 302e 302e 302e 302c .1 0x0060: 302e 302e 302e 3838 2c32 3039 2e31 3331 0.922899 IP 10..informatio 0x0150: 6e61 6c2c 3000 nal.com/p 0x0130: 2e67 6966 3f2c 2c73 6561 7263 682d 656e .pcap.08:34:25.yahoo.$8.web-browsing.0. vsysadmin.pcap in ASCII and hex formats.158. Required Privilege Level superuser. 0x0050: 3034 2f32 3320 3038 3a33 343a 3235 2c31 04/23.paloaltonetworks.04/23.to.0.B. 0x0110: 3078 302c 7463 7028 3629 2c61 6c65 7274 0x0. length 314 0x0000: 4500 0156 0000 4000 4011 2438 0a00 00f4 E.THREAT. link-type EN10MB (Ethernet) 08:34:31.t.88.2.244.e 0x00d0: 7468 6572 6e65 7431 2f31 312c 466f 7277 thernet1/11.32884 > jdoe.36.4862.0.04/2 0x00f0: 3320 3038 3a33 343a 3334 2c38 3336 3435 3.@. view-pcap 152 • Operational Mode Commands Palo Alto Networks . depth 0-10000.. match { string { pattern <value>. Palo Alto Networks • 153 . endian little|big. number-of-bytes 1|2|4. } } OR. l4-payload-length <value>. <name> { engine-version <value>. source-port <value>.Palo Alto Networks COMPANY CONFIDENTIAL Appendix A CONFIGURATION HIERARCHY This appendix presents the complete firewall configuration hierarchies for the application identification firewall and for Panorama: • • “Firewall Hierarchy” in the next section “Panorama Hierarchy” on page 245 Firewall Hierarchy shared { signature { REPEAT.. l3-payload-length <value>. payload-length-validate { byte-offset 0-65535.November 4. per-packet-match yes|no. protocol <value>. rules { REPEAT. destination-ip <value>. destination-port <value>. header { source-ip <value>... ignore-case yes|no. discount 1-65535. offset 0-1000000... <name> { direction client-to-server|server-to-client|any. 2008 . application <value>. pervasive-use yes|no. technology <value>. } } application-filter { REPEAT. able-to-transfer-file yes|no.. OR. } } address { REPEAT. ident-by-ip-protocol 0-255.... subcategory [ <subcategory1> <subcategory2>. ].. ]. tunnel-other-application yes|no. } } address-group { REPEAT.. ]... <name> { default { port [ <port1> <port2>. used-by-malware yes|no...... description <value>. ip-range <ip-range>. has-known-vulnerability yes|no. ]... OR.. } } } allowed-applications { enable-all { except [ <except1> <except2>... prone-to-misuse yes|no. consume-big-bandwidth yes|no.. evasive-behavior yes|no. ]. risk 1-5. ].. <name> { ip-netmask <ip/netmask>. subcategory <value>. 154 • Palo Alto Networks .. <name> { category [ <category1> <category2>.. tcp-timeout 0-604800. disable-all { except [ <except1> <except2>. <name> [ <entry1> <entry2>. timeout 0-604800. } OR. } category <value>.... } application { REPEAT.. udp-timeout 0-604800.} } } rule-match match-in-order|match-all|match-any. . pervasive yes. udp { port <0-65535.. <name> { server <ip>. to <value>.... <name> { protocol { tcp { port <0-65535. risk [ <risk1> <risk2>. <name> [ <entry1> <entry2>. facility LOG_USER|LOG_LOCAL0|LOG_LOCAL1|LOG_LOCAL2|LOG_LOCAL3|LOG_LOCAL4|LOG_LOCAL5|L OG_LOCAL6|LOG_LOCAL7.. ].. <name> { manager <ip>. } } syslog { REPEAT.. } OR. and-also-to <value>. ]. excessive-bandwidth-use yes.. } log-settings { snmptrap { REPEAT. evasive yes.. used-by-malware yes. tunnels-other-apps yes. <name> [ <entry1> <entry2>. prone-to-misuse yes.technology [ <technology1> <technology2>... community <value>. } } } } service-group { REPEAT. transfers-files yes. } } application-group { REPEAT.. <name> { display-name <value>... } } email { REPEAT.. has-known-vulnerabilities yes.. from <value>. ]. port 1-65535.. } service { REPEAT. ]........>..>. Palo Alto Networks • 155 ... } } low { send-to-panorama yes|no. } send-syslog { using-syslog-setting <value>. } send-syslog { using-syslog-setting <value>. } } system { informational { send-to-panorama yes|no.gateway <value>. } } critical { send-to-panorama yes|no. } } high { send-to-panorama yes|no. } } medium { send-to-panorama yes|no. } send-syslog { using-syslog-setting <value>. } send-syslog { using-syslog-setting <value>. 156 • Palo Alto Networks . } send-email { using-email-setting <value>. send-snmptrap { using-snmptrap-setting <value>. send-snmptrap { using-snmptrap-setting <value>. send-snmptrap { using-snmptrap-setting <value>. } send-email { using-email-setting <value>. } send-email { using-email-setting <value>. send-snmptrap { using-snmptrap-setting <value>. send-snmptrap { using-snmptrap-setting <value>. } send-email { using-email-setting <value>. } send-email { using-email-setting <value>. send-snmptrap { using-snmptrap-setting <value>. } send-syslog { using-syslog-setting <value>. send-email { using-email-setting <value>. } send-email { using-email-setting <value>. <name> { alarm { informational { send-to-panorama yes|no.} send-syslog { using-syslog-setting <value>. Palo Alto Networks • 157 .. } } } config { any { send-to-panorama yes|no. } } high { send-to-panorama yes|no.. } send-syslog { using-syslog-setting <value>. send-snmptrap { using-snmptrap-setting <value>. } send-email { using-email-setting <value>. } } medium { send-to-panorama yes|no. } send-syslog { using-syslog-setting <value>. send-snmptrap { using-snmptrap-setting <value>. } } } profiles { REPEAT. } send-syslog { using-syslog-setting <value>. } } low { send-to-panorama yes|no. } send-email { using-email-setting <value>. . } send-syslog { using-syslog-setting <value>. packet-capture yes|no. } } } traffic { any { send-to-panorama yes|no. <name> { action default|allow|alert|block.. } send-email { using-email-setting <value>. } } } 158 • Palo Alto Networks .. send-snmptrap { using-snmptrap-setting <value>. } } application { REPEAT. } send-email { using-email-setting <value>. decoder { REPEAT. } send-email { using-email-setting <value>. <name> { description <value>... } send-syslog { using-syslog-setting <value>..send-snmptrap { using-snmptrap-setting <value>. } send-syslog { using-syslog-setting <value>. <name> { action default|allow|alert|block. } } } } } } profiles { virus { REPEAT. send-snmptrap { using-snmptrap-setting <value>. } } critical { send-to-panorama yes|no. .. simple { packet-capture yes|no. medium default|allow|alert|block... custom { REPEAT. } } } packet-capture yes|no... low default|allow|alert|block. action default|alert|drop|drop-all-packets|reset-both|resetclient|reset-server. <name> { spyware default|allow|alert|block. download-protection { decoder { REPEAT. high default|allow|alert|block. <name> { description <value>. <name> { description <value>.. Palo Alto Networks • 159 . } server { critical default|allow|alert|block.. client { critical default|allow|alert|block. high default|allow|alert|block. } } } } } vulnerability { REPEAT.. informational default|allow|alert|block. <name> { packet-capture yes|no. adware default|allow|alert|block.. } OR. } } application { REPEAT.} spyware { REPEAT.. adware default|allow|alert|block. phone-home-detection { simple { packet-capture yes|no. <name> { spyware default|allow|alert|block. high default|allow|alert|block. medium default|allow|alert|block. critical default|allow|alert|block.. low default|allow|alert|block. informational default|allow|alert|block. ... credit-card-numbers { weight 1-255.. ].. ]. <name> { description <value>. ]. allow-list [ <allow-list1> <allow-list2>.. license-expired block|allow.. ]... <name> { description <value>. informational default|allow|alert|block. action block|continue|override|alert.. } } } } url-filtering { REPEAT. } } } } data-objects { REPEAT. low default|allow|alert|block. block-list [ <block-list1> <block-list2>.. 160 • Palo Alto Networks .. file-type [ <file-type1> <file-type2>.. alert [ <alert1> <alert2>. } pattern { REPEAT. } } OR.. <name> { description <value>.medium default|allow|alert|block. <name> { application [ <application1> <application2>.. ].. block [ <block1> <block2>. ]... <name> { packet-capture yes|no. continue [ <continue1> <continue2>. ]... action default|alert|drop|drop-all-packets|reset-both|resetclient|reset-server. } social-security-numbers { weight 1-255. } } file-blocking { REPEAT. rules { REPEAT.... override [ <override1> <override2>.. custom { REPEAT... direction upload|download|both.. <name> { regex <value>.... action alert|block. ]. . nat-rulebase enable|read-only|disable. application-override-rulebase enable|read-only|disable.. block-threshold 1-65535. traffic-log enable|disable. ]. } } } } } admin-role { REPEAT. application [ <application1> <application2>.. rules { REPEAT. <name> { description <value>.. alert-threshold 1-65535. threat-log enable|disable. } policies { security-rulebase enable|read-only|disable. system enable|disable. custom-reports { application-statistics enable|disable. data-capture yes|no. logs { traffic enable|disable. threat-reports enable|disable... role { device { webui { acc enable|disable. direction upload|download|both.. Palo Alto Networks • 161 .weight 1-255. ]. threat enable|disable. ssl-decryption-rulebase enable|read-only|disable.. threat-summary enable|disable. } } } } data-filtering { REPEAT. traffic-reports enable|disable. <name> { description <value>. url-filtering-reports enable|disable. } pdf-reports enable|disable. <name> { data-object <value>. monitor { app-scope enable|disable. } application-reports enable|disable. configuration enable|disable.. url enable|disable.. file-type [ <file-type1> <file-type2>. traffic-summary enable|disable. config-audit enable|read-only|disable. email enable|read-only|disable. application-groups enable|read-only|disable. dhcp enable|read-only|disable. anti-spyware enable|read-only|disable. services enable|read-only|disable. schedules enable|read-only|disable. ipsec-crypt enable|read-only|disable. } network { interfaces enable|read-only|disable. config enable|read-only|disable. virtual-wires enable|read-only|disable. virtual-systems enable|read-only|disable. ike-crypt enable|read-only|disable. high-availability enable|read-only|disable. tunnel-monitor enable|read-only|disable. } objects { addresses enable|read-only|disable. syslog enable|read-only|disable. virtual-routers enable|read-only|disable. security-profiles { antivirus enable|read-only|disable. log-forwarding enable|read-only|disable. administrators enable|read-only|disable. zones enable|read-only|disable. vlans enable|read-only|disable. application-filters enable|read-only|disable. } log-destinations { snmp-trap enable|read-only|disable. applications enable|read-only|disable. network-profiles { ike-gateways enable|read-only|disable. service-groups enable|read-only|disable. data-objects enable|read-only|disable. data-filtering enable|read-only|disable. ipsec-tunnels enable|read-only|disable. vulnerability-protection enable|read-only|disable. user-identification enable|read-only|disable. data-protection enable|read-only|disable. file-blocking enable|read-only|disable. log-settings { system enable|read-only|disable. } 162 • Palo Alto Networks .captive-portal-rulebase enable|read-only|disable. zone-protection enable|read-only|disable. block-pages enable|read-only|disable. } security-profile-groups enable|read-only|disable. address-groups enable|read-only|disable. url-filtering enable|read-only|disable. interface-mgmt enable|read-only|disable. certificates enable|read-only|disable. } } device { setup enable|read-only|disable. } device { setup read-only|disable. } OR. } security-profile-groups enable|read-only|disable. } objects { addresses enable|read-only|disable. captive-portal-rulebase enable|read-only|disable. log-forwarding enable|read-only|disable. syslog enable|read-only|disable. anti-spyware enable|read-only|disable. nat-rulebase enable|read-only|disable. log-settings { system read-only|disable. support enable|read-only|disable. config read-only|disable. application-groups enable|read-only|disable. config-audit enable|read-only|disable. data-filtering enable|read-only|disable. administrators enable|read-only|disable. email enable|read-only|disable. block-pages enable|read-only|disable. } cli superuser|superreader|deviceadmin|devicereader. Palo Alto Networks • 163 . data-objects enable|read-only|disable. addresse-groups enable|read-only|disable. services enable|read-only|disable. data-protection enable|read-only|disable. } commit enable|disable. } log-destinations { snmp-trap enable|read-only|disable.software enable|read-only|disable. vsys { webui { policies { security-rulebase enable|read-only|disable. vulnerability-protection enable|read-only|disable. user-identification read-only|disable. high-availability read-only|disable. service-groups enable|read-only|disable. dynamic-updates enable|read-only|disable. file-blocking enable|read-only|disable. applications enable|read-only|disable. } network { zones enable|read-only|disable. ssl-decryption-rulebase enable|read-only|disable. application-override-rulebase enable|read-only|disable. url-filtering enable|read-only|disable.. schedules enable|read-only|disable. security-profiles { antivirus enable|read-only|disable. application-filters enable|read-only|disable.. licenses enable|read-only|disable. } } } } profile-group { REPEAT... data-filtering [ <data-filtering1> <data-filtering2>.. url-filtering [ <url-filtering1> <url-filtering2>. vulnerability [ <vulnerability1> <vulnerability2>. <name> { header { caption <value>. ]... } predefined-widget { REPEAT...... ]. ]. } cli vsysadmin|vsysreader.. tuesday [ <tuesday1> <tuesday2>... ].. ]. } } schedule { REPEAT. <name> { chart-type pie|line|bar|table. ]. ]. 164 • Palo Alto Networks . ]. file-blocking [ <file-blocking1> <file-blocking2>..... saturday [ <saturday1> <saturday2>. monday [ <monday1> <monday2>.} } commit enable|disable. friday [ <friday1> <friday2>. ]... ].... row 1-6. ]. ]. ]. ]. daily [ <daily1> <daily2>. <name> { virus [ <virus1> <virus2>. thursday [ <thursday1> <thursday2>. wednesday [ <wednesday1> <wednesday2>..... non-recurring [ <non-recurring1> <non-recurring2>....... } OR. } } custom-widget { REPEAT... <name> { recurring { weekly { sunday [ <sunday1> <sunday2>....... ]... } } pdf-summary-report { REPEAT. } OR.. column 1-3. } footer { note <value>. spyware [ <spyware1> <spyware2>. .. Palo Alto Networks • 165 .. ]...... end-time <value>. type { appstat { aggregate-by [ <aggregate-by1> <aggregate-by2>. sortby count... } } } reports { REPEAT... values [ <values1> <values2>. ].. row 1-6.. <name> { predefined-report [ <predefined-report1> <predefined-report2>. display-name <value>. ]... <name> { disabled yes|no.. sortby repeatcnt.. ]. threat { aggregate-by [ <aggregate-by1> <aggregate-by2>. caption <value>. thsum { aggregate-by [ <aggregate-by1> <aggregate-by2>.. ]. gateway <value>.. values [ <values1> <values2>..<name> { chart-type pie|line|bar|table. delta 1-65535... ]. sortby nbytes|npkts|nsess|nthreats. } OR.. query <value>. and-also-to <value>. frequency daily|weekly. ]. summary-report [ <summary-report1> <summary-report2>.. OR. recurring { daily. } OR. column 1-3. weekly sunday|monday|tuesday|wednesday|thursday|friday|saturday. period last-60-seconds|last-15-minutes|last-hour|last-12-hrs|last-24hrs|last-calendar-day|last-7-days|last-7-calendar-days|last-calendarweek|last-30-days.. from <value>. start-time <value>. to <value>. custom-report [ <custom-report1> <custom-report2>. ].. values [ <values1> <values2>.. topn 1-50. } } } } pdf-email-profile { REPEAT. } OR. ]... . ]... ].... sortby bytes|elapsed|packets|repeatcnt. <name> { ip-address <ip>.. 166 • Palo Alto Networks . } } url-admin-override { password <value>. } } } } ssl-exclude-cert { REPEAT. ].. ]. virtual-router [ <virtual-router1> <virtual-router2>... } } captive-portal { enable-captive-portal yes|no. domain <name>. secret <value>.. values [ <values1> <values2>. virtual-wire [ <virtual-wire1> <virtual-wire2>. sortby bytes|sessions. trsum { aggregate-by [ <aggregate-by1> <aggregate-by2>.traffic { aggregate-by [ <aggregate-by1> <aggregate-by2>... } resource { max-sessions 0-2097151.. radius-server { REPEAT. values [ <values1> <values2>... ].. <name> { import { network { interface [ <interface1> <interface2>. <name> { ip-address <ip>.. } OR.. ].. } } vsys { REPEAT..... } } ntlm-auth { pan-agent <value>. hostname <value>.. vlan [ <vlan1> <vlan2>. ]. <name>. timer 5-1440. ]. } } pan-agent { REPEAT. port 1-65535.. ... } user-acl { include-list [ <include-list1> <include-list2>. OR. } } } address { REPEAT.. } } syslog { REPEAT. port 1-65535... ].. ip-range <ip-range>..... <name> { enable-user-identification yes|no....... } log-settings { snmptrap { REPEAT. OR... virtual-wire [ <virtual-wire1> <virtual-wire2>. ].} ssl-exclude-cert { REPEAT.. ].. ]. OR. exclude-list [ <exclude-list1> <exclude-list2>.. <name> { server <ip>...... ].. <name> { ip-netmask <ip/netmask>. OR.. } } email { REPEAT.... <name> { manager <ip>. layer3 [ <layer31> <layer32>. network { zone-protection-profile <value>. facility LOG_USER|LOG_LOCAL0|LOG_LOCAL1|LOG_LOCAL2|LOG_LOCAL3|LOG_LOCAL4|LOG_LOCAL5|L OG_LOCAL6|LOG_LOCAL7. <name>. <name> { Palo Alto Networks • 167 .. layer2 [ <layer21> <layer22>. ]. log-setting <value>. community <value>. <name> [ <entry1> <entry2>. } zone { REPEAT.. ]. } } address-group { REPEAT.. tap [ <tap1> <tap2>.. and-also-to <value>. } send-syslog { using-syslog-setting <value>. } send-syslog { using-syslog-setting <value>. } send-email { using-email-setting <value>. send-snmptrap { using-snmptrap-setting <value>. } send-email { using-email-setting <value>. send-snmptrap { using-snmptrap-setting <value>.display-name <value>. } send-email { using-email-setting <value>... } send-syslog { using-syslog-setting <value>. gateway <value>. send-snmptrap { using-snmptrap-setting <value>. } } high { send-to-panorama yes|no. <name> { alarm { informational { send-to-panorama yes|no. } send-email { using-email-setting <value>. from <value>. } } medium { send-to-panorama yes|no. } send-syslog { using-syslog-setting <value>. } } 168 • Palo Alto Networks . to <value>. } } profiles { REPEAT. send-snmptrap { using-snmptrap-setting <value>. } } low { send-to-panorama yes|no. ... } OR. } } } traffic { any { send-to-panorama yes|no.. } send-email { using-email-setting <value>.. ]. ]... ]... ].. } send-email { using-email-setting <value>... <name> { from <value>.. saturday [ <saturday1> <saturday2>. ]. } } } } } } schedule { REPEAT. daily [ <daily1> <daily2>.... source-user [ <source-user1> <source-user2>.. <name> { recurring { weekly { sunday [ <sunday1> <sunday2>. monday [ <monday1> <monday2>. ]. send-snmptrap { using-snmptrap-setting <value>.. thursday [ <thursday1> <thursday2>. } send-syslog { using-syslog-setting <value>... Palo Alto Networks • 169 .. to <value>.. ]. wednesday [ <wednesday1> <wednesday2>. friday [ <friday1> <friday2>.. send-snmptrap { using-snmptrap-setting <value>.. } send-syslog { using-syslog-setting <value>.. non-recurring [ <non-recurring1> <non-recurring2>. tuesday [ <tuesday1> <tuesday2>. ]. source [ <source1> <source2>. ]... } OR.critical { send-to-panorama yes|no. ].. ]... } } rulebase { security { rules { REPEAT. .. vulnerability [ <vulnerability1> <vulnerability2>.. log-setting <value>. source [ <source1> <source2>...... group [ <group1> <group2>. } } } application-override { rules { REPEAT... pool dynamic-ip|dynamic-ip-and-port|static-ip.. negate-source yes|no. ]. ].. ]. OR. } } disabled yes|no. to <value>.. log-start yes|no.. ]... negate-destination yes|no. log-end yes|no. } OR.. schedule <value>.. profile-setting { profiles { url-filtering [ <url-filtering1> <url-filtering2>. spyware [ <spyware1> <spyware2>. ]. ].. description <value>.. destination [ <destination1> <destination2>.. source-translation { translated-address <ip-range>|<value>... } qos { marking { ip-dscp |||||||||||||||||||||<value>. ]. ]. ]. } destination-translation { translated-address <ip/netmask>.. <name> { from <value>. ]. ].. } } } nat { rules { REPEAT.... file-blocking [ <file-blocking1> <file-blocking2>.destination [ <destination1> <destination2>. application [ <application1> <application2>. } disabled yes|no.. virus [ <virus1> <virus2>. translated-port 1-65535. action deny|allow. description <value>... data-filtering [ <data-filtering1> <data-filtering2>.. service [ <service1> <service2>. ip-precedence ||||||||<value>. ]. service <value>. 170 • Palo Alto Networks . .. destination [ <destination1> <destination2>... <name> { from <value>.. OR. application <value>. action decrypt|no-decrypt.. } } } ssl-decryption { rules { REPEAT.. source-user [ <source-user1> <source-user2>. ]. ]. negate-source yes|no.... description <value>. subcategory <value>.. disabled yes|no. ].. source [ <source1> <source2>... disabled yes|no. port <0-65535.. negate-destination yes|no. ].>.. ].. to <value>. source [ <source1> <source2>. ident-by-ip-protocol 0-255. } category <value>. <name> { from <value>. source [ <source1> <source2>. destination [ <destination1> <destination2>. category [ <category1> <category2>.. ].<name> { from <value>. action captive-portal|no-captive-portal|ntlm-auth. ].. ]. description <value>.... to <value>. ]... negate-source yes|no. to <value>. negate-destination yes|no.. disabled yes|no. reverse-key <value>... <name> { default { port [ <port1> <port2>. description <value>.. } } } captive-portal { rules { REPEAT. } } } } application { REPEAT. destination [ <destination1> <destination2>.. Palo Alto Networks • 171 . protocol tcp|udp. >... ]. has-known-vulnerabilities yes.. subcategory [ <subcategory1> <subcategory2>.... excessive-bandwidth-use yes... evasive-behavior yes|no. ].. <name> { protocol { tcp { port <0-65535. description <value>. pervasive yes.technology <value>.. <name> [ <entry1> <entry2>. used-by-malware yes. <name> [ <entry1> <entry2>. prone-to-misuse yes. tunnel-other-application yes|no. has-known-vulnerability yes|no. technology [ <technology1> <technology2>.... udp-timeout 0-604800. ]. } } application-group { REPEAT. tcp-timeout 0-604800.. evasive yes. used-by-malware yes|no. } OR.. udp { port <0-65535... timeout 0-604800. prone-to-misuse yes|no.. } profiles { virus { REPEAT. able-to-transfer-file yes|no. consume-big-bandwidth yes|no. ].. risk 1-5. pervasive-use yes|no.. ]. ].. transfers-files yes. tunnels-other-apps yes. } } } } service-group { REPEAT.... <name> { category [ <category1> <category2>.. <name> { 172 • Palo Alto Networks .. } service { REPEAT... } } application-filter { REPEAT. risk [ <risk1> <risk2>..>.. . <name> { spyware default|allow|alert|block.. } } application { REPEAT. <name> { action default|allow|alert|block.. } OR. critical default|allow|alert|block. adware default|allow|alert|block.. low default|allow|alert|block.description <value>. action default|alert|drop|drop-all-packets|reset-both|resetclient|reset-server. <name> { action default|allow|alert|block.. } } } } spyware { REPEAT. high default|allow|alert|block.. } } } } } vulnerability { Palo Alto Networks • 173 . <name> { spyware default|allow|alert|block. medium default|allow|alert|block. decoder { REPEAT. adware default|allow|alert|block. <name> { packet-capture yes|no. download-protection { decoder { REPEAT... packet-capture yes|no... phone-home-detection { simple { packet-capture yes|no... informational default|allow|alert|block. } } application { REPEAT.. <name> { description <value>.. } } } packet-capture yes|no. custom { REPEAT. alert [ <alert1> <alert2>. } } file-blocking { REPEAT.. block [ <block1> <block2>. ]. ]. } } } 174 • Palo Alto Networks . action block|continue|override|alert. ]... } server { critical default|allow|alert|block. <name> { application [ <application1> <application2>... ]. ].. low default|allow|alert|block. low default|allow|alert|block. file-type [ <file-type1> <file-type2>. direction upload|download|both. license-expired block|allow. simple { packet-capture yes|no... ].. continue [ <continue1> <continue2>..... rules { REPEAT. override [ <override1> <override2>. medium default|allow|alert|block... ].REPEAT. informational default|allow|alert|block... allow-list [ <allow-list1> <allow-list2>... block-list [ <block-list1> <block-list2>. high default|allow|alert|block.. action default|alert|drop|drop-all-packets|reset-both|resetclient|reset-server.. ]. high default|allow|alert|block.. <name> { packet-capture yes|no. <name> { description <value>.. } } OR. client { critical default|allow|alert|block. <name> { description <value>. medium default|allow|alert|block. <name> { description <value>..... } } } } url-filtering { REPEAT. informational default|allow|alert|block.. custom { REPEAT. action alert|block. netmask <ip>.. <name> { description <value>.. data-filtering [ <data-filtering1> <data-filtering2>.. Palo Alto Networks • 175 . spyware [ <spyware1> <spyware2>. } } } } data-filtering { REPEAT. <name> { data-object <value>.... ]. } pattern { REPEAT.. data-capture yes|no.. <name> { virus [ <virus1> <virus2>. url-filtering [ <url-filtering1> <url-filtering2>. ip-address <ip>.. ]. } social-security-numbers { weight 1-255. ]. credit-card-numbers { weight 1-255. block-threshold 1-65535.. weight 1-255... vulnerability [ <vulnerability1> <vulnerability2>. <name> { regex <value>. domain <value>..... application [ <application1> <application2>.} data-objects { REPEAT... file-blocking [ <file-blocking1> <file-blocking2>.. file-type [ <file-type1> <file-type2>.. ]. } } } } deviceconfig { system { hostname <value>.. alert-threshold 1-65535. <name> { description <value>. ]... } } } } } profile-group { REPEAT.. ]. ]. direction upload|download|both... rules { REPEAT. ]. } OR. radius-secret <value>. dns-primary <ip>. at <value>. ntp-server-2 <value>. ipv6-address <value>.... } } } update-schedule { threats { recurring { daily { at <value>. <name>. 176 • Palo Alto Networks . disable-https yes|no. contact <value>. disable-icmp yes|no. action download-only|download-and-install. disable-snmp yes|no. secure-proxy-password <value>. } } destination { REPEAT... <name> { source-address <value>. panorama-server <ip>. longitude <value>. <name> { source-address <value>. secure-proxy-port 1-65535.default-gateway <ip>. radius-server <ip>. dns-secondary <ip>. secure-proxy-user <value>. secure-proxy-server <value>. geo-location { latitude <value>. ipv6-default-gateway <value>. ntp-server-1 <value>. update-server <value>. } service { disable-http yes|no.. location <value>. weekly { day-of-week sunday|monday|tuesday|wednesday|thursday|friday|saturday. disable-telnet yes|no. } route { service { REPEAT... disable-ssh yes|no. } permitted-ip { REPEAT. } } } url-database { recurring { daily { at <value>. action download-and-install.. action download-and-install. at <value>. weekly { day-of-week sunday|monday|tuesday|wednesday|thursday|friday|saturday. } OR.. } } } } timezone W-SU|CST6CDT|Japan|Portugal|Hongkong|Mideast|Mideast/ Riyadh87|Mideast/Riyadh88|Mideast/Riyadh89|Eire|Poland|Factory|GBEire|America|America/Port_of_Spain|America/Indiana|America/Indiana/ Vevay|America/Indiana/Indianapolis|America/Indiana/Marengo|America/Indiana/ Knox|America/St_Johns|America/Grand_Turk|America/Tijuana|America/ Toronto|America/Araguaina|America/Virgin|America/El_Salvador|America/ Coral_Harbour|America/Jujuy|America/Mexico_City|America/Guyana|America/ Cayman|America/Ensenada|America/Fortaleza|America/Iqaluit|America/ Boa_Vista|America/Chihuahua|America/Nome|America/Cancun|America/ Cayenne|America/Recife|America/Panama|America/Caracas|America/ Costa_Rica|America/Cambridge_Bay|America/Martinique|America/ Yellowknife|America/Godthab|America/Sao_Paulo|America/Edmonton|America/ Fort_Wayne|America/Danmarkshavn|America/Barbados|America/Dawson|America/ Thunder_Bay|America/Tegucigalpa|America/Chicago|America/Guadeloupe|America/ Grenada|America/Anguilla|America/Kentucky|America/Kentucky/ Monticello|America/Kentucky/Louisville|America/Argentina|America/Argentina/ Jujuy|America/Argentina/Ushuaia|America/Argentina/Catamarca|America/ Argentina/San_Juan|America/Argentina/Mendoza|America/Argentina/ La_Rioja|America/Argentina/Buenos_Aires|America/Argentina/Tucuman|America/ Argentina/ComodRivadavia|America/Argentina/Cordoba|America/Argentina/ Rio_Gallegos|America/Mazatlan|America/Regina|America/Montevideo|America/ Catamarca|America/Los_Angeles|America/Campo_Grande|America/Aruba|America/ Manaus|America/Knox_IN|America/Rosario|America/St_Lucia|America/ Hermosillo|America/Denver|America/Detroit|America/Santiago|America/ Shiprock|America/Cuiaba|America/Dominica|America/Porto_Acre|America/ Curacao|America/Belize|America/Merida|America/Swift_Current|America/ Antigua|America/Adak|America/Indianapolis|America/Belem|America/ Miquelon|America/Louisville|America/Bogota|America/New_York|America/ Boise|America/Scoresbysund|America/Mendoza|America/Goose_Bay|America/ Yakutat|America/Eirunepe|America/Winnipeg|America/Buenos_Aires|America/ Menominee|America/Paramaribo|America/Thule|America/Montreal|America/ Jamaica|America/Monterrey|America/St_Thomas|America/Rio_Branco|America/ Lima|America/Juneau|America/La_Paz|America/Vancouver|America/ Rankin_Inlet|America/Puerto_Rico|America/St_Kitts|America/Halifax|America/ Guayaquil|America/Inuvik|America/Noronha|America/Nassau|America/Port-auPrince|America/Guatemala|America/Glace_Bay|America/Nipigon|America/ Cordoba|America/Bahia|America/Asuncion|America/Maceio|America/Atka|America/ North_Dakota|America/North_Dakota/Center|America/Managua|America/ Anchorage|America/Montserrat|America/Tortola|America/Dawson_Creek|America/ Palo Alto Networks • 177 .action download-only|download-and-install. Santo_Domingo|America/Pangnirtung|America/Whitehorse|America/ St_Vincent|America/Porto_Velho|America/Havana|America/Phoenix|America/ Rainy_River|Indian|Indian/Christmas|Indian/Reunion|Indian/Comoro|Indian/ Cocos|Indian/Mauritius|Indian/Antananarivo|Indian/Mahe|Indian/ Mayotte|Indian/Kerguelen|Indian/Chagos|Indian/Maldives|GMT0|Canada|Canada/ Yukon|Canada/Saskatchewan|Canada/Central|Canada/Eastern|Canada/EastSaskatchewan|Canada/Atlantic|Canada/Pacific|Canada/Mountain|Canada/ Newfoundland|MET|ROK|US|US/Alaska|US/East-Indiana|US/Central|US/Eastern|US/ Samoa|US/Arizona|US/Pacific|US/Aleutian|US/Hawaii|US/Mountain|US/ Michigan|US/Indiana-Starke|MST|Mexico|Mexico/BajaSur|Mexico/General|Mexico/ BajaNorte|EST5EDT|Atlantic|Atlantic/Madeira|Atlantic/Cape_Verde|Atlantic/ St_Helena|Atlantic/Stanley|Atlantic/South_Georgia|Atlantic/ Jan_Mayen|Atlantic/Azores|Atlantic/Reykjavik|Atlantic/Canary|Atlantic/ Faeroe|Atlantic/Bermuda|HST|Antarctica|Antarctica/McMurdo|Antarctica/ Davis|Antarctica/South_Pole|Antarctica/Vostok|Antarctica/Rothera|Antarctica/ Mawson|Antarctica/DumontDUrville|Antarctica/Palmer|Antarctica/ Casey|Antarctica/Syowa|UTC|Iceland|Pacific|Pacific/Honolulu|Pacific/ Truk|Pacific/Niue|Pacific/Wake|Pacific/Apia|Pacific/Majuro|Pacific/ Norfolk|Pacific/Efate|Pacific/Enderbury|Pacific/Palau|Pacific/ Saipan|Pacific/Nauru|Pacific/Kiritimati|Pacific/Tahiti|Pacific/Guam|Pacific/ Tongatapu|Pacific/Fiji|Pacific/Rarotonga|Pacific/Samoa|Pacific/ Fakaofo|Pacific/Guadalcanal|Pacific/Port_Moresby|Pacific/Midway|Pacific/ Galapagos|Pacific/Yap|Pacific/Johnston|Pacific/Marquesas|Pacific/ Noumea|Pacific/Auckland|Pacific/Gambier|Pacific/Kwajalein|Pacific/ Kosrae|Pacific/Wallis|Pacific/Easter|Pacific/Chatham|Pacific/ Funafuti|Pacific/Pago_Pago|Pacific/Tarawa|Pacific/Pitcairn|Pacific/ Ponape|EET|EST|Greenwich|GMT|Cuba|Brazil|Brazil/Acre|Brazil/East|Brazil/ DeNoronha|Brazil/West|Turkey|Arctic|Arctic/Longyearbyen|NZCHAT|Zulu|Israel|Jamaica|Etc|Etc/GMT-14|Etc/GMT+6|Etc/GMT-10|Etc/GMT-2|Etc/ GMT-8|Etc/GMT+4|Etc/GMT0|Etc/GMT-12|Etc/GMT+11|Etc/GMT-11|Etc/GMT+12|Etc/ UTC|Etc/GMT-3|Etc/Greenwich|Etc/GMT-9|Etc/GMT|Etc/GMT+2|Etc/Zulu|Etc/GMT4|Etc/GMT+7|Etc/GMT+1|Etc/GMT+8|Etc/GMT-7|Etc/GMT-6|Etc/GMT+10|Etc/GMT5|Etc/GMT+0|Etc/GMT-1|Etc/GMT+3|Etc/GMT+5|Etc/GMT-13|Etc/UCT|Etc/ Universal|Etc/GMT+9|Etc/GMT-0|NZ|Europe|Europe/Vienna|Europe/Athens|Europe/ Tiraspol|Europe/Lisbon|Europe/Rome|Europe/Bratislava|Europe/Andorra|Europe/ Sofia|Europe/Kaliningrad|Europe/Zurich|Europe/Belfast|Europe/Oslo|Europe/ Samara|Europe/Malta|Europe/Chisinau|Europe/Moscow|Europe/Paris|Europe/ Minsk|Europe/Zaporozhye|Europe/Amsterdam|Europe/Tallinn|Europe/ Uzhgorod|Europe/Brussels|Europe/Vatican|Europe/Vaduz|Europe/ San_Marino|Europe/Nicosia|Europe/Berlin|Europe/Vilnius|Europe/Monaco|Europe/ Istanbul|Europe/Belgrade|Europe/Stockholm|Europe/Riga|Europe/Madrid|Europe/ Gibraltar|Europe/Copenhagen|Europe/Skopje|Europe/Budapest|Europe/ Dublin|Europe/Bucharest|Europe/Helsinki|Europe/Prague|Europe/ Sarajevo|Europe/London|Europe/Tirane|Europe/Zagreb|Europe/Kiev|Europe/ Warsaw|Europe/Ljubljana|Europe/Simferopol|Europe/Mariehamn|Europe/ Luxembourg|Singapore|ROC|Kwajalein|Egypt|PST8PDT|GMT+0|Asia|Asia/ Kuwait|Asia/Kamchatka|Asia/Thimphu|Asia/Macau|Asia/Gaza|Asia/Thimbu|Asia/ Pyongyang|Asia/Vladivostok|Asia/Katmandu|Asia/Sakhalin|Asia/Muscat|Asia/ Ashkhabad|Asia/Ulan_Bator|Asia/Riyadh|Asia/Riyadh87|Asia/Calcutta|Asia/ Yerevan|Asia/Shanghai|Asia/Baghdad|Asia/Makassar|Asia/Oral|Asia/ Hong_Kong|Asia/Jayapura|Asia/Omsk|Asia/Almaty|Asia/Saigon|Asia/Magadan|Asia/ Chungking|Asia/Hovd|Asia/Brunei|Asia/Novosibirsk|Asia/Dacca|Asia/Qatar|Asia/ Ulaanbaatar|Asia/Krasnoyarsk|Asia/Kuching|Asia/Qyzylorda|Asia/Karachi|Asia/ Anadyr|Asia/Yakutsk|Asia/Seoul|Asia/Choibalsan|Asia/Macao|Asia/ Samarkand|Asia/Yekaterinburg|Asia/Aqtobe|Asia/Riyadh88|Asia/Nicosia|Asia/ Pontianak|Asia/Urumqi|Asia/Irkutsk|Asia/Taipei|Asia/Harbin|Asia/ Istanbul|Asia/Colombo|Asia/Tel_Aviv|Asia/Jakarta|Asia/Amman|Asia/ Bahrain|Asia/Tokyo|Asia/Chongqing|Asia/Ashgabat|Asia/Singapore|Asia/ Aqtau|Asia/Baku|Asia/Bishkek|Asia/Dili|Asia/Tbilisi|Asia/Beirut|Asia/ 178 • Palo Alto Networks . } setting { application { cache yes|no. } proxy { url-proxy yes|no. timeout-udp 1-15999999. answer-timeout 1-86400.Riyadh89|Asia/Damascus|Asia/Aden|Asia/Dubai|Asia/Manila|Asia/Vientiane|Asia/ Tehran|Asia/Kashgar|Asia/Dushanbe|Asia/Kabul|Asia/Bangkok|Asia/Rangoon|Asia/ Jerusalem|Asia/Dhaka|Asia/Kuala_Lumpur|Asia/Tashkent|Asia/Phnom_Penh|Asia/ Ujung_Pandang|CET|PRC|Africa|Africa/Kinshasa|Africa/Ndjamena|Africa/ Mbabane|Africa/Lagos|Africa/El_Aaiun|Africa/Douala|Africa/Kampala|Africa/ Mogadishu|Africa/Tripoli|Africa/Conakry|Africa/Niamey|Africa/Asmera|Africa/ Khartoum|Africa/Lubumbashi|Africa/Kigali|Africa/Johannesburg|Africa/ Blantyre|Africa/Malabo|Africa/Gaborone|Africa/Lome|Africa/Algiers|Africa/ Addis_Ababa|Africa/Brazzaville|Africa/Dakar|Africa/Nairobi|Africa/ Cairo|Africa/Banjul|Africa/Bamako|Africa/Bissau|Africa/Libreville|Africa/ Sao_Tome|Africa/Casablanca|Africa/Timbuktu|Africa/Nouakchott|Africa/ Freetown|Africa/Monrovia|Africa/Ceuta|Africa/Dar_es_Salaam|Africa/ Lusaka|Africa/Abidjan|Africa/Bujumbura|Africa/Maseru|Africa/Bangui|Africa/ Windhoek|Africa/Accra|Africa/Djibouti|Africa/Ouagadougou|Africa/PortoNovo|Africa/Tunis|Africa/Maputo|Africa/Harare|Africa/ Luanda|UCT|GB|Universal|Australia|Australia/Hobart|Australia/ Lord_Howe|Australia/Perth|Australia/South|Australia/Yancowinna|Australia/ Currie|Australia/Tasmania|Australia/Queensland|Australia/NSW|Australia/ Lindeman|Australia/Melbourne|Australia/Adelaide|Australia/ Victoria|Australia/Canberra|Australia/West|Australia/Brisbane|Australia/ Broken_Hill|Australia/Darwin|Australia/ACT|Australia/North|Australia/ Sydney|Australia/LHI|Iran|WET|Libya|MST7MDT|Chile|Chile/EasterIsland|Chile/ Continental|GMT-0|Navajo. notify-user yes|no. timeout-tcpinit 1-60. url-admin-timeout 1-86400. scan-threshold 50-99. accelerated-aging-threshold 50-99. offload yes|no. accelerated-aging-scaling-factor 2-16. timeout-tcpwait 1-60. timeout-scan 5-30. } session { timeout-tcp 1-15999999. accelerated-aging-enable yes|no. timeout-icmp 1-15999999. } ctd { url-coach-timeout 1-86400. heuristics yes|no. url-lockout-timeout 1-86400. timeout-default 1-15999999. notify-user yes|no. scan-scaling-factor 2-16. supernode yes|no. Palo Alto Networks • 179 . tcp-reject-non-syn yes|no. } zip { enable yes|no. sw yes|no. failure-condition any|all. } peer-ip <ip>. encryption { enabled yes|no. election-option { device-priority 0-255. <name> { description <value>. } } high-availability { enabled yes|no. hello-interval 8000-60000. max-packet-rate 0-2560. } logging { max-log-rate 0-2560. } config { rematch yes|no. hello-interval 1000-60000... panorama-ssl-send-retries 1-64. } ip-address <ip/netmask>. log-suppression yes|no. } ha2 { port <value>. netmask <ip>. interface { ha1 { port <value>. panorama-tcp-receive-timeout 1-120. path-group { 180 • Palo Alto Networks . admin-lockout { failed-attempts 0-10. state-synchronization { enabled yes|no. preemptive yes|no. lockout-time 0-60. } max-rows-in-csv-export 1-1048576. passive-link-state shutdown|auto. } management { idle-timeout 1-1440|. } } group { REPEAT. passphrase <value>. passive-hold-time 0-60000. } monitoring { path-monitoring { enabled yes|no. panorama-tcp-send-timeout 1-120. preferences { disable-dns yes|no. } } } } link-monitoring { enabled yes|no. ]. failure-condition any|all.. saved-log-query { traffic { REPEAT. ]. Palo Alto Networks • 181 ... <name> { enabled yes|no.. destination-ip [ <destination-ip1> <destination-ip2>. <name> { enabled yes|no. <name> { phash <value>.. interface [ <interface1> <interface2>.. } } virtual-router { REPEAT. } } vlan { REPEAT.... <name> { enabled yes|no. } } } } } } } } mgt-config { users { REPEAT. failure-condition any|all.. failure-condition any|all. source-ip <ip>. <name> { enabled yes|no. destination-ip [ <destination-ip1> <destination-ip2>.. failure-condition any|all.. destination-ip [ <destination-ip1> <destination-ip2>.virtual-wire { REPEAT.. remote-authentication radius..... ]... link-group { REPEAT. <name> { query <value>. failure-condition any|all. source-ip <ip>. ].. . superuser yes. } } } } } devices { REPEAT. vsys { 182 • Palo Alto Networks . <name> { query <value>..... } } OR. vsys <name>.. ]....... } } config { REPEAT. custom { profile <name>... vsysadmin { REPEAT. <name> { query <value>... } } system { REPEAT. superreader yes. <name> { vsys <name>. } } } } permissions { role-based { vsysreader { REPEAT...... ]. OR... <name> { ip <ip>... devicereader [ <devicereader1> <devicereader2>. <name> { vsys <name>... <name> { query <value>. OR. OR. } } OR.} } threat { REPEAT.. deviceadmin [ <deviceadmin1> <deviceadmin2>. OR. . destination-port <value>.. destination-ip <value>. depth 0-10000. } Palo Alto Networks • 183 . description <value>.. <name> { application <value>.. number-of-bytes 1|2|3|4. } } } } predefined { signature { REPEAT. discount 0-65535. } } header { source-ip <value>. l3-payload-length <value>. payload-length-validate { byte-offset 0-65535. category { <name> { description <value>. } } application-type { REPEAT. dynamic yes|no. } } } } rule-match match-in-order|match-all|match-any...REPEAT.. endian little|big. endian little|big. <name> { direction client-to-server|server-to-client|any. source-port <value>. offset 0-1000000.. <name>. match { string { pattern <value>. l4-payload-length <value>. ignore-case yes|no. encrypt yes|no. packet-sequence <value>. per-packet-match yes|no. protocol <value>. rules { REPEAT. } source-port-validate { byte-offset 0-65535. description <value>. ]. category <value>. <name> { malware yes|no...... appident yes|no. <name> { correlate { key-by [ <key-by1> <key-by2>. rule-match match-all|match-any. OR...>. deny-action drop|drop-reset.} technology { <name> { description <value>. track-by [ <track-by1> <track-by2>.. } } private-application { REPEAT.. per-direction-regex yes|no. spyware-ident yes|no.. entry { protocol tcp|udp.. ]. enable-source-cache yes|no. ident-by-ip-protocol <0-255.. interval 1-65535. child <value>. source-cache-threshold 0-255.. enable-ssl-decryption yes|no. ident-by-port yes|no. type <value>.>.. threat-id <1-4294967295. preemptive yes|no.... ]. rules { REPEAT. ]. ident-by-dport yes|no.. interval 1-65535. } } } url-categories { REPEAT... decode <value>. ]. alg yes|no.. virus-ident yes|no. } } } default { port [ <port1> <port2>. 184 • Palo Alto Networks . threshold 1-65535.. } tunnel-applications [ <tunnel-applications1> <tunnel-applications2>.. source-cache-timeout 0-255. ident-by-sport yes|no.. risk 1-5. use-applications [ <use-applications1> <use-applications2>. ]. ]. has-known-vulnerability yes|no. Palo Alto Networks • 185 . ].. consume-big-bandwidth yes|no. track-by [ <track-by1> <track-by2>.. interval 1-65535. decode <value>.. rules { REPEAT. able-to-transfer-file yes|no. } } application { REPEAT. ident-by-port yes|no.>.. <name> { correlate { key-by [ <key-by1> <key-by2>. used-by-malware yes|no. spyware-ident yes|no.. tunnel-other-application yes|no.... ]. threshold 1-65535.. udp-timeout 0-604800.. virus-ident yes|no. timeout 0-604800. } } } default { port [ <port1> <port2>. use-applications [ <use-applications1> <use-applications2>...>..... <name> { link <value>.. } } reference <value>. appident yes|no. ].. OR..description <value>.. } tunnel-applications [ <tunnel-applications1> <tunnel-applications2>. prone-to-misuse yes|no. evasive-behavior yes|no. preemptive yes|no. tcp-timeout 0-604800. carry-malware yes|no. alg yes|no. entry { protocol tcp|udp. report-as <value>. threat-id <1-4294967295. references { REPEAT. pervasive-use yes|no... rule-match match-all|match-any. deny-action drop|drop-reset. ident-by-sport yes|no. interval 1-65535. per-direction-regex yes|no. ident-by-ip-protocol <0-255... . evasive-behavior yes|no. decoder { REPEAT. tcp-timeout 0-604800... <name> { description <value>. prone-to-misuse yes|no. technology <value>. download-protection { decoder { 186 • Palo Alto Networks . description <value>. <name> { description <value>. udp-timeout 0-604800.ident-by-dport yes|no. consume-big-bandwidth yes|no... pervasive-use yes|no. <name> { member <value>. } } profiles { virus { REPEAT.. tunnel-other-application yes|no. timeout 0-604800. } } reference <value>. used-by-malware yes|no. type <value>. <name> { action default|allow|alert|block. references { REPEAT.. } } application { REPEAT. } } application-group { REPEAT.. able-to-transfer-file yes|no. <name> { link <value>. } } } } spyware { REPEAT... risk 1-5. <name> { action default|allow|alert|block.. subcategory <value>. has-known-vulnerability yes|no. category <value>.. carry-malware yes|no. .. } } } } } vulnerability { REPEAT... <name> { description <value>.. low default|allow|alert|block. high default|allow|alert|block. medium default|allow|alert|block. low default|allow|alert|block. <name> { packet-capture yes|no.REPEAT.. } } OR.. spyware default|allow|alert|block.. informational default|allow|alert|block. } server { critical default|allow|alert|block. informational default|allow|alert|block. } } } phone-home-detection { simple { critical default|allow|alert|block. informational default|allow|alert|block. <name> { adware default|allow|alert|block. high default|allow|alert|block. custom { REPEAT. simple { client { critical default|allow|alert|block. action default|alert|drop|drop-all-packets|reset-both|resetclient|reset-server. Palo Alto Networks • 187 . medium default|allow|alert|block... high default|allow|alert|block. low default|allow|alert|block.. <name> { packet-capture yes|no.. medium default|allow|alert|block. custom { REPEAT. } } application { REPEAT.. } OR. <name> { adware default|allow|alert|block.. spyware default|allow|alert|block. ...>........ query <value>.. allow-list [ <allow-list1> <allow-list2>. ].. ]. ].. } } service { REPEAT... continue [ <continue1> <continue2>.. ]. tcp { port <0-65535. spyware [ <spyware1> <spyware2>.. license-expired block|allow... ]. vulnerability [ <vulnerability1> <vulnerability2>..>. ]. OR.. } } } profile-group { REPEAT.. ip { ip-protocol <0-255.. } OR.. <name> [ <entry1> <entry2>.>. } OR....action default|alert|drop|drop-all-packets|reset-both|resetclient|reset-server. ].... ]. <name> { virus [ <virus1> <virus2>.... block-list [ <block-list1> <block-list2>. block [ <block1> <block2>. <name> { disabled yes|no. ]. udp { port <0-65535.. } } } } service-group { REPEAT. } reports { REPEAT.. } } } } url-filtering { REPEAT. alert [ <alert1> <alert2>.. ].. override [ <override1> <override2>.. <name> { description <value>. action block|continue|override|alert......... 188 • Palo Alto Networks . url-filtering [ <url-filtering1> <url-filtering2>.. <name> { protocol { any. ]. sortby nbytes|npkts|nsess|nthreats. traffic { aggregate-by [ <aggregate-by1> <aggregate-by2>. } } } } threats { phone-home { REPEAT.. severity critical|high|medium|low|informational.. threat { aggregate-by [ <aggregate-by1> <aggregate-by2>. type { appstat { aggregate-by [ <aggregate-by1> <aggregate-by2>. frequency daily|weekly.. delta 1-65535.... host client|server.... ]. <name> { category code-execution|overflow|sql-injection|info-leak|emailworm|net-worm|adware|keylogger|datatheft|phishing|spam|botnet|rootkit|trojan|backdoor|virus|emailflooder|spamtool|hacktool|dos|suspicious|other-malware|user-defined. } OR. ].. sortby count... sortby bytes|sessions. trsum { aggregate-by [ <aggregate-by1> <aggregate-by2>.. ]. values [ <values1> <values2>. start-time <value>. } OR. app <value>. ]... Palo Alto Networks • 189 ... } } vulnerability { REPEAT.. } OR. period last-60-seconds|last-15-minutes|last-hour|last-12-hrs|last-24hrs|last-calendar-day|last-7-days|last-7-calendar-days|last-calendarweek|last-30-days. sortby repeatcnt. values [ <values1> <values2>. ]. ]....caption <value>.... <name> { category <value>.... ]. thsum { aggregate-by [ <aggregate-by1> <aggregate-by2>. sortby bytes|elapsed|packets|repeatcnt.. end-time <value>. ].. ].. topn 1-50. values [ <values1> <values2>. ]. } OR. values [ <values1> <values2>... values [ <values1> <values2>. } OR. counter { interface. } } } ssl-exclude-cert { REPEAT. OR. clear { application-signature { statistics. } OR. high-availability { control-link { statistics. global { filter { category <value>. OR.. arp |<value>.... } } } operations { schedule { commit. } OR. aspect <value>. } 190 • Palo Alto Networks . mac <mac-address>. } OR... dhcp { lease { all. <name>.. interface { name <value>...... ip <ip>. OR. server yes|no. affected-host { client yes|no.... severity <value>. all. name <value>. } OR. } } } OR.severity critical|high|medium|low|informational...... OR. nat-rule <value>. OR... id 0-4294967295.. statistics..... id 0-4294967295.. } OR. } OR. OR.. session { all { filter { nat none|source|destination|both. mac |<value>. proxy yes|no... log { traffic....} OR. system. query { all-by-session. to <value>.... job { id 0-4294967295.. rule <value>. OR. destination-user <value>. } OR. } } OR. application <value>. OR. destination <value>. type flow|predict. source-port 1-65535. Palo Alto Networks • 191 . } OR..... destination-port 1-65535. OR. OR. source-user <value>. config.. from <value>.. report { all-by-session. protocol 1-255.. source <value>... OR. id 1-2147483648. threat.. } OR. state initial|opening|active|discard|closing|closed. acc... . control-plane { file <value>... config { saved <value>.. policy-cache... } OR.. ipsec-sa { tunnel <value>. core { data-plane { file <value>. pcap { file <value>... OR... } OR. OR.. delete { admin-sessions. config-audit-history... } } OR.vpn { ike-sa { gateway <value>. } OR. OR... license { key <value>. } OR. } OR. file-block-page. flow { tunnel-id 1-2147483648.... OR.. application-block-page. content { update <value>.. captive-portal-text. reverse-key { 192 • Palo Alto Networks .. } OR.. OR... } } } OR.... } OR. debug-filter { file <value>.. OR... } OR.. url-coach-text. threat-pcap { directory <value>..... OR... show { admins { all.. } OR. OR. cli { info.. arp |<value>.. root-certificate { file <value>... chassis-ready. OR.. } OR... } OR. } OR.. OR.. software { image <value>.. spyware-block-page... } OR...... url-coach-text. version <value>..... OR.. ssl-optout-text. clock. } OR....file <value>.. idle-timeout. OR.... OR.. url-block-page. OR. OR.. OR. OR.. virus-block-page. } OR. user-file { ssh-known-hosts. config { diff. unknown-pcap { file <value>. } OR.. running { Palo Alto Networks • 193 . } OR. base-version <value>. name <value>. ctd { url-block-cache. } OR. saved <value>.. OR. } OR. OR.. global { filter { category <value>. delta yes|no. OR.. 194 • Palo Alto Networks . path-monitoring. value all|non-zero. application 0-4294967295.. candidate..... OR.. version <value>. OR.. severity <value>.... aspect <value>..... high-availability { all.... counter { management-server. dhcp { lease |<value>... synced... OR.. OR. threat { id 1-4294967295.. state. audit { info. } } OR. interface |<value>. OR. } OR... } OR..xpath <value>. OR.. link-monitoring. } OR... OR. profile 0-4294967295. } OR. } OR..... processed. Palo Alto Networks • 195 . } receive_time { in last-60-seconds|last-15-minutes|last-hour|last-12-hrs|last-24hrs|last-7-days|last-30-days... control-link { statistics. } start-time { equal <value>. OR. } end-time { equal <value>.. OR. } OR.. OR.. pending.. OR.. } csv-output { equal yes|no... log { traffic { direction { equal forward|backward. } dst { in <ip/netmask>.. jobs { all. } rule { equal <value>... OR. } } OR.state-synchronization. location { ip <ip>.... OR. not-in <ip/netmask>. interface |||<value>. OR.... } src { in <ip/netmask>. } app { equal <value>. id 1-4294967296.. not-in <ip/netmask>. OR. not-equal <value>... } OR.... OR. threat { suppress-threatid-mapping { equal yes|no... } start-time { equal <value>. } dstuser { equal <value>. } dport { equal 1-65535... not-equal allow|deny|drop. } csv-output { equal yes|no. } } OR. OR.. } action { equal allow|deny|drop..not-equal <value>. OR.. } src { in <ip/netmask>. } sport { equal 1-65535. not-equal 1-65535. 196 • Palo Alto Networks .... } from { equal <value>. not-equal <value>.. OR.. } end-time { equal <value>. not-in <ip/netmask>. } receive_time { in last-60-seconds|last-15-minutes|last-hour|last-12-hrs|last-24hrs|last-7-days|last-30-days. OR. } srcuser { equal <value>. } direction { equal forward|backward.. not-equal 1-65535. OR. } to { equal <value>. OR.. not-equal <value>. } to { equal <value>...} dst { in <ip/netmask>.. not-equal 1-65535.. } action { equal alert|allow|deny|drop|drop-all-packets|reset-client|resetserver|reset-both|block-url. not-equal <value>. OR... not-in <ip/netmask>. OR... } category { equal adult-or-sexually-explicit|advertisements-and-popups|alcoholand-tobacco|arts|blogs-and-forums|business|chat|computing-andinternet|criminal-activity|downloads|education|entertainment|fashion-andbeauty|finance-and-investment|food-anddining|gambling|games|government|hacking|health-and-medicine|hobbies-andrecreation|hosting-sites|illegal-drugs|infrastructure|intimate-apparel-andswimwear|intolerance-and-hate|job-search-and-career-development|kidssites|motor-vehicles|news|peer-to-peer|personals-and-dating|philanthropicand-professional-orgs|phishing-and-fraud|phising-and-fraud|photo- Palo Alto Networks • 197 .. OR. not-equal <value>. not-equal <value>... OR.. not-equal alert|allow|deny|drop|drop-all-packets|resetclient|reset-server|reset-both|block-url. } rule { equal <value>.. } dport { equal 1-65535. OR. OR. } from { equal <value>. OR... } dstuser { equal <value>. } app { equal <value>. OR. } srcuser { equal <value>.. not-equal 1-65535. } sport { equal 1-65535. not-equal <value>. ... } receive_time { in last-60-seconds|last-15-minutes|last-hour|last-12-hrs|last-24hrs|last-7-days|last-30-days. } csv-output { equal yes|no. not-equal web|cli.. } end-time { equal <value>. OR. not-equal adult-or-sexually-explicit|advertisements-andpopups|alcohol-and-tobacco|arts|blogs-and-forums|business|chat|computingand-internet|criminal-activity|downloads|education|entertainment|fashionand-beauty|finance-and-investment|food-anddining|gambling|games|government|hacking|health-and-medicine|hobbies-andrecreation|hosting-sites|illegal-drugs|infrastructure|intimate-apparel-andswimwear|intolerance-and-hate|job-search-and-career-development|kidssites|motor-vehicles|news|peer-to-peer|personals-and-dating|philanthropicand-professional-orgs|phishing-and-fraud|phising-and-fraud|photosearches|politics|proxies-and-translators|realestate|reference|religion|ringtones-or-mobile-phone-downloads|searchengines|sex-education|shopping|society-and-culture|spamurls|sports|spyware|streaming-media|tasteless-andoffensive|travel|unknown|violence|weapons|web-based-e-mail. } client { equal web|cli. not-equal add|clone|commit|create|delete|edit|get|load-fromdisk|move|rename|save-to-disk|set.. } result { equal succeeded|failed|unauthorized. not-equal succeeded|failed|unauthorized. } subtype { equal url|file. OR. OR. OR. 198 • Palo Alto Networks . config { direction { equal forward|backward...searches|politics|proxies-and-translators|realestate|reference|religion|ringtones-or-mobile-phone-downloads|searchengines|sex-education|shopping|society-and-culture|spamurls|sports|spyware|streaming-media|tasteless-andoffensive|travel|unknown|violence|weapons|web-based-e-mail. } start-time { equal <value>. } } OR.. } cmd { equal add|clone|commit|create|delete|edit|get|load-fromdisk|move|rename|save-to-disk|set... greater-than-or-equal critical|high|medium|low|informational... not-equal <value>.. OR. } end-time { equal <value>. } subtype { equal <value>.. not-equal <value>. OR.... not-equal critical|high|medium|low|informational. OR. } severity { equal critical|high|medium|low|informational. } object { equal <value>.. OR. } receive_time { Palo Alto Networks • 199 . } start-time { equal <value>. } opaque { contains <value>. appstat { direction { equal forward|backward.. system { direction { equal forward|backward. OR.} } OR.. OR. less-than-or-equal critical|high|medium|low|informational.. not-equal <value>.. } eventid { equal <value>.. } csv-output { equal yes|no. } id { equal <value>.. not-equal <value>. } receive_time { in last-60-seconds|last-15-minutes|last-hour|last-12-hrs|last-24hrs|last-7-days|last-30-days.... OR. } } OR.. .. not-equal <value>.in last-60-seconds|last-15-minutes|last-hour|last-12-hrs|last-24hrs|last-7-days|last-30-days.. } start-time { equal <value>. } } OR. trsum { direction { equal forward|backward.. } src { in <value>.. } start-time { equal <value>.. } risk { equal 1|2|3|4|5. } end-time { equal <value>. } type { equal <value>. not-equal <value>. } csv-output { equal yes|no. greater-than-or-equal 1|2|3|4|5. OR. not-equal 1|2|3|4|5.. OR... } name { equal <value>. } end-time { equal <value>. } receive_time { in last-60-seconds|last-15-minutes|last-hour|last-12-hrs|last-24hrs|last-7-days|last-30-days. less-than-or-equal 1|2|3|4|5... not-equal <value>. OR. OR. } app { equal <value>.. OR.. } dst { 200 • Palo Alto Networks . OR. } csv-output { equal yes|no.. OR. } receive_time { in last-60-seconds|last-15-minutes|last-hour|last-12-hrs|last-24hrs|last-7-days|last-30-days.. OR.... not-equal <value>.... } srcloc { equal <value>... not-equal <value>. less-than-or-equal <value>. less-than-or-equal <value>. greater-than-or-equal <value>. } end-time { equal <value>. } rule { equal <value>..in <value>.. not-equal <value>.. } } OR. OR.. thsum { direction { equal forward|backward. not-equal <value>. } srcuser { equal <value>. } start-time { equal <value>. } csv-output { equal yes|no. not-equal <value>. OR. } dstuser { equal <value>. greater-than-or-equal <value>.. not-equal <value>.... OR.. OR. OR. } Palo Alto Networks • 201 .. OR. OR.... OR. } app { equal <value>. } dstloc { equal <value>. } subtype { equal <value>........ greater-than-or-equal <value>. not-equal <value>. OR... not-equal <value>.. } srcloc { equal <value>... OR.. } rule { equal <value>. } dstuser { equal <value>. not-equal <value>. OR. OR. less-than-or-equal <value>. OR..... OR.. 202 • Palo Alto Networks . OR. greater-than-or-equal <value>. OR.. } } } OR. not-equal <value>. logging. not-equal <value>.. mac |<value>.. less-than-or-equal <value>. } threatid { equal <value>. OR.. OR. } dstloc { equal <value>.. OR. } dst { in <value>. OR.. greater-than-or-equal <value>.src { in <value>. } srcuser { equal <value>. less-than-or-equal <value>..... not-equal <value>... OR. not-equal <value>. OR. OR... management-clients; OR... multi-vsys; OR... object { ip <ip>; vsys <value>; } OR... pan-agent { statistics; OR... user-IDs; } OR... proxy { setting; OR... certificate-cache; OR... certificate; OR... notify-cache; } OR... query { id 1-4294967296; OR... jobs; } OR... report { id 1-4294967296; OR... jobs; OR... predefined { name { equal top-attackers|top-victims|top-attackers-by-countries|topvictims-by-countries|top-sources|top-destinations|top-destinationcountries|top-source-countries|top-connections|top-ingress-interfaces|topegress-interfaces|top-ingress-zones|top-egress-zones|top-applications|tophttp-applications|top-rules|top-attacks|top-spyware-threats|top-viruses|topvulnerabilities|top-websites|top-url-categories|top-url-users|top-url-userbehavior|unknown-tcp-connections|unknown-udp-connections|top-deniedsources|top-denied-destinations|top-denied-applications; } start-time { equal <value>; } end-time { equal <value>; } } OR... custom { database { equal appstat|threat|thsum|traffic|trsum; Palo Alto Networks • 203 } topn { equal <value>; } receive_time { in last-hour|last-12-hrs|last-24-hrs|last-7-days|last-30-days; } query { equal <value>; } aggregate-fields { equal <value>; } value-fields { equal <value>; } } } OR... routing { resource; OR... summary { virtual-router <value>; } OR... fib { virtual-router <value>; } OR... route { destination <ip/netmask>; interface <value>; nexthop <ip/netmask>; type static|connect|ospf|rip; virtual-router <value>; } OR... protocol { redist all|ospf|rip; OR... ospf summary|area|interface|virt-link|neighbor|virtneighbor|lsdb|dumplsdb; OR... rip summary|interface|peer|database; virtual-router <value>; } } OR... session { start-at 1-2097152; OR... info; OR... meter; OR... all { filter { nat none|source|destination|both; 204 • Palo Alto Networks proxy yes|no; type flow|predict; state initial|opening|active|discard|closing|closed; from <value>; to <value>; source <value>; destination <value>; source-user <value>; destination-user <value>; source-port 1-65535; destination-port 1-65535; protocol 1-255; application <value>; rule <value>; nat-rule <value>; } } OR... id 1-2147483648; } OR... shared-policy; OR... statistics; OR... system { software { status; } OR... info; OR... services; OR... state { filter <value>; OR... filter-pretty <value>; OR... browser; } OR... statistics; OR... resources; OR... disk-space; OR... logdb-quota; OR... files; } OR... target-vsys; OR... threat { id 1-4294967296; } OR... Palo Alto Networks • 205 virtual-wire |<value>; OR... vlan |<value>; OR... vpn { gateway { name <value>; } OR... tunnel { name <value>; } OR... ike-sa { gateway <value>; } OR... ipsec-sa { tunnel <value>; } OR... flow { tunnel-id 1-2147483648; } } OR... zip { setting; } OR... zone-protection { zone <value>; } } OR... debug { captive-portal { on { normal; OR... debug; } OR... off; OR... show; } OR... cli on|off|detail|show; OR... cpld; OR... dataplane { get; OR... show { user { all; OR... 206 • Palo Alto Networks ip <ip/netmask>; } OR... nat-rule-cache; OR... global-ippool; OR... ippool; OR... security-policy; OR... nat-policy; OR... captive-portal-policy; OR... ssl-policy; OR... application-override-policy; OR... application-signature { statistics; } OR... log-queue { statistics; } OR... application { dump-setting; } OR... resource-monitor { second { last 1-60; } OR... minute { last 1-60; } OR... hour { last 1-24; } OR... day { last 1-7; } OR... week { last 1-13; } } OR... logging; OR... url-cache { statistics; } OR... Palo Alto Networks • 207 } } OR. ctd { url-block-cache { lockout.. OR.. notify-cache { source <ip/netmask>. mode sync|no-sync... } } } OR.... logging... OR.. reset { user-cache { all. url-cache. certificate-cache. OR.. OR.. OR. pow.. 208 • Palo Alto Networks . } OR.. on error|warn|info|debug..top-urls { top 1-10000... OR. } } OR. category adult-or-sexually-explicit|advertisements-andpopups|alcohol-and-tobacco|arts|blogs-and-forums|business|chat|computingand-internet|criminal-activity|downloads|education|entertainment|fashionand-beauty|finance-and-investment|food-anddining|gambling|games|government|hacking|health-and-medicine|hobbies-andrecreation|hosting-sites|illegal-drugs|infrastructure|intimate-apparel-andswimwear|intolerance-and-hate|job-search-and-career-development|kidssites|motor-vehicles|news|peer-to-peer|personals-and-dating|philanthropicand-professional-orgs|phishing-and-fraud|phising-and-fraud|photosearches|politics|proxies-and-translators|realestate|reference|religion|ringtones-or-mobile-phone-downloads|searchengines|sex-education|shopping|society-and-culture|spamurls|sports|spyware|streaming-media|tasteless-andoffensive|travel|unknown|violence|weapons|web-based-e-mail. appid { unknown-cache { destination <ip/netmask>.... ip <ip/netmask>... OR.. } } OR.. OR. proxy { host-certificate-cache... OR. off.... file <value>.... file <value>.. OR. byte-count 1-2000000.. clear. filter { on. OR. unset 1-4.. destination <value>. OR.. destination-port 1-65535. Palo Alto Networks • 209 . } } OR.... drop-filter { on. unset 1-4.. pool { statistics.. protocol 1-255. protocol 1-255. source-port 1-65535.. destination <value>. software 0-255.. off. source <value>. } OR. set { ingress <value>. byte-count 1-2000000.. } OR.. packet-count 1-20000... set { ingress <value>. source-port 1-65535. packet-count 1-20000. OR. } OR.... pow { status. OR. OR.. } OR.. check { hardware 0-255... OR.off.. source <value>. close 1-4. OR.. destination-port 1-65535. OR. } OR... OR... register <value>. dt { lion { rd 0-4294967295... OR. link..... } } OR.performance { all. igr { show drops|flow|internal|packets|queues.. route. OR. route 0-255... } OR...... } } OR. vif { address. mac { stats { clear.. port. egr { show counts|queues. OR. OR... mymac. OR. iftbl.. OR. internal { pci-access { sample. nexthop. rule. OR. OR... } OR.. 210 • Palo Alto Networks . OR.... spi { stats { clear.. } OR.... memory { status.. } OR. OR.. vr... . } OR.. } OR.} } } OR. OR. sw_dfa yes|no. } OR.. fdb { Palo Alto Networks • 211 .. vlan-table { dump. oct { csr { rd <value>.. } OR. } OR. gmx { stats..... pko { disp.. } } } } OR... OR.. } OR.. index 0-4095.. stats.. port-based-vlan { port 0-32. state. } OR.. } OR. pow { dump....... device { switch-dx { uplink. pip { stats.. } OR. register { read 0-4294967295... fpga { set { sw_aho yes|no. OR... OR... . debug. off. OR. OR. OR. OR.. show. task-heartbeat { on.... proxy basic|all. OR. set { tcp reass|fptcp|all. OR. warn. OR.. debug.. } OR. 212 • Palo Alto Networks . OR. OR... OR.. error. OR.. OR.. off.. show. index 0-65535......... process { mprelay { on { dump. ha-agent { on { dump.. OR. info... } } } OR. } } OR. off...... show. } OR.. info.. ssl basic|all...... } OR.. error... OR. warn.. OR..dump.. } OR. } } OR....... unset { tcp reass|fptcp|all... } OR. OR.... misc basic|all. OR.. url basic|all.. OR.. OR..OR.... device-server { set { agent basic|conn|ntlm|group|detail|ha|all. OR. appid basic|policy|dfa|all.. appid agt|basic|policy|dfa|all. tunnel flow|ager.. OR.. flow basic|ager|np|ha|arp|receive|all.. OR... OR... misc basic|all. OR. all.. OR.... all. misc misc|all.. ctd basic|sml|url|detector|all. OR. proxy basic|all. OR. ctd basic|sml|url|detector|all. OR. config basic|tdb|fpga|all. unset { agent basic|conn|detail|ha|all. pow basic|all. url basic|all... flow basic|ager|ha|np|arp|receive|all.. OR. tunnel flow|ager. } OR.... OR. OR.......... OR.. all... ssl basic|all. Palo Alto Networks • 213 . OR. pow basic|all. OR.. OR. OR... misc misc|all. OR. admin-override-password <value>. OR.. OR. } OR.. OR. captive-portal { ip-address <ip/netmask>. id-manager. name <value>... all.. id 1-. } OR. OR. } OR. global-tunnel { all... } OR... id 1-4294967295. dump { idmgr { type { zone { all.. } OR. vsys { all. OR... } OR.. OR... id 1-4294967295. pan-agent { all.. url-category 1-4192.......... } OR.. reset { logging { statistics.. OR..config basic|tdb|fpga|all... 214 • Palo Alto Networks . } OR. test { url <value>... } OR. name <value>. OR. OR... name <value>. OR..... global-interface { all. . } OR.... name <value>. } OR.. } OR.. OR.. name <value>. OR. id 1-4294967295. name <value>...... OR... id 1-4294967295.... id 1-4294967295. OR... OR.. shared-application { all... name <value>. name <value>... name <value>... } OR. OR. OR. global-vlan { all. OR. OR..... } OR. id 1-4294967295.. id 1-4294967295.. name <value>. custom-url-filter { all.. OR. Palo Alto Networks • 215 .. id 1-4294967295. OR.. } OR. id 1-4294967295.. global-vlan-domain { all..id 1-4294967295. } OR.. OR. global-rib-instance { all... user { all. OR... OR. global-vrouter { all. name <value>... OR. . } } } OR... on error|warn|info|debug|dump... id 1-4096. OR. } OR.. name <value>. OR. OR.. id 1-4294967295... OR.. id 1-4096.... security-rule { all.... ike-gateway { all. id 1-4096...... name <value>.. OR.. id 1-4096. name <value>.. user-group { all.. OR. OR. } OR.. OR.. OR.. logging { statistics. } OR.. nat-rule { all. ssl-rule { all. OR.. name <value>. name <value>. } OR. name <value>. OR. 216 • Palo Alto Networks ....} OR...... custom-application { all.. } OR... } } OR. id 1-4096.. OR. OR. . OR.. OR.... OR. OR. off..off. clear. session-counter { index 0-4194304.. ez { enable.... on { virtualrouter <value>. OR. } } OR. OR. show.... } OR. delete. OR. dump.. disable.. } OR..... view. num-counters 0-40. OR.... OR.. warn. show.... port { index 0-32. off... OR. debug. } OR.. show { counter { index 0-4194304.... info.... } OR. } OR. OR.. } OR. num-counters 0-40.. Palo Alto Networks • 217 . pcap { show. OR. dhcpd { global { on { error.. . OR.. ike { global { on { normal.. off..... off. high-availability-agent { on error|warn|info|debug|dump.... } OR....} OR. OR. pcap { show... } OR. OR.. set { drop 0|1. } OR. OR. on. route. internal-dump. view.... OR. } OR. off.. drop_flag.. OR. show... OR. OR. model-check on|off.. arp. show. } } OR....... 218 • Palo Alto Networks . } OR. clear.... OR.. OR..... OR.. session. OR.. OR... OR. debug. dump... throughput. OR. OR. delete... .... off. enable device|ikemgr|dhcpd|ha_agent|routed|npagent|modhttpd.. master-service { on error|warn|info|debug|dump... OR. OR. phased-commit enable|disable|show. } OR. list-sa. } OR.. show.. OR.. dump... OR. } } OR. dump. show. OR. show...... OR.. OR.. OR.. debug.. management-server { on error|warn|info|debug|dump.... log-receiver { on { normal.. stat. OR. } OR. OR. off.. off. } OR. OR. Palo Alto Networks • 219 . clear. OR. OR.. OR.... client { disable device|ikemgr|dhcpd|ha_agent|routed|npagent|modhttpd... statistics.... off.. OR...socket.. } OR... keymgr { on { normal. OR... debug.. .. OR. OR. warn.. pcap { show. OR. OR. OR. } OR.. show.... global { on { error.. OR..... show... OR... debug.. warn. stats. internal-dump. debug.. } OR.. ospf { 220 • Palo Alto Networks ...OR. } OR. OR... OR. info. OR.. OR. OR. routing { mib <value>... info. off.... } OR.. list-mib... netconfig-agent { on { dump. show... OR.... OR. off.. dump. } OR. fib { flush... OR.. error... } OR. clear.. OR... .... off. } OR.. rip { on { virtualrouter <value>. } OR. OR. OR.. swm { list.. history.. OR.... } OR.. } OR.. off.. OR. off.. OR.. delete. Palo Alto Networks • 221 . view. delete. OR...... } OR. OR......on { virtualrouter <value>. command <value>.. view. OR. OR.. OR... status... all { on { virtualrouter <value>. } OR. web-server.... socket. unlock. software { restart { device-server. OR. management-server. delete. OR. view... } } OR.... } } OR. . OR... revert. debug. to <value>.. destination-user <value>.. off. OR. off.. } OR. OR.. OR.. from <value>.. 222 • Palo Alto Networks .. source <value>. dump { on { limit 1-5000... } OR. protocol 1-255.. statistics. OR.... OR.. OR. application <value>. source-user <value>.. supernode yes|no. destination-port 1-65535... } OR. OR. dump.OR. tac-login { permanently-disable.. destination <value>. vardata-receiver { on { normal... rule <value>.. set { application { dump-unknown on|off. disable. show. } } OR... } } OR.. source-port 1-65535. refresh { content. cache yes|no..... OR. } OR. enable.. .. OR. OR.. scripting-mode on|off.25rv|bg2.25|bg1.sysk|ansi77|apollo|apollo_15P|apollo_19L|apollo_color|apple80|apple-ae|apple-soroc|apple-uterm|apple-uterm-vb|apple-videx|applevidex2|apple-videx3|apple-vm80|apple2e|apple2ep|apple80p|appleII|appleIIgs|arm100|arm100w|atari|att2300|att2350|att4410|att4410v1-w|att4415|att4415+nl|att4415nl|att4415-rv|att4415-rv-nl|att4415-w|att4415-w-nl|att4415-w-rv|att4415-wrv-n|att4418|att4418-w|att4420|att4424|att44241|att4424m|att4426|att500|att505|att505-24|att510a|att510d|att5310|att5410w|att5410v1|att5420_2|att5420_2-w|att5425|att5425-nl|att5425w|att5620|att5620-1|att5620-24|att5620-34|att5620-s|att605|att605-pc|att605w|att610|att610-103k|att610-103k-w|att610-w|att615|att615-103k|att615-103kw|att615-w|att620|att620-103k|att620-103k-w|att620-w|att630|att63024|att6386|att700|att730|att730-24|att730-41|att7300|att730r|att730r24|att730r-41|avatar|avatar0|avatar0+|avt|avt+s|avt-ns|avt-rv|avt-rv-ns|avtw|avt-w-ns|avt-w-rv|avt-w-rvns|aws|awsc|bantam|basis|beacon|beehive|beehive3|beehive4|beterm|bg1. terminal { type aaa|aaa+dec|aaa+rv|aaa+unk|aaa-18|aaa-18-rv|aaa-20|aaa-22|aaa24|aaa-24-rv|aaa-26|aaa-28|aaa-30-ctxt|aaa-30-rv|aaa-30-rv-ctxt|aaa-30s|aaa-30-s-rv|aaa-36|aaa-36-rv|aaa-40|aaa-40-rv|aaa-48|aaa-48-rv|aaa-60|aaa60-dec-rv|aaa-60-rv|aaa-60-s|aaa-60-s-rv|aaa-db|aaa-rv-unk|aaa-s-ctxt|aaa-srv-ctxt|aas1901|abm80|abm85|abm85e|abm85h|abm85hold|act4|act5|addrinfo|adds980|adm+sgr|adm11|adm1178|adm12|adm1a|adm2|adm20| adm21|adm22|adm3|adm31|adm31-old|adm36|adm3a|adm3a+|adm42|adm42ns|adm5|aepro|aixterm|aixterm-m|aixterm-m-old|aj510|aj830|altoh19|altos2|altos3|altos4|altos7|altos7pc|amiga|amiga-8bit|amiga-h|amigavnc|ampex175|ampex175b|ampex210|ampex219|ampex219w|ampex232|ampex232w|ampex80|annarbor4080|ansi|a nsi+arrows|ansi+csr|ansi+cup|ansi+erase|ansi+idc|ansi+idl|ansi+idl1|ansi+ini ttabs|ansi+local|ansi+local1|ansi+pp|ansi+rca|ansi+rep|ansi+sgr|ansi+sgrbold |ansi+sgrdim|ansi+sgrso|ansi+sgrul|ansi+tabs|ansi-color-2-emx|ansi-color-3emx|ansi-emx|ansi-generic|ansi-m|ansi-mini|ansi-mr|ansi-mtabs|ansint|ansi.. } OR. timeout { idle |1-1440. OR.OR.. 25nv|bg1.0rv|bitgraph|blit|bobcat|bq300|bq300-8|bq300-8pc|bq300-8-pc-rv|bq300-8-pc-w|bq300-8-pc-w-rv|bq300-8rv|bq300-8w|bq300pc|bq300-pc-rv|bq300-pc-w|bq300-pc-w-rv|bq300-rv|bq300-w|bq300-w-8rv|bq300w-rv|bsdos-pc|bsdos-pc-m|bsdos-pc-nobold|bsdos-ppc|bsdos-sparc|c100|c100rv|c108|c108-4p|c108-rv|c108-rv-4p|c108-w|ca22851|cad68-2|cad683|cbblit|cbunix|cci|cdc456|cdc721|cdc721esc|cdc721ll|cdc752|cdc756|cg7900|cit101|cit101e|cit101e-132|cit101en|cit101e-n132|cit101e-rv|cit500|cit80|citoh|citoh-6lpi|citoh-8lpi|citohcomp|citoh-elite|citoh-pica|citohprop|coco3|color_xterm|commodore|cons25|cons25-m|cons25l1|cons25l1m|cons25r|cons25r-m|cons25w|cons30|cons30-m|cons43|cons43-m|cons50|cons50- Palo Alto Networks • 223 .. notify-user yes|no....0|bg2. heuristics yes|no. cli { pager on|off... } OR.sysold|ansi.sys|ansi.. m|cons50l1|cons50l1-m|cons50r|cons50r-m|cons60|cons60-m|cons60l1|cons60l1m|cons60r|cons60r-m|contel300|contel301|cops10|crt|cs10|cs10w|ct8500|ctrm|cyb110|cyb83|cygwin|cygwinB19|cygwinDBG|d132|d200|d210|d210dg|d211|d211-7b|d211-dg|d216-dg|d216-unix|d216-unix-25|d217-unix|d217-unix25|d220|d220-7b|d220-dg|d230c|d230c-dg|d400|d410|d410-7b|d410-7b-w|d410dg|d410-w|d412-dg|d412-unix|d412-unix-25|d412-unix-s|d412-unix-sr|d412-unixw|d413-unix|d413-unix-25|d413-unix-s|d413-unix-sr|d413-unix-w|d414unix|d414-unix-25|d414-unix-s|d414-unix-sr|d414-unix-w|d430c-dg|d430c-dgccc|d430c-unix|d430c-unix-25|d430c-unix-25-ccc|d430c-unix-ccc|d430c-unixs|d430c-unix-s-ccc|d430c-unix-sr|d430c-unix-sr-ccc|d430c-unix-w|d430c-unixw-ccc|d470c|d470c-7b|d470c-dg|d555|d555-7b|d555-7b-w|d555-dg|d555w|d577|d577-7b|d577-7b-w|d577-dg|d577-w|d578|d578-7b|d800|ddr|dec-vt100|decvt220|decansi|delta|dg+ccc|dg+color|dg+color8|dg+fixed|dggeneric|dg200|dg210|dg211|dg450|dg460-ansi|dg6053|dg6053old|dgkeys+11|dgkeys+15|dgkeys+7b|dgkeys+8b|dgmode+color|dgmode+color8|dguni x+ccc|dgunix+fixed|diablo1620|diablo1620-m8|diablo1640|diablo1640lm|diablo1740-lm|digilog|djgpp|djgpp203|djgpp204|dku7003|dku7003dumb|dku7102old|dku7202|dm1520|dm2500|dm3025|dm3045|dm80|dm80w|dmchat|dmterm|dp3360|dp82 42|dt100|dt100w|dt110|dt80sas|dtc300s|dtc382|dtterm|dumb|dw1|dw2|dw3|dw4|dwk|ecma+color|ecma+sgr|elks| elks-ansi|elks-glasstty|elks-vt52|emu|emu-220|emxbase|env230|ep40|ep48|ergo4000|esprit|espritam|Eterm|eterm|ex155|excel62|excel62-rv|excel62-w|f100|f100-rv|f110|f11014|f110-14w|f110-w|f1720|f200|f200-w|f200vi|f200vi-w|falco|falcop|fos|fox|gator|gator-52|gator-52t|gator-t|gigi|glasstty|gnome|gnomerh62|gnome-rh72|gnome-rh80|gnome-rh90|go140|go140w|go225|graphos|graphos30|gs6300|gsi|gt40|gt42|guru|guru+rv|guru+s|guru-24|guru-44|guru-44-s|guru76|guru-76-lp|guru-76-s|guru-76-w|guru-76-w-s|guru-76-wm|guru-nctxt|gururv|guru-s|h19|h19-a|h19-bs|h19-g|h19-u|h19us|h19k|ha8675|ha8686|hazel|hds200|hft-c|hft-c-old|hftold|hirez100|hirez100w|hmod1|hp+arrows|hp+color|hp+labels|hp+pfk+arrows|hp+pfk+cr|hp+pfkcr|hp+printer|hp110|hp150|hp2|hp236|hp2382a|hp2392|hp2397a|hp2621|hp262148|hp2621-a|hp2621-ba|hp2621-fl|hp2621-k45|hp2621-nl|hp2621nt|hp2621b|hp2621b-kx|hp2621b-kx-p|hp2621b-p|hp2621p|hp2621pa|hp2622|hp2623|hp2624|hp2624-10p|hp2624b-10p-p|hp2624b-p|hp2626|hp262612|hp2626-12-s|hp2626-12x40|hp2626-ns|hp2626-s|hp2626-x40|hp2627a|hp2627arev|hp2627c|hp262x|hp2640a|hp2640b|hp2641a|hp2645|hp2648|hp300h|hp700wy|hp70092|hp9837|hp9845|hp98550|hpansi|hpex|hpgeneric|hpsub|hpterm|hurd|hz1 000|hz1420|hz1500|hz1510|hz1520|hz1520-noesc|hz1552|hz1552rv|hz2000|i100|i400|ibcs2|ibm+16color|ibm+color|ibm-apl|ibm-pc|ibmsystem1|ibm3101|ibm3151|ibm3161|ibm3161C|ibm3162|ibm3164|ibm327x|ibm5081|ibm5081-c|ibm5151|ibm5154|ibm6153|ibm615340|ibm6153-90|ibm6154|ibm6155|ibm8503|ibm8512|ibm8514|ibm8514c|ibmaed|ibmapa8c|ibmapa8c-c|ibmega|ibmegac|ibmmono|ibmpc|ibmpc3|ibmpcx|ibmvga|ibmvga-c|icl6404|icl6404-w|ifmr|imsansi|ims950|ims950-b|ims950-rv|infoton|interix|interixnti|intertube|intertube2|intext|intext2|iris-ansi|iris-ansi-ap|iriscolor|jaixterm|jaixterm-m|kaypro|kermit|kermitam|klone+acs|klone+color|klone+koi8acs|klone+sgr|klone+sgrdumb|konsole|konsole-16color|konsole-base|konsole-linux|konsolevt100|konsole-vt420pc|konsole-xf3x|konsole-xf4x|kt7|kt7ix|kterm|ktermcolor|kvt|lft|linux|linux-basic|linux-c|linux-c-nc|linux-koi8|linuxkoi8r|linux-lat|linux-m|linux-nic|linux-vt|lisa|lisaterm|lisatermw|liswb|ln03|ln03-w|lpr|luna|m2-nam|mac|mac-w|mach|mach-bold|machcolor|mai|masscomp|masscomp1|masscomp2|megatek|memhp|mgr|mgr-linux|mgrsun|mgterm|microb|mime|mime-fb|mime-hb|mime2a|mime2as|mime314|mime3a|mime3ax|minitel1|minitel1b|minitel1b-80|minix|minix- 224 • Palo Alto Networks . linux|screen.xtermxfree86|screen2|screen3|screwpoint|scrhp|sibo|simterm|soroc120|soroc140|st52 |sun|sun-1|sun-12|sun-17|sun-24|sun-34|sun-48|sun-c|sun-cgsix|sun-e|sun-es|sun-il|sun-s|sun-type4|superbeexsb|superbeeic|superbrain|swtp|synertek|t10|t1061|t1061f|t16|t3700|t3800|tab 132|tab132-rv|tab132-w|tab132-wrv|tandem6510|tandem653|tek|tek4013|tek4014|tek4014-sm|tek4015|tek4015sm|tek4023|tek4024|tek4025-17|tek4025-17-ws|tek4025-cr|tek4025ex|tek4025a|tek4025ex|tek4105|tek410530|tek4105a|tek4106brl|tek4107|tek4112|tek4112-5|tek4112-nd|tek4113|tek411334|tek4113-nd|tek4115|tek4125|tek4205|tek4207|tek4207s|tek4404|teletec|teraterm|terminet1200|ti700|ti916|ti916-132|ti916-8|ti9168-132|ti924|ti924-8|ti924-8w|ti924w|ti926|ti926-8|ti928|ti9288|ti931|ti_ansi|trs16|trs2|ts100|ts100-ctxt|tt|tt50522|tty33|tty37|tty40|tty43|tvi803|tvi9065|tvi910|tvi910+|tvi912|tvi912b|tvi9 12b+2p|tvi912b+dim|tvi912b+mc|tvi912b+printer|tvi912b+vb|tvi912b-2p|tvi912b- Palo Alto Networks • 225 .teraterm|screen.sys|nansi.sysk|ncr160vppp|ncr16 0vpwpp|ncr160vt100an|ncr160vt100pp|ncr160vt100wan|ncr160vt100wpp|ncr160vt200 an|ncr160vt200pp|ncr160vt200wan|ncr160vt200wpp|ncr160vt300an|ncr160vt300pp|n cr160vt300wan|ncr160vt300wpp|ncr160wy50+pp|ncr160wy50+wpp|ncr160wy60pp|ncr16 0wy60wpp|ncr260intan|ncr260intpp|ncr260intwan|ncr260intwpp|ncr260vppp|ncr260 vpwpp|ncr260vt100an|ncr260vt100pp|ncr260vt100wan|ncr260vt100wpp|ncr260vt200a n|ncr260vt200pp|ncr260vt200wan|ncr260vt200wpp|ncr260vt300an|ncr260vt300pp|nc r260vt300wan|NCR260VT300WPP|ncr260wy325pp|ncr260wy325wpp|ncr260wy350pp|ncr26 0wy350wpp|ncr260wy50+pp|ncr260wy50+wpp|ncr260wy60pp|ncr260wy60wpp|ncr7900i|n cr7900iv|ncr7901|ncrvt100an|ncrvt100wan|ncsa|ncsa-m|ncsa-m-ns|ncsa-ns|ncsavt220|nec5520|newhp|newhpkeyboard|news-29|news-29-euc|news-29-sjis|news33|news-33-euc|news-33-sjis|news-42|news-42-euc|news-42-sjis|news-oldunk|newsunk|news28|news29|next|nextshell|northstar|nsterm|nsterm+7|nsterm+acs|nsterm +c|nsterm+c41|nsterm+mac|nsterm+s|nsterm-7|nsterm-7-c|nsterm-acs|nstermc|nsterm-c-acs|nsterm-c-s|nsterm-c-s-7|nsterm-c-s-acs|nsterm-m|nsterm-m7|nsterm-m-acs|nsterm-m-s|nsterm-m-s-7|nsterm-m-s-acs|nsterm-s|nsterm-s7|nsterm-s-acs|nwp511|nwp512|nwp512-a|nwp512-o|nwp513|nwp513-a|nwp513o|nwp517|nwp517-w|oblit|oc100|ofcons|oldpc3|oldsun|omron|opennt-100|opennt100-nti|opennt-35|opennt-35-nti|opennt-35-w|opennt-50|opennt-50-nti|opennt50-w|opennt-60|opennt-60-nti|opennt-60-w|opennt-w|opennt-wvt|opus3n1+|origpc3|osborne|osbornew|osexec|otek4112|otek4115|owl|p19|p8gl|pc-coherent|pc-minix|pcvenix|pc3|pc6300plus|pcansi|pcansi-25|pcansi-25-m|pcansi-33|pcansi-33m|pcansi-43|pcansi-43-m|pcansim|pccons|pcix|pckermit|pckermit120|pcmw|pcplot|pcvt25|pcvt25color|pcvt25w|pcvt28|pcvt28w|pcvt35|pcvt35w|pcvt40|pcvt40w|pcvt43|pcvt43w|pc vt50|pcvt50w|pcvtXX|pe1251|pe7000c|pe7000m|pilot|pmcons|prism12|prism12m|prism12-m-w|prism12-w|prism14|prism14-m|prism14-m-w|prism14w|prism2|prism4|prism5|prism7|prism8|prism8-w|prism9|prism9-8|prism9-8w|prism9-w|pro350|ps300|psterm|psterm-80x24|psterm-90x28|psterm96x48|psterm-fast|pt100|pt100w|pt210|pt250|pt250w|pty|putty|qansi|qansig|qansi-m|qansi-t|qansiw|qdss|qnx|qnxm|qnxt|qnxt2|qnxtmono|qnxw|qume5|qvt101|qvt101+|qvt102|qvt103| qvt103-w|qvt119+|qvt119+-25|qvt119+-25-w|qvt119+-w|qvt203|qvt203-25|qvt20325-w|qvt203-w|rbcomm|rbcomm-nam|rbcomm-w|rca|rcons|rconscolor|regent|regent100|regent20|regent25|regent40|regent40+|regent60|rt6221| rt6221-w|rtpc|rxvt|rxvt+pcfkeys|rxvt-16color|rxvt-basic|rxvt-color|rxvtcygwin|rxvt-cygwin-native|rxvt-xpm|sb1|sb2|sbi|scanset|scoansi|scoansinew|scoansi-old|screen|screen-bce|screen-s|screenw|screen.old|minix-old-am|mlterm|mm340|modgraph|modgraph2|modgraph48|monoemx|morphos|ms-vt-utf8|ms-vt100|ms-vt100+|ms-vt100color|msk227|msk22714|msk227am|mt4520-rv|mt70|mterm|mtermansi|MtxOrb|MtxOrb162|MtxOrb204|mvterm|nansi.xterm-r6|screen. 226 • Palo Alto Networks . OR. } } OR. OR. time <value>...2p-mc|tvi912b-2p-p|tvi912b-2p-unk|tvi912b-mc|tvi912b-p|tvi912b-unk|tvi912bvb|tvi912b-vb-mc|tvi912b-vb-p|tvi912b-vbunk|tvi912cc|tvi920b|tvi920b+fn|tvi920b-2p|tvi920b-2p-mc|tvi920b-2pp|tvi920b-2p-unk|tvi920b-mc|tvi920b-p|tvi920b-unk|tvi920b-vb|tvi920b-vbmc|tvi920b-vb-p|tvi920b-vb-unk|tvi921|tvi924|tvi925|tvi925hi|tvi92B|tvi92D|tvi950|tvi950-2p|tvi950-4p|tvi950-rv|tvi950-rv-2p|tvi950rv-4p|tvi955|tvi955-hb|tvi955-w|tvi970|tvi970-2p|tvi970-vb|tvipt|twsgeneric|tws2102-sna|tws2103|tws2103sna|uniterm|unknown|uts30|uwin|v3220|v5410|vanilla|vc303|vc303a|vc404|vc404s|vc414|vc415|versaterm|vi200|vi200-f|vi200-rv|vi300|vi300old|vi50|vi500|vi50adm|vi55|vi550|vi603|viewpoint|vip|vip-H|vip-Hw|vipw|visa50|vp3a+|vp60|vp90|vremote|vsc|vt100|vt100+fnkeys|vt100+keypad|vt100+p fkeys|vt100-nav|vt100-nav-w|vt100-putty|vt100-s|vt100-s-bot|vt100-vb|vt100w|vt100-w-nam|vt100nam|vt102|vt102-nsgr|vt102-w|vt125|vt131|vt132|vt200js|vt220|vt220+keypad|vt220-8bit|vt220-nam|vt220-old|vt220w|vt220d|vt320|vt320-k3|vt320-k311|vt320-nam|vt320-w|vt320-wnam|vt320nam|vt340|vt400|vt420|vt420f|vt420pc|vt420pcdos|vt50|vt50h|vt510|vt 510pc|vt510pcdos|vt52|vt520|vt525|vt61|wsiris|wsvt25|wsvt25m|wy100|wy100q|wy 120|wy120-25|wy120-25-w|wy120-vb|wy120-w|wy120-w-vb|wy160|wy160-25|wy160-25w|wy160-42|wy160-42-w|wy160-43|wy160-43-w|wy160-tek|wy160-vb|wy160-w|wy160w-vb|wy185|wy185-24|wy185-vb|wy185-w|wy185-wvb|wy30|wy30-mc|wy30vb|wy325|wy325-25|wy325-25w|wy325-42|wy325-42w|wy325-42w-vb|wy325-43|wy32543w|wy325-43w-vb|wy325-vb|wy325-w|wy325-w-vb|wy350|wy350-vb|wy350-w|wy350wvb|wy370|wy370-105k|wy370-EPC|wy370-nk|wy370-rv|wy370-tek|wy370-vb|wy370w|wy370-wvb|wy50|wy50-mc|wy50-vb|wy50-w|wy50-wvb|wy520|wy520-24|wy52036|wy520-36pc|wy520-36w|wy520-36wpc|wy520-48|wy520-48pc|wy520-48w|wy52048wpc|wy520-epc|wy520-epc-24|wy520-epc-vb|wy520-epc-w|wy520-epc-wvb|wy520vb|wy520-w|wy520-wvb|wy60|wy60-25|wy60-25-w|wy60-42|wy60-42-w|wy60-43|wy6043-w|wy60-vb|wy60-w|wy60-w-vb|wy75|wy75-mc|wy75-vb|wy75-w|wy75wvb|wy75ap|wy85|wy85-8bit|wy85-vb|wy85-w|wy85-wvb|wy99-ansi|wy99aansi|wy99f|wy99fa|wy99gt|wy99gt-25|wy99gt-25-w|wy99gt-tek|wy99gt-vb|wy99gtw|wy99gt-w-vb|wysevp|x10term|x68k|xerox1720|xerox820|xnuppc|xnuppc+100x37|xnuppc+112x37|xnuppc +128x40|xnuppc+128x48|xnuppc+144x48|xnuppc+160x64|xnuppc+200x64|xnuppc+200x7 5|xnuppc+256x96|xnuppc+80x25|xnuppc+80x30|xnuppc+90x30|xnuppc+b|xnuppc+basic |xnuppc+c|xnuppc+f|xnuppc+f2|xnuppc-100x37|xnuppc-100x37-m|xnuppc112x37|xnuppc-112x37-m|xnuppc-128x40|xnuppc-128x40-m|xnuppc-128x48|xnuppc128x48-m|xnuppc-144x48|xnuppc-144x48-m|xnuppc-160x64|xnuppc-160x64-m|xnuppc200x64|xnuppc-200x64-m|xnuppc-200x75|xnuppc-200x75-m|xnuppc-256x96|xnuppc256x96-m|xnuppc-80x25|xnuppc-80x25-m|xnuppc-80x30|xnuppc-80x30-m|xnuppc90x30|xnuppc-90x30-m|xnuppc-b|xnuppc-f|xnuppc-f2|xnuppc-m|xnuppc-m-b|xnuppcm-f|xnuppc-m-f2|xtalk|xterm|xterm+pcfkeys|xterm+sl|xterm+sl-twm|xterm1002|xterm-1003|xterm-16color|xterm-24|xterm-256color|xterm-88color|xterm8bit|xterm-basic|xterm-bold|xterm-color|xterm-hp|xterm-new|xterm-nic|xtermnoapp|xterm-pcolor|xterm-r5|xterm-r6|xterm-sco|xterm-sun|xterm-vt220|xtermvt52|xterm-xf86-v32|xterm-xf86-v33|xterm-xf86-v333|xterm-xf86-v40|xtermxf86-v43|xterm-xf86-v44|xterm-xfree86|xterm-xi|xterm1|xtermc|xtermm|xtermssun|z100|z100bw|z29|z29a|z29a-kc-uc|z29a-nkc-bc|z29a-nkc-uc|z340|z340nam|z39-a|zen30|zen50|ztx.. clock { date <value>... height 1-500.. width 1-500. notify-user yes|no. OR. OR. OR.. data-access-password <value>.. panorama on|off. OR... OR..... password. OR.... timeout-scan 5-30. answer-timeout 1-86400.. OR... logging { max-log-rate 0-50000... } OR. timeout-tcpinit 1-60. accelerated-aging-enable yes|no. max-packet-rate 0-2560... timeout-icmp 1-15999999.. } OR.. OR. proxy { skip-proxy yes|no. default.... OR...... skip-ssl yes|no. timeout-tcpwait 1-60. OR. log-suppression yes|no.. session { timeout-tcp 1-15999999...... OR. Palo Alto Networks • 227 .. scan-threshold 50-99... management-server { unlock { admin <value>. scan-scaling-factor 2-16.... logging on|off|import-start|import-end..} OR. OR. timeout-default 1-15999999. OR... OR. } OR.. } OR.. timeout-udp 1-15999999... OR. OR. OR.. multi-vsys on|off. OR. OR.. OR.. .accelerated-aging-threshold 50-99. key <value>.... key <value>.. request { certificate { self-signed { for-use-by web-interface|ssl-decryption|ssl-untrusted. shared-policy enable|disable|import-and-disable. OR. certificate <value>. target-vsys <value>. certificate <value>.. } OR... install { for-use-by { web-interface { passphrase <value>.. name <value>. reverse-proxy { passphrase <value>.. } OR. } } OR. certificate <value>. } OR.. OR... OR. nbits 1024|512.. passphrase <value>. organization <value>. email <value>... ssl-untrusted { passphrase <value>. OR. OR. key <value>. locality <value>.. tcp-reject-non-syn yes|no.. } OR. state <value>.. OR. offload yes|no.... key <value>.. certificate <value>. default. organization-unit <value>. 228 • Palo Alto Networks . zip { enable yes|no. } OR.. accelerated-aging-scaling-factor 2-16. ssl-decryption { passphrase <value>. country-code <value>. } } OR.... OR.. } OR.. device-registration { Palo Alto Networks • 229 .. } OR. install { latest { no-commit.. } OR. modify { old-password <value>... OR. delete.. file <value>.. new-password <value>. OR..name <value>. data-filtering { access-password { create { password <value>.... } OR.. content { downgrade { install <value>. key <value>... } OR. check.. comfort-page { install application-block-page|url-block-page|spyware-block-page|virusblock-page|file-block-page. certificate <value>. } } } OR. verify { for-use-by { web-interface { passphrase <value>.. download latest. upgrade { info. } } } OR.... } } } } OR.. } OR. check. } OR.. restart { system. OR. runtime-state...... functional. license { info.. } OR. support { info. high-availability { sync-to-remote { candidate-config. OR.. } OR.. } OR. software. clear-alarm-led.username <value>.......... OR. state { suspend. OR.. } OR.. 230 • Palo Alto Networks ..... } OR. } OR. running-config... } OR. dataplane.. OR.. fetch { auth-code <value>. OR. OR.. disk-state. OR. check.... OR. password <value>. OR... clock. system { software { info.. install <value>.. ssl-optout-text { install... pending-changes.. } } OR. source-ip <ip>. pdf-reports { from <pathname>.. file <value>. remote-port 1-65535. to <value>. OR.OR.. remote-port 1-65535.. } } OR. url-filtering { upgrade. } OR. } OR. } OR. remote-port 1-65535. } } OR..... file <value>.. source-ip <ip>. Palo Alto Networks • 231 . to <value>....... } OR. save { config { to <value>. download { version <value>. install { version <value>.... scp { export { configuration { from <pathname>. } OR.. } OR.. source-ip <ip>... check { data-access-passwd { system... OR. to <value>. factory-reset... packet-log { from <pathname>. } OR. .. web-interface-certificate { to <value>. } } OR. remote-port 1-65535..... to <value>.. source-ip <ip>. source-ip <ip>.. remote-port 1-65535. logdb { to <value>. source-ip <ip>.. stats-dump { 232 • Palo Alto Networks . } OR.. } OR.. } end-time { equal <value>. source-ip <ip>. application { from <pathname>. to <value>. } to <value>. } to <value>. } end-time { equal <value>. remote-port 1-65535. remote-port 1-65535. trusted-ca-certificate { to <value>.filter { from <pathname>. } OR. source-ip <ip>. } OR. log { traffic { start-time { equal <value>. } OR... } OR. source-ip <ip>. threat { start-time { equal <value>. remote-port 1-65535. remote-port 1-65535. remote-port 1-65535. source-ip <ip>.. to <value>; remote-port 1-65535; source-ip <ip>; } OR... tech-support { to <value>; remote-port 1-65535; source-ip <ip>; } OR... core-file { control-plane { from <pathname>; to <value>; remote-port 1-65535; source-ip <ip>; } OR... data-plane { from <pathname>; to <value>; remote-port 1-65535; source-ip <ip>; } } OR... log-file { control-plane { to <value>; remote-port 1-65535; source-ip <ip>; } OR... data-plane { to <value>; remote-port 1-65535; source-ip <ip>; } } OR... ssl-optout-text { to <value>; remote-port 1-65535; source-ip <ip>; } OR... captive-portal-text { to <value>; remote-port 1-65535; source-ip <ip>; } OR... url-coach-text { to <value>; remote-port 1-65535; source-ip <ip>; } OR... Palo Alto Networks • 233 file-block-page { to <value>; remote-port 1-65535; source-ip <ip>; } OR... application-block-page { to <value>; remote-port 1-65535; source-ip <ip>; } OR... url-block-page { to <value>; remote-port 1-65535; source-ip <ip>; } OR... virus-block-page { to <value>; remote-port 1-65535; source-ip <ip>; } OR... spyware-block-page { to <value>; remote-port 1-65535; source-ip <ip>; } OR... debug-pcap { from <pathname>; to <value>; remote-port 1-65535; source-ip <ip>; } } OR... import { configuration { from <value>; remote-port 1-65535; source-ip <ip>; } OR... ssl-decryption-certificate { from <value>; remote-port 1-65535; source-ip <ip>; } OR... private-key { from <value>; remote-port 1-65535; source-ip <ip>; } OR... web-interface-certificate { from <value>; 234 • Palo Alto Networks remote-port 1-65535; source-ip <ip>; } OR... trusted-ca-certificate { from <value>; remote-port 1-65535; source-ip <ip>; } OR... logdb { from <value>; remote-port 1-65535; source-ip <ip>; } OR... license { from <value>; remote-port 1-65535; source-ip <ip>; } OR... content { from <value>; remote-port 1-65535; source-ip <ip>; } OR... software { from <value>; remote-port 1-65535; source-ip <ip>; } OR... reverse-proxy-key { from <value>; remote-port 1-65535; source-ip <ip>; } OR... ssl-optout-text { from <value>; remote-port 1-65535; source-ip <ip>; } OR... captive-portal-text { from <value>; remote-port 1-65535; source-ip <ip>; } OR... url-coach-text { from <value>; remote-port 1-65535; source-ip <ip>; } OR... application-block-page { Palo Alto Networks • 235 from <value>; remote-port 1-65535; source-ip <ip>; } OR... url-block-page { from <value>; remote-port 1-65535; source-ip <ip>; } OR... file-block-page { from <value>; remote-port 1-65535; source-ip <ip>; } OR... virus-block-page { from <value>; remote-port 1-65535; source-ip <ip>; } OR... spyware-block-page { from <value>; remote-port 1-65535; source-ip <ip>; } } } OR... tftp { export { configuration { from <pathname>; to <value>; remote-port 1-65535; source-ip <ip>; } OR... packet-log { from <pathname>; to <value>; remote-port 1-65535; source-ip <ip>; } OR... filter { from <pathname>; to <value>; remote-port 1-65535; source-ip <ip>; } OR... application { from <pathname>; to <value>; remote-port 1-65535; source-ip <ip>; 236 • Palo Alto Networks } OR... trusted-ca-certificate { to <value>; remote-port 1-65535; source-ip <ip>; } OR... web-interface-certificate { to <value>; remote-port 1-65535; source-ip <ip>; } OR... stats-dump { to <value>; remote-port 1-65535; source-ip <ip>; } OR... tech-support { to <value>; remote-port 1-65535; source-ip <ip>; } OR... core-file { control-plane { from <pathname>; to <value>; remote-port 1-65535; source-ip <ip>; } OR... data-plane { from <pathname>; to <value>; remote-port 1-65535; source-ip <ip>; } } OR... log-file { control-plane { to <value>; remote-port 1-65535; source-ip <ip>; } OR... data-plane { to <value>; remote-port 1-65535; source-ip <ip>; } } OR... ssl-optout-text { to <value>; remote-port 1-65535; Palo Alto Networks • 237 } OR.. source-ip <ip>. remote-port 1-65535.. import { configuration { from <value>.... virus-block-page { to <value>.. url-coach-text { to <value>. source-ip <ip>...source-ip <ip>.. } } OR. to <value>. remote-port 1-65535. remote-port 1-65535..... source-ip <ip>. source-ip <ip>. } OR. } OR. remote-port 1-65535.. application-block-page { to <value>. debug-pcap { from <pathname>. remote-port 1-65535. remote-port 1-65535.. remote-port 1-65535.. source-ip <ip>.. file-block-page { to <value>. file <value>. } OR. url-block-page { to <value>. source-ip <ip>. source-ip <ip>. } OR. 238 • Palo Alto Networks . source-ip <ip>. } OR. remote-port 1-65535. } OR. captive-portal-text { to <value>.. } OR. source-ip <ip>. remote-port 1-65535. spyware-block-page { to <value>. . file <value>. trusted-ca-certificate { from <value>. file <value>. remote-port 1-65535.... source-ip <ip>.. source-ip <ip>. file <value>..... file <value>. file <value>. } OR.} OR. source-ip <ip>. license { from <value>. remote-port 1-65535. } OR. software { from <value>. source-ip <ip>.... source-ip <ip>. remote-port 1-65535. remote-port 1-65535. remote-port 1-65535. source-ip <ip>. file <value>. ssl-optout-text { from <value>. content { from <value>. } OR. source-ip <ip>. remote-port 1-65535. } OR... remote-port 1-65535. file <value>. source-ip <ip>. captive-portal-text { Palo Alto Networks • 239 . remote-port 1-65535. } OR. } OR.. web-interface-certificate { from <value>... } OR. } OR. ssl-decryption-certificate { from <value>. file <value>.. private-key { from <value>. source-ip <ip>... remote-port 1-65535. source-ip <ip>. file <value>. } OR. remote-port 1-65535. remote-port 1-65535. spyware-block-page { from <value>. source-ip <ip>. remote-port 1-65535. remote-port 1-65535.. download { 240 • Palo Alto Networks . url-block-page { from <value>. } OR...from <value>. virus-block-page { from <value>... } } OR. url-coach-text { from <value>... file <value>.. } } } OR. file <value>.. source-ip <ip>. remote-port 1-65535. source-ip <ip>. } OR. file <value>.. } OR. OR. version <value>. file-block-page { from <value>. } OR. source-ip <ip>... remote-port 1-65535. load { config { from <value>.. file <value>. application-block-page { from <value>... file <value>. } OR.. file <value>. source-ip <ip>. } } OR. destination <value>. source-port 1-65535.... destination <value>. protocol 1-255... source <value>. format csv|pdf|xml. report { report-name <value>... protocol 1-255. nat-policy-match { from <value>.... to <value>. } OR. } OR.. dlplog { file <value>. file-name <value>|. Palo Alto Networks • 241 . generic { file <value>. } } OR. } OR. pktlog { file <value>. source <value>. test { cp-policy-match { from <value>.. } OR. } OR. security-policy-match { from <value>. routing { fib-lookup { ip <ip>.. to <value>. } OR.. virtual-router <value>.. } OR. destination-port 1-65535... file-name <value>|. format csv|pdf|xml. summary-report { report-name <value>. to <value>.custom-report { report-name <value>. file-name <value>|.. OR. ssl-policy-match { from <value>.source <value>. ignore-case yes|no. application <value>. OR. line-number yes|no. OR.. custom-page <pathname>. less { mp-log <pathname>.. destination-port 1-65535.. source-user <value>. pattern <value>.. no-filename yes|no.. category <value>.... after-context 1-65535.. to <value>. destination <value>. dp-log <pathname>. max-count 1-65535. before-context 1-65535.. invert-match yes|no... destination <value>. webserver-log <pathname>. OR. count yes|no... } } } OR.. } OR. ipsec-sa { tunnel <value>.. } OR.. OR. show-all yes|no. } OR. dp-backtrace <pathname>. mp-backtrace <pathname>... dp-log <pathname>. vpn { ike-sa { gateway <value>.. protocol 1-255. context 1-65535. OR.. } OR.. ping { 242 • Palo Alto Networks . } OR. source <value>.. grep { mp-log <pathname>.. .bypass-routing yes|no. view-pcap { application-pcap <pathname>. Palo Alto Networks • 243 . count 1-2000000000... no-timestamp yes|no. } OR.. do-not-fragment yes|no. v1 yes|no.. source <value>.. tail { mp-log <pathname>. host <value>. verbose yes|no. inet yes|no.. hex-link yes|no. } OR. inet yes|no. dp-log <pathname>. OR. pattern <value>. no-dns-lookup yes|no. hex-ascii-link yes|no. follow yes|no. unformatted-timestamp yes|no. hex yes|no.. tos 1-255. timestamp yes|no. source <value>. no-qualification yes|no. OR. threat-pcap <pathname>. undecoded-NFS yes|no... } OR. filter-pcap <pathname>. ssh { host <value>. webserver-log <pathname>... hex-ascii yes|no. record-route yes|no. no-port-lookup yes|no. OR. verbose yes|no. debug-pcap <pathname>. lines 1-65535. absolute-seq yes|no.. no-resolve yes|no. delta yes|no. v2 yes|no. size 0-65468. ttl 1-255.. link-header yes|no. wait 1-99999.. OR. interval 1-2000000000. OR. port 0-65535.. groups yes|no.. do-not-fragment yes|no. telnet { 8bit yes|no. } OR. verbose yes|no. timers yes|no. masquerade yes|no. } } 244 • Palo Alto Networks . host <value>. traceroute { base-udp-port 1-65535. numeric-ports yes|no. first-ttl 1-255.verbose+ yes|no.. cache yes|no. verbose++ yes|no. continuous yes|no. numeric yes|no. tos 1-255. fib yes|no. port 0-65535. symbolic yes|no. gateway <ip/netmask>. source <value>.. verbose yes|no. pause 1-2000000000. } OR.. } OR. interfaces yes|no. programs yes|no. route yes|no. listening yes|no. wait 1-99999. max-ttl 1-255.. toggle-ip-checksums yes|no.. host <value>. numeric-users yes|no. no-resolve yes|no. bypass-routing yes|no. extend yes|no. debug-socket yes|no. statistics yes|no. netstat { all yes|no. numeric-hosts yes|no. superuser yes.. disable-ssh yes|no. <name> { deviceconfig { system { hostname <value>.. } } } } devices { REPEAT. preferences { disable-dns yes|no. disable-https yes|no. default-gateway <ip>. ntp-server-1 <value>... service { disable-http yes|no. ip <ip>. secure-proxy-server <value>. ntp-server-2 <value>. disable-icmp yes|no. netmask <ip>. radius-server <ip>. } permissions { role-based { superreader yes.. OR.. disable-telnet yes|no. } } } devices { REPEAT.Panorama Hierarchy config { predefined. panorama-admin yes. ip-address <ip>.. <name> { hostname <value>. radius-secret <value>.. OR. } Palo Alto Networks • 245 ... remote-authentication radius. secure-proxy-port 1-65535. mgt-config { users { REPEAT. update-server <value>. <name> { phash <value>. domain <value>. dns-secondary <ip>. dns-primary <ip>. timezone W-SU|CST6CDT|Japan|Portugal|Hongkong|Mideast|Mideast/ Riyadh87|Mideast/Riyadh88|Mideast/Riyadh89|Eire|Poland|Factory|GBEire|America|America/Port_of_Spain|America/Indiana|America/Indiana/ Vevay|America/Indiana/Indianapolis|America/Indiana/Marengo|America/Indiana/ Knox|America/St_Johns|America/Grand_Turk|America/Tijuana|America/ Toronto|America/Araguaina|America/Virgin|America/El_Salvador|America/ Coral_Harbour|America/Jujuy|America/Mexico_City|America/Guyana|America/ Cayman|America/Ensenada|America/Fortaleza|America/Iqaluit|America/ Boa_Vista|America/Chihuahua|America/Nome|America/Cancun|America/ Cayenne|America/Recife|America/Panama|America/Caracas|America/ Costa_Rica|America/Cambridge_Bay|America/Martinique|America/ Yellowknife|America/Godthab|America/Sao_Paulo|America/Edmonton|America/ Fort_Wayne|America/Danmarkshavn|America/Barbados|America/Dawson|America/ Thunder_Bay|America/Tegucigalpa|America/Chicago|America/Guadeloupe|America/ Grenada|America/Anguilla|America/Kentucky|America/Kentucky/ Monticello|America/Kentucky/Louisville|America/Argentina|America/Argentina/ Jujuy|America/Argentina/Ushuaia|America/Argentina/Catamarca|America/ Argentina/San_Juan|America/Argentina/Mendoza|America/Argentina/ La_Rioja|America/Argentina/Buenos_Aires|America/Argentina/Tucuman|America/ Argentina/ComodRivadavia|America/Argentina/Cordoba|America/Argentina/ Rio_Gallegos|America/Mazatlan|America/Regina|America/Montevideo|America/ Catamarca|America/Los_Angeles|America/Campo_Grande|America/Aruba|America/ Manaus|America/Knox_IN|America/Rosario|America/St_Lucia|America/ Hermosillo|America/Denver|America/Detroit|America/Santiago|America/ Shiprock|America/Cuiaba|America/Dominica|America/Porto_Acre|America/ Curacao|America/Belize|America/Merida|America/Swift_Current|America/ Antigua|America/Adak|America/Indianapolis|America/Belem|America/ Miquelon|America/Louisville|America/Bogota|America/New_York|America/ Boise|America/Scoresbysund|America/Mendoza|America/Goose_Bay|America/ Yakutat|America/Eirunepe|America/Winnipeg|America/Buenos_Aires|America/ Menominee|America/Paramaribo|America/Thule|America/Montreal|America/ Jamaica|America/Monterrey|America/St_Thomas|America/Rio_Branco|America/ Lima|America/Juneau|America/La_Paz|America/Vancouver|America/ Rankin_Inlet|America/Puerto_Rico|America/St_Kitts|America/Halifax|America/ Guayaquil|America/Inuvik|America/Noronha|America/Nassau|America/Port-auPrince|America/Guatemala|America/Glace_Bay|America/Nipigon|America/ Cordoba|America/Bahia|America/Asuncion|America/Maceio|America/Atka|America/ North_Dakota|America/North_Dakota/Center|America/Managua|America/ Anchorage|America/Montserrat|America/Tortola|America/Dawson_Creek|America/ Santo_Domingo|America/Pangnirtung|America/Whitehorse|America/ St_Vincent|America/Porto_Velho|America/Havana|America/Phoenix|America/ Rainy_River|Indian|Indian/Christmas|Indian/Reunion|Indian/Comoro|Indian/ Cocos|Indian/Mauritius|Indian/Antananarivo|Indian/Mahe|Indian/ Mayotte|Indian/Kerguelen|Indian/Chagos|Indian/Maldives|GMT0|Canada|Canada/ Yukon|Canada/Saskatchewan|Canada/Central|Canada/Eastern|Canada/EastSaskatchewan|Canada/Atlantic|Canada/Pacific|Canada/Mountain|Canada/ Newfoundland|MET|ROK|US|US/Alaska|US/East-Indiana|US/Central|US/Eastern|US/ Samoa|US/Arizona|US/Pacific|US/Aleutian|US/Hawaii|US/Mountain|US/ Michigan|US/Indiana-Starke|MST|Mexico|Mexico/BajaSur|Mexico/General|Mexico/ BajaNorte|EST5EDT|Atlantic|Atlantic/Madeira|Atlantic/Cape_Verde|Atlantic/ St_Helena|Atlantic/Stanley|Atlantic/South_Georgia|Atlantic/ Jan_Mayen|Atlantic/Azores|Atlantic/Reykjavik|Atlantic/Canary|Atlantic/ Faeroe|Atlantic/Bermuda|HST|Antarctica|Antarctica/McMurdo|Antarctica/ Davis|Antarctica/South_Pole|Antarctica/Vostok|Antarctica/Rothera|Antarctica/ Mawson|Antarctica/DumontDUrville|Antarctica/Palmer|Antarctica/ Casey|Antarctica/Syowa|UTC|Iceland|Pacific|Pacific/Honolulu|Pacific/ Truk|Pacific/Niue|Pacific/Wake|Pacific/Apia|Pacific/Majuro|Pacific/ Norfolk|Pacific/Efate|Pacific/Enderbury|Pacific/Palau|Pacific/ Saipan|Pacific/Nauru|Pacific/Kiritimati|Pacific/Tahiti|Pacific/Guam|Pacific/ 246 • Palo Alto Networks . Tongatapu|Pacific/Fiji|Pacific/Rarotonga|Pacific/Samoa|Pacific/ Fakaofo|Pacific/Guadalcanal|Pacific/Port_Moresby|Pacific/Midway|Pacific/ Galapagos|Pacific/Yap|Pacific/Johnston|Pacific/Marquesas|Pacific/ Noumea|Pacific/Auckland|Pacific/Gambier|Pacific/Kwajalein|Pacific/ Kosrae|Pacific/Wallis|Pacific/Easter|Pacific/Chatham|Pacific/ Funafuti|Pacific/Pago_Pago|Pacific/Tarawa|Pacific/Pitcairn|Pacific/ Ponape|EET|EST|Greenwich|GMT|Cuba|Brazil|Brazil/Acre|Brazil/East|Brazil/ DeNoronha|Brazil/West|Turkey|Arctic|Arctic/Longyearbyen|NZCHAT|Zulu|Israel|Jamaica|Etc|Etc/GMT-14|Etc/GMT+6|Etc/GMT-10|Etc/GMT-2|Etc/ GMT-8|Etc/GMT+4|Etc/GMT0|Etc/GMT-12|Etc/GMT+11|Etc/GMT-11|Etc/GMT+12|Etc/ UTC|Etc/GMT-3|Etc/Greenwich|Etc/GMT-9|Etc/GMT|Etc/GMT+2|Etc/Zulu|Etc/GMT4|Etc/GMT+7|Etc/GMT+1|Etc/GMT+8|Etc/GMT-7|Etc/GMT-6|Etc/GMT+10|Etc/GMT5|Etc/GMT+0|Etc/GMT-1|Etc/GMT+3|Etc/GMT+5|Etc/GMT-13|Etc/UCT|Etc/ Universal|Etc/GMT+9|Etc/GMT-0|NZ|Europe|Europe/Vienna|Europe/Athens|Europe/ Tiraspol|Europe/Lisbon|Europe/Rome|Europe/Bratislava|Europe/Andorra|Europe/ Sofia|Europe/Kaliningrad|Europe/Zurich|Europe/Belfast|Europe/Oslo|Europe/ Samara|Europe/Malta|Europe/Chisinau|Europe/Moscow|Europe/Paris|Europe/ Minsk|Europe/Zaporozhye|Europe/Amsterdam|Europe/Tallinn|Europe/ Uzhgorod|Europe/Brussels|Europe/Vatican|Europe/Vaduz|Europe/ San_Marino|Europe/Nicosia|Europe/Berlin|Europe/Vilnius|Europe/Monaco|Europe/ Istanbul|Europe/Belgrade|Europe/Stockholm|Europe/Riga|Europe/Madrid|Europe/ Gibraltar|Europe/Copenhagen|Europe/Skopje|Europe/Budapest|Europe/ Dublin|Europe/Bucharest|Europe/Helsinki|Europe/Prague|Europe/ Sarajevo|Europe/London|Europe/Tirane|Europe/Zagreb|Europe/Kiev|Europe/ Warsaw|Europe/Ljubljana|Europe/Simferopol|Europe/Mariehamn|Europe/ Luxembourg|Singapore|ROC|Kwajalein|Egypt|PST8PDT|GMT+0|Asia|Asia/ Kuwait|Asia/Kamchatka|Asia/Thimphu|Asia/Macau|Asia/Gaza|Asia/Thimbu|Asia/ Pyongyang|Asia/Vladivostok|Asia/Katmandu|Asia/Sakhalin|Asia/Muscat|Asia/ Ashkhabad|Asia/Ulan_Bator|Asia/Riyadh|Asia/Riyadh87|Asia/Calcutta|Asia/ Yerevan|Asia/Shanghai|Asia/Baghdad|Asia/Makassar|Asia/Oral|Asia/ Hong_Kong|Asia/Jayapura|Asia/Omsk|Asia/Almaty|Asia/Saigon|Asia/Magadan|Asia/ Chungking|Asia/Hovd|Asia/Brunei|Asia/Novosibirsk|Asia/Dacca|Asia/Qatar|Asia/ Ulaanbaatar|Asia/Krasnoyarsk|Asia/Kuching|Asia/Qyzylorda|Asia/Karachi|Asia/ Anadyr|Asia/Yakutsk|Asia/Seoul|Asia/Choibalsan|Asia/Macao|Asia/ Samarkand|Asia/Yekaterinburg|Asia/Aqtobe|Asia/Riyadh88|Asia/Nicosia|Asia/ Pontianak|Asia/Urumqi|Asia/Irkutsk|Asia/Taipei|Asia/Harbin|Asia/ Istanbul|Asia/Colombo|Asia/Tel_Aviv|Asia/Jakarta|Asia/Amman|Asia/ Bahrain|Asia/Tokyo|Asia/Chongqing|Asia/Ashgabat|Asia/Singapore|Asia/ Aqtau|Asia/Baku|Asia/Bishkek|Asia/Dili|Asia/Tbilisi|Asia/Beirut|Asia/ Riyadh89|Asia/Damascus|Asia/Aden|Asia/Dubai|Asia/Manila|Asia/Vientiane|Asia/ Tehran|Asia/Kashgar|Asia/Dushanbe|Asia/Kabul|Asia/Bangkok|Asia/Rangoon|Asia/ Jerusalem|Asia/Dhaka|Asia/Kuala_Lumpur|Asia/Tashkent|Asia/Phnom_Penh|Asia/ Ujung_Pandang|CET|PRC|Africa|Africa/Kinshasa|Africa/Ndjamena|Africa/ Mbabane|Africa/Lagos|Africa/El_Aaiun|Africa/Douala|Africa/Kampala|Africa/ Mogadishu|Africa/Tripoli|Africa/Conakry|Africa/Niamey|Africa/Asmera|Africa/ Khartoum|Africa/Lubumbashi|Africa/Kigali|Africa/Johannesburg|Africa/ Blantyre|Africa/Malabo|Africa/Gaborone|Africa/Lome|Africa/Algiers|Africa/ Addis_Ababa|Africa/Brazzaville|Africa/Dakar|Africa/Nairobi|Africa/ Cairo|Africa/Banjul|Africa/Bamako|Africa/Bissau|Africa/Libreville|Africa/ Sao_Tome|Africa/Casablanca|Africa/Timbuktu|Africa/Nouakchott|Africa/ Freetown|Africa/Monrovia|Africa/Ceuta|Africa/Dar_es_Salaam|Africa/ Lusaka|Africa/Abidjan|Africa/Bujumbura|Africa/Maseru|Africa/Bangui|Africa/ Windhoek|Africa/Accra|Africa/Djibouti|Africa/Ouagadougou|Africa/PortoNovo|Africa/Tunis|Africa/Maputo|Africa/Harare|Africa/ Luanda|UCT|GB|Universal|Australia|Australia/Hobart|Australia/ Lord_Howe|Australia/Perth|Australia/South|Australia/Yancowinna|Australia/ Currie|Australia/Tasmania|Australia/Queensland|Australia/NSW|Australia/ Lindeman|Australia/Melbourne|Australia/Adelaide|Australia/ Victoria|Australia/Canberra|Australia/West|Australia/Brisbane|Australia/ Palo Alto Networks • 247 . } } } } } 248 • Palo Alto Networks .Broken_Hill|Australia/Darwin|Australia/ACT|Australia/North|Australia/ Sydney|Australia/LHI|Iran|WET|Libya|MST7MDT|Chile|Chile/EasterIsland|Chile/ Continental|GMT-0|Navajo. Keyboard Shortcuts Item Commands for Moving beginning-of-line (C-a) end-of-line (C-e) forward-char (C-f) backward-char (C-b) forward-word (M-f) backward-word (M-b) Move to the start of the current line. If the line is nonempty. Words consist of alphanumeric characters (letters and digits). Words consist of alphanumeric characters (letters and digits).Palo Alto Networks COMPANY CONFIDENTIAL Appendix B PAN-OS CLI KEYBOARD SHORTCUTS This appendix lists the supported keyboard shortcuts and Editor Macros (EMACS) commands supported in the PAN-OS CLI. Move to the first line in the history. Fetch the previous command from the history list. refresh the current line without clearing the screen. word. previous-history (C-p) next-history (C-n) beginning-of-history (M-<) Palo Alto Networks • 249 . Move back a character. Return) Accept the line regardless of where the cursor is. Description clear-screen (C-l) Commands for Manipulating Command History accept-line (Newline. Table 4 lists the keyboard shortcuts. moving back in the list. Move back to the start of this. for some it is the Esc key. If an argument is included. or the previous. Table 4. 2008 . Move to the end of the line. moving forward in the list. Move forward a character. If the line is a modified history line. then restore the history line to its original state. Fetch the next command from the history list. Move forward to the end of the next word. Clear the screen and place the current line at the top of the screen. Note: Some shortcuts depend upon the SSH client that is used to access the PAN-OS CLI.November 4. add it to the history list. For some clients. the Meta key is the Control key. If point is at the end of the line. This is an incremental search. Search forward through the history using a non-incremental search for a string supplied by the user. Description Move to the end of the input history (the line currently being entered). Search backward starting at the current line and moving up through the history as necessary. do the previous word. With a negative argument. or if between words. Delete backward from point to the beginning of the line Delete from the cursor to the end of the current word. The word boundaries are different from backward-killword. then transpose the two characters before point. using white space as a word boundary. Point moves forward as well. This is an incremental search. then return EOF. to the end of the next word. Make the current (or following) word lowercase. Word boundaries are the same as those used by forward-word. and the last character typed was not C-d. but do not move point. Delete backward to the beginning of the line. If point is at the beginning of the line. Drag the character before point forward over the character at point. there are no characters in the line. Place the top of the deleted section into the buffer at the cursor. Search backward through the history starting at the current line using a non-incremental search for a string supplied by the user. Delete the character behind the cursor. Keyboard Shortcuts (Continued) Item end-of-history (M->) reverse-search-history (C-r) forward-search-history (C-s) non-incremental-reversesearch-history (M-p) non-incremental-forwardsearch-history (M-n) Commands for Changing Text delete-char (C-d) backward-delete-char (backspace) transpose-chars (C-t) Delete the character under the cursor. but do not move point. Word boundaries are the same as those used by backward-word. 250 • Palo Alto Networks . do the previous word. Delete the word behind the cursor. Capitalize the current (or following) word. With a negative argument. but do not move point. transpose-words (M-t) upcase-word (M-u) downcase-word (M-l) capitalize-word (M-c) Deleting and Yanking Text kill-line (C-k) backward-kill-line (Cx backspace) unix-line-discard (Cu) kill-word (M-d) backward-kill-word (Mbackspace) unix-word-backspace (C-w) yank (C-y) Delete the text from the current cursor position to the end of the line. With a negative argument.Table 4. Search forward starting at the current line and moving down through the history as necessary. Make the current (or following) word uppercase. change the previous word. Delete the word behind the cursor. Drag the word behind the cursor past the word in front of the cursor moving the cursor over that word as well. Undo all changes made to this line. Table 5 lists the EMACS commands. and yank the new top. separately remembered for each line. Description Rotate the kill-ring. This is like typing the undo command enough times to return the line to its initial state. Keyboard Shortcuts (Continued) Item yank-pop (M-y) Completing Commands complete (TAB) possible-completions (?) Attempt to perform completion on the text before point. C-x C-u) revert-line (M-r) Perform an incremental undo. Table 5. Only works following yank or yank-pop. Performing Miscellaneous Functions undo (C-_.Table 4. EMACS Commands Command C-A C-B C-D C-E C-F C-G C-H C-I C-J C-K C-L C-M C-N C-P C-R C-S C-T C-U C-W C-Y C-_ Description beginning-of-line backward-char delete-char end-of-line forward-char abort backward-delete-char complete accept-line kill-line clear-screen accept-line next-history previous-history reverse-search-history forward-search-history transpose-chars unix-line-discard unix-word-backspace yank undo Emacs Standard bindings Palo Alto Networks • 251 . List the possible completions of the text before point. Table 5. EMACS Commands (Continued) Command M-C-H M-C-R M-< M-> ? M-B M-C M-D M-F M-L M-N M-P M-R M-T M-U M-Y Description backward-kill-word revert-line beginning-of-history end-of-history possible-completions backward-word capitalize-word kill-word forward-word downcase-word non-incremental-forward-search-history non-incremental-reverse-search-history revert-line transpose-words upcase-word yank-pop Emacs Meta bindings 252 • Palo Alto Networks . 74 G getting started 12 grep command 75 253 • Index Palo Alto Networks . 33 esc key 16 Ethernet interfaces 19 ethernet1/n 19 exit command 34. 52 B banner 13. 2008 . 30 configuration hierarchy 23 hierarchy paths 24 E edit banner 25 edit command banner 13 using 26. typographical 8 copy command 31 A accessing the CLI 12 D debug captive-portal command 54 debug cli command 55 debug cpld command 56 debug dataplane command 57 debug device-server command 59 debug dhcpd command 60 debug ez command 61 debug high-availability-agent command 62 debug ike command 63 debug keymgr command 64 debug log-receiver command 65 debug management-server command 66 debug master-service command 67 debug netconfig-agent command 68 debug routing command 69 debug software command 70 debug swm command 71 debug tac-login command 72 debug vardata-receiver command 73 delete command 32.November 4. 25 C changing modes 15 changing modes 14 clear command 49 CLI accessing 12 configuration mode 11 EMACS commands commands 251 keyboard shortcuts 249 operational model 11 prompt 13 structure 11 commands 27 conventions 13 display 27 messages 14 monitoring and troubleshooting 27 navigation 27 network access 27 option symbols 17 options 15 understanding 13 commit command 21.Palo Alto Networks COMPANY CONFIDENTIAL Index Symbols # prompt 13 + option symbol 17 > option symbol 17 > prompt 13 ? symbol 15 configuration mode hierarchy 23 prompt 13 understanding 21 configure command 51 control key 16 conventions. 79 R rename command 38 request certificate command 80 request content upgrade command 82 request high-availability command 83 request license command 84 request restart command 85 request support command 86 request system command 87 run command 39 254 • Index Palo Alto Networks .H hierarchy complete 153 configuration 23 navigating 25 new elements 24 paths 24 hostname 13 S save command 21. 140 show zone-protection command 141 ssh command 142 syntax checking 14 system 27 I interfaces 19 K keyboard shortcuts 16. 115 show log command 113 show mac command 116 show management-clients command 117 show multi-vsys command 118 show pan-agent command 119 show proxy command 120 show query command 121 show report command 122 show route command 127 show routing command 123 show session command 128 show statistics command 130 show system command 132 show target-vsys command 134 show threat command 135 show virtual-wire command 136 show vlan command 137 show vpn command 138. 42 show config command 102 show counter command 103 show ctd command 104 show device command 105 show devicegroups command 107 show device-messages command 106 show dhcp command 108 show high-availability command 109 show interface command 110 show jobs command 111 show location command 112. 249 L less command 76 M meta key 16 modes changing 14. 100 show clock command 101 show command 23. 15 configuration 21 operational 27 move command 36 N navigating hierarchy 25 O operational mode command types 27 prompt 13 using 27 P ping command 77 privilege levels 18 Q quit command 37. 40 scp command 88 set application dump command 90 set cli command 91 set command 41 set logging command 92 set serial-number command 93 set session command 94 set target-vsys command 95 set zip command 96 shortcuts 16 show admins command 97 show arp command 98 show cli command 99. 43 traceroute command 148 typographical conventions 8 U up command 25. 26.T tail command 143 telnet command 144 test command 145 tftp command 146 top command 25. 26. 44 user name 13 user privileges 18 V view-pccap command 150 Palo Alto Networks Index • 255 . 256 • Index Palo Alto Networks .