PALO ALTO NETWORKS SUPPORT QUICK REFERENCE

GUIDE
COMMAND DESCRIPTION 4.1 5.x
General System Health
show system info Shows the system’s management IP, serial #, and code version ✓ ✓
show jobs processed Shows when commits, downloads, upgrades, etc are completed. ✓ ✓
show system disk-space Shows percent usage of disk partitions. ✓ ✓
show system logdb-quota Shows the maximum log file sizes. ✓ ✓
show system software status Shows running processes. ✓ ✓
Monitor CPUs
show system resources Shows processes running in the Management Plane. ✓ ✓
show running resource-monitor Shows the resource utilization in the Dataplane ✓ ✓
Dropped Packet Troubleshooting
ping source <IP_addr_src_int> host <IP_addr_host> Ping from a specified device source interface to destination IP. ✓ ✓
ping host <IP> Ping from the management interface. ✓ ✓
Shows specific sessions in the sessions table for source and
show session all filter source <source-IP> destination <destination-IP> ✓ ✓
destination IPs.
show session info Shows usage, pps rates, etc. ✓ ✓
show session id <id-number> Shows session details by entering the session ID number. ✓ ✓
Packet Filters and Capture WARNING: Running debug commands on a production device may cause undesirable results.
debug dataplane packet-diag clear all
debug dataplane packet-diag clear log log Clear/delete settings and files previously created. ✓ ✓

delete debug-filter file * Removes all packet capture files. ✓ ✓

debug dataplane packet-diag set filter match source x.x.x.x destination
y.y.y.y destination-port <port-num>
Sets filter with the source IP, destination IP and port to capture
debug dataplane packet-diag set filter match source y.y.y.y destination ✓ ✓
x.x.x.x destination-port <port-num> from/to packets.
debug dataplane packet-diag set filter on
debug dataplane packet-diag set capture stage receive file pantac-rx.pcap
debug dataplane packet-diag set capture stage transmit file pantac-
tx.pcap
debug dataplane packet-diag set capture stage drop file pantac-drop.pcap Configures the different stage of capture types to be executed. ✓ ✓
debug dataplane packet-diag set capture stage firewall file pantac-
fw.pcap
debug dataplane packet-diag set capture on
debug dataplane pack-diag show setting Verifies packet filters are setup correctly. ✓ ✓
While test is running, run the command 2-3 times to verify filtered
show counter global filter delta yes packet-filter yes ✓ ✓
traffic is being captured.
debug dataplane packet-diag set capture off Turns off packet capture and filter. ✓ ✓
tcpdump filter “src net <ip/netmask>”
view-pcap mgmt-pcap mgmt.pcap Captures PCAP on management interface. ✓

Packet Flow Logs WARNING: Always set specific packet filters to minimize CPU usage. See above Packet Filters and Capture commands.
debug dataplane packet-diag set log feature flow basic Set packet-diag log to capture flow basic. ✓ ✓
debug dataplane packet-diag set log on Turns on packet-diag log. ✓ ✓
debug dataplane packet-diag set log off Capture traffic then immediately disable packet-diag log. ✓ ✓
Aggregates pack-diag logs to a single file. After disabling packet-
debug dataplane packet-diag aggregate-logs - ✓
diag log, wait 1-2 minutes before running this command.

less dp-log pan_pcaket_diag.log View packet-diag log output. N o te : PA-5000 series writes to ✓ ✓
individual dp0-log, dp1-log or dp2-log.
Log/Forward Device Issues
Shows the log statistics, like logging incoming rate, log written rate,
debug log-receiver statistics ✓ ✓
corrupted packets and logs discarded due to a full queue.
less mp-log logrcvr.log Shows debug logging issues on the device. ✓ ✓
debug software restart log-receiver Restarts log-receiver process. ✓ ✓
Log Viewing/Deleting
Goes to the beginning/end of a log.
show log [system | traffic | threat] direction equal [forward | backward] N o te : Arguments shown with square bracket [] and pipe | symbols ✓ ✓
mean choose one of the arguments listed.
Monitor Management or Device Server
show system resources follow Shows management server messages for commit failures, updates,
✓ ✓
tail follow yes mp-log ms.log licenses, link status, policy details, etc.
Shows device server message for commit failures, updates,
tail follow yes mp-log devsrv.log ✓ ✓
licenses, link status, policy details, etc.
Authentication Logs
less mp-log authd.log Shows the detail authentication logs on the device. ✓ ✓
NAT
show running nat-policy Shows current NAT policy table. ✓ ✓
show running ippool
show running global-ippool Shows NAT pool utilization. ✓ ✓

Routing
show routing route Shows routing table. ✓ ✓
Policies
show running security-policy Shows current policy set. ✓ ✓

v6
COMMAND DESCRIPTION 4.1 5.x
User-ID Agent
show user user-id-agent state all Shows agent’s status. Status should be connected OK and there should
✓ ✓
show user user-id-agent statistics be numbers shown under users, groups, and IPS.
show user user-IDs
show user group-mapping state all
show user group-mapping statistics Shows the groups pulled from User-ID Agent. ✓ ✓
show user group list
show user group name <value>
show user ip-user-mapping all Shows IP to username mappings. ✓ ✓
clear user-cache all
clear user-cache ip <ip/netmask> Clears user-ID cache. ✓ ✓

BrightCloud URL Filtering

test url <url or IP> Tests categorization of a URL on the device. ✓ ✓
tail follow yes mp-log pan_bc_download.log Shows the BrightCloud database update logs. ✓ ✓
debug dataplane show url-cache statistics Shows statistics on the URL cache. ✓ ✓
clear url-cache all Clears URL cache. ✓ ✓
show log url direction equal backward Shows the URL log, most recent entries first.
✓ ✓
N o te : Cache contains 100k of the most popular URLs on the network.
✓ ✓
ping host service.brightcloud.com Tests connectivity to the BrightCloud servers.
PAN-DB URL Filtering
show url-cloud status Check URL cloud status. - ✓

test url-resolve-path <url> Tests categorization of a URL on Dataplane cache.

test url-info-host <url> Tests categorization of a URL on Management Plane cache. - ✓
test url-info-cloud <url> Tests categorization of a URL on Cloud.
clear url-cache all Clears URL cache.
clear url-cache url <url> Clears URLs from the Dataplane cache. - ✓
delete url-database url <url> Clears URLs from the Management Plane cache.
show running url-cache statistics Show statistics on URL Dataplane cache.
- ✓
debug device-server pan-url-db show-stats Show statistics on URL Management Plane cache.
IPSEC
show vpn flow Shows encap/decap counters. ✓ ✓
show vpn gateway Shows list of IKE gateway configurations. ✓ ✓
show vpn ike-sa Shows IKE Phase 1 SA ✓ ✓
show vpn ipsec-sa Shows IPSEC Phase 2 SA. ✓ ✓
show vpn tunnel Shows list of auto-key IPSec tunnel configurations. ✓ ✓
show log system subtype equal vpn direction equal backward
debug ike global on debug Shows detail debug information for IPSec tunneling. ✓ ✓
less mp-log ikemgr.log
High Availability
show high-availability state Shows the HA state of the device. ✓ ✓
show high-availability all Shows the HQ settings configured on the device and peer. ✓ ✓
show high-availability state-synchronization Shows if the devices are synchronized. ✓ ✓
request high-availability state suspend Suspends active device and makes passive device active. ✓ ✓
request high-availability state functional Changes the state from suspend to passive. ✓ ✓
Software, Content and Licenses
request restart system Reboots the system. ✓ ✓

request content upgrade Upgrades content.

> check Gets info from Palo Alto Networks server.
> download Downloads content packages. ✓ ✓
> info Displays available content packages info.
> install
Installs content packages.
request content downgrade install previous Downgrades to previous content version. ✓ ✓
request license info Shows the license installed on the device. ✓ ✓
delete license key Deletes a license file. ✓ ✓
Miscellaneous
configure
Ignore SYN when creating sessions.
set deviceconfig setting session tcp-reject-non-syn no
✓ ✓
commit
show session info Confirms command took effect.
configure
Make all packets go through CPU, otherwise all fastpath packets go
set deviceconfig setting session offload no
commit through the chip. Turns session offload to fastpath. ✓ ✓
show session info Confirms command took effect.
debug dataplane pool statistics Shows the different dataplane buffers and capacity. ✓ ✓

3300 Olcott Street Copyright ©2013, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto
Santa Clara, CA 95054 Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All
specifications are subject to change without notice. Palo Alto Networks assumes no responsibility
Main: +1.408.753.4000
for any inaccuracies in this document or for any obligation to update the information in this
Sales: +1.866.320.4788
Support: +1.866.898.9087 document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise
this publication without notice.
www.paloaltonetworks.com