Is your Palo Alto firewall acting up? Throwing strange error messages or just not working quite right? Relax, we’ve got you covered! This blog post is your ultimate weapon to fight back against common firewall issues. We’ll provide a cheat sheet packed with essential CLI commands to help you diagnose and fix problems quickly and easily.
▶ Device Management
#show system info
#show system disk-space
#show system logdb-quota
#show system software status
#show system resources
#show running resource-monitor
#request license info
#show jobs processed
#show session info
#show session all
#show session all filter
#show session meter
#show session id session-id
#show running security-policy
#less mp-log authd.log
#request restart system
#show admins
#show admins all
#set deviceconfig system type dhcp-client accept-dhcp-domain accept-dhcp-hostname send-client-id send-hostname
▶ User-ID
#debug user-id log-ip-user-mapping yes
#debug user-id log-ip-user-mapping no
#show user user-id-agent state all
#show user server-monitor state all
#show user server-monitor statistics
#show user user-id-agent config name
#show user group-mapping statistics
#show user group-mapping state all
#show user group list
#show user group name
#show user ip-user-mapping all
#show user ip-user-mapping all | match \\
#show user ip-user-mapping ip
#show user user-ids
#show log userid datasourcename equal direction equal backward
#show log userid datasourcetype equal
#show log userid datasourcetype equal kerberos
#show log userid datasource equal
#show log userid datasourcetype equal xml-api
#show user email-lookup
#show user email-lookup base “DC=lab,DC=sg,DC=acme,DC=local” bind-dn “CN=Administrator,CN=Users,DC=lab,DC=sg,DC=acme,DC=local” bind-password acme use-ssl no email [email protected] mail-attribute mail server 10.1.1.1 server-port 389 labsg\user1
#clear user-cache all
#clear user-cache ip
▶ HA
#show high-availability cluster all
#show high-availability cluster flap-statistics
#show high-availability cluster ha4-status
#show high-availability cluster ha4-backup-status
#show high-availability cluster session-synchronization
#show high-availability cluster state
#show high-availability cluster statistics
#clear high-availability cluster statistics
#request high-availability cluster clear-cache
#request high-availability cluster sync-from
#show high-availability interface ha2 | match bytes
#request high-availability state suspend
▶ Networking
#show routing route
#show routing fib virtual-router name | match x.x.x.x
#set system setting arp-cache-timeout <60-65536>
#show system setting arp-cache-timeout
#show running nat-policy
#test nat-policy-match
#show running ippool
#show running global-ippool
#show vpn flow
#show vpn gateway
#show vpn ike-sa
#show vpn ipsec-sa
#show vpn tunnel
#test vpn ike-sa gateway
#test vpn ipsec-sa tunnel
#show routing bfd active-profile []
#show routing bfd details [interface ] [local-ip ] [multihop][peer-ip ] [session-id] [virtual-router ]
#show routing bfd drop-counters session-id
#show counter global | match bfd
#clear routing bfd counters session-id all | <1-1024>
#clear routing bfd session-state session-id all | <1-1024>
#set session pvst-native-vlan-id
#set session drop-stp-packet
#show vlan all
#show counter global
#ping host destination-ip-address
#ping source ip-address-on-dataplane host destination-ip-address
#traceroute host remote host
#show netstat statistics yes
▶ VSYS
#show system info | match vsys
#set system setting target-vsys ?
#set system setting target-vsys vsys-name
#set system setting target-vsys vsys2
#show session meter
#show user ip-user-mapping all
#set system setting target-vsys none
▶ Panorama
#show system info | match system-mode
#request system system-mode logger
#request system system-mode panurldb
#request system system-mode panorama
#request system system-mode legacy
#set cli config-output-mode set
#show device-group branch-offices
#set panorama [off | on]
#request high-availability sync-to-remote [running-config | candidate-config]
#request batch reboot [devices | log-collectors]
#set dlsrvr poll-interval <5-60>
#show devicegroups name
#show templates name
#show config pushed-shared-policy
#show config pushed-template
#debug log-collector log-collection-stats show incoming-logs
#debug log-collector log-collection-stats show log-forwarding-stats
#show logging-status device
#clear log [acc | alarm | config | hipmatch | system | threat | traffic]
