PaloAlto Firewall (PAN-OS) CLI Command
1. CLI Cheat Sheet: HA
| If you want to ... | Use ... |
| View all HA cluster configuration content. | > show high-availability cluster all |
| View HA cluster flap statistics. Cluster flap count is reset when the HA device moves from suspended to functional and vice versa. Cluster flap count also resets when non-functional hold time expires. |
> show high-availability cluster flap-statistics |
| View status of the HA4 interface. | > show high-availability cluster ha4-status |
| View status of the HA4 backup interface. | > show high-availability cluster ha4-backup-status |
| View information about the type and number of synchronized messages to or from an HA cluster. | > show high-availability cluster session-synchronization |
| View HA cluster state and configuration information. | > show high-availability cluster state |
| View HA cluster statistics, such as counts received messages and dropped packets for various reasons. | > show high-availability cluster statistics |
| Clear HA cluster statistics. | > clear high-availability cluster statistics |
| Clear session cache. | > request high-availability cluster clear-cache |
| Request full session cache synchronization. | > request high-availability cluster sync-from |
2. CLI Cheat Sheet: Networking
| If you want to ... | Use ... |
| General Routing Commands | |
| • Display the routing table | > show routing route |
| • Look at routes for a specific destination | > show routing fib virtual-router <name> | match <x.x.x.x/Y> |
| • Change the ARP cache timeout setting from the default of 1800 seconds. | > set system setting arp-cache-timeout <60-65536> |
| • View the ARP cache timeout setting. | > show system setting arp-cache-timeout |
| AE Interfaces | |
| • On PA-7050 and PA-7080 firewalls that have an aggregate interface group of interfaces located on different line cards, implement proper handling of fragmented packets that the firewall receives on multiple interfaces of the AE group. | > set ae-frag redistribution-policy hash |
| NAT | |
| • (PAN-OS 10.1.7 and later 10.1 releases) Enable persistent NAT for DIPP | > set system setting persistent-dipp enable yes |
| • Show the NAT policy table | > show running nat-policy |
| • Test the NAT policy | > test nat-policy-match |
| • Show NAT pool utilization | > show running ippool > show running global-ippool |
| IPSec | |
| • Show IPSec counters | > show vpn flow |
| • Show a list of all IPSec gateways and their configurations | > show vpn gateway |
| • Show IKE phase 1 SAs | > show vpn ike-sa |
| • Show IKE phase 2 SAs | > show vpn ipsec-sa |
| • Show a list of auto-key IPSec tunnel configurations | > show vpn tunnel |
추가적인 CLI Command는 아래 첨부 파일 및 URL 주소 참고 바랍니다.
CLI Cheat Sheet: Networking
LSVPN (PAN-OS 10.1.7 and later 10.1 releases)
docs.paloaltonetworks.com
[CISCO] Cisco Network 장비 Log Filter 설정
[CISCO] Cisco Network 장비 Log Filter 설정
Cisco Network 장비 Log Filter 설정 로그 기록을 보면 Jun 21 12:01:32.493 KST: %PLATFORM_ENV-1-FRU_PS_ACCESS: FRU Power Supply is not responding Jun 21 12:01:37.477 KST: %PLATFORM_ENV-1-FRU_PS_ACCESS: FRU Power Supply is not respondingJun 21 12
infoofit.tistory.com
[Fortinet] Fortigate Routing Table 확인 명령어
[Fortinet] Fortigate Routing Table 확인 명령어
A. fortigate routing table 확인 명령어 물론 GUI에서도 확인 가능합니다 먼저 현재 장비의 routing 설정 default routing이 두 개 설정되어 있습니다. 상세 설정의 차이점은wan1의 경로는 distance : 5wan2의 경
infoofit.tistory.com
[Ahnlab] 안랩 방화벽(Firewall) 로그 상태 플래그(Flag) 정보
[Ahnlab] 안랩 방화벽(Firewall) 로그 상태 플래그(Flag) 정보
1. 일반 정보ex) S sa A / FA r1. 대문자 : 출발지2. 소문자 : 역방향 플래그3. / 앞 : 연결 상태4. / 뒤 : 종료 상태 2. 종료 상태S : SYN에 의해 세션 생성 -> SYN/ACK 오지 않음A : SYN에 의해 세션 생성 -> SYN/ACK
infoofit.tistory.com