Useful Palo Alto CLI Commands

I promise more to come on this, just really busy at work these days.

Sharing my notes.

admin@PA-500> show session all

ID      Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port])
Vsys                                      Dst[Dport]/Zone (translated IP[Port])
6636    facebook-base  ACTIVE  FLOW  NS[4227]/Trust-L3/6  ([7206])
vsys1                           [80]/Untrust-L3  ([80])

admin@PA-500> show session id 6636

Session            6636

        c2s flow:
                source: [Trust-L3]
                proto:       6
                sport:       4227            dport:      80
                state:       ACTIVE          type:       FLOW
                src user:    unknown
                dst user:    unknown

        s2c flow:
                source: [Untrust-L3]
                proto:       6
                sport:       80              dport:      7206
                state:       ACTIVE          type:       FLOW
                src user:    unknown
                dst user:    unknown

        start time                    : Tue Feb  7 11:46:55 2012
        timeout                       : 3600 sec
        time to live                  : 3537 sec
        total byte count(c2s)         : 1002
        total byte count(s2c)         : 11393
        layer7 packet count(c2s)      : 8
        layer7 packet count(s2c)      : 11
        vsys                          : vsys1
        application                   : facebook-base  
        rule                          : Log_All
        session to be logged at end   : True
        session in session ager       : True
        session synced from HA peer   : False
        address/port translation      : source + destination
        nat-rule                      : student source nat(vsys1)
        layer7 processing             : enabled
        URL filtering enabled         : False
        session via syn-cookies       : False
        session terminated on host    : False
        session traverses tunnel      : False
        captive portal session        : False
        ingress interface             : ethernet1/2
        egress interface              : ethernet1/1
        session QoS rule              : N/A (class 4)

admin@PA-500> show system statistics application

Virtual System: vsys1
application                      sessions   packets      bytes
-------------------------------- ---------- ------------ ------------
web-browsing                     84         2880         1904869
ssl                              8          453          290967
ping                             1100       1128         108888
dns                              92         313          25490
facebook-base                    2          45           25227
ntp                              58         63           5670
dhcp                             1          2            697



Understanding Zone Protection Profile:

User Identification Tech note - PANOS 4.0


Cli Commands for User Agents

show user group list

show user group-mapping statistics

show user user-IDs



show user group-selection

show user ip-user-mapping



Decryption CLI

Verify the outbout proxy is ready  >show system setting ssl-decrypt setting

Check the exclude cache for the destination IP or Cert >show system setting ssl-decrypt exclude-cache

Check counters for warnings >show counter global filter category proxy

Check memory pools >debug dataplane pool statistics

Manually add/delete entries to the exclude cache

shared ssl-decrypt ssl-exclude-cert

shared ssl-decrypt ssl-exclude-cert



GlobalProtect -


High Availabiltity


More to come these are just notes right now, but I will shore these up so they make better sense.