Useful Palo Alto CLI Commands

I promise more to come on this, just really busy at work these days.

Sharing my notes.

admin@PA-500> show session all

--------------------------------------------------------------------------------
ID      Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port])
Vsys                                      Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
6636    facebook-base  ACTIVE  FLOW  NS   192.168.3.50[4227]/Trust-L3/6  (172.16.1.3[7206])
vsys1                                     66.220.149.67[80]/Untrust-L3  (66.220.149.67[80])

admin@PA-500> show session id 6636

Session            6636

        c2s flow:
                source:      192.168.3.50 [Trust-L3]
                dst:         66.220.149.67
                proto:       6
                sport:       4227            dport:      80
                state:       ACTIVE          type:       FLOW
                src user:    unknown
                dst user:    unknown

        s2c flow:
                source:      66.220.149.67 [Untrust-L3]
                dst:         172.16.1.3
                proto:       6
                sport:       80              dport:      7206
                state:       ACTIVE          type:       FLOW
                src user:    unknown
                dst user:    unknown

        start time                    : Tue Feb  7 11:46:55 2012
        timeout                       : 3600 sec
        time to live                  : 3537 sec
        total byte count(c2s)         : 1002
        total byte count(s2c)         : 11393
        layer7 packet count(c2s)      : 8
        layer7 packet count(s2c)      : 11
        vsys                          : vsys1
        application                   : facebook-base  
        rule                          : Log_All
        session to be logged at end   : True
        session in session ager       : True
        session synced from HA peer   : False
        address/port translation      : source + destination
        nat-rule                      : student source nat(vsys1)
        layer7 processing             : enabled
        URL filtering enabled         : False
        session via syn-cookies       : False
        session terminated on host    : False
        session traverses tunnel      : False
        captive portal session        : False
        ingress interface             : ethernet1/2
        egress interface              : ethernet1/1
        session QoS rule              : N/A (class 4)

admin@PA-500> show system statistics application

Virtual System: vsys1
application                      sessions   packets      bytes
-------------------------------- ---------- ------------ ------------
web-browsing                     84         2880         1904869
ssl                              8          453          290967
ping                             1100       1128         108888
dns                              92         313          25490
facebook-base                    2          45           25227
ntp                              58         63           5670
dhcp                             1          2            697

 

References:

https://live.paloaltonetworks.com/docs/DOC-1973

https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/1973-1...

https://live.paloaltonetworks.com/docs/DOC-1974

Understanding Zone Protection Profile: https://live.paloaltonetworks.com/docs/DOC-1546

User Identification Tech note - PANOS 4.0 https://live.paloaltonetworks.com/docs/DOC-1807

User-ID_Upgrade_4.1 https://live.paloaltonetworks.com/docs/DOC-1980

Cli Commands for User Agents

show user group list

show user group-mapping statistics

show user user-IDs

 

 

show user group-selection

show user ip-user-mapping

show

 

Decryption CLI

Verify the outbout proxy is ready  >show system setting ssl-decrypt setting

Check the exclude cache for the destination IP or Cert >show system setting ssl-decrypt exclude-cache

Check counters for warnings >show counter global filter category proxy

Check memory pools >debug dataplane pool statistics

Manually add/delete entries to the exclude cache

shared ssl-decrypt ssl-exclude-cert example.com

shared ssl-decrypt ssl-exclude-cert example.com

 

VPN

GlobalProtect - https://live.paloaltonetworks.com/docs/DOC-1999

 

High Availabiltity

 

More to come these are just notes right now, but I will shore these up so they make better sense.