show routing route >> route
ping source 203.0.11.1 host 8.8.8.8 > ping a host
show system statistics application
show log system subtype equal HA > HA
show log system subtype equal HA
Time Severity Subtype Object EventID ID Description
===============================================================================
2016/07/01 00:24:55 info ha ha1-lin 0 HA1 link up
2016/07/01 00:25:12 info ha state-c 0 HA Group 1: Moved from state Initial to state Active-P
show system disk-space
show running resource-monitor
show system resource followsho
show log [ system | traffic | threat ] direction equal backward – >> log
show log system direction equal backward
show log system severity equal critical
show log system subtype equal LACP start-time equal 2019/05/13@18:20:00 > specific date and time
show system info –provides the system’s management IP, serial number and code version
show system statistics – shows the real-time throughput on the device
show system software status – shows whether various system processes are running
show jobs processed – used to see when commits, downloads, upgrades, etc. are completed
show system disk--space-- show percent usage of disk partitions
show system logdb--quota – shows the maximum log file sizes
debug dataplane internal vif link – show management interface (eth0) counters
show system resources -- shows processes running in the management plane similar to “top” command
show running resource--monitor – used to see the resource utilization in the data plane, such as dataplane CPU utilization
NAT
show running nat--policy-- shows current NAT policy table
show running ippool-- use to see if NAT pool leak
test nat--policy--match – simulate traffic going through the device, what NAT policy will it match?
Routing
show routing route – displays the routing table
test routing fib--lookup virtual--router <VR_name> ip <IP_addr_trying_reach> -- finds which route in the routing table will be used to reach the IP address that you are testing
Policies
show running security--policy – shows the current policy set
test security--policy--match from trust to untrust destination <IP>-- simulate a packet going through the system, which policy will it match?
URL
test url <url or IP> – used to test the categorization of a URL on the FW
Agent
show pan--agent user--IDs -- used to see if the FW has pulled groups from the PANAgent
show user ip--user--mapping – used to see IP to username mappings on the FW
clear user--cache all – clears the user--ID cache
show user user-id-agent statistics
show user group name "AD\name-of-the-group"
LOG
show log [ system | traffic | threat ] direction equal backward – will take you to the end of the specified log
show log [ system | traffic | threat ] direction equal forward – will take you to beginning of the specified log
Update / Downgrade
request content upgrade install file <filename>
request content downgrade install previous –downgrade to the previous content version
License
request license info – shows the license installed on the device
IPSec
To view detailed debug information for IPSec tunneling:
1. debug ike global on debug
2. less mp--log ikemgr.log
TCPDUMP
tcpdump filter “src net <ip/netmask>”
tcpdump snaplen 1500 filter “src net <ip/netmask>”
view-pcap filename.pcap
VPN
show vpn flow Shows encap/decap counters
show vpn gateway Shows list of IKE gateway configurations.
show vpn ike-sa Shows IKE Phase 1 SA
show vpn ipsec-sa Shows IPSEC Phase 2 SA.
show vpn tunnel Shows list of auto-key IPSec tunnel configurations.
show log system subtype equal vpn direction equal backward
clear vpn ike-sa gateway <value>
clear vpn ipsec-sa tunnel <value>
test vpn ike-sa gateway <value>
test vpn ipsec-sa tunnel <value
System details
show system info //shows the uptime of the device
show system environmentals //e.g. power supply failures
show ntp
show session info //packet rate, number of sessions, fastpath active, etc.
show session id <id>
show interface { all | <interface-name> }
show routing route //routing table (all routes)
show routing fib //forwarding table (only used routes)
show routing protocol <protocol> ...
show arp { all | <interface-name> }
show neighbor interface { all | <interface-name> } //IPv6 neighbor cache
show mac all //only with layer 2 interfaces
show jobs all
show jobs id <id>
show running resource-monitor //resource statistics
show system resource follow //="top", CPU usage and processes
show system disk-space //="df -h"
debug software restart <service> //Restart a certain process
request restart system //Reboot the whole device
HA
show high-availability all
show high-availability state
show high-availability link-monitoring
show high-availability path-monitoring
show high-availability control-link statistics
show high-availability state-synchronization
request high-availability state suspend
request high-availability state functional
request high-availability state peer suspend
request high-availability state peer functional
SCP
scp export log system to username@host://ip address of the server/home/username/filename
scp import software from username@host://ip address of the server/home/username/file name