본문 바로가기

업무이야기/Security

Palo Alto Firewall Appliance PA-VM - Useful Commands

by 쫑콩아빠 2018. 5. 8.
728x90
admin@PA-VM>configure
admin@PA-VM#set deviceconfig system ip-address 192.168.200.63 netmask 255.255.255.0 default-gateway 192.168.200.254 dns-setting servers primary 8.8.8.8
 
 
If you have every worked on any
Juniper Box with JUNOS CLI, you will feel at home when working on Palo
Alto Firewall Appliance....
 
Operational Mode and Configuration Modes
 
username@hostname> (Operational mode)
 
username@hostname> configure
 
Entering configuration mode
 
[edit]
 
username@hostname# (Configuration mode)
 
 
Moving between Modes
 
up—changes the context to one level up in the hierarchy.
 
Example:
 
[edit network interface] (network level)
 
@abce# up
 
[edit network]
 
 
username@hostname# (now at the network level)
 
 
top—changes context to the top level of the hierarchy.
 
Example:
 
[edit network interface vlan] (network vlan level)
 
username@hostname# top
 
[edit]
 
username@hostname# (now at network vlan level)
 
 
Changing modes
 
username@hostname# exit
 
 
Software Version, Mgmt Address etc.
 
dmin@PA-VM> show system info
 
 
Grep/Match
 
admin@PA-VM> show system info | match model
 
model: PA-VM
 
 
Find commands with following keyword
 
username@hostname# find command keyword hsm
 
 
Restart Appliance
 
>request restart system
 
 
Show Configuration Hierarchy
 
username@hostname# show network interface ethernet
 
ethernet {
 
  ethernet1/1 {
 
    virtual-wire;
 
  }
 
  ethernet1/2 {
 
    virtual-wire;
 
  }
 
  ethernet1/3 {
 
    layer2 {
 
    units {
 
      ethernet1/3.1;
 
    }
 
  }
 
}
 
ethernet1/4;
 
}
 
[edit]
 
username@hostname#
 
 
Configure IP Address to a given Port
 
IP address/netmask 10.1.1.12/24 to the Layer 3 interface for the Ethernet port ethernet1/4:
 
[edit]
 
username@hostname# set network interface ethernet ethernet1/4 layer3 ip10.1.1.12/24
 
 
Check pending changes (uncommitted)
 
username@hostname# check pending-changes
 
 
Saves a snapshot of the firewall configuration or the device state files
 
username@hostname# save config to savefile
 
 
Get Hw Address of Interfaces
 
show system state | match hwaddr
 
 
Routing Table
 
> show routing route
 
 
Show running-configuration
 
admin@PA-VM#show
 
Logs
 
admin@PA-VM> less mp-log  ? (you will see all possible logs)
 
Packet Capture:-
 
admin@PA-VM> debug dataplane packet-diag set log on 
 
admin@PA-VM> debug dataplane packet-diag set filter on
 
 
admin@PA-VM> debug dataplane packet-diag set filter match source <ip Address>
 
Removing Filters
 
 
If setting command shows two filters configured and we want to remove on of them, then we can use
 
 
admin@PA-VM> debug dataplane packet-diag clear filter <filter number>
 
 
Export pcap file
 
 
scp export filter-pcap from <file> to <SCP_serv>
 
 
Viewing Packet Hitting Filter in live mode
 
 
admin@PA-VM> view-pcap follow yes filter-pcap test1_capture 
 
 
Show Packet Capture Setting
 
admin@PA-VM> debug dataplane packet-diag show setting
 
 
Management Traffic Capture:-
 
Their Mgmt Interface is eth0
 
admin@PA-VM> tcpdump filter "dst 49.0.0.254"
 
Press Ctrl-C to stop capturing
 
 
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
 
^C
 
11 packets captured
 
22 packets received by filter
 
 
0 packets dropped by kernel
 
admin@PA-VM> tcpdump filter "dst 49.0.0.254"
 
admin@PA-VM> view-pcap mgmt-pcap mgmt.pcap
 
 
Show all Sessions
 

 

>show session all

 

 

 

 

728x90

'업무이야기 > Security' 카테고리의 다른 글

Juniper Firewall Transparent mode config (Example)  (0) 2018.05.08
SRX Syslog config  (0) 2018.05.08
FortiGate FGSP  (0) 2018.05.08
FortiAnalyzer CLI  (0) 2018.05.08
fortigate File reached uncompressed size limit  (0) 2018.05.08