본문 바로가기
업무이야기/Firewall

Palo Alto Firewall Appliance PA-VM - Useful Commands

by 쫑콩아빠 2018. 5. 8.
반응형

“파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음"


admin@PA-VM>configure
admin@PA-VM#set deviceconfig system ip-address 192.168.200.63 netmask 255.255.255.0 default-gateway 192.168.200.254 dns-setting servers primary 8.8.8.8


If you have every worked on any
Juniper Box with JUNOS CLI, you will feel at home when working on Palo
Alto Firewall Appliance....

Operational Mode and Configuration Modes

username@hostname> (Operational mode)

username@hostname> configure

Entering configuration mode

[edit]

username@hostname# (Configuration mode)


Moving between Modes

up—changes the context to one level up in the hierarchy.

Example:

[edit network interface] (network level)

@abce# up

[edit network]


username@hostname# (now at the network level)


top—changes context to the top level of the hierarchy.

Example:

[edit network interface vlan] (network vlan level)

username@hostname# top

[edit]

username@hostname# (now at network vlan level)


Changing modes

username@hostname# exit


Software Version, Mgmt Address etc.

dmin@PA-VM> show system info


Grep/Match

admin@PA-VM> show system info | match model

model: PA-VM


Find commands with following keyword

username@hostname# find command keyword hsm


Restart Appliance

>request restart system


Show Configuration Hierarchy

username@hostname# show network interface ethernet

ethernet {

  ethernet1/1 {

    virtual-wire;

  }

  ethernet1/2 {

    virtual-wire;

  }

  ethernet1/3 {

    layer2 {

    units {

      ethernet1/3.1;

    }

  }

}

ethernet1/4;

}

[edit]

username@hostname#


Configure IP Address to a given Port

IP address/netmask 10.1.1.12/24 to the Layer 3 interface for the Ethernet port ethernet1/4:

[edit]

username@hostname# set network interface ethernet ethernet1/4 layer3 ip10.1.1.12/24


Check pending changes (uncommitted)

username@hostname# check pending-changes


Saves a snapshot of the firewall configuration or the device state files

username@hostname# save config to savefile


Get Hw Address of Interfaces

show system state | match hwaddr


Routing Table

> show routing route


Show running-configuration

admin@PA-VM#show

Logs

admin@PA-VM> less mp-log  ? (you will see all possible logs)

Packet Capture:-

admin@PA-VM> debug dataplane packet-diag set log on 

admin@PA-VM> debug dataplane packet-diag set filter on


admin@PA-VM> debug dataplane packet-diag set filter match source <ip Address>

Removing Filters


If setting command shows two filters configured and we want to remove on of them, then we can use


admin@PA-VM> debug dataplane packet-diag clear filter <filter number>


Export pcap file


scp export filter-pcap from <file> to <SCP_serv>


Viewing Packet Hitting Filter in live mode


admin@PA-VM> view-pcap follow yes filter-pcap test1_capture 


Show Packet Capture Setting

admin@PA-VM> debug dataplane packet-diag show setting


Management Traffic Capture:-

Their Mgmt Interface is eth0

admin@PA-VM> tcpdump filter "dst 49.0.0.254"

Press Ctrl-C to stop capturing


tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

^C

11 packets captured

22 packets received by filter


0 packets dropped by kernel

admin@PA-VM> tcpdump filter "dst 49.0.0.254"

admin@PA-VM> view-pcap mgmt-pcap mgmt.pcap


Show all Sessions

>show session all



“파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음"


반응형

'업무이야기 > Firewall' 카테고리의 다른 글

Juniper Firewall Transparent mode config (Example)  (0) 2018.05.08
SRX Syslog config  (0) 2018.05.08
FortiGate FGSP  (0) 2018.05.08
FortiAnalyzer CLI  (0) 2018.05.08
fortigate File reached uncompressed size limit  (0) 2018.05.08