Palo Alto Cheat sheet

Show version command on Palo: 
>show system info

Set management IP address:
#set deviceconfig system ip-address netmask
(# set deviceconfig system ip-address <ip address> netmask <netmask> default-gateway <default gateway> dns-setting servers primary <DNS ip address>)

To see interfaces status:
>show interface all

Ping from a dataplane interface to a destination IP address:
> ping source <ip-address-on-dataplane> host <destination-ip-address>

Trigger a Gratuitous ARP (GARP) from a Palo Alto Networks Device:
> show interface ethernet1/3
> test arp gratuitous ip interface ethernet1/3

Display the routing table:
> show routing route

Restart or Shutdown Palos:
request shutdown system
request restart system

Restart management server on Palo: 
debug software restart process management-server

System logs to see for Errors: 
less mp-log ms.log

HA pair sync error logs: 
less mp-log ha_agent.log

Push the config/sync to the HA peer: 
request high-availability sync-to-remote running-config

Force configuration and session synchronisation to peer device:
>request high-availability sync-to-remote
Fail to peer and suspend current device:
>request high-availability state suspend
Re-enable HA on suspended system:
>request high-availability state functional
Shows the high-availability information on current device:
>show high-availability all
Shows the control link statistics:
>show high-availability control-link
Shows the high-availability state information:
>show high-availability state
Shows the synchronisation state to the peer device:
>show high-availability state-synchronisation

To see the sessions (sip sessions): 
show session all
show session all | match sip
To clear all the sessions:
clear session all
clear session all filter application skype
clear session all filter source
clear session all filter destination

To test authentication for a user: 
>test authentication authentication-profile AD username iee\tungera password

Palo Monitoring Authentication logs: 
>debug authentication on debug
>tail follow yes mp-log authd.log
>debug authentication off

User-group mapping for a specific user: 
show user ip-user-mapping ip

Force refresh group mappings: 
>debug user-id refresh group-mapping all
To see the groups that the firewall knows about:
>show user group name
The lists for every group can be read using the following CLI command:
> show user group list
To use the needed group in the previous step:
> show user group name cn=firewall-mf-rave-pcs,ou=_groups,dc=iee,dc=mfh
The group-mappings on the LDAP profile can be reset with the following CLI command:
> debug user-id reset group-mapping AD_Group_Mapping

Verify that the groups are being pulled:
> show user group-mapping state all
> show user group-mapping statistics

The following commands can be used to clear and see the user to IP mappings:
> clear user-cache-mp ip <IP-address> //user-cache-mp (Clear management plane user cache)
> clear user-cache ip <IP-address> //user-cache (Clear dataplane user cache)
> clear user-cache all
> show user ip-user-mapping ip <IP-address>
> show user ip-user-mapping all

Restart ldap user-id service Palo: 
debug software restart process user-id

See the user-id agent version from the CLI on Palo: 
show user user-id-agent config name MM-DC_MMISEXCHANGE_LOCAL

Check GlobalProtect currently connected users: 
show global-protect-gateway current-user

Show IKE phase 1 SAs:
> show vpn ike-sa
Show IKE phase 2 SAs:
> show vpn ipsec-sa

Save an Entire Configuration for Import into Another Palo Alto Networks Device:
> configure
# save config to 2014-09-22_CurrentConfig.xml
# exit
> scp export configuration from 2014-09-22_CurrentConfig.xml to username@scpserver/PanConfigs

> scp import configuration username@scpserver/PanConfigs/2014-09-22_CurrentConfig.xml
> configure
# load config from 2014-09-22_CurrentConfig.xml
# commit
# exit

See NTP status: 
>show ntp
To manually restart the NTP process, use the following CLI command:
>debug software restart process ntp
To view whether the NTP process has a new PID, execute:
>show system software status | match ntp
To verify current system date and time, use the following CLI command:
> show clock
To see the jobs being processed or all the jobs: 
show jobs all
show jobs processed
Immediately after restarting, every Palo Alto Networks firewall performs an auto-commit. This takes place in the background and can last up to 30 minutes. The firewall can be accessed from the management interface during that time, but the data plane will be down and the physical interfaces will be down.

Palo Upgrade Commands:

request high-availability state suspend
request system software info
request system software check
request system software download version 7.1.19
request system software install version 7.1.19
request restart system
request high-availability state functional
show jobs all