COMMANDS

Friday, June 3, 2022 3:55 PM

*** CLI COMMANDS ***

PERFORMANCE:
show running resource-monitor --> PROCESS+BUFFER+DECRIPTOR
show system resource follow --> TOP Linux command
show system statistics application --> top talker apps
show system statistics sessions --> THROUGHPUT+STATISTICS
show session info --> OVERALL CONNECTION HANDLING OF THE FW
show interface ethernet1/2 --> Interface info
debug system process-info --> shows process running in the system

USER-ID
CP → NTLM
SERVER MONITORING → WMI
AUTHENTICATION SEQUENCE → Authentication
USERS GROUP RIGHTS → Server Operator, Event Log viewer and Distributed Comm user
USER-IP-MAPPING Methods → Captive Portal, Global Protect, Syslog, Domain Controller
(auithentication event), Terminal Services agents.
Group Mapping method → LDAP from User database
show user ip-user-mapping all --> shows user-ip mapping table
show user group list --> shows groups gathered via LDAP/USER-ID
show user group name <gp-name> --> shows users that belongs to those groups in the FW Database

GlobalProtect
PORTAL
GATEWAY
AGENT
Split Tunneling and HIP --> GlobalProtect License needed

IKE
show vpn ike-sa --> shows Phase 1 tunnels
show vpn ipsec-sa --> shows phase 2 tunnels
debug ike gateway <GW-Name> on debug --> debug logs IKE GW
debug ike tunnel <TUNNEL-Name> on debug --> debug logs IKE Tunnel
tail follow yes mp-log ikemgr.log --> check log file
test vpn ike-sa gateway <GW_Name> --> Manually trigger Phase 1
test vpn ipsec-sa tunnel <Tunnel Name> --> Manually trigger Phase 2

FLOW BASIC
(ASK FOR PERMISSION FROM TECH LEAD)
Monitor --> Packet capture → create packet filters, capture stages
debug dataplane packet-diag show setting --> shows packet-filter info, flow basic enabled,
capture enabled
debug dataplane packet-diag set packet-filter on|off --> enable packet-filter, can be done from the
CLI
!
debug dataplane packet-diag set log feature flow basic --> Enable flow basic (Must have filter on!)
debug dataplane packet-diag set log on

COMMANDS Page 1
debug dataplane packet-diag set log on
debug dataplane packet-diag aggregate-logs --> CREATE SINGLE FILE
!
tail follow yes mp-log pan_task_1.log --> show traffic in real time
-DISABLE ALL-
debug dataplane packet-diag set log off
debug dataplane packet-diag set capture off
debug dataplane flush-log
debug dataplane packet-diag set filter off
debug software logging-level set level default service all-services --> Bring debug level back to
default
!
less mp-log pan_task_1.log

SESSION HANDLING
show session all --> shows session table
show session id <XXXX> --> shows session in detail
!
HIGH AVAILABILITY
show high-availability state
show high-availability flap-statistics
show high-availability transitions
show high-availability path-monitoring
show high-availability link-monitoring
less mp-log ha_agent.lig
!
PROCESSES RUNNING AND RESTART
show system software status
show system software status | match XXXX
debug software restart process
!
CHECK GLOBAL COUNTERS
show counter global
show counter global filter packet-filter yes
show counter global filter packet-filter yes delta yes
show counter global filter aspect <-> delta yes
show counter

COMMANDS Page 2
Flow basic
Thursday, October 20, 2022 4:26 PM

++ Start fresh:
debug dataplane packet-diag clear all
debug dataplane packet-diag clear filter-marked-session all
debug dataplane flush-log
debug dataplane packet-diag clear log log
++ Configure captures stages:
debug dataplane packet-diag set capture stage firewall file fw-test
debug dataplane packet-diag set capture stage transmit file tx-test
debug dataplane packet-diag set capture stage receive file rx-test
debug dataplane packet-diag set capture stage drop file dr-test
++ Setup Filters:
debug dataplane packet-diag set filter match source 192.168.236.2
destination 8.8.8.8
debug dataplane packet-diag set filter match source 8.8.8.8 destination
192.168.236.2
debug dataplane packet-diag set filter match source 8.8.8.8 destination
10.193.82.236
debug dataplane packet-diag set filter match source 10.193.82.236
destination 8.8.8.8
++ Enable the debugs "flow basics"
debug dataplane packet-diag set log feature flow basic
debug dataplane packet-diag set log feature appid basic
debug dataplane packet-diag set log feature ctd basic
++ Enable Filters, captures and log features:
debug dataplane packet-diag set filter on
debug dataplane packet-diag set capture on
debug dataplane packet-diag set log on
++ Disable log features:
debug dataplane packet-diag set log off
debug dataplane packet-diag set capture off
++ Compile logs inside TSF:
debug dataplane flush-log
debug dataplane packet-diag aggregate-logs
*** Bonus command to review the pcap config at any moment:
debug dataplane packet-diag show setting
++ Review that you were able to capture the flow basic for the session in
question:
less mp-log pan_packet_diag.log
less dp(x)-log pan_packet_diag.log << If the platform you are working
with has multiple DP's, this is the command.
*** Make sure that you gather:
- Show session id of the session in question from CLI.
- A picture of that same session from the GUI.
- PCAP files from the pcap you just did.
- Confirm that this session was recorded in the flow basic TSF.
- Remember to gather global counters for that session.

From <https://mail.google.com/mail/u/0/#search/flow+basic/FMfcgzGqPzKbPLjsDrcMxXlSrVxdTKTr?projector=1
&messagePartId=0.3>

COMMANDS Page 3
Thursday, October 20, 2022 4:31 PM

low basic and pcap Steps for the Engineer:

================
++ Start logging the Putty session ++
1. Run the following commands to clean packet-diag feature from prev settings:
debug dataplane packet-diag clear all
debug dataplane packet-diag clear filter-marked-session all
debug dataplane flush-log
debug dataplane packet-diag clear log log
2. Get session ID for the traffic in question to know how to setup filters:
show session all filter source x.x.x.x destination x.x.x.x
show session id #

3. Specify appropriate filters, isolating only communication between two end-points:

debug dataplane packet-diag set filter match source <IP1> destination <IP2>
debug dataplane packet-diag set filter match source <IP2> destination <IP1>

3. Prepare capture files for all four stages, receive, transmit, drop and fw:
debug dataplane packet-diag set capture stage receive file <name>
debug dataplane packet-diag set capture stage transmit file <name>
debug dataplane packet-diag set capture stage drop file <name>
debug dataplane packet-diag set capture stage firewall file <name>

4. Prepare appropriate packet-diag logging level and check how everything was
configured above:
debug dataplane packet-diag set log feature flow basic
debug dataplane packet-diag show setting

5. Turn on capturing, filters and logging on:

debug dataplane packet-diag set filter on
debug dataplane packet-diag set capture on
debug dataplane packet-diag set log on

6. Send test traffic, gather global counters and session ID details <- This is
critical info to gather.
show counter global filter delta yes packet-filter yes
show session all filter source x.x.x.x destination x.x.x.x
show session id #

8. At the end of testing turn off prev enabled features with the following commands:
debug dataplane packet-diag set capture off
debug dataplane packet-diag set log off
debug dataplane packet-diag set filter off

9. Run the following command in order to aggregate the logs into one
“pan_packet_diag.log” file:
debug dataplane packet-diag aggregate-logs <- If big capture, send multiple times

10. Confirm that you were able to capture the flow basic for the sesssion you are
working with:
less mp-log pan_packet_diag.log or less mp-log pan_packetdiaglog.log
or
less dp(x)-log pan_packet_diag.log
11. Gen a TSF to find the flow basic info.

From <https://mail.google.com/mail/u/0/#search/flow+basic/FMfcgzGqPzKbPLjsDrcMxXlSrVxdTKTr?projector=1&messagePartId=0.1>

………………………………………………………………………………………….

show counter global filter packet-filter yes delta yes

………………………………………………………………………………….

COMMANDS Page 4
Tuesday, December 13, 2022 12:40 PM

COMMANDS Page 5
COMMANDS Page 6
Tuesday, December 13, 2022 3:12 PM

COMMANDS Page 7
COMMANDS Page 8
COMMANDS Page 9
COMMANDS Page 10