Editing PAN-OS

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[wikipedia:PAN-OS]] is software running on [[Firewall/Palo Alto PA-Series|Palo Alto firewalls]].<ref>https://docs.paloaltonetworks.com/pan-os</ref>.
+
PAN-OS is software running on [[Firewall/Palo Alto PA-Series|Palo Alto firewalls]].<ref>https://docs.paloaltonetworks.com/pan-os</ref> providing [[Firewall]] capabilities, [[QoS]], [[URL Filtering]], [[packet inspection]] and [[threat prevention]] (WildFire).
 
 
 
 
== Features ==
 
* [[Firewall]] capabilities: [[Flood protection]]
 
* [[QoS]]
 
* [[URL Filtering]] (License based)
 
* [[File blocking]]
 
* [[GlobalProtect]] Gateway ([[VPN]]) (License based)
 
* [[packet inspection]]
 
* [[Threat prevention]] ([[WildFire]]) (License based), features: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-90.html
 
* PAN-OS authentication methods: [[Kerberos]], [[RADIUS]], [[LDAP]], [[SAML]] 2.0, client certificates, biometric sign-in, and a local user database
 
* PAN-OS daemons: [[RASMGR]], [[SSLMGR]], [[SATD]], [[IDE]], [[Route]] and [[IKE]]
 
  
 +
* Threat prevention (Wildfire). Features: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-90.html
  
 
== PAN-OS CLI ==
 
== PAN-OS CLI ==
 
* <code>configure</code>
 
* <code>configure</code>
 
* <code>commit</code>
 
* <code>commit</code>
* <code>find command</code>
 
 
* <code>show</code>
 
* <code>show</code>
* <code>[[show session all]]</code>
+
* <code>show system info</code>
* <code>[[show session info]]</code>
 
* <code>[[show system info]]</code> (Includes <code>sw-version</code> output and [[serial]])
 
* <code>[[show system state]]</code>
 
* <code>[[show system resources]]</code>
 
 
* <code>show system disk-space files</code>
 
* <code>show system disk-space files</code>
 
* <code>less mp-log authd.log</code>
 
* <code>less mp-log authd.log</code>
* <code>[[show routing route]]</code>
+
* <code>show routing route</code>
* <code>[[show running]] [[nat]]-policy</code> (See also: https://en.wikiversity.org/wiki/Cisco_Networking/CCENT/Network_Services#NAT_Configuration)
+
* <code>show running [[nat]]-policy</code> (See also: https://en.wikiversity.org/wiki/Cisco_Networking/CCENT/Network_Services#NAT_Configuration)
* <code>[[show running security-policy]]</code>
+
* <code>show running security-policy</code>
* <code>[[show counter]] global filter delta yes packet-filter yes</code>
 
* <code>show jobs id x</code>
 
 
* <code>edit rulebase security</code>
 
* <code>edit rulebase security</code>
 
* <code>edit rulebase nat</code>
 
* <code>edit rulebase nat</code>
  
 
+
[[VPN]]
===[[VPN]]===
+
* <code>show [[VPN|vpn]] flow</code>
{{show vpn TOC}}
+
* <code>show [[VPN|vpn]] gateway</code>
 +
* <code>show [[VPN|vpn]] ike-sa</code>
 +
* <code>show [[VPN|vpn]] ipsec-sa</code>
 +
* <code>show [[VPN|vpn]] tunnel</code>
  
 
[[PVST+]] commands
 
[[PVST+]] commands
  
===Troubleshooting===
+
Troubleshooting
 
*<code>[[ping]] host <destination-ip-address></code>
 
*<code>[[ping]] host <destination-ip-address></code>
 
*<code>ping source <ip-address-on-dataplane> host <destination-ip-address></code>
 
*<code>ping source <ip-address-on-dataplane> host <destination-ip-address></code>
 
*<code>show [[netstat]] statistics yes</code>
 
*<code>show [[netstat]] statistics yes</code>
*<code>test authentication authentication-profile <AUTHENTICATION-PROFILE-NAME> username <USERNAME> password</code>
 
  
===[[Panorama]]===
+
Panorama
 
*<code>show log-collector preference-list</code>
 
*<code>show log-collector preference-list</code>
 
*<code>show logging-status device <firewall-serial-number></code>
 
*<code>show logging-status device <firewall-serial-number></code>
  
===Logs===
+
Wildfire
* <code>[[show log config]]</code>
+
* <code>show wildfire wf-vm-pe-utilization</code>
** <code>[[show log config cmd equal commit]]</code>
 
** <code>[[show log config csv-output equal yes]]</code>
 
* <code>[[show log system]]</code>
 
 
 
===[[Wildfire]]===
 
* <code>[[show wildfire]] wf-vm-pe-utilization</code>
 
 
* <code>show wildfire wf-vm-doc-utilization</code>
 
* <code>show wildfire wf-vm-doc-utilization</code>
 
* <code>show wildfire wf-vm-elinkda-utilization</code>
 
* <code>show wildfire wf-vm-elinkda-utilization</code>
Line 75: Line 53:
 
* <code>delete rulebase nat rules YOUR_RULE_NAME</code>
 
* <code>delete rulebase nat rules YOUR_RULE_NAME</code>
  
=== [[GlobalProtect]] ===
+
== PAN-OS Releases ==
{{GlobalProtect commands}}
+
* PAN-OS 9.0 (Release Notes: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-release-notes.html)
 
+
** Easy transition your legacy rulebase to a best practice application-based rulebase
 
+
** Strict Enforcement of Standard Ports
=== [[License]] ===
+
** Real-Time Enforcement and Expanded Capacities for DAGs
* <code>[[request license info]]</code>
+
** [[Panorama]] can now manage up to 5,000 firewall
 
+
** Multi-Category and Risk-Based URL Filtering
=== Others ===
+
** DNS Security Service
* <code>[[set]] cli [[pager]] off</code>
+
** Policy Match and Connectivity Tests from the Web Interface
 +
** [[HTTP/2]] Inspection
 +
** Consolidated Deployment for [[GlobalProtect]] Portals and Gateways
 +
* PAN-OS 8.0 End-of-life on October 31, 2019
  
 
== Activities ==
 
== Activities ==
=== Basic ===
+
Basic
 
* Review additional PAN-OS examples: https://www.thegeekstuff.com/2019/06/paloalto-cli-security-nat-policy/
 
* Review additional PAN-OS examples: https://www.thegeekstuff.com/2019/06/paloalto-cli-security-nat-policy/
* Create a [[backup]] of your configuration: https://docs.paloaltonetworks.com/content/techdocs/en_US/pan-os/9-1/pan-os-admin/firewall-administration/manage-configuration-backups.html
+
* Create a backup of your configuration: https://docs.paloaltonetworks.com/content/techdocs/en_US/pan-os/9-0/pan-os-admin/firewall-administration/manage-configuration-backups.html
 
* Read PAN-OS 9.0 Administration guide:
 
* Read PAN-OS 9.0 Administration guide:
 
** https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/9-0/pan-os-admin/pan-os-admin.pdf
 
** https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/9-0/pan-os-admin/pan-os-admin.pdf
 
** https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin
 
** https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin
 
* Read PAN-OS 9.0 New features guide: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html such as Rule Changes Archive <ref>https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/management-features/rule-changes-archive.html</ref>
 
* Read PAN-OS 9.0 New features guide: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html such as Rule Changes Archive <ref>https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/management-features/rule-changes-archive.html</ref>
* Read [[PAN-OS Release Notes]]
+
* Read PAN-OS 7.1 Release Notes: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-release-notes/pan-os-7-1-release-information/features-introduced-in-pan-os-7-1
 
* Review PAN-OS CLI Quick Start: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-cli-quick-start/cli-cheat-sheets.html
 
* Review PAN-OS CLI Quick Start: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-cli-quick-start/cli-cheat-sheets.html
* Read Palo Alto basics of [[Palo Alto traffic monitoring filtering]]: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSlCAK
 
* Review https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/9-0/pan-os-cli-quick-start/pan-os-cli-quick-start.pdf
 
* Read https://weberblog.net/cli-commands-for-troubleshooting-palo-alto-firewalls/
 
  
 
+
Intermediate
=== Intermediate ===
 
 
* Create a [[IPSec]] [[VPN]] access in tunnel mode (transport mode not supported): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK
 
* Create a [[IPSec]] [[VPN]] access in tunnel mode (transport mode not supported): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK
 
* Configure [[MFA]]: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/configure-multi-factor-authentication.html
 
* Configure [[MFA]]: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/configure-multi-factor-authentication.html
* Configure [[PAN-OS syslog]]
 
* Read [[PAN-OS]] [[Port Scan]] Triggering method in zone protection profile: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CljjCAC
 
 
[[NAT]]
 
* General overview: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CllzCAC
 
* Configure Host Destination NAT: https://www.youtube.com/watch?v=ocnNiNW7jDE&list=PLD6FJ8WNiIqWPjNPk5Oi1TxE7SJnoPr-D#action=share
 
* Destination Host example: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-exampleone-to-one-mapping
 
* Destination host with port: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-with-port-translation-example.html
 
* Configure ssh [[Port forwarding]] https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMwKCAW
 
* [[PAN-OS Packet Capture]]
 
 
== Related terms ==
 
* [[Mobile Device Management (MDM)]]
 
* [[HIP]]
 
* <code>[[neq]]</code>
 
* [[less]] mp-log authd.lo</code>
 
* <code>[[ansible-galaxy collection install paloaltonetworks.panos]]</code>
 
* [[PAN-OS reports]]
 
* [[External Dynamic List (EDL)]]
 
  
 
== See also ==
 
== See also ==
 
{{Firewalls}}
 
{{Firewalls}}
* {{PAN-OS}}
+
 
* {{Networking OS}}
 
* [[Terraform]] PAN-OS: https://www.terraform.io/docs/providers/panos/index.html
 
  
 
[[Category:Firewalls]]
 
[[Category:Firewalls]]
Line 134: Line 90:
 
[[Category:IT]]
 
[[Category:IT]]
  
Manual: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin.html
 
  
 
Draft - Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. https://en.wikiversity.org/wiki/Draft:Firewall/Palo_Alto_PA-Series/PAN-OS
 
Draft - Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. https://en.wikiversity.org/wiki/Draft:Firewall/Palo_Alto_PA-Series/PAN-OS

Please note that all contributions to wikieduonline may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Wikieduonline:Copyrights for details). Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.wikieduonline.com/wiki/PAN-OS"

Advertising: