Editing PAN-OS

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[wikipedia:PAN-OS]] is software running on [[Firewall/Palo Alto PA-Series|Palo Alto firewalls]].<ref>https://docs.paloaltonetworks.com/pan-os</ref>.
+
PAN-OS is software running on [[Firewall/Palo Alto PA-Series|Palo Alto firewalls]].<ref>https://docs.paloaltonetworks.com/pan-os</ref> providing:
 
+
* [[Firewall]] capabilities
 
 
== Features ==
 
* [[Firewall]] capabilities: [[Flood protection]]
 
 
* [[QoS]]
 
* [[QoS]]
* [[URL Filtering]] (License based)
+
* [[URL Filtering]]
* [[File blocking]]
+
* [[GlobalProtect]] ([[VPN]])
* [[GlobalProtect]] Gateway ([[VPN]]) (License based)
 
 
* [[packet inspection]]
 
* [[packet inspection]]
* [[Threat prevention]] ([[WildFire]]) (License based), features: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-90.html
+
* [[threat prevention]] ([[WildFire]]), features: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-90.html
 
* PAN-OS authentication methods: [[Kerberos]], [[RADIUS]], [[LDAP]], [[SAML]] 2.0, client certificates, biometric sign-in, and a local user database
 
* PAN-OS authentication methods: [[Kerberos]], [[RADIUS]], [[LDAP]], [[SAML]] 2.0, client certificates, biometric sign-in, and a local user database
 
* PAN-OS daemons: [[RASMGR]], [[SSLMGR]], [[SATD]], [[IDE]], [[Route]] and [[IKE]]
 
* PAN-OS daemons: [[RASMGR]], [[SSLMGR]], [[SATD]], [[IDE]], [[Route]] and [[IKE]]
Line 20: Line 16:
 
* <code>show</code>
 
* <code>show</code>
 
* <code>[[show session all]]</code>
 
* <code>[[show session all]]</code>
* <code>[[show session info]]</code>
+
* <code>[[show system info]]</code> (Includes <code>sw-version</code> output)
* <code>[[show system info]]</code> (Includes <code>sw-version</code> output and [[serial]])
+
* <code>show system state</code>
* <code>[[show system state]]</code>
 
* <code>[[show system resources]]</code>
 
 
* <code>show system disk-space files</code>
 
* <code>show system disk-space files</code>
 
* <code>less mp-log authd.log</code>
 
* <code>less mp-log authd.log</code>
 
* <code>[[show routing route]]</code>
 
* <code>[[show routing route]]</code>
* <code>[[show running]] [[nat]]-policy</code> (See also: https://en.wikiversity.org/wiki/Cisco_Networking/CCENT/Network_Services#NAT_Configuration)
+
* <code>show running [[nat]]-policy</code> (See also: https://en.wikiversity.org/wiki/Cisco_Networking/CCENT/Network_Services#NAT_Configuration)
* <code>[[show running security-policy]]</code>
+
* <code>show running security-policy</code>
* <code>[[show counter]] global filter delta yes packet-filter yes</code>
 
 
* <code>show jobs id x</code>
 
* <code>show jobs id x</code>
 
* <code>edit rulebase security</code>
 
* <code>edit rulebase security</code>
 
* <code>edit rulebase nat</code>
 
* <code>edit rulebase nat</code>
  
 
+
[[VPN]]
===[[VPN]]===
 
 
{{show vpn TOC}}
 
{{show vpn TOC}}
  
 
[[PVST+]] commands
 
[[PVST+]] commands
  
===Troubleshooting===
+
Troubleshooting
 
*<code>[[ping]] host <destination-ip-address></code>
 
*<code>[[ping]] host <destination-ip-address></code>
 
*<code>ping source <ip-address-on-dataplane> host <destination-ip-address></code>
 
*<code>ping source <ip-address-on-dataplane> host <destination-ip-address></code>
 
*<code>show [[netstat]] statistics yes</code>
 
*<code>show [[netstat]] statistics yes</code>
*<code>test authentication authentication-profile <AUTHENTICATION-PROFILE-NAME> username <USERNAME> password</code>
 
  
===[[Panorama]]===
+
[[Panorama]]
 
*<code>show log-collector preference-list</code>
 
*<code>show log-collector preference-list</code>
 
*<code>show logging-status device <firewall-serial-number></code>
 
*<code>show logging-status device <firewall-serial-number></code>
  
===Logs===
+
Logs
 
* <code>[[show log config]]</code>
 
* <code>[[show log config]]</code>
 
** <code>[[show log config cmd equal commit]]</code>
 
** <code>[[show log config cmd equal commit]]</code>
Line 56: Line 47:
 
* <code>[[show log system]]</code>
 
* <code>[[show log system]]</code>
  
===[[Wildfire]]===
+
[[Wildfire]]
 
* <code>[[show wildfire]] wf-vm-pe-utilization</code>
 
* <code>[[show wildfire]] wf-vm-pe-utilization</code>
 
* <code>show wildfire wf-vm-doc-utilization</code>
 
* <code>show wildfire wf-vm-doc-utilization</code>
Line 74: Line 65:
 
* <code>move rulebase nat rules YOUR_RULE_NAME top</code>
 
* <code>move rulebase nat rules YOUR_RULE_NAME top</code>
 
* <code>delete rulebase nat rules YOUR_RULE_NAME</code>
 
* <code>delete rulebase nat rules YOUR_RULE_NAME</code>
 
=== [[GlobalProtect]] ===
 
{{GlobalProtect commands}}
 
 
 
=== [[License]] ===
 
* <code>[[request license info]]</code>
 
 
=== Others ===
 
* <code>[[set]] cli [[pager]] off</code>
 
  
 
== Activities ==
 
== Activities ==
Line 103: Line 84:
 
* Create a [[IPSec]] [[VPN]] access in tunnel mode (transport mode not supported): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK
 
* Create a [[IPSec]] [[VPN]] access in tunnel mode (transport mode not supported): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK
 
* Configure [[MFA]]: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/configure-multi-factor-authentication.html
 
* Configure [[MFA]]: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/configure-multi-factor-authentication.html
* Configure [[PAN-OS syslog]]
+
* Configure [[syslog]] monitoring https://www.manageengine.com/products/firewall/help/configure-paloalto-firewalls.html
 
* Read [[PAN-OS]] [[Port Scan]] Triggering method in zone protection profile: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CljjCAC
 
* Read [[PAN-OS]] [[Port Scan]] Triggering method in zone protection profile: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CljjCAC
  
Line 112: Line 93:
 
* Destination host with port: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-with-port-translation-example.html
 
* Destination host with port: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-with-port-translation-example.html
 
* Configure ssh [[Port forwarding]] https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMwKCAW
 
* Configure ssh [[Port forwarding]] https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMwKCAW
* [[PAN-OS Packet Capture]]
+
 
  
 
== Related terms ==
 
== Related terms ==
 
* [[Mobile Device Management (MDM)]]
 
* [[Mobile Device Management (MDM)]]
* [[HIP]]
+
 
* <code>[[neq]]</code>
 
* [[less]] mp-log authd.lo</code>
 
* <code>[[ansible-galaxy collection install paloaltonetworks.panos]]</code>
 
* [[PAN-OS reports]]
 
* [[External Dynamic List (EDL)]]
 
  
 
== See also ==
 
== See also ==

Please note that all contributions to wikieduonline may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Wikieduonline:Copyrights for details). Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.wikieduonline.com/wiki/PAN-OS"

Advertising: