Monday, February 3, 2014

Palo Alto Firewall Appliance PA-VM - Useful Commands

If you have every worked on any Juniper Box with JUNOS CLI, you will feel at home when working on Palo Alto Firewall Appliance....

Operational Mode and Configuration Modes
username@hostname> (Operational mode)
username@hostname> configure
Entering configuration mode
[edit]
username@hostname# (Configuration mode)

Moving between Modes
up—changes the context to one level up in the hierarchy.
Example:
[edit network interface] (network level)
@abce# up
[edit network]

username@hostname# (now at the network level)

top—changes context to the top level of the hierarchy.
Example:
[edit network interface vlan] (network vlan level)
username@hostname# top
[edit]
username@hostname# (now at network vlan level)

Changing modes
username@hostname# exit

Software Version, Mgmt Address etc.
dmin@PA-VM> show system info

Grep/Match
admin@PA-VM> show system info | match model
model: PA-VM

Find commands with following keyword
username@hostname# find command keyword hsm

Restart Appliance
>request restart system

Show Configuration Hierarchy
username@hostname# show network interface ethernet
ethernet {
  ethernet1/1 {
    virtual-wire;
  }
  ethernet1/2 {
    virtual-wire;
  }
  ethernet1/3 {
    layer2 {
    units {
      ethernet1/3.1;
    }
  }
}
ethernet1/4;
}
[edit]
username@hostname#

Configure IP Address to a given Port

IP address/netmask 10.1.1.12/24 to the Layer 3 interface for the Ethernet port ethernet1/4:
[edit]
username@hostname# set network interface ethernet ethernet1/4 layer3 ip10.1.1.12/24

Check pending changes (uncommitted)
username@hostname# check pending-changes

Saves a snapshot of the firewall configuration or the device state files
username@hostname# save config to savefile

Get Hw Address of Interfaces
show system state | match hwaddr

Routing Table

> show routing route


Show running-configuration
admin@PA-VM#show

Logs
admin@PA-VM> less mp-log  ? (you will see all possible logs)

Packet Capture:-
admin@PA-VM> debug dataplane packet-diag set log on 
admin@PA-VM> debug dataplane packet-diag set filter on
admin@PA-VM> debug dataplane packet-diag set filter match source <ip Address>
Removing Filters
If setting command shows two filters configured and we want to remove on of them, then we can use
admin@PA-VM> debug dataplane packet-diag clear filter <filter number>
Export pcap file
scp export filter-pcap from <file> to <SCP_serv>
Viewing Packet Hitting Filter in live mode


admin@PA-VM> view-pcap follow yes filter-pcap test1_capture 
Show Packet Capture Setting
admin@PA-VM> debug dataplane packet-diag show setting

Management Traffic Capture:-

Their Mgmt Interface is eth0
admin@PA-VM> tcpdump filter "dst 49.0.0.254"
Press Ctrl-C to stop capturing

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

^C
11 packets captured
22 packets received by filter

0 packets dropped by kernel

admin@PA-VM> tcpdump filter "dst 49.0.0.254"
admin@PA-VM> view-pcap mgmt-pcap mgmt.pcap

Show all Sessions
>show session all