Editing PAN-OS
Jump to navigation
Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | + | PAN-OS is software running on [[Firewall/Palo Alto PA-Series|Palo Alto firewalls]].<ref>https://docs.paloaltonetworks.com/pan-os</ref> providing: | |
− | + | * [[Firewall]] capabilities | |
− | |||
− | |||
− | * [[Firewall]] capabilities | ||
* [[QoS]] | * [[QoS]] | ||
− | * [[URL Filtering | + | * [[URL Filtering]] |
− | + | * [[GlobalProtect]] ([[VPN]]) | |
− | * [[GlobalProtect]] | ||
* [[packet inspection]] | * [[packet inspection]] | ||
− | * [[ | + | * [[threat prevention]] ([[WildFire]]), features: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-90.html |
* PAN-OS authentication methods: [[Kerberos]], [[RADIUS]], [[LDAP]], [[SAML]] 2.0, client certificates, biometric sign-in, and a local user database | * PAN-OS authentication methods: [[Kerberos]], [[RADIUS]], [[LDAP]], [[SAML]] 2.0, client certificates, biometric sign-in, and a local user database | ||
* PAN-OS daemons: [[RASMGR]], [[SSLMGR]], [[SATD]], [[IDE]], [[Route]] and [[IKE]] | * PAN-OS daemons: [[RASMGR]], [[SSLMGR]], [[SATD]], [[IDE]], [[Route]] and [[IKE]] | ||
Line 19: | Line 15: | ||
* <code>find command</code> | * <code>find command</code> | ||
* <code>show</code> | * <code>show</code> | ||
− | + | * <code>[[show system info]]</code> (Includes <code>sw-version</code> output) | |
− | + | * <code>show system state</code> | |
− | * <code>[[show system info]]</code> (Includes <code>sw-version</code> output | ||
− | * <code> | ||
− | |||
* <code>show system disk-space files</code> | * <code>show system disk-space files</code> | ||
* <code>less mp-log authd.log</code> | * <code>less mp-log authd.log</code> | ||
* <code>[[show routing route]]</code> | * <code>[[show routing route]]</code> | ||
− | * <code> | + | * <code>show running [[nat]]-policy</code> (See also: https://en.wikiversity.org/wiki/Cisco_Networking/CCENT/Network_Services#NAT_Configuration) |
− | * <code> | + | * <code>show running security-policy</code> |
− | |||
* <code>show jobs id x</code> | * <code>show jobs id x</code> | ||
* <code>edit rulebase security</code> | * <code>edit rulebase security</code> | ||
* <code>edit rulebase nat</code> | * <code>edit rulebase nat</code> | ||
− | + | [[VPN]] | |
− | |||
{{show vpn TOC}} | {{show vpn TOC}} | ||
[[PVST+]] commands | [[PVST+]] commands | ||
− | + | Troubleshooting | |
*<code>[[ping]] host <destination-ip-address></code> | *<code>[[ping]] host <destination-ip-address></code> | ||
*<code>ping source <ip-address-on-dataplane> host <destination-ip-address></code> | *<code>ping source <ip-address-on-dataplane> host <destination-ip-address></code> | ||
*<code>show [[netstat]] statistics yes</code> | *<code>show [[netstat]] statistics yes</code> | ||
− | |||
− | + | [[Panorama]] | |
*<code>show log-collector preference-list</code> | *<code>show log-collector preference-list</code> | ||
*<code>show logging-status device <firewall-serial-number></code> | *<code>show logging-status device <firewall-serial-number></code> | ||
− | + | Logs | |
* <code>[[show log config]]</code> | * <code>[[show log config]]</code> | ||
** <code>[[show log config cmd equal commit]]</code> | ** <code>[[show log config cmd equal commit]]</code> | ||
Line 56: | Line 46: | ||
* <code>[[show log system]]</code> | * <code>[[show log system]]</code> | ||
− | + | [[Wildfire]] | |
* <code>[[show wildfire]] wf-vm-pe-utilization</code> | * <code>[[show wildfire]] wf-vm-pe-utilization</code> | ||
* <code>show wildfire wf-vm-doc-utilization</code> | * <code>show wildfire wf-vm-doc-utilization</code> | ||
Line 74: | Line 64: | ||
* <code>move rulebase nat rules YOUR_RULE_NAME top</code> | * <code>move rulebase nat rules YOUR_RULE_NAME top</code> | ||
* <code>delete rulebase nat rules YOUR_RULE_NAME</code> | * <code>delete rulebase nat rules YOUR_RULE_NAME</code> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Activities == | == Activities == | ||
Line 103: | Line 83: | ||
* Create a [[IPSec]] [[VPN]] access in tunnel mode (transport mode not supported): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK | * Create a [[IPSec]] [[VPN]] access in tunnel mode (transport mode not supported): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK | ||
* Configure [[MFA]]: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/configure-multi-factor-authentication.html | * Configure [[MFA]]: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/configure-multi-factor-authentication.html | ||
− | * Configure [[ | + | * Configure [[syslog]] monitoring https://www.manageengine.com/products/firewall/help/configure-paloalto-firewalls.html |
− | |||
− | + | NAT | |
* General overview: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CllzCAC | * General overview: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CllzCAC | ||
* Configure Host Destination NAT: https://www.youtube.com/watch?v=ocnNiNW7jDE&list=PLD6FJ8WNiIqWPjNPk5Oi1TxE7SJnoPr-D#action=share | * Configure Host Destination NAT: https://www.youtube.com/watch?v=ocnNiNW7jDE&list=PLD6FJ8WNiIqWPjNPk5Oi1TxE7SJnoPr-D#action=share | ||
* Destination Host example: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-exampleone-to-one-mapping | * Destination Host example: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-exampleone-to-one-mapping | ||
− | |||
* Configure ssh [[Port forwarding]] https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMwKCAW | * Configure ssh [[Port forwarding]] https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMwKCAW | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== See also == | == See also == |
Advertising: