Editing PAN-OS
Jump to navigation
Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | + | PAN-OS is software running on [[Firewall/Palo Alto PA-Series|Palo Alto firewalls]].<ref>https://docs.paloaltonetworks.com/pan-os</ref> providing [[Firewall]] capabilities, [[QoS]], [[URL Filtering]], [[packet inspection]] and [[threat prevention]] (WildFire). | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | * Threat prevention (Wildfire). Features: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-90.html | ||
== PAN-OS CLI == | == PAN-OS CLI == | ||
* <code>configure</code> | * <code>configure</code> | ||
− | + | * <code>show system info</code> | |
− | |||
− | * <code> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
* <code>show system disk-space files</code> | * <code>show system disk-space files</code> | ||
* <code>less mp-log authd.log</code> | * <code>less mp-log authd.log</code> | ||
− | * <code> | + | * <code>show routing route</code> |
− | * <code> | + | * <code>show running [[nat]]-policy</code> (See also: https://en.wikiversity.org/wiki/Cisco_Networking/CCENT/Network_Services#NAT_Configuration) |
− | * <code> | + | * <code>show running security-policy</code> |
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | [[VPN]] | |
− | + | * <code>show [[VPN|vpn]] flow</code> | |
+ | * <code>show [[VPN|vpn]] gateway</code> | ||
+ | * <code>show [[VPN|vpn]] ike-sa</code> | ||
+ | * <code>show [[VPN|vpn]] ipsec-sa</code> | ||
+ | * <code>show [[VPN|vpn]] tunnel</code> | ||
[[PVST+]] commands | [[PVST+]] commands | ||
− | + | Troubleshooting | |
*<code>[[ping]] host <destination-ip-address></code> | *<code>[[ping]] host <destination-ip-address></code> | ||
*<code>ping source <ip-address-on-dataplane> host <destination-ip-address></code> | *<code>ping source <ip-address-on-dataplane> host <destination-ip-address></code> | ||
*<code>show [[netstat]] statistics yes</code> | *<code>show [[netstat]] statistics yes</code> | ||
− | |||
− | + | Panorama | |
*<code>show log-collector preference-list</code> | *<code>show log-collector preference-list</code> | ||
*<code>show logging-status device <firewall-serial-number></code> | *<code>show logging-status device <firewall-serial-number></code> | ||
− | + | Wildfire | |
− | + | * <code>show wildfire wf-vm-pe-utilization</code> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | * <code> | ||
* <code>show wildfire wf-vm-doc-utilization</code> | * <code>show wildfire wf-vm-doc-utilization</code> | ||
* <code>show wildfire wf-vm-elinkda-utilization</code> | * <code>show wildfire wf-vm-elinkda-utilization</code> | ||
Line 64: | Line 38: | ||
* <code>show wildfire local sample-processed {time [last-12-hrs | last-15-minutes | last-1-hr | last-24-hrs | last-30-days | last-7-days | last-calender-day | last-calender-month] \ count <number_of_samples>}.</code> | * <code>show wildfire local sample-processed {time [last-12-hrs | last-15-minutes | last-1-hr | last-24-hrs | last-30-days | last-7-days | last-calender-day | last-calender-month] \ count <number_of_samples>}.</code> | ||
− | == | + | == PAN-OS Releases == |
− | * | + | * PAN-OS 9.0 (Release Notes: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-release-notes.html) |
− | * | + | ** Easy transition your legacy rulebase to a best practice application-based rulebase |
− | * | + | ** Strict Enforcement of Standard Ports |
− | * | + | ** Real-Time Enforcement and Expanded Capacities for DAGs |
− | + | ** [[Panorama]] can now manage up to 5,000 firewall | |
− | [[ | + | ** Multi-Category and Risk-Based URL Filtering |
− | * | + | ** DNS Security Service |
− | * | + | ** Policy Match and Connectivity Tests from the Web Interface |
− | * | + | ** [[HTTP/2]] Inspection |
− | + | ** Consolidated Deployment for [[GlobalProtect]] Portals and Gateways | |
− | + | * PAN-OS 8.0 End-of-life on October 31, 2019 | |
− | |||
− | |||
− | |||
− | |||
− | * | ||
− | |||
− | |||
− | * | ||
== Activities == | == Activities == | ||
− | + | Basic | |
− | + | * Create a backup of your configuration: https://docs.paloaltonetworks.com/content/techdocs/en_US/pan-os/9-0/pan-os-admin/firewall-administration/manage-configuration-backups.html | |
− | * Create a | ||
* Read PAN-OS 9.0 Administration guide: | * Read PAN-OS 9.0 Administration guide: | ||
** https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/9-0/pan-os-admin/pan-os-admin.pdf | ** https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/9-0/pan-os-admin/pan-os-admin.pdf | ||
** https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin | ** https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin | ||
* Read PAN-OS 9.0 New features guide: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html such as Rule Changes Archive <ref>https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/management-features/rule-changes-archive.html</ref> | * Read PAN-OS 9.0 New features guide: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html such as Rule Changes Archive <ref>https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/management-features/rule-changes-archive.html</ref> | ||
− | * Read | + | * Read PAN-OS 7.1 Release Notes: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-release-notes/pan-os-7-1-release-information/features-introduced-in-pan-os-7-1 |
* Review PAN-OS CLI Quick Start: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-cli-quick-start/cli-cheat-sheets.html | * Review PAN-OS CLI Quick Start: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-cli-quick-start/cli-cheat-sheets.html | ||
− | |||
− | |||
− | |||
− | |||
− | + | Intermediate | |
* Create a [[IPSec]] [[VPN]] access in tunnel mode (transport mode not supported): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK | * Create a [[IPSec]] [[VPN]] access in tunnel mode (transport mode not supported): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK | ||
* Configure [[MFA]]: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/configure-multi-factor-authentication.html | * Configure [[MFA]]: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/configure-multi-factor-authentication.html | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== See also == | == See also == | ||
{{Firewalls}} | {{Firewalls}} | ||
− | + | ||
− | |||
− | |||
[[Category:Firewalls]] | [[Category:Firewalls]] | ||
Line 134: | Line 74: | ||
[[Category:IT]] | [[Category:IT]] | ||
− | |||
Draft - Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. https://en.wikiversity.org/wiki/Draft:Firewall/Palo_Alto_PA-Series/PAN-OS | Draft - Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. https://en.wikiversity.org/wiki/Draft:Firewall/Palo_Alto_PA-Series/PAN-OS |
Advertising: