Palo Alto Networks CLI Cheatsheet
Published November 11, 2022 | Updated January 26, 2024Note: Commands that begin with # indicate that they must be entered while in configure mode.
| Description | Command(s) |
|---|---|
| Enter configuration mode |
>
configure
|
| Restart the device |
>
request restart system
|
| Ping a destination |
>
ping host <destination>
|
| Ping a destination from a particular interface IP |
>
ping host <destination> source <interface ip>
|
| Find command by keyword |
>
find command keyword <keyword>
|
| Show device information |
>
show system info
|
| Show all jobs |
>
show jobs all
|
| Show a particular job |
>
show jobs id <id>
|
| Set the management interface to use a static IP |
#
set deviceconfig system type static
#
set deviceconfig system ip-address <ip-address> netmask <netmask> default-gateway <default-gateway>
|
| Commit changes |
#
commit
|
| Fetch licenses from the support portal |
>
request license fetch
|
| Show all licenses |
>
request license info
|
| Delete all licenses |
>
delete license key *.key
|
| Show the running route table |
>
show routing route
|
| Show the forwarding table |
>
show routing fib
|
| Test routing for a destination |
>
test routing fib-lookup ip <destination> virtual-router <virtual router>
|
| Show all interfaces |
>
show interface all
|
| Show interface details and counters |
>
show interface <name>
|
| Show all ARP entries |
>
show arp all
|
| Show ARP entries for a particular interface |
>
show arp <interface>
|
| Display settings in set command format when show |
>
set cli config-output-format set
|
| Show global system counters |
>
show counter global
|
| Show global counters that have changed since last run |
>
show counter global filter delta yes
|
| Show global counters that match the current packet capture filters |
>
show counter global filter packet-filter yes
|
| Test an IKE gateway (phase 1) |
>
test vpn ike-sa gateway <name>
|
| Test an IPSec tunnel (phase 1 & 2) |
>
test vpn ipsec-sa tunnel <name>
|
| Show installed transciever details for interface (>= 10.0.0 only) |
>
show transceiver-detail <interface>
|
| Show installed transciever details for X slot and Y port |
>
show system state filter sys.sX.pY.phy
|
| Disable ZTP mode |
>
request disable-ztp
|
| Show active session information |
>
show system statistics session
|
| Show per-application session stats |
>
show system statistics application
|
| Test a URL's categorization |
>
test url <URL>
|
| Show all attributes for users with group mapping |
>
show user user-attributes user all
|
RSS Feed