Palo Alto Networks CLI Cheatsheet

Published November 11, 2022 | Updated January 26, 2024

Note: Commands that begin with # indicate that they must be entered while in configure mode.

Description Command(s)
Enter configuration mode > configure
Restart the device > request restart system
Ping a destination > ping host <destination>
Ping a destination from a particular interface IP > ping host <destination> source <interface ip>
Find command by keyword > find command keyword <keyword>
Show device information > show system info
Show all jobs > show jobs all
Show a particular job > show jobs id <id>
Set the management interface to use a static IP # set deviceconfig system type static
# set deviceconfig system ip-address <ip-address> netmask <netmask> default-gateway <default-gateway>
Commit changes # commit
Fetch licenses from the support portal > request license fetch
Show all licenses > request license info
Delete all licenses > delete license key *.key
Show the running route table > show routing route
Show the forwarding table > show routing fib
Test routing for a destination > test routing fib-lookup ip <destination> virtual-router <virtual router>
Show all interfaces > show interface all
Show interface details and counters > show interface <name>
Show all ARP entries > show arp all
Show ARP entries for a particular interface > show arp <interface>
Display settings in set command format when show > set cli config-output-format set
Show global system counters > show counter global
Show global counters that have changed since last run > show counter global filter delta yes
Show global counters that match the current packet capture filters > show counter global filter packet-filter yes
Test an IKE gateway (phase 1) > test vpn ike-sa gateway <name>
Test an IPSec tunnel (phase 1 & 2) > test vpn ipsec-sa tunnel <name>
Show installed transciever details for interface (>= 10.0.0 only) > show transceiver-detail <interface>
Show installed transciever details for X slot and Y port > show system state filter sys.sX.pY.phy
Disable ZTP mode > request disable-ztp
Show active session information > show system statistics session
Show per-application session stats > show system statistics application
Test a URL's categorization > test url <URL>
Show all attributes for users with group mapping > show user user-attributes user all