Resource utilization and Informational
show running resource-monitor
- Look for high CPU (app-id, decoders, session setup and teardown)
show session info
- Look for high concurrent sessions and CPS
- Packet rate and Throughput do not count packets forwarded in hardware
show session id <id-number>
- Shows session details by entering the session ID number
debug dataplane pool statistics
- Look for depleted buffers (small number on the left)
- Work Queue Entries: in charge of segment reassembly, normalization to Content Engine
show counter global filter aspect resource
- General resource counters, including FPGA hits and TCP window issues
show system statistics
- General app and system real-time counters
test url example.com
- Check URL category
show user group name <user group>
- Check what users PAN sees in a group
show user user-ids match-user <username>
- Check if PAN sees user in any groups
show system setting ssl-decrypt memory
show system setting ssl-decrypt certificate-cache
- Check ssl decryption memory usage
show global-protect-gateway current-user
- Check GlobalProtect current users
show global-protect-gateway gateway
- Check GlobalProtect gateway configuration
Errors, drops, fragments
show counter global | match drop
show counter global | match syn
show counter global | match deny
show counter global | match error
show interface ethernetX/X
show system state filter * | match over
ping source <IP_addr_src_int> host <IP_addr_host>
- Ping from a specified device source interface to destination IP
ping host <IP>
- Ping from the management interface
show session all filter source <source-IP> destination <destination-IP>
- Shows specific sessions in the sessions table for source and destination IPs
Configuration
debug user-id refresh group-mapping all
- Updates AD group mapping