Palo Alto Networks CLI Cheat Sheet

November 27, 2022

Ad – Purchase on Amazon

Last updated on February 16th, 2023 at 05:22 pm

Palo Alto Networks (PAN) firewalls are known for their Graphical User Interface (GUI) for management. There are times when the CLI (command line interface) is still used, as some commands are used for troubleshooting and restarting processes.

Since PAN-OS version 9.1, PAN has added GUI troubleshooting and testing, available at Device>Troubleshooting. This feature has improved over time with new versions of the OS. In the GUI, not every test is available yet as of the date of this article. Also, restarting processes is not available in the GUI but is in the CLI.

Some commands in this cheat sheet are available in the GUI, for example, ping. I included it in the cheat sheet as this command, and some others, are sometimes used in conjunction with other CLI commands.

User-ID

At the time of this article, a lot of User-ID (IP mapping) testing and process management is done via the CLI. The reason User-ID occupies a large part of this cheat sheet. Hopefully, this will be available in the GUI in future PAN-OS releases.

CLI Modes

It’s important to note the CLI mode when working in the CLI and using this cheat sheet. The CLI has two modes, “operational” and “configuration.” Operational is indicated when the command prompt is a >. This is the default mode when connecting to the console port or using SSH. Configuration is indicated when the command prompt is a #. Configuration mode is entered when entering the command configure when in operational mode.

Here is an example of operational mode.

Here is an example of configuration mode.

PacketPassers

Palo Alto Networks CLI Cheat Sheet

User-ID

CLI Modes

Download the Cheat Sheet

References:

Leave a Reply Cancel reply

Sign up for email updates

PayPal Donation

Featured Posts:

Recent Posts