The IP address from the client is the source, while the IP address from the server is the destination. To give an example: An SSH connection is made from a client to a server. –> That is: the “sent/received” is ALWAYS from the clients perspective! For TCP, the client sends the very first TCP SYN packet. That is: for both, UDP and TCP, the client always establishes the connection to the server. However, all the “sent/received” values are based on the source -> destination connection aka client -> server. (Ok, there are exceptions such as management access via ping, ssh, https to a data interface or IPsec traffic to the WAN interface or OSPF to an internal interface.) Indeed the firewall never receives or sends packets directly to/from itself, but rather processes packets. The following commands are really the basics and need no further description. Or use the official Quick Reference Guide: Helpful Commands PDF. If there are any useful commands missing, please send me a comment!įor a complete list of all CLI commands, use the CLI Reference Guides from PAN.
Whenever I use some “new” commands for troubleshooting issues, I will update it. This blog post will be a living document. However, since I am almost always using the GUI this quick reference only lists commands that are useful for the console while not present in the GUI. Maybe some other network professionals will find it useful.
Therefore I list a few commands for the Palo Alto Networks firewalls to have a short reference / cheat sheet for myself. Contact your support personnel or package vendor.When troubleshooting network and security issues on many different devices/platforms I am always missing some command options to do exactly what I want to do on the device I am currently working with. A program run as part of the setup did not finish as expected.
Go to Apple Menu -> System Preferences -> Security & Privacy and click "Allow" the software from Palo Alto Networks to run Launchctl load /Library/LaunchAgents/.ist
Uninstall the Palo Alto GlobalProtect client ( Mac uninstall instructions), restart your computer, then reinstall the client (visit to download the latest version of the client).Restart your computer and attempt to connect again.
Make sure that you have set the Portal address to.If you are unable to connect to the VPN using the GlobalProtect client, you can try the following steps: General troubleshooting