Differences

This shows you the differences between two versions of the page.

--- network_stuff:palo_alto [2023/03/24 18:42] – jotasandoku
+++ network_stuff:palo_alto [2023/11/02 14:38] (current) – external edit 127.0.0.1
@@ Line 3: / Line 3: @@
 ----
-IU:
+UI:
 \\
   * Contexts
-  * Commit from panorame. We can stage multiple changes and stage OOH,
+  * Commit from panorama. We can stage multiple changes and stage OOH,
   * Policies (pre and post rules)
@@ Line 36: / Line 36: @@
   show user ip-user-mapping
+  debug user-id reset captive-portal ip-address 10.8.20.134    # This will kick out the user
   debug user-id reset captive-portal <ip-address>
   request support check #
   !
+  ! USERS
   show user ip-user-mapping all  # Users
   clear user-cache all
@@ Line 44: / Line 46: @@
   debug user-id reset captive-portal ip-address 10.200.10.118 # Force the user to re-authenticate (example)
   show captive-portal -> view captive-portal config
-  test authentication authentication-profile testny username xxxxxx password -> Radius testing
+  test authentication authentication-profile <authentication-profile-name>    #  Radius testing
+  !
   show log iptag datasource_subtype equal VMWare_Esxi
   !
-  test cp-policy-match source x.x.x.x destination y.y.y.y  ! Policy testing
-  show running captive-portal-policy  -> current captive-portal policy
 __General troubleshooting__
@@ Line 80: / Line 81: @@
   test security-policy-match protocol 6 from OUTSIDE to INSIDE source 10.30.162.81 destination 10.35.56.40 destination-port 443 source-user corporate\gphillip
-\\
   show system statistics
+Logging
   show interface ethernet1/?
   shows latest log entries first
   show log traffic direction equal backward
+  show log system direction equal backward
+  show log url direction equal backward
-  !
+System:
   show system statistics
   show interface ethernet1/?
-  !
-  show log traffic direction equal backward
-  shows latest log entries first
-  !
-  show log system direction equal backward
-  show log url direction equal backward
-  !
   show system logdb-quota
   show running logging
   show counter global
-  !
+  show routing route
+  show running resource-monitor
+  show system resources
+  show log traffic direction equal backward
+  shows latest log entries first
+Debugging:
   debug dataplane pool statistics # look for buffer pool exhaustion (when first number of x/y gets close to 0)
   !
@@ Line 110: / Line 112: @@
   !
   show interfaces all ! to see interfaces and its zones
-  show routing route
-  show running resource-monitor
   !
-  show system resources
-  !
   tftp export configuration from running-config.xml to ip-addr # to save running-config to tftp server at ip-addr
   tftp export stats-dump to ip-addr # to save data for AVR report to tftp server at ip-addr
@@ Line 129: / Line 124: @@
 show user group name "cn=netperm-trax-information-services,ou=network permissions,ou=groups,ou=resources,dc=corporate,dc=local"
+----
+**PANORAMA NOTES - PANOS NOTES:**
-----
-**Panorama notes:**
 TO see traffic
   Monitor > Logs > Traffic
   User auth > Captive Portal
-\\
- * Create rules : sec tab (before rule), Add , Rule Name, Post Rule , Rule type (universal) ; User (if required) ; Application
- * COMMIT: 2 commits: 1st panorama, then properly commit to the gateway
-\\
-To list the user groups that PA periodically pull down from LDAP: https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Check-Users-in-LDAP-Groups/ta-p/59028
 \\
 PANORAMA MONITOR:\\
@@ Line 154: / Line 141: @@
-CLI commands:
-  show user ip-user-mapping
-  debug user-id reset captive-portal ip-address 10.8.20.134    # This will kick out the user
-\\
 How to View Currently Installed SFP Modules: https://live.paloaltonetworks.com/t5/Management-Articles/How-to-View-Currently-Installed-SFP-Modules/ta-p/60908
 \\
@@ Line 164: / Line 147: @@
 Support
 request support check
-----
- Users
-  show user ip-user-mapping all
-  clear user-cache (#all)
 ----
@@ Line 177: / Line 154: @@
   debug user-id reset captive-portal ip-address 10.200.10.118 # Force the user to re-authenticate (example)
 \\
-  show captive-portal -> view captive-portal config
-  test authentication authentication-profile testny username xxxxxx password -> Radius testing
-  find command keyword Esx
-  show log iptag datasource_subtype equal VMWare_Esxi
   test cp-policy-match source x.x.x.x destination y.y.y.y  -> Test captive-portal if works between two addresses
@@ Line 218: / Line 191: @@
   show running resource-monitor
   show system resources
-\\
-tftp export configuration from running-config.xml to ip-addr
-to save running-config to tftp server at ip-addr
-\\
-tftp export stats-dump to ip-addr
-to save data for AVR report to tftp server at ip-addr
 \\
 ----
@@ Line 235: / Line 203: @@
 ----
-Generate traffic and then:
-  debug dataplane packet-diag set capture off
-  view-pcap filter-pcap mypcapfile.pcap
-  tftp export filter-pcap from mypcapfile.pcap to 10.10.10.10
-\\
-Clean up:
-  debug dataplane packet-diag set capture off
-  debug dataplane packet-diag set filter off
-  debug dataplane packet-diag clear filter all
-  debug dataplane packet-diag clear capture stage receive
-  delete debug-filter file mypcapfile.pcap
-\\
-Check settings:
-  debug dataplane packet-diag show setting
-\\
-Check Users in AD groups
-  show user group list | match trax-information
-  show user group name "cn=netperm-trax-information-services,ou=network permissions,ou=groups,ou=resources,dc=corporate,dc=local"
- match the group name in AD
-then use group name command which will list all the users in the group
-USEFUL FILTER EXPRESSION
 MONITOR
@@ Line 266: / Line 211: @@
 ----
-**To verify POLICY (from the gateways)**
-  test security-policy-match protocol 6 from OUTSIDE to INSIDE source 207.82.215.170 destination 204.128.53.8 destination-port 5046
-  > show user user-ids match-user atelesford
-  test security-policy-match protocol 6 from OUTSIDE to INSIDE source 10.30.162.81 destination 10.35.56.40 destination-port 443 source-user corporate\gphillip

dokucama

User Tools

Site Tools

Differences

Page Tools