Differences

This shows you the differences between two versions of the page.

--- network_stuff:palo_alto [2023/03/24 20:09] – jotasandoku
+++ network_stuff:palo_alto [2023/11/02 14:38] (current) – external edit 127.0.0.1
@@ Line 3: / Line 3: @@
 ----
-IU:
+UI:
 \\
   * Contexts
-  * Commit from panorame. We can stage multiple changes and stage OOH,
+  * Commit from panorama. We can stage multiple changes and stage OOH,
   * Policies (pre and post rules)
@@ Line 40: / Line 40: @@
   request support check #
   !
+  ! USERS
   show user ip-user-mapping all  # Users
   clear user-cache all
@@ Line 49: / Line 50: @@
   show log iptag datasource_subtype equal VMWare_Esxi
   !
-  test cp-policy-match source x.x.x.x destination y.y.y.y  ! Policy testing
-  show running captive-portal-policy  -> current captive-portal policy
 __General troubleshooting__
@@ Line 142: / Line 141: @@
-CLI commands:
-  show user ip-user-mapping
-  debug user-id reset captive-portal ip-address 10.8.20.134    # This will kick out the user
-\\
 How to View Currently Installed SFP Modules: https://live.paloaltonetworks.com/t5/Management-Articles/How-to-View-Currently-Installed-SFP-Modules/ta-p/60908
 \\
@@ Line 152: / Line 147: @@
 Support
 request support check
-----
- Users
-  show user ip-user-mapping all
-  clear user-cache (#all)
 ----
@@ Line 165: / Line 154: @@
   debug user-id reset captive-portal ip-address 10.200.10.118 # Force the user to re-authenticate (example)
 \\
-  show captive-portal -> view captive-portal config
-  test authentication authentication-profile testny username xxxxxx password -> Radius testing
-  find command keyword Esx
-  show log iptag datasource_subtype equal VMWare_Esxi
   test cp-policy-match source x.x.x.x destination y.y.y.y  -> Test captive-portal if works between two addresses
@@ Line 206: / Line 191: @@
   show running resource-monitor
   show system resources
-\\
-tftp export configuration from running-config.xml to ip-addr
-to save running-config to tftp server at ip-addr
-\\
-tftp export stats-dump to ip-addr
-to save data for AVR report to tftp server at ip-addr
 \\
 ----
@@ Line 223: / Line 203: @@
 ----
-Generate traffic and then:
-  debug dataplane packet-diag set capture off
-  view-pcap filter-pcap mypcapfile.pcap
-  tftp export filter-pcap from mypcapfile.pcap to 10.10.10.10
-\\
-Clean up:
-  debug dataplane packet-diag set capture off
-  debug dataplane packet-diag set filter off
-  debug dataplane packet-diag clear filter all
-  debug dataplane packet-diag clear capture stage receive
-  delete debug-filter file mypcapfile.pcap
-\\
-Check settings:
-  debug dataplane packet-diag show setting
-\\
-Check Users in AD groups
-  show user group list | match trax-information
-  show user group name "cn=netperm-trax-information-services,ou=network permissions,ou=groups,ou=resources,dc=corporate,dc=local"
- match the group name in AD
-then use group name command which will list all the users in the group
-USEFUL FILTER EXPRESSION
 MONITOR
@@ Line 254: / Line 211: @@
 ----
-**To verify POLICY (from the gateways)**
-  test security-policy-match protocol 6 from OUTSIDE to INSIDE source 207.82.215.170 destination 204.128.53.8 destination-port 5046
-  > show user user-ids match-user atelesford
-  test security-policy-match protocol 6 from OUTSIDE to INSIDE source 10.30.162.81 destination 10.35.56.40 destination-port 443 source-user corporate\gphillip

dokucama

User Tools

Site Tools

Differences

Page Tools