Palo Alto Cheat Sheet VPN
Palo Alto VPN
show vpn ipsec-sa summary
show vpn ipsec-sa | match
Phase 1
show vpn ike-sa
show vpn ike-sa detail gateway xxxx
Sessions
show session all filter destination x.x.x.x (for both peers)
clear session all filter destination x.x.x.x
Logs
Traffic > Monitor(addr.src in x.x.x.x) and (addr.dst in x.x.x.x)
Dashboard
Network > IPSec tunnels
Network > Interfaces > IPv4 Add multiple Ips
network > network profiles > Monitor > Tunnel Failover
network > interfaces . Tunel Interface > configure 1pv4 to start heartbeat
IPSec
| Command | Description |
|---|
show vpn flow | Show IPSec counters. |
show vpn gateway | Show a list of all IPSec gateways and their configurations. |
show vpn ike-sa | Show IKE phase 1 SAs. |
show vpn ipsec-sa | Show IKE phase 2 SAs. |
show vpn tunnel | Show a list of auto-key IPSec tunnel configurations. |
LSVPN (10.1.7)
| Command | Description |
|---|
request global-protect-portal set-satellite-cookie-expiration value <0-5> | (Portal) Change the current satellite cookie expiration time. |
show global-protect-portal satellite-cookie-expiration | (Portal) Show current satellite cookie expiration time. |
show global-protect-satellite satellite | (Satellite) Display current satellite authentication cookie’s generation time. |