Set Commands Changed in PAN-OS 10.0
Table of Contents
10.0 (EoL)
Expand all | Collapse all
End-of-Life (EoL)
Set Commands Changed in PAN-OS 10.0
Command line interface 'set' commands that are changed
in PAN-OS 10:
The following commands are modified in the 10.0 release.
Added decryption as an option for log-type.
set devicecongif system log-export-schedule<name> log-type <traffic|threat|tunnel|userid|iptag|auth|url|hipmatch|wildfire|decryption|globalprotect>
Added every-hour as on option for
recurring wildfire commands.
set deviceconfig system update-schedule wildfire recurring every-hour sync-to-peer <yes|no>
Changed yes/no option to 0,1,2.
set deviceconfig setting ctd x-forwarded-for<0|1|2>
Added ha1 port <value> and ha1 port-backup <value>.
set deviceconfig high-availability interface ha1 port<value> <ha1-a|ha1-b|management> set deviceconfig high-availability interface ha1-backup port <value> <ha1-a|ha1-b|management>
Added infinite and disable options also
changed flap-max from 0-16 to 1-16.
set deviceconfig high-availability group election-option timers advanced flap-max<1-16>|<infinite|disable>
Added decryption option.
set network shared-gateway<name> match-list <name> log-type <traffic|threat|wildfire|url|data|tunnel|auth|decryption> set shared log-settings profiles <name> match-list <name> log-type <traffic|threat|wildfire|url|data|tunnel|auth|decryption> set vsys log-settings profiles <name> match-list <name> log-type <traffic|threat|wildfire|url|data|tunnel|auth|decryption>
Added xffr-address option.
set network shared-gateway<name> log-setting profiles <name> log-type <name> actions <name> type tagging target <source-address|destination-address|xffr-address|user>
Added TSL1-3 option.
set shared profiles decryption<name> ssl-protocol-settings min-version <sslv3|tls1-0|tls1-1|tls1-2|tls1-3> set shared profiles decryption <name> ssl-protocol-settings max-version <sslv3|tls1-0|tls1-1|tls1-2|tls1-3> set shared ssl-tls-service-profile <name> ssl-protocol-settings max-version <tls1-0|tls1-1|tls1-2|tls1-3|max> set vsys <name> ssl-tls-service-profile <name> ssl-protocol-settings max-version <tls1-0|tls1-1|tls1-2|tls1-3|max> set vsys <name> profiles decryption <name> ssl-protocol-settings min-version <tls1-0|tls1-1|tls1-2|tls1-3> set vsys <name> ssl-tls-service-profile <name> ssl-protocol-settings max-version <tls1-0|tls1-1|tls1-2|tls1-3|max>
Added60 and 90 day
options.
set shared reports<name> period <last-15-minutes|last-hour|last-6-hrs|last-12-hour|last-24-hours|last-calendar-day|last-7-days|last-7-calendar-days|last-30-days|last-30-calendar-days|last-60-days|last-60-calendar-days|last-90-days|last-90-calendar-days|last-calendar-month>
Added nunique-of-src-profile and nunique-of-dst_profile.
set shared reports<name> type threat sortby <repeatcnt|nunique-of-users|nunique-of-src_profile|nunique-of-dst_profile> set shared reports <name> type urlsum sortby <repeatcnt|nunique-of-users|nunique-of-src_profile|nunique-of-dst_profile> set vsys <name> type threat sortby <repeatcnt|nunique-of-users|nunique-of-src_profile|nunique-of-dst_profile> set vsys <name> reports <name> type urlsum sortby <repeatcnt|nunique-of-users|nunique-of-src_profile|nunique-of-dst_profile>
Added xff_ip|src_dag|dst_dag|src_ed1|dst_ed1 options.
set vsys<name> reports <name> type wildfire group-by <app|category|category-of-app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl> set shared reports<name> type wildfire group-by <app|category|category-of-app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl>
Added src_dag|dst_dag|src_ed1|dst_ed1 options.
set shared reports<name> type trsum sortby <bytes|sessions|bytes_sent|bytes_received|nthreats|nftrans|ndpmatches|nurlcount|chunks|chunks_sent|chunks_received|ncontent|nunique-of-apps|nunique-of-users|nunique-of-src_profile|nunique-of-dst_profile> set shared reports <name> type tunnelsum group-by <action|app|category-of-app|dst|risk-of-app|rule|rule_uuid|src|subcategory-of-app|technology-of-app|containerof-app|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|serial|vsys_name|device_name|tunnelid|monitortag|parent_session_id|parent_start_time|tunnel|tunnel_insp_rule|src_dag|dst_dag|src_edl|dst_edl> set vsys <name> reports <name> type tunnel group-by <action|app|category-of-app|dport|dst|dstuser|from|inbound_if|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sessionid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|tunnelid|monitortag|parent_session_id|parent_start_time|session_end_reason|action_source|tunnel|tunnel_insp_rule|src_dag|dst_dag|src_edl|dst_edl> set vsys <name> reports <name> type tunnlesum group-by <action|app|category-of-app|dst|risk-of-app|rule|rule_uuid|src|subcategory-of-app|technology-of-app|container-of-app|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_timeday-of-receive_time|serial|vsys_name|device_name|tunnelid|monitortag|parent_session_id|parent_start_time|tunnel|tunnel_insp_rule|src_dag|dst_dag|src_edl|dst_edl>
Added nunique-of-hostid option.
set shared reports<name> type globalprotect sortby <repeatcnt|nunique-of-ips|nunique-of-gateways|nunique-of-users|nunique-of-hostid> set vsys <name> reports <name> type globalprotect sortby <repeatcnt|nunique-of-ips|nunique-of-gateways|nunique-of-users|nunique-of-hostid>
Added vsys|gateway|selection_type|response_time|priority|attempted_gateways options.
set vsys<name> reports <name> type globalprotect sortby <serial|time_generated|vsys_name|device_name|vsys|eventid|status|stage|auth_method|tunnel_type|portal|srcuser|srcregion|machinename|public_ip|public_ipv6|private_ip|private_ipv6|hostid|serialnumber|client_ver|client_os|client_os_ver|login_duration|connect_method|reason|error_code|error|opaque|gateway|selection_type|response_time|priority|attempted_gateways|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time> set shared reports<name> type globalprotect group-by <serial|time_generated|vsys_name|device_name|vsys|eventid|status|stage|auth_method|tunnel_type|portal|srcuser|srcregion|machinename|public_ip|public_ipv6|private_ip|private_ipv6|hostid|serialnumber|client_ver|client_os|client_os_ver|login_duration|connect_method|reason|error_code|error|opaque|gateway|selection_type|response_time|priority|attempted_gateways|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time>
Added xff-address option.
set shared log-settings userid match-list<name> actions <name> type tagging target <source-address|destination-address|xff-address|user> set shared log-settings iptag match-list <name> actions <name> type tagging target <source-address|destination-address|xff-address|user> set shared log-settings globalprotect match-list <name> actions <name> type target <source-address|destination-address|xff-address|user> set shared log-settings hipmatch match-list <name> actions <name> type target <source-address|destination-address|xff-address|user> set shared log-settings correlation match-list <name> actions <name> type target <source-address|destination-address|xff-address|user> set shared log-settings profiles match-list <name> actions <name> type target <source-address|destination-address|xff-address|user> set vsys log-settings profiles <name> match-list <name> actions <name> type target <source-address|destination-address|xff-address|user>
Changed 1-10000 to float.
set vsys<name> sdwan-interface-profile <name> maximum-download <float> set vsys <name> sdwan-interface-profile <name> maximum-upload <float>
Added options to:
set vsys<name> reports <name> type url group-by <action|app|category|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|http_headers|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|contenttype|user_agent|device_name|vsys_name|url|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|http_method|url_category_list|xff_ip|container_id|pod_namespace|pod_name|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac>
Added Xff_ip|src_dag|dst_dag|src_ed1|dst_ed1 options.
set vsys<name> reports <name> type wildfire group-by <app|category|category-of-app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl>
Added xff_ip|src_dag|dst_dag| options.
set vsys<name> reports <name> type data group-by <app|category|category-of-app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag>