Set Commands Introduced in PAN-OS 10.1
Table of Contents
Expand all | Collapse all
Set Commands Introduced in PAN-OS 10.1
Command line interface 'set' commands that are new in
PAN-OS 10.1.
The following commands are new in the 10.1 release:
set deviceconfig system non-ui-authentication-profile <value> set deviceconfig system hsm-settings provider ncipher-nshield-connect set deviceconfig system hsm-settings provider ncipher-nshield-connect hsm-server set deviceconfig system hsm-settings provider ncipher-nshield-connect hsm-server <name> set deviceconfig system hsm-settings provider ncipher-nshield-connect hsm-server <name> server-address <ip/netmask> set deviceconfig system hsm-settings provider ncipher-nshield-connect rfs-address <ip/netmask> set deviceconfig system snmp-setting access-setting version v3 users <name> authproto <SHA|SHA-224|SHA-256|SHA-384|SHA-512> set deviceconfig system snmp-setting access-setting version v3 users <name> privproto <AES|AES-192|AES-256>
set deviceconfig setting hawkeye set deviceconfig setting hawkeye public-cloud-server <value> set deviceconfig setting ctd cloud-dns-privacy-mask <yes|no> set deviceconfig setting ctd cloudapp-implicit-policy-enforce <yes|no> set deviceconfig setting ctd shm-quota-threshold <50-80> set deviceconfig setting ctd shared-memory-quota-dlp <0-100> set deviceconfig setting ctd shared-memory-quota-iot <0-100> set deviceconfig setting ctd shared-memory-quota-ace <0-100> set deviceconfig setting ssl-decrypt scan-handshake <yes|no> set deviceconfig setting management admin-session max-session-count <0-4> set deviceconfig setting management audit-tracking set deviceconfig setting management audit-tracking op-commands <yes|no> set deviceconfig setting management audit-tracking ui-actions <yes|no> set deviceconfig setting management audit-tracking send-syslog <value> set deviceconfig setting cloudapp set deviceconfig setting cloudapp disable <yes|no> set deviceconfig setting cloudapp cloudapp-srvr-addr set deviceconfig setting cloudapp cloudapp-srvr-addr address <ip/netmask>|<value>
set network interface ethernet<name> layer3 bonjour set network interface ethernet <name> layer3 bonjour enable <yes|no> set network interface ethernet <name> layer3 sdwan-link-settings upstream-nat set network interface ethernet <name> layer3 sdwan-link-settings upstream-nat enable <yes|no> set network interface ethernet <name> layer3 sdwan-link-settings upstream-nat static-ip set network interface ethernet <name> layer3 sdwan-link-settings upstream-nat static-ip ip-address <value>|<ip/netmask> set network interface ethernet <name> layer3 sdwan-link-settings upstream-nat static-ip fqdn <value> set network interface ethernet <name> layer3 sdwan-link-settings upstream-nat ddns set network interface ethernet <name> layer3 units <name> sdwan-link-settings set network interface ethernet <name> layer3 units <name> sdwan-link-settings enable <yes|no> set network interface ethernet <name> layer3 units <name> sdwan-link-settings sdwan-interface-profile <value> set network interface ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat set network interface ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat enable <yes|no> set network interface ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat static-ip set network interface ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat static-ip ip-address <value>|<ip/netmask> set network interface ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat static-ip fqdn <value> set network interface ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat ddns set network interface ethernet <name> layer3 units <name> bonjour set network interface ethernet <name> layer3 units <name> bonjour enable <yes|no> set network interface ethernet <name> layer3 units <name> ip <name> sdwan-gateway <ip/netmask>
set network interface aggregate-ethernet <name> layer3 bonjour set network interface aggregate-ethernet <name> layer3 bonjour enable <yes|no> set network interface aggregate-ethernet <name> layer3 ip <name> sdwan-gateway <ip/netmask> set network interface aggregate-ethernet <name> layer3 sdwan-link-settings set network interface aggregate-ethernet <name> layer3 sdwan-link-settings enable <yes|no> set network interface aggregate-ethernet <name> layer3 sdwan-link-settings sdwan-interface-profile <value> set network interface aggregate-ethernet <name> layer3 sdwan-link-settings upstream-nat set network interface aggregate-ethernet <name> layer3 sdwan-link-settings upstream-nat enable <yes|no> set network interface aggregate-ethernet <name> layer3 sdwan-link-settings upstream-nat static-ip set network interface aggregate-ethernet <name> layer3 sdwan-link-settings upstream-nat static-ip ip-address <value>|<ip/netmask> set network interface aggregate-ethernet <name> layer3 sdwan-link-settings upstream-nat static-ip fqdn <value> set network interface aggregate-ethernet <name> layer3 sdwan-link-settings upstream-nat ddns
set network interface aggregate-ethernet <name> layer3 units <name> bonjour set network interface aggregate-ethernet <name> layer3 units <name> bonjour enable <yes|no> set network interface aggregate-ethernet <name> layer3 units <name> ip <name> sdwan-gateway <ip/netmask> set network interface aggregate-ethernet <name> layer3 units <name> sdwan-link-settings set network interface aggregate-ethernet <name> layer3 units <name> sdwan-link-settings enable <yes|no> set network interface aggregate-ethernet <name> layer3 units <name> sdwan-link-settings sdwan-interface-profile <value> set network interface aggregate-ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat set network interface aggregate-ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat enable <yes|no> set network interface aggregate-ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat static-ip set network interface aggregate-ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat static-ip ip-address <value>|<ip/netmask> set network interface aggregate-ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat static-ip fqdn <value> set network interface aggregate-ethernet <name> layer3 units <name> sdwan-link-settings upstream-nat ddns set network interface loopback df-ignore <yes|no> set network interface sdwan units <name> link-tag <value>
set network tunnel ipsec<name> anti-replay-window <64|128|256|512|1024|2048|4096> set network virtual-router <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> source <value>|<DHCP|PPPOE> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> source <value>|<DHCP|PPPOE> set network shared-gateway <name> service <name> protocol tcp port <0-65535,...> set network shared-gateway <name> service <name> protocol tcp source-port <0-65535,...> set network shared-gateway <name> service <name> protocol udp port <0-65535,...> set network shared-gateway <name> service <name> protocol udp source-port <0-65535,...> set network shared-gateway <name> log-settings snmptrap <name> version v3 server <name> authproto <SHA|SHA-224|SHA-256|SHA-384|SHA-512> set network shared-gateway <name> log-settings snmptrap <name> version v3 server <name> privproto <AES|AES-192|AES-256> set network shared-gateway <name> rulebase network-packet-broker set network shared-gateway <name> rulebase network-packet-broker rules set network shared-gateway <name> rulebase network-packet-broker rules <name> set network shared-gateway <name> rulebase network-packet-broker rules <name> from [ <from1> <from2>... ] set network shared-gateway <name> rulebase network-packet-broker rules <name> to [ <to1> <to2>... ] set network shared-gateway <name> rulebase network-packet-broker rules <name> source [ <source1> <source2>... ] set network shared-gateway <name> rulebase network-packet-broker rules <name> source-user [ <source-user1> <source-user2>... ] set network shared-gateway <name> rulebase network-packet-broker rules <name> destination [ <destination1> <destination2>... ] set network shared-gateway <name> rulebase network-packet-broker rules <name> application [ <application1> <application2>... ] set network shared-gateway <name> rulebase network-packet-broker rules <name> service [ <service1> <service2>... ] set network shared-gateway <name> rulebase network-packet-broker rules <name> tag [ <tag1> <tag2>... ] set network shared-gateway <name> rulebase network-packet-broker rules <name> negate-source <yes|no> set network shared-gateway <name> rulebase network-packet-broker rules <name> negate-destination <yes|no> set network shared-gateway <name> rulebase network-packet-broker rules <name> disabled <yes|no> set network shared-gateway <name> rulebase network-packet-broker rules <name> description <value> set network shared-gateway <name> rulebase network-packet-broker rules <name> group-tag <value> set network shared-gateway <name> rulebase network-packet-broker rules <name> source-hip [ <source-hip1> <source-hip2>... ] set network shared-gateway <name> rulebase network-packet-broker rules <name> destination-hip [ <destination-hip1> <destination-hip2>... ] set network shared-gateway <name> rulebase network-packet-broker rules <name> traffic-type set network shared-gateway <name> rulebase network-packet-broker rules <name> traffic-type tls-decrypted <yes|no> set network shared-gateway <name> rulebase network-packet-broker rules <name> traffic-type tls-encrypted <yes|no> set network shared-gateway <name> rulebase network-packet-broker rules <name> traffic-type non-tls <yes|no> set network shared-gateway <name> rulebase network-packet-broker rules <name> action set network shared-gateway <name> rulebase network-packet-broker rules <name> action packet-broker-profile <value>
set shared service<name> protocol tcp port <0-65535,...> set shared service <name> protocol tcp source-port <0-65535,...> set shared service <name> protocol udp port <0-65535,...> set shared service <name> protocol udp source-port <0-65535,...> set shared profiles hip-objects <name> anti-malware criteria product-version within versions <1-1> set shared profiles hip-objects <name> anti-malware criteria product-version not-within versions <1-1> set shared profiles sdwan-saas-quality <name> monitor-mode static-ip ip-address <name> probe-interval <1-60> set shared profiles sdwan-saas-quality <name> monitor-mode static-ip fqdn probe-interval <1-60> set shared profiles sdwan-saas-quality <name> monitor-mode http-https probe-interval <3-60> set shared profiles sdwan-error-correction <name> mode forward-error-correction recovery-duration <1-5000> set shared profiles sdwan-error-correction <name> mode packet-duplication recovery-duration-pd <1-5000>
set shared reports<name> type thsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|rule|threatid|srcuser|dstuser|srcloc|dstloc|xff_ip|vsys|from|to|dev_serial|dport|action|severity|inbound_if|outbound_if|category|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|tunnel|direction|assoc_id|ppid|http2_connection|rule_uuid|threat_name|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subtype|tunnelid|monitortag|category-of-threatid|threat-type> set shared reports <name> type traffic group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|category|session_end_reason|action_source|nssai_sst|nssai_sd|http2_connection|xff_ip|dynusergroup_name|src_edl|dst_edl|hostid|session_owner|policy_id|offloaded|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|decrypt-mirror|threat-type|flag-nat|flag-pcap|captive-portal|flag-proxy|non-std-dport|transaction|sym-return|sessionid|flag-decrypt-fwd|tunnelid|monitortag> set shared reports <name> type urlsum group-by <serial|time_generated|vsys_name|device_name|app|category|src|dst|rule|srcuser|dstuser|srcloc|dstloc|vsys|from|to|dev_serial|inbound_if|outbound_if|dport|action|tunnel|url_domain|user_agent|http_method|http2_connection|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|rule_uuid|xff_ip|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|url_category_list|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag> set shared reports <name> type trsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|xff_ip|rule|srcuser|dstuser|srcloc|dstloc|category|vsys|from|to|dev_serial|dport|action|tunnel|inbound_if|outbound_if|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|assoc_id|http2_connection|rule_uuid|src_edl|dst_edl|dynusergroup_name|s_decrypted|s_encrypted|hostid|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag|standard-ports-of-app> set shared reports <name> type auth group-by <serial|time_generated|vsys_name|device_name|vsys|ip|user|normalize_user|object|authpolicy|authid|vendor|clienttype|event|factorno|authproto|rule_uuid|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|serverprofile|desc>
set shared reports<name> type hipmatch group-by <serial|time_generated|vsys_name|device_name|srcuser|vsys|machinename|src|matchname|os|matchtype|srcipv6|hostid|mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time> set shared reports <name> type hipmatch last-match-by <> set shared authentication-profile <name> method cloud set shared authentication-profile <name> method cloud region set shared authentication-profile <name> method cloud region region_id <value> set shared authentication-profile <name> method cloud region tenant set shared authentication-profile <name> method cloud region tenant tenant_id <value> set shared authentication-profile <name> method cloud region tenant profile set shared authentication-profile <name> method cloud region tenant profile profile_id <value> set shared authentication-profile <name> method cloud region tenant profile mfa set shared authentication-profile <name> method cloud region tenant profile mfa force-mfa <value> set shared authentication-profile <name> method cloud clock-skew <1-900> set shared log-settings snmptrap <name> version v3 server <name> authproto <SHA|SHA-224|SHA-256|SHA-384|SHA-512> set shared log-settings snmptrap <name> version v3 server <name> privproto <AES|AES-192|AES-256> set shared ssl-tls-service-profile <name> protocol-settings max-version <tls1-0|tls1-1|tls1-2|max> set shared admin-role <name> role device webui policies network-packet-broker-rulebase <enable|read-only|disable> set shared admin-role <name> role device webui objects packet-broker-profile <enable|read-only|disable> set shared admin-role <name> role device webui device plugins <enable|disable> set shared admin-role <name> role device webui device policy-recommendations set shared admin-role <name> role device webui device policy-recommendations iot <enable|read-only|disable> set shared admin-role <name> role device webui device policy-recommendations saas <enable|read-only|disable> set shared admin-role <name> role device restapi objects packet-broker-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects sdwan-saas-quality-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects sdwan-error-correction-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi policies network-packet-broker-rules <enable|read-only|disable> set shared admin-role <name> role device restapi device log-interface-setting <enable|read-only|disable> set shared admin-role <name> role device restapi system set shared admin-role <name> role device restapi system configuration <enable|read-only|disable> set shared admin-role <name> role vsys webui policies network-packet-broker-rulebase <enable|read-only|disable> set shared admin-role <name> role vsys webui objects packet-broker-profile <enable|read-only|disable> set shared admin-role <name> role vsys webui device policy-recommendations set shared admin-role <name> role vsys webui device policy-recommendations iot <enable|read-only|disable> set shared admin-role <name> role vsys webui device policy-recommendations saas <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects packet-broker-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects sdwan-saas-quality-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects sdwan-error-correction-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi policies network-packet-broker-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi device log-interface-setting <enable|read-only|disable> set shared admin-role <name> role vsys restapi system set shared admin-role <name> role vsys restapi system configuration <enable|read-only|disable> set shared user-id-hub set shared user-id-hub vsys <value> set shared user-id-hub ip-user-mapping <yes|no> set shared user-id-hub user-group-mapping <yes|no>
set vsys<name> authentication-profile <name> method cloud set vsys <name> authentication-profile <name> method cloud region set vsys <name> authentication-profile <name> method cloud region region_id <value> set vsys <name> authentication-profile <name> method cloud region tenant set vsys <name> authentication-profile <name> method cloud region tenant tenant_id <value> set vsys <name> authentication-profile <name> method cloud region tenant profile set vsys <name> authentication-profile <name> method cloud region tenant profile profile_id <value> set vsys <name> authentication-profile <name> method cloud region tenant profile mfa set vsys <name> authentication-profile <name> method cloud region tenant profile mfa force-mfa <value> set vsys <name> authentication-profile <name> method cloud clock-skew <1-900> set vsys <name> log-settings snmptrap <name> version v3 server <name> authproto <SHA|SHA-224|SHA-256|SHA-384|SHA-512> set vsys <name> log-settings snmptrap <name> version v3 server <name> privproto <AES|AES-192|AES-256> set vsys <name> ssl-tls-service-profile <name> protocol-settings max-version <tls1-0|tls1-1|tls1-2|max> set vsys <name> cloud-identity-engine set vsys <name> cloud-identity-engine <name> set vsys <name> cloud-identity-engine <name> region <value> set vsys <name> cloud-identity-engine <name> cloud-identity-engine-instance <value> set vsys <name> cloud-identity-engine <name> domain <value> set vsys <name> cloud-identity-engine <name> update-interval <5-1440> set vsys <name> cloud-identity-engine <name> enabled <yes|no> set vsys <name> cloud-identity-engine <name> primary-user <value> set vsys <name> cloud-identity-engine <name> user-email <value> set vsys <name> cloud-identity-engine <name> alt-username-1 <value> set vsys <name> cloud-identity-engine <name> alt-username-2 <value> set vsys <name> cloud-identity-engine <name> alt-username-3 <value> set vsys <name> cloud-identity-engine <name> group-name <value> set vsys <name> cloud-identity-engine <name> group-email <value> set vsys <name> cloud-identity-engine <name> endpoint-serial-number <value> set vsys <name> sdwan-interface-profile <name> vpn-failover-metric <1-65535> set vsys <name> global-protect global-protect-gateway <name> roles <name> inactivity-logout <5-43200> set vsys <name> profiles hip-objects <name> anti-malware criteria product-version within versions <1-1> set vsys <name> profiles hip-objects <name> anti-malware criteria product-version not-within versions <1-1> set vsys <name> profiles sdwan-saas-quality <name> monitor-mode static-ip ip-address <name> probe-interval <1-60> set vsys <name> profiles sdwan-saas-quality <name> monitor-mode http-https probe-interval <3-60> set vsys <name> profiles sdwan-error-correction <name> mode packet-duplication recovery-duration-pd <1-5000>
set vsys <name> profiles packet-broker set vsys <name> profiles packet-broker <name> set vsys <name> profiles packet-broker <name> description <value> set vsys <name> profiles packet-broker <name> interface-primary <value> set vsys <name> profiles packet-broker <name> transparent set vsys <name> profiles packet-broker <name> transparent enable-ipv6 <yes|no> set vsys <name> profiles packet-broker <name> routed set vsys <name> profiles packet-broker <name> routed security-chain set vsys <name> profiles packet-broker <name> routed security-chain <name> set vsys <name> profiles packet-broker <name> routed security-chain <name> enable <yes|no> set vsys <name> profiles packet-broker <name> routed security-chain <name> first-device <ip/netmask> set vsys <name> profiles packet-broker <name> routed security-chain <name> first-device-description <value> set vsys <name> profiles packet-broker <name> routed security-chain <name> last-device <ip/netmask> set vsys <name> profiles packet-broker <name> routed security-chain <name> last-device-description <value> set vsys <name> profiles packet-broker <name> routed distribution <round-robin|ip-modulo|ip-hash|lowest-latency> set vsys <name> profiles packet-broker <name> health-check set vsys <name> profiles packet-broker <name> health-check failure-action <bypass|block> set vsys <name> profiles packet-broker <name> health-check failure-condition <any|all> set vsys <name> profiles packet-broker <name> health-check path-enable <yes|no> set vsys <name> profiles packet-broker <name> health-check path-interval-s <1-60> set vsys <name> profiles packet-broker <name> health-check path-recovery-hold-s <0-65535> set vsys <name> profiles packet-broker <name> health-check http-enable <yes|no> set vsys <name> profiles packet-broker <name> health-check http-count <1-10> set vsys <name> profiles packet-broker <name> health-check http-interval-s <1-60> set vsys <name> profiles packet-broker <name> health-check http-latency-enable <yes|no> set vsys <name> profiles packet-broker <name> health-check http-latency-maximum-ms <10-65535> set vsys <name> profiles packet-broker <name> health-check http-latency-duration-s <1-65535> set vsys <name> profiles packet-broker <name> health-check http-latency-log-exceeded <yes|no> set vsys <name> service <name> protocol tcp port <0-65535,...> set vsys <name> service <name> protocol udp port <0-65535,...> set vsys <name> service <name> protocol udp source-port <0-65535,...> set vsys <name> authentication-profile <name> method cloud set vsys <name> authentication-profile <name> method cloud region set vsys <name> authentication-profile <name> method cloud region region_id <value> set vsys <name> authentication-profile <name> method cloud region tenant set vsys <name> authentication-profile <name> method cloud region tenant tenant_id <value> set vsys <name> authentication-profile <name> method cloud region tenant profile set vsys <name> authentication-profile <name> method cloud region tenant profile profile_id <value> set vsys <name> authentication-profile <name> method cloud region tenant profile mfa set vsys <name> authentication-profile <name> method cloud region tenant profile mfa force-mfa <value> set vsys <name> authentication-profile <name> method cloud clock-skew <1-900> set vsys <name> log-settings snmptrap <name> version v3 server <name> authproto <SHA|SHA-224|SHA-256|SHA-384|SHA-512> set vsys <name> log-settings snmptrap <name> version v3 server <name> privproto <AES|AES-192|AES-256> set vsys <name> ssl-tls-service-profile <name> protocol-settings max-version <tls1-0|tls1-1|tls1-2|max>
set vsys<name> cloud-identity-engine set vsys <name> cloud-identity-engine <name> set vsys <name> cloud-identity-engine <name> region <value> set vsys <name> cloud-identity-engine <name> cloud-identity-engine-instance <value> set vsys <name> cloud-identity-engine <name> domain <value> set vsys <name> cloud-identity-engine <name> update-interval <5-1440> set vsys <name> cloud-identity-engine <name> enabled <yes|no> set vsys <name> cloud-identity-engine <name> primary-user <value> set vsys <name> cloud-identity-engine <name> user-email <value> set vsys <name> cloud-identity-engine <name> alt-username-1 <value> set vsys <name> cloud-identity-engine <name> alt-username-2 <value> set vsys <name> cloud-identity-engine <name> alt-username-3 <value> set vsys <name> cloud-identity-engine <name> group-name <value> set vsys <name> cloud-identity-engine <name> group-email <value> set vsys <name> cloud-identity-engine <name> endpoint-serial-number <value> set vsys <name> sdwan-interface-profile <name> vpn-failover-metric <1-65535> set vsys <name> global-protect global-protect-gateway <name> roles <name> inactivity-logout <5-43200> set vsys <name> profiles hip-objects <name> anti-malware criteria product-version within versions <1-1> set vsys <name> profiles hip-objects <name> anti-malware criteria product-version not-within versions <1-1> set vsys <name> profiles sdwan-saas-quality <name> monitor-mode static-ip ip-address <name> probe-interval <1-60> set vsys <name> profiles sdwan-saas-quality <name> monitor-mode http-https probe-interval <3-60> set vsys <name> profiles sdwan-error-correction <name> mode packet-duplication recovery-duration-pd <1-5000> set vsys <name> profiles packet-broker set vsys <name> profiles packet-broker <name> set vsys <name> profiles packet-broker <name> description <value> set vsys <name> profiles packet-broker <name> interface-primary <value> set vsys <name> profiles packet-broker <name> transparent set vsys <name> profiles packet-broker <name> transparent enable-ipv6 <yes|no> set vsys <name> profiles packet-broker <name> routed set vsys <name> profiles packet-broker <name> routed security-chain set vsys <name> profiles packet-broker <name> routed security-chain <name> set vsys <name> profiles packet-broker <name> routed security-chain <name> enable <yes|no> set vsys <name> profiles packet-broker <name> routed security-chain <name> first-device <ip/netmask> set vsys <name> profiles packet-broker <name> routed security-chain <name> first-device-description <value> set vsys <name> profiles packet-broker <name> routed security-chain <name> last-device <ip/netmask> set vsys <name> profiles packet-broker <name> routed security-chain <name> last-device-description <value> set vsys <name> profiles packet-broker <name> routed distribution <round-robin|ip-modulo|ip-hash|lowest-latency> set vsys <name> profiles packet-broker <name> health-check set vsys <name> profiles packet-broker <name> health-check failure-action <bypass|block> set vsys <name> profiles packet-broker <name> health-check failure-condition <any|all> set vsys <name> profiles packet-broker <name> health-check path-enable <yes|no> set vsys <name> profiles packet-broker <name> health-check path-interval-s <1-60> set vsys <name> profiles packet-broker <name> health-check path-recovery-hold-s <0-65535> set vsys <name> profiles packet-broker <name> health-check http-enable <yes|no> set vsys <name> profiles packet-broker <name> health-check http-count <1-10> set vsys <name> profiles packet-broker <name> health-check http-interval-s <1-60> set vsys <name> profiles packet-broker <name> health-check http-latency-enable <yes|no> set vsys <name> profiles packet-broker <name> health-check http-latency-maximum-ms <10-65535> set vsys <name> profiles packet-broker <name> health-check http-latency-duration-s <1-65535> set vsys <name> profiles packet-broker <name> health-check http-latency-log-exceeded <yes|no> set vsys <name> service <name> protocol tcp port <0-65535,...> set vsys <name> service <name> protocol udp port <0-65535,...> set vsys <name> service <name> protocol udp source-port <0-65535,...> set vsys <name> reports <name> type decryption group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|tls_version|tls_keyxchg|tls_enc|tls_auth|ec_curve|err_index|root_status|proxy_type|policy_name|cn|issuer_cn|root_cn|sni|error|src_dag|dst_dag|src_edl|dst_edl|container_id|pod_namespace|pod_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time> set vsys <name> reports <name> type desum group-by <serial|time_generated|vsys_name|device_name|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|app|src|dst|srcuser|dstuser|vsys|tls_version|tls_keyxchg|tls_enc|tls_auth|sni|error|err_index|src_edl|dst_edl|container_id|pod_namespace|pod_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time> set vsys <name> reports <name> type threat group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|threatid|category|severity|direction|http_method|nssai_sst|filedigest|filetype|http2_connection|xff_ip|threat_name|src_edl|dst_edl|dynusergroup_name|hostid|partial_hash|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|misc|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|flag-nat|flag-pcap|subtype|transaction|captive-portal|flag-proxy|non-std-dport|tunnelid|monitortag|users|category-of-threatid|threat-type> set vsys <name> reports <name> type thsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|rule|threatid|srcuser|dstuser|srcloc|dstloc|xff_ip|vsys|from|to|dev_serial|dport|action|severity|inbound_if|outbound_if|category|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|tunnel|direction|assoc_id|ppid|http2_connection|rule_uuid|threat_name|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subtype|tunnelid|monitortag|category-of-threatid|threat-type> set vsys <name> reports <name> type traffic group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|category|session_end_reason|action_source|nssai_sst|nssai_sd|http2_connection|xff_ip|dynusergroup_name|src_edl|dst_edl|hostid|session_owner|policy_id|offloaded|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|decrypt-mirror|threat-type|flag-nat|flag-pcap|captive-portal|flag-proxy|non-std-dport|transaction|sym-return|sessionid|flag-decrypt-fwd|tunnelid|monitortag> set vsys <name> reports <name> type urlsum group-by <serial|time_generated|vsys_name|device_name|app|category|src|dst|rule|srcuser|dstuser|srcloc|dstloc|vsys|from|to|dev_serial|inbound_if|outbound_if|dport|action|tunnel|url_domain|user_agent|http_method|http2_connection|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|rule_uuid|xff_ip|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|url_category_list|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag> set vsys <name> reports <name> type trsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|xff_ip|rule|srcuser|dstuser|srcloc|dstloc|category|vsys|from|to|dev_serial|dport|action|tunnel|inbound_if|outbound_if|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|assoc_id|http2_connection|rule_uuid|src_edl|dst_edl|dynusergroup_name|s_decrypted|s_encrypted|hostid|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag|standard-ports-of-app> set vsys <name> reports <name> type auth group-by <serial|time_generated|vsys_name|device_name|vsys|ip|user|normalize_user|object|authpolicy|authid|vendor|clienttype|event|factorno|authproto|rule_uuid|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|serverprofile|desc> set vsys <name> reports <name> type hipmatch group-by <serial|time_generated|vsys_name|device_name|srcuser|vsys|machinename|src|matchname|os|matchtype|srcipv6|hostid|mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time>
set vsys <name> reports <name> type hipmatch last-match-by <> set vsys <name> rulebase decryption rules <name> action <no-decrypt|decrypt> set vsys <name> rulebase network-packet-broker set vsys <name> rulebase network-packet-broker rules set vsys <name> rulebase network-packet-broker rules <name> set vsys <name> rulebase network-packet-broker rules <name> from [ <from1> <from2>... ] set vsys <name> rulebase network-packet-broker rules <name> to [ <to1> <to2>... ] set vsys <name> rulebase network-packet-broker rules <name> source [ <source1> <source2>... ] set vsys <name> rulebase network-packet-broker rules <name> source-user [ <source-user1> <source-user2>... ] set vsys <name> rulebase network-packet-broker rules <name> destination [ <destination1> <destination2>... ] set vsys <name> rulebase network-packet-broker rules <name> application [ <application1> <application2>... ] set vsys <name> rulebase network-packet-broker rules <name> service [ <service1> <service2>... ] set vsys <name> rulebase network-packet-broker rules <name> tag [ <tag1> <tag2>... ] set vsys <name> rulebase network-packet-broker rules <name> negate-source <yes|no> set vsys <name> rulebase network-packet-broker rules <name> negate-destination <yes|no> set vsys <name> rulebase network-packet-broker rules <name> disabled <yes|no> set vsys <name> rulebase network-packet-broker rules <name> description <value> set vsys <name> rulebase network-packet-broker rules <name> group-tag <value> set vsys <name> rulebase network-packet-broker rules <name> source-hip [ <source-hip1> <source-hip2>... ] set vsys <name> rulebase network-packet-broker rules <name> destination-hip [ <destination-hip1> <destination-hip2>... ] set vsys <name> rulebase network-packet-broker rules <name> traffic-type set vsys <name> rulebase network-packet-broker rules <name> traffic-type tls-decrypted <yes|no> set vsys <name> rulebase network-packet-broker rules <name> traffic-type tls-encrypted <yes|no> set vsys <name> rulebase network-packet-broker rules <name> traffic-type non-tls <yes|no> set vsys <name> rulebase network-packet-broker rules <name> action set vsys <name> rulebase network-packet-broker rules <name> action packet-broker-profile <value>