: Set Commands Introduced in PAN-OS 11.2
Focus
Focus

Set Commands Introduced in PAN-OS 11.2

Table of Contents

Set Commands Introduced in PAN-OS 11.2

Command line interface 'set' commands that are new in PAN-OS 112.
The following commands are new in the 11.2 release:
set deviceconfig system mtu <576-1500> set deviceconfig system dns-setting servers encrypted-dns set deviceconfig system dns-setting servers encrypted-dns connection-type set deviceconfig system dns-setting servers encrypted-dns connection-type dns-over-https set deviceconfig system dns-setting servers encrypted-dns connection-type dns-over-tls set deviceconfig system dns-setting servers encrypted-dns enable-fallback <yes|no> set deviceconfig system dns-setting servers encrypted-dns tcp-timeout <1-10> set deviceconfig system panorama cloud-service tcp-port <default|443> set deviceconfig system panorama cloud-service compress-config <yes|no> set deviceconfig system inline-cloud-proxy <yes|no> set deviceconfig system dns-security-server <value> set deviceconfig system route service set deviceconfig system route service <name> set deviceconfig system route service <name> source set deviceconfig system route service <name> source interface <value> set deviceconfig system route service <name> source address <value> set deviceconfig system route service <name> source-v6 set deviceconfig system route service <name> source-v6 interface <value> set deviceconfig system route service <name> source-v6 address <value> set deviceconfig setting mlav set deviceconfig setting mlav cloud-server <value> set deviceconfig setting dns set deviceconfig setting dns dns-cloud-server <value> set deviceconfig setting adns-setting set deviceconfig setting adns-setting max-latency <1-15000> set deviceconfig setting ssl-decrypt use-mp-sess-cache <yes|no> set deviceconfig setting session packet-buffer-protection-use-buffer <yes|no> set deviceconfig setting session persistent-dipp-alert-enable <yes|no> set deviceconfig setting session persistent-dipp-alert-threshold <1-99> set deviceconfig setting session persistent-dipp-alert-interval <1-120> set deviceconfig setting session offload <yes|no> set deviceconfig setting iot edge enable-saas-edge-service <yes|no> set deviceconfig setting iot edge saas-edge-address <ip/netmask>|<value> set deviceconfig setting additional-header-logging set deviceconfig setting additional-header-logging enable <yes|no> set deviceconfig setting additional-header-logging disable-apps [ <disable-apps1> <disable-apps2>... ] set deviceconfig setting additional-header-logging enable-apps [ <enable-apps1> <enable-apps2>... ] set deviceconfig setting cloud-userid segment-assignment <cloud-identity-engine|panorama> set deviceconfig setting session-tracking set deviceconfig setting session-tracking disable <yes|no> set deviceconfig setting session-tracking user-re-authentication set deviceconfig setting session-tracking user-re-authentication disable <yes|no> set deviceconfig high-availability interface ha1 port <value>|<ha1-a|ha1-b|management> set deviceconfig high-availability interface ha1 link-speed <auto|10|100|1000> set deviceconfig high-availability interface ha1 link-duplex <auto|full|half> set deviceconfig high-availability interface ha1-backup port <value>|<ha1-a|ha1-b|management> set deviceconfig high-availability interface ha1-backup link-speed <auto|10|100|1000> set deviceconfig high-availability interface ha1-backup link-duplex <auto|full|half> set deviceconfig high-availability interface ha2 port <value>|<hsci> set deviceconfig high-availability interface ha2-backup port <value>|<hsci> set deviceconfig high-availability interface ha3 port <value>|<hsci> set network profiles zone-protection-profile <name> block-ip-protocol set network profiles zone-protection-profile <name> block-ip-protocol protocol set network profiles zone-protection-profile <name> block-ip-protocol protocol <name> set network profiles zone-protection-profile <name> block-ip-protocol protocol <name> ip-proto-num <1-255> set network profiles zone-protection-profile <name> block-ip-protocol protocol <name> enable <yes|no> set network profiles bfd-profile <name> min-tx-interval <100-10000> set network profiles bfd-profile <name> min-rx-interval <100-10000> set network interface ethernet <name> link-speed <value> set network interface ethernet <name> link-duplex <value> set network interface ethernet <name> virtual-wire lldp high-availability set network interface ethernet <name> virtual-wire lldp high-availability passive-pre-negotiation <yes|no> set network interface ethernet <name> virtual-wire lacp set network interface ethernet <name> virtual-wire lacp high-availability set network interface ethernet <name> virtual-wire lacp high-availability passive-pre-negotiation <yes|no> set network interface ethernet <name> layer2 lldp high-availability set network interface ethernet <name> layer2 lldp high-availability passive-pre-negotiation <yes|no> set network interface ethernet <name> layer3 df-ignore <yes|no> set network interface ethernet <name> layer3 bonjour set network interface ethernet <name> layer3 bonjour enable <yes|no> set network interface ethernet <name> layer3 proxy-protocol port set network interface ethernet <name> layer3 proxy-protocol port start <1-65535> set network interface ethernet <name> layer3 proxy-protocol port end <1-65535> set network interface ethernet <name> layer3 units <name> df-ignore <yes|no> set network interface ethernet <name> layer3 units <name> bonjour set network interface ethernet <name> layer3 units <name> bonjour enable <yes|no> set network interface ethernet <name> layer3 lldp high-availability set network interface ethernet <name> layer3 lldp high-availability passive-pre-negotiation <yes|no> set network interface ethernet <name> lacp set network interface ethernet <name> lacp port-priority <1-65535> set network interface aggregate-ethernet <name> ha lacp set network interface aggregate-ethernet <name> ha lacp enable <yes|no> set network interface aggregate-ethernet <name> ha lacp fast-failover <yes|no> set network interface aggregate-ethernet <name> ha lacp mode <passive|active> set network interface aggregate-ethernet <name> ha lacp transmission-rate <fast|slow> set network interface aggregate-ethernet <name> ha lacp system-priority <1-65535> set network interface aggregate-ethernet <name> ha lacp max-ports <1-8> set network interface aggregate-ethernet <name> virtual-wire lldp high-availability set network interface aggregate-ethernet <name> virtual-wire lldp high-availability passive-pre-negotiation <yes|no> set network interface aggregate-ethernet <name> layer2 lacp set network interface aggregate-ethernet <name> layer2 lacp enable <yes|no> set network interface aggregate-ethernet <name> layer2 lacp fast-failover <yes|no> set network interface aggregate-ethernet <name> layer2 lacp mode <passive|active> set network interface aggregate-ethernet <name> layer2 lacp transmission-rate <fast|slow> set network interface aggregate-ethernet <name> layer2 lacp system-priority <1-65535> set network interface aggregate-ethernet <name> layer2 lacp max-ports <1-8> set network interface aggregate-ethernet <name> layer2 lacp high-availability set network interface aggregate-ethernet <name> layer2 lacp high-availability use-same-system-mac set network interface aggregate-ethernet <name> layer2 lacp high-availability use-same-system-mac enable <yes|no> set network interface aggregate-ethernet <name> layer2 lacp high-availability use-same-system-mac mac-address <value> set network interface aggregate-ethernet <name> layer2 lacp high-availability passive-pre-negotiation <yes|no> set network interface aggregate-ethernet <name> layer2 lldp high-availability set network interface aggregate-ethernet <name> layer2 lldp high-availability passive-pre-negotiation <yes|no> set network interface aggregate-ethernet <name> layer3 df-ignore <yes|no> set network interface aggregate-ethernet <name> layer3 bonjour set network interface aggregate-ethernet <name> layer3 bonjour enable <yes|no> set network interface aggregate-ethernet <name> layer3 lacp set network interface aggregate-ethernet <name> layer3 lacp enable <yes|no> set network interface aggregate-ethernet <name> layer3 lacp fast-failover <yes|no> set network interface aggregate-ethernet <name> layer3 lacp mode <passive|active> set network interface aggregate-ethernet <name> layer3 lacp transmission-rate <fast|slow> set network interface aggregate-ethernet <name> layer3 lacp system-priority <1-65535> set network interface aggregate-ethernet <name> layer3 lacp max-ports <1-8> set network interface aggregate-ethernet <name> layer3 lacp high-availability set network interface aggregate-ethernet <name> layer3 lacp high-availability use-same-system-mac set network interface aggregate-ethernet <name> layer3 lacp high-availability use-same-system-mac enable <yes|no> set network interface aggregate-ethernet <name> layer3 lacp high-availability use-same-system-mac mac-address <value> set network interface aggregate-ethernet <name> layer3 lacp high-availability passive-pre-negotiation <yes|no> set network interface aggregate-ethernet <name> layer3 lldp high-availability set network interface aggregate-ethernet <name> layer3 lldp high-availability passive-pre-negotiation <yes|no> set network interface aggregate-ethernet <name> layer3 units <name> df-ignore <yes|no> set network interface aggregate-ethernet <name> layer3 units <name> bonjour set network interface aggregate-ethernet <name> layer3 units <name> bonjour enable <yes|no> set network interface vlan df-ignore <yes|no> set network interface vlan units <name> df-ignore <yes|no> set network interface tunnel df-ignore <yes|no> set network interface tunnel units <name> df-ignore <yes|no> set network ike gateway <name> protocol ikev2 pq-ppk set network ike gateway <name> protocol ikev2 pq-ppk enabled <yes|no> set network ike gateway <name> protocol ikev2 pq-ppk negotiation-mode <preferred|mandatory> set network ike gateway <name> protocol ikev2 pq-ppk keys set network ike gateway <name> protocol ikev2 pq-ppk keys <name> set network ike gateway <name> protocol ikev2 pq-ppk keys <name> key <value> set network ike gateway <name> protocol ikev2 pq-ppk keys <name> enabled <yes|no> set network ike gateway <name> protocol ikev2 pq-kem set network ike gateway <name> protocol ikev2 pq-kem enable <yes|no> set network ike gateway <name> protocol ikev2 pq-kem negotiation-mode <preferred|mandatory> set network ike gateway <name> protocol ikev2 pq-kem block-vulnerable-cipher <yes|no> set network ike gateway <name> protocol ikev2 ikev2-fragment set network ike gateway <name> protocol ikev2 ikev2-fragment enable <yes|no> set network ike gateway <name> protocol ikev2 ikev2-fragment size <200-2048> set network ike crypto-profiles ike-crypto-profiles <name> ake set network ike crypto-profiles ike-crypto-profiles <name> ake ake-1 [ <ake-11> <ake-12>... ] set network ike crypto-profiles ike-crypto-profiles <name> ake ake-2 [ <ake-21> <ake-22>... ] set network ike crypto-profiles ike-crypto-profiles <name> ake ake-3 [ <ake-31> <ake-32>... ] set network ike crypto-profiles ike-crypto-profiles <name> ake ake-4 [ <ake-41> <ake-42>... ] set network ike crypto-profiles ike-crypto-profiles <name> ake ake-5 [ <ake-51> <ake-52>... ] set network ike crypto-profiles ike-crypto-profiles <name> ake ake-6 [ <ake-61> <ake-62>... ] set network ike crypto-profiles ike-crypto-profiles <name> ake ake-7 [ <ake-71> <ake-72>... ] set network ike crypto-profiles ike-crypto-profiles <name> ake enabled <yes|no> set network ike crypto-profiles ipsec-crypto-profiles <name> dh-group <no-pfs|group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761> set network ike crypto-profiles ipsec-crypto-profiles <name> ake set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-1 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761> set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-2 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761> set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-3 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761> set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-4 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761> set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-5 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761> set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-6 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761> set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-7 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761> set network tunnel gre <name> peer-address set network tunnel gre <name> peer-address fqdn set network tunnel gre <name> peer-address fqdn fqdn-name <value> set network tunnel ipsec <name> proxy-id-strict-matching <yes|no> set network qos interface <name> regular-traffic groups <name> members <name> match local-address destination_interface <value> set network virtual-router <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> source <value>|<DHCP|PPPOE|CELLULAR> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> source <value>|<DHCP|PPPOE|CELLULAR> set network routing-profile filters prefix-list <name> type ipv4 ipv4-entry <name> prefix entry network <ip/netmask>|<value> set network routing-profile filters route-maps redistribution redist-entry <name> connected-static bgp route-map <name> match tag <1-4294967295> set network routing-profile filters route-maps redistribution redist-entry <name> connected-static ospf route-map <name> match tag <1-4294967295> set network routing-profile filters route-maps redistribution redist-entry <name> connected-static ospfv3 route-map <name> match tag <1-4294967295> set network routing-profile filters route-maps redistribution redist-entry <name> connected-static rip route-map <name> match tag <1-4294967295> set network routing-profile filters route-maps redistribution redist-entry <name> connected-static rib route-map <name> match tag <1-4294967295> set network routing-profile bfd <name> min-tx-interval <100-10000> set network routing-profile bfd <name> min-rx-interval <100-10000> set network dns-proxy <name> encrypted-dns set network dns-proxy <name> encrypted-dns enabled <yes|no> set network dns-proxy <name> encrypted-dns server-side-config set network dns-proxy <name> encrypted-dns server-side-config connection-type set network dns-proxy <name> encrypted-dns server-side-config connection-type dns-over-https set network dns-proxy <name> encrypted-dns server-side-config connection-type dns-over-tls set network dns-proxy <name> encrypted-dns server-side-config connection-type origin set network dns-proxy <name> encrypted-dns server-side-config connection-type cleartext set network dns-proxy <name> encrypted-dns server-side-config enable-fallback <yes|no> set network dns-proxy <name> encrypted-dns server-side-config tcp-timeout <1-10> set network dns-proxy <name> encrypted-dns client-side-config set network dns-proxy <name> encrypted-dns client-side-config allowed-dns-types set network dns-proxy <name> encrypted-dns client-side-config allowed-dns-types dns-over-https <yes|no> set network dns-proxy <name> encrypted-dns client-side-config allowed-dns-types dns-over-tls <yes|no> set network dns-proxy <name> encrypted-dns client-side-config allowed-dns-types cleartext <yes|no> set network dns-proxy <name> encrypted-dns client-side-config ssl-tls-service-profile <value> set shared reports <name> type decryption group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|tls_version|tls_keyxchg|tls_enc|tls_auth|ec_curve|err_index|root_status|proxy_type|policy_name|cn|issuer_cn|root_cn|sni|error|cluster_name|src_dag|dst_dag|src_edl|dst_edl|container_id|pod_namespace|pod_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time> set shared reports <name> type threat group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|parent_session_id_64|threatid|category|severity|direction|http_method|nssai_sst|filedigest|filetype|http2_connection|xff_ip|threat_name|src_edl|dst_edl|dynusergroup_name|hostid|partial_hash|cloud_reportid|cluster_name|flow_type|http2_connection_64|local_deep_learning|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|misc|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|flag-nat|flag-pcap|subtype|transaction|captive-portal|flag-proxy|non-std-dport|tunnelid|monitortag|users|category-of-threatid|threat-type> set shared reports <name> type url group-by <additional_headers|action|app|category|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|http_headers|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|contenttype|user_agent|device_name|vsys_name|url|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|http_method|url_category_list|xff_ip|container_id|pod_namespace|pod_name|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|cloud_reportid|additional_headers> set shared reports <name> type wildfire group-by <app|category|category-of-app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl> set shared reports <name> type data group-by <action|app|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|subtype|technology-of-app|container-of-app|threatid|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|data-type|filename|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac> set shared reports <name> type thsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|rule|threatid|srcuser|dstuser|srcloc|dstloc|xff_ip|vsys|from|to|dev_serial|dport|action|severity|inbound_if|outbound_if|category|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|tunnel|direction|assoc_id|ppid|http2_connection|rule_uuid|threat_name|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|cluster_name|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subtype|tunnelid|monitortag|category-of-threatid|threat-type> set shared reports <name> type traffic group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|parent_session_id_64|category|session_end_reason|action_source|nssai_sst|nssai_sd|http2_connection|xff_ip|dynusergroup_name|src_edl|dst_edl|hostid|session_owner|policy_id|offloaded|flow_type|cluster_name|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|decrypt-mirror|threat-type|flag-nat|flag-pcap|captive-portal|flag-proxy|non-std-dport|transaction|sym-return|sessionid|flag-decrypt-fwd|tunnelid|monitortag> set shared reports <name> type urlsum group-by <serial|time_generated|vsys_name|device_name|app|category|src|dst|rule|srcuser|dstuser|srcloc|dstloc|vsys|from|to|dev_serial|inbound_if|outbound_if|dport|action|tunnel|url_domain|user_agent|http_method|http2_connection|http2_connection_64|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|rule_uuid|xff_ip|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|cluster_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|url_category_list|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag> set shared reports <name> type trsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|xff_ip|rule|srcuser|dstuser|srcloc|dstloc|category|vsys|from|to|dev_serial|dport|action|tunnel|inbound_if|outbound_if|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|assoc_id|http2_connection|rule_uuid|src_edl|dst_edl|dynusergroup_name|s_decrypted|s_encrypted|hostid|nssai_sst|cluster_name|flow_type|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag|standard-ports-of-app> set shared override application <name> timeout <0-35712000> set shared log-settings correlation set shared log-settings correlation match-list set shared log-settings correlation match-list <name> set shared log-settings correlation match-list <name> description <value> set shared log-settings correlation match-list <name> filter <value> set shared log-settings correlation match-list <name> send-snmptrap [ <send-snmptrap1> <send-snmptrap2>... ] set shared log-settings correlation match-list <name> send-email [ <send-email1> <send-email2>... ] set shared log-settings correlation match-list <name> send-syslog [ <send-syslog1> <send-syslog2>... ] set shared log-settings correlation match-list <name> send-http [ <send-http1> <send-http2>... ] set shared log-settings correlation match-list <name> quarantine <yes|no> set shared log-settings correlation match-list <name> actions set shared log-settings correlation match-list <name> actions <name> set shared log-settings correlation match-list <name> actions <name> type set shared log-settings correlation match-list <name> actions <name> type tagging set shared log-settings correlation match-list <name> actions <name> type tagging target <source-address|destination-address|xff-address|user> set shared log-settings correlation match-list <name> actions <name> type tagging action <add-tag|remove-tag> set shared log-settings correlation match-list <name> actions <name> type tagging registration set shared log-settings correlation match-list <name> actions <name> type tagging registration localhost set shared log-settings correlation match-list <name> actions <name> type tagging registration panorama set shared log-settings correlation match-list <name> actions <name> type tagging registration remote set shared log-settings correlation match-list <name> actions <name> type tagging registration remote http-profile <value> set shared log-settings correlation match-list <name> actions <name> type tagging timeout <0-43200> set shared log-settings correlation match-list <name> actions <name> type tagging tags [ <tags1> <tags2>... ] set shared log-settings email <name> format correlation <value> set shared log-settings syslog <name> format correlation <value> set shared log-settings http <name> format correlation set shared log-settings http <name> format correlation name <value> set shared log-settings http <name> format correlation url-format <value> set shared log-settings http <name> format correlation headers set shared log-settings http <name> format correlation headers <name> set shared log-settings http <name> format correlation headers <name> value <value> set shared log-settings http <name> format correlation params set shared log-settings http <name> format correlation params <name> set shared log-settings http <name> format correlation params <name> value <value> set shared log-settings http <name> format correlation payload <value> set shared log-settings profiles <name> match-list <name> log-type <traffic|threat|wildfire|url|data|tunnel|auth|decryption> set shared response-page remote-browser-isolation set shared response-page remote-browser-isolation url-isolate-page <value> set shared response-page remote-browser-isolation http-post-redirect <value> set shared response-page url-reply set shared response-page url-reply url-reply-page <value> set shared response-page url-reply url-reply-code <100-999> set shared admin-role <name> role device webui objects user-context-segment <enable|read-only|disable> set shared admin-role <name> role device webui network global-protect dhcp-profile <enable|read-only|disable> set shared admin-role <name> role device webui device log-settings correlation <enable|read-only|disable> set import resource max-security-rules <0-5000> set dns-proxy <name> encrypted-dns set dns-proxy <name> encrypted-dns enabled <yes|no> set dns-proxy <name> encrypted-dns server-side-config set dns-proxy <name> encrypted-dns server-side-config connection-type set dns-proxy <name> encrypted-dns server-side-config connection-type dns-over-https set dns-proxy <name> encrypted-dns server-side-config connection-type dns-over-tls set dns-proxy <name> encrypted-dns server-side-config connection-type origin set dns-proxy <name> encrypted-dns server-side-config connection-type cleartext set dns-proxy <name> encrypted-dns server-side-config enable-fallback <yes|no> set dns-proxy <name> encrypted-dns server-side-config tcp-timeout <1-10> set dns-proxy <name> encrypted-dns client-side-config set dns-proxy <name> encrypted-dns client-side-config allowed-dns-types set dns-proxy <name> encrypted-dns client-side-config allowed-dns-types dns-over-https <yes|no> set dns-proxy <name> encrypted-dns client-side-config allowed-dns-types dns-over-tls <yes|no> set dns-proxy <name> encrypted-dns client-side-config allowed-dns-types cleartext <yes|no> set dns-proxy <name> encrypted-dns client-side-config ssl-tls-service-profile <value> set captive-portal redirect-host-v6 <ip/netmask>|<value> set zone <name> network log-setting <value> set zone <name> network set zone <name> network tap [ <tap1> <tap2>... ] set zone <name> network virtual-wire [ <virtual-wire1> <virtual-wire2>... ] set zone <name> network layer2 [ <layer21> <layer22>... ] set zone <name> network layer3 [ <layer31> <layer32>... ] set zone <name> network tunnel set zone <name> user-acl set zone <name> user-acl include-list [ <include-list1> <include-list2>... ] set zone <name> user-acl exclude-list [ <exclude-list1> <exclude-list2>... ] set zone <name> device-acl set zone <name> device-acl include-list [ <include-list1> <include-list2>... ] set zone <name> device-acl exclude-list [ <exclude-list1> <exclude-list2>... ] set zone <name> set zone <name> enable-user-identification <yes|no> set zone <name> enable-device-identification <yes|no> set zone <name> network zone-protection-profile <value> set zone <name> network enable-packet-buffer-protection <yes|no> set zone <name> network net-inspection <yes|no> set zone <name> network prenat-identification set zone <name> network prenat-identification enable-prenat-user-identification <yes|no> set zone <name> network prenat-identification enable-prenat-device-identification <yes|no> set zone <name> network prenat-identification enable-prenat-source-policy-lookup <yes|no> set zone <name> network prenat-identification enable-prenat-source-ip-downstream <yes|no> set sdwan-interface-profile <name> link-type <ADSL/DSL|Cablemodem|Ethernet|Fiber|LTE/3G/4G/5G|MPLS|Microwave/Radio|Satellite|WiFi|Private1|Private2|Private3|Private4|Other> set global-protect global-protect-gateway <name> gp-gw-dhcp enable-dhcp <yes|no> set global-protect global-protect-gateway <name> gp-gw-dhcp dhcp-timeout <1-30> set global-protect global-protect-gateway <name> gp-gw-dhcp retry-times <0-3> set global-protect global-protect-gateway <name> gp-gw-dhcp gp-dhcp-server set global-protect global-protect-gateway <name> gp-gw-dhcp gp-dhcp-server <name> set global-protect global-protect-gateway <name> gp-gw-dhcp gp-dhcp-server <name> type <secondary|primary> set profiles spyware <name> botnet-domains advanced-dns-security-categories set profiles spyware <name> botnet-domains advanced-dns-security-categories <name> set profiles spyware <name> botnet-domains advanced-dns-security-categories <name> action <default|allow|alert|block|sinkhole> set profiles spyware <name> botnet-domains advanced-dns-security-categories <name> log-level <default|none|low|informational|medium|high|critical> set profiles spyware <name> botnet-domains misconfig-zone set profiles spyware <name> botnet-domains misconfig-zone <name> set profiles spyware <name> botnet-domains misconfig-zone <name> description <value> set profiles spyware <name> mica-engine-spyware-enabled <name> local-deep-learning <enable|disable> set profiles url-filtering <name> isolate [ <isolate1> <isolate2>... ] set profiles url-filtering <name> block-reply [ <block-reply1> <block-reply2>... ] set profiles wildfire-analysis <name> mica-engine-wildfire-rules <name> action <allow|alert|block> set profiles dos-protection <name> flood tcp-syn red block-probability <0-100> set profiles dos-protection <name> flood udp red block-probability <0-100> set profiles dos-protection <name> flood icmp red block-probability <0-100> set profiles dos-protection <name> flood icmpv6 red block-probability <0-100> set profiles dos-protection <name> flood other-ip red block-probability <0-100> set profiles saas-user-list set profiles saas-user-list <name> set profiles saas-user-list <name> description <value> set profiles saas-user-list <name> list [ <list1> <list2>... ] set profiles saas-tenant-list set profiles saas-tenant-list <name> set profiles saas-tenant-list <name> description <value> set profiles saas-tenant-list <name> list [ <list1> <list2>... ] set reports <name> type decryption group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|tls_version|tls_keyxchg|tls_enc|tls_auth|ec_curve|err_index|root_status|proxy_type|policy_name|cn|issuer_cn|root_cn|sni|error|cluster_name|src_dag|dst_dag|src_edl|dst_edl|container_id|pod_namespace|pod_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time> set reports <name> type threat group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|parent_session_id_64|threatid|category|severity|direction|http_method|nssai_sst|filedigest|filetype|http2_connection|xff_ip|threat_name|src_edl|dst_edl|dynusergroup_name|hostid|partial_hash|cloud_reportid|cluster_name|flow_type|http2_connection_64|local_deep_learning|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|misc|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|flag-nat|flag-pcap|subtype|transaction|captive-portal|flag-proxy|non-std-dport|tunnelid|monitortag|users|category-of-threatid|threat-type> set reports <name> type url group-by <additional_headers|action|app|category|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|http_headers|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|contenttype|user_agent|device_name|vsys_name|url|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|http_method|url_category_list|xff_ip|container_id|pod_namespace|pod_name|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|cloud_reportid|additional_headers> set reports <name> type wildfire group-by <app|category|category-of-app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl> set reports <name> type data group-by <action|app|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|subtype|technology-of-app|container-of-app|threatid|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|data-type|filename|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac> set reports <name> type thsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|rule|threatid|srcuser|dstuser|srcloc|dstloc|xff_ip|vsys|from|to|dev_serial|dport|action|severity|inbound_if|outbound_if|category|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|tunnel|direction|assoc_id|ppid|http2_connection|rule_uuid|threat_name|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|cluster_name|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subtype|tunnelid|monitortag|category-of-threatid|threat-type> set reports <name> type traffic group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|parent_session_id_64|category|session_end_reason|action_source|nssai_sst|nssai_sd|http2_connection|xff_ip|dynusergroup_name|src_edl|dst_edl|hostid|session_owner|policy_id|offloaded|flow_type|cluster_name|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|decrypt-mirror|threat-type|flag-nat|flag-pcap|captive-portal|flag-proxy|non-std-dport|transaction|sym-return|sessionid|flag-decrypt-fwd|tunnelid|monitortag> set reports <name> type urlsum group-by <serial|time_generated|vsys_name|device_name|app|category|src|dst|rule|srcuser|dstuser|srcloc|dstloc|vsys|from|to|dev_serial|inbound_if|outbound_if|dport|action|tunnel|url_domain|user_agent|http_method|http2_connection|http2_connection_64|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|rule_uuid|xff_ip|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|cluster_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|url_category_list|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag> set reports <name> type trsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|xff_ip|rule|srcuser|dstuser|srcloc|dstloc|category|vsys|from|to|dev_serial|dport|action|tunnel|inbound_if|outbound_if|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|assoc_id|http2_connection|rule_uuid|src_edl|dst_edl|dynusergroup_name|s_decrypted|s_encrypted|hostid|nssai_sst|cluster_name|flow_type|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag|standard-ports-of-app> set rulebase security rules <name> saas-user-list [ <saas-user-list1> <saas-user-list2>... ] set rulebase security rules <name> saas-tenant-list [ <saas-tenant-list1> <saas-tenant-list2>... ] set rulebase nat rules <name> source-translation dynamic-ip interface-address set rulebase nat rules <name> source-translation dynamic-ip interface-address interface <value> set rulebase nat rules <name> source-translation dynamic-ip interface-address ipv6 <value> set rulebase nat rules <name> source-translation dynamic-ip interface-address floating-ip <value>
There are 21 new set user-context-segment commands
set user-context-segment set user-context-segment assignments set user-context-segment assignments <name> set user-context-segment assignments <name> description <value> set user-context-segment assignments <name> disabled <yes|no> set user-context-segment assignments <name> publisher-segments set user-context-segment assignments <name> publisher-segments ipuser <#text> set user-context-segment assignments <name> publisher-segments iptag <#text> set user-context-segment assignments <name> publisher-segments usertag <#text> set user-context-segment assignments <name> publisher-segments quarantine <#text> set user-context-segment assignments <name> publisher-segments ipportuser <#text> set user-context-segment assignments <name> subscriber-segments set user-context-segment assignments <name> subscriber-segments <name> set user-context-segment assignments <name> subscriber-segments <name> ipuser <enabled|disabled> set user-context-segment assignments <name> subscriber-segments <name> iptag <enabled|disabled> set user-context-segment assignments <name> subscriber-segments <name> usertag <enabled|disabled> set user-context-segment assignments <name> subscriber-segments <name> quarantine <enabled|disabled> set user-context-segment assignments <name> subscriber-segments <name> ipportuser <enabled|disabled> set user-context-segment assignments <name> firewall-selection set user-context-segment assignments <name> firewall-selection <name> set user-context-segment assignments <name> firewall-selection <name> vsys [ <vsys1> <vsys2>... ]