View Settings and Statistics
Table of Contents
PAN.OS 11.1 & Later
Expand all | Collapse all
-
- Set Commands Introduced in PAN-OS 11.1
- Set Commands Removed in PAN-OS 11.1
- Show Commands Introduced in PAN-OS 11.1
- Set Commands Introduced in PAN-OS 11.2
- Set Commands Changed in PAN-OS 11.2
- Set Commands Removed in PAN-OS 11.2
- Show Commands Introduced in PAN-OS 11.2
- Show Commands Removed in PAN-OS 11.2
View Settings and Statistics
Use show commands to view configuration
settings and statistics about the performance of the firewall or
Panorama and about the traffic and threats identified on the firewall.
You can use show commands in both Operational
and Configure mode. For example, the show system info command
shows information about the device itself:
admin@PA-850> show system info
hostname: PA-850
ip-address: 10.10.10.23
public-ip-address: unknown
netmask: 255.255.255.0
default-gateway: 10.10.10.1
ip-assignment: static
ipv6-address: unknown
ipv6-link-local-address: fe80::d6f4:beff:febe:ba00/64
ipv6-default-gateway:
mac-address: d4:f4:be:be:ba:00
time: Tue Feb 12 08:40:09 2019
uptime: 6 days, 11:51:18
family: 800
model: PA-850
serial: 011901000300
cloud-mode: non-cloud
sw-version: 9.0.0-c300
global-protect-client-package-version: 0.0.0
app-version: 8114-5254
app-release-date: 2019/01/16 15:14:11 PST
av-version: 2860-3370
av-release-date: 2019/01/16 10:05:59 PST
threat-version: 8114-5254
threat-release-date: 2019/01/16 15:14:11 PST
wf-private-version: 0
wf-private-release-date: unknown
url-db: paloaltonetworks
wildfire-version: 314895-317564
wildfire-release-date: 2019/01/16 18:20:09 PST
url-filtering-version: 20190201.20201
global-protect-datafile-version: unknown
global-protect-datafile-release-date: unknown
global-protect-clientless-vpn-version: 0
global-protect-clientless-vpn-release-date:
logdb-version: 9.0.10
platform-family: 800
vpn-disable-mode: off
multi-vsys: off
operational-mode: normal
admin@PA-3220>
The show session info command shows details
about the sessions running through the Palo Alto Networks device.
admin@PA-850> show session info
target-dp: *.dp0
--------------------------------------------------------------------------------
Number of sessions supported: 196606
Number of allocated sessions: 0
Number of active TCP sessions: 0
Number of active UDP sessions: 0
Number of active ICMP sessions: 0
Number of active GTPc sessions: 0
Number of active GTPu sessions: 0
Number of pending GTPu sessions: 0
Number of active BCAST sessions: 0
Number of active MCAST sessions: 0
Number of active predict sessions: 0
Number of active SCTP sessions: 0
Number of active SCTP associations: 0
Session table utilization: 0%
Number of sessions created since bootup: 5044051
Packet rate: 0/s
Throughput: 0 kbps
New connection establish rate: 0 cps
--------------------------------------------------------------------------------
Session timeout
TCP default timeout: 3600 secs
TCP session timeout before SYN-ACK received: 5 secs
TCP session timeout before 3-way handshaking: 10 secs
TCP half-closed session timeout: 120 secs
TCP session timeout in TIME_WAIT: 15 secs
TCP session delayed ack timeout: 250 millisecs
TCP session timeout for unverified RST: 30 secs
UDP default timeout: 30 secs
ICMP default timeout: 6 secs
SCTP default timeout: 3600 secs
SCTP timeout before INIT-ACK received: 5 secs
SCTP timeout before COOKIE received: 60 secs
SCTP timeout before SHUTDOWN received: 30 secs
other IP default timeout: 30 secs
Captive Portal session timeout: 30 secs
Session timeout in discard state:
TCP: 90 secs, UDP: 60 secs, SCTP: 60 secs, other IP protocols: 60 secs
--------------------------------------------------------------------------------
Session accelerated aging: True
Accelerated aging threshold: 80% of utilization
Scaling factor: 2 X
--------------------------------------------------------------------------------
Session setup
TCP - reject non-SYN first packet: True
Hardware session offloading: True
Hardware UDP session offloading: True
IPv6 firewalling: True
Strict TCP/IP checksum: True
Strict TCP RST sequence: True
Reject TCP small initial window: False
ICMP Unreachable Packet Rate: 200 pps
--------------------------------------------------------------------------------
Application trickling scan parameters:
Timeout to determine application trickling: 10 secs
Resource utilization threshold to start scan: 80%
Scan scaling factor over regular aging: 8
--------------------------------------------------------------------------------
Session behavior when resource limit is reached: drop
--------------------------------------------------------------------------------
Pcap token bucket rate : 10485760
--------------------------------------------------------------------------------
Max pending queued mcast packets per session : 0
--------------------------------------------------------------------------------