Set Commands Introduced in PAN-OS 10.0
Table of Contents
10.0 (EoL)
Expand all | Collapse all
End-of-Life (EoL)
Set Commands Introduced in PAN-OS 10.0
Command line interface 'set' commands that are new in
PAN-OS 10.0.
The following commands are new in the 10.0 release:
set deviceconfig system lcaas-use-proxy <yes|no>
set deviceconfig system ssh profiles set deviceconfig system ssh profiles ha-profiles set deviceconfig system ssh profiles ha-profiles <name> set deviceconfig system ssh profiles ha-profiles <name> ciphers [ <ciphers1> <ciphers2>... ] set deviceconfig system ssh profiles ha-profiles <name> mac [ <mac1> <mac2>... ] set deviceconfig system ssh profiles ha-profiles <name> kex [ <kex1> <kex2>... ] set deviceconfig system ssh profiles ha-profiles <name> default-hostkey set deviceconfig system ssh profiles ha-profiles <name> default-hostkey key-type set deviceconfig system ssh profiles ha-profiles <name> default-hostkey key-type ECDSA <256|384|521> set deviceconfig system ssh profiles ha-profiles <name> default-hostkey key-type RSA <2048|3072|4096> set deviceconfig system ssh profiles ha-profiles <name> session-rekey set deviceconfig system ssh profiles ha-profiles <name> session-rekey data <10-4000>|<default> set deviceconfig system ssh profiles ha-profiles <name> session-rekey packets <12-27>|<default>
set deviceconfig system ssh profiles mgmt-profiles client-profiles set deviceconfig system ssh profiles mgmt-profiles client-profiles <name> set deviceconfig system ssh profiles mgmt-profiles server-profiles set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> ciphers [ <ciphers1> <ciphers2>... ] set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> mac [ <mac1> <mac2>... ] set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> kex [ <kex1> <kex2>... ] set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> default-hostkey set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> default-hostkey key-type set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> default-hostkey key-type ECDSA <256|384|521> set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> default-hostkey key-type RSA <2048|3072|4096> set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> default-hostkey key-type all set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> session-rekey set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> session-rekey data <10-4000>|<default> set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> session-rekey interval <10-3600>|<default> set deviceconfig system ssh profiles mgmt-profiles server-profiles <name> session-rekey packets <12-27>|<default>
set deviceconfig system device-telemetry set deviceconfig system device-telemetry product-usage <yes|no> set deviceconfig system device-telemetry device-health-performance <yes|no> set deviceconfig system device-telemetry threat-prevention <yes|no> set deviceconfig system device-telemetry region <value>
set deviceconfig system ssh ha set deviceconfig system ssh ha ha-profile <value> set deviceconfig system ssh mgmt set deviceconfig system ssh mgmt client-profile <value> set deviceconfig system ssh mgmt server-profile <value> set deviceconfig system update-schedule wildfire recurring real-time set deviceconfig system update-schedule wildfire recurring every-min sync-to-peer <yes|no> set deviceconfig system update-schedule wildfire recurring every-15-mins sync-to-peer <yes|no> set deviceconfig system update-schedule wildfire recurring every-30-mins sync-to-peer <yes|no> set deviceconfig system update-schedule wildfire recurring every-hour sync-to-peer <yes|no>
set deviceconfig setting filemgr-service-setting set deviceconfig setting filemgr-service-setting filemgr-server<value> set deviceconfig setting captive-portal set deviceconfig setting captive-portal number-workers <2-12> set deviceconfig setting captive-portal disable-token <yes|no> set deviceconfig setting wildfire real-time-cloud-server <value> set deviceconfig setting ssl-decrypt fptcp-rwin-max <524288-8388608>
set deviceconfig setting session packet-buffer-protection-monitor-only<yes|no> set deviceconfig setting session packet-buffer-protection-block-countdown <0-99> set deviceconfig setting session packet-buffer-protection-use-latency <yes|no> set deviceconfig setting session packet-buffer-protection-latency-alert <1-20000> set deviceconfig setting session packet-buffer-protection-latency-activate <1-20000> set deviceconfig setting session packet-buffer-protection-latency-block-countdown <1-20000> set deviceconfig setting session packet-buffer-protection-latency-max-tolerate <1-20000> set deviceconfig setting session tcp-retransmit-scan <yes|no> set deviceconfig setting session dhcp-bcast-session-on <yes|no>
set deviceconfig setting logging enhanced-application-logging disable-global dp-channel set deviceconfig setting management secure-conn-client enable-secure-user-id-communication<yes|no> set deviceconfig setting management secure-conn-server set deviceconfig setting management secure-conn-server ssl-tls-service-profile <value> set deviceconfig setting management secure-conn-server certificate-profile <value> set deviceconfig setting management secure-conn-server enable-secure-user-id-communication <yes|no> set deviceconfig setting management quota-settings log-expiration-period decryption <1-2000> set deviceconfig setting management quota-settings log-expiration-period desum <1-2000> set deviceconfig setting management quota-settings log-expiration-period hourlydesum <1-2000> set deviceconfig setting management quota-settings log-expiration-period dailydesum <1-2000> set deviceconfig setting management quota-settings log-expiration-period weeklydesum <1-2000> set deviceconfig setting management quota-settings disk-quota desum <float> set deviceconfig setting management quota-settings disk-quota decryption <float> set deviceconfig setting management quota-settings disk-quota hourlydesum <float> set deviceconfig setting management quota-settings disk-quota dailydesum <float> set deviceconfig setting management quota-settings disk-quota weeklydesum <float> set deviceconfig setting management admin-session set deviceconfig setting management admin-session max-session-count <1-4> set deviceconfig setting management admin-session max-session-time <value> set deviceconfig setting management admin-session max-session-count <0-4> set deviceconfig setting management common-criteria-alarm-generation log-databases-alarm-threshold decryption <0-100>
set deviceconfig setting tunnel-acceleration <yes|no> set deviceconfig setting iot set deviceconfig setting iot edge set deviceconfig setting iot edge disable-device-cert <yes|no> set deviceconfig setting iot edge address <ip/netmask>|<value>
set deviceconfig high-availability interface ha4 set deviceconfig high-availability interface ha4 ip-address <ip/netmask> set deviceconfig high-availability interface ha4-backup set deviceconfig high-availability interface ha4-backup port <value> set deviceconfig high-availability interface ha4-backup ip-address <ip/netmask> set deviceconfig high-availability interface ha4-backup netmask <value>
set deviceconfig high-availability cluster set deviceconfig high-availability cluster enabled <yes|no> set deviceconfig high-availability cluster cluster-id <1-99> set deviceconfig high-availability cluster cluster-synchronization-timeout <0-30> set deviceconfig high-availability cluster cluster-keepalive-threshold <5000-60000> set deviceconfig high-availability cluster description <value> set deviceconfig high-availability cluster cluster-members set deviceconfig high-availability cluster cluster-members <name> set deviceconfig high-availability cluster cluster-members <name> ha4-ip-address <ip/netmask> set deviceconfig high-availability cluster cluster-members <name> ha4-backup-ip-address <ip/netmask> set deviceconfig high-availability cluster cluster-members <name> session-synchronization <enabled|disabled> set deviceconfig high-availability cluster cluster-members <name> comments <value> set deviceconfig high-availability cluster monitor-fail-hold-down-time <1-60>
set deviceconfig high-availability group mode active-active network-configuration sync logical-router<yes|no> set deviceconfig high-availability group monitoring path-monitoring path-group virtual-wire <name> destination-ip-group set deviceconfig high-availability group monitoring path-monitoring path-group virtual-wire <name> destination-ip-group <name> set deviceconfig high-availability group monitoring path-monitoring path-group virtual-wire <name> destination-ip-group <name> destination-ip [ <destination-ip1> <destination-ip2>... ] set deviceconfig high-availability group monitoring path-monitoring path-group virtual-wire <name> destination-ip-group <name> enabled <yes|no> set deviceconfig high-availability group monitoring path-monitoring path-group virtual-wire <name> destination-ip-group <name> failure-condition <any|all>
set deviceconfig high-availability group monitoring path-monitoring path-group vlan<name> destination-ip-group set deviceconfig high-availability group monitoring path-monitoring path-group vlan <name> destination-ip-group <name> set deviceconfig high-availability group monitoring path-monitoring path-group vlan <name> destination-ip-group <name> destination-ip [ <destination-ip1> <destination-ip2>... ] set deviceconfig high-availability group monitoring path-monitoring path-group vlan <name> destination-ip-group <name> enabled <yes|no> set deviceconfig high-availability group monitoring path-monitoring path-group vlan <name> destination-ip-group <name> failure-condition <any|all> set deviceconfig high-availability group monitoring path-monitoring path-group virtual-router <name> destination-ip-group set deviceconfig high-availability group monitoring path-monitoring path-group virtual-router <name> destination-ip-group <name> set deviceconfig high-availability group monitoring path-monitoring path-group virtual-router <name> destination-ip-group <name> destination-ip [ <destination-ip1> <destination-ip2>... ] set deviceconfig high-availability group monitoring path-monitoring path-group virtual-router <name> destination-ip-group <name> enabled <yes|no> set deviceconfig high-availability group monitoring path-monitoring path-group virtual-router <name> destination-ip-group <name> failure-condition <any|all>
set deviceconfig high-availability group monitoring path-monitoring path-group logical-router set deviceconfig high-availability group monitoring path-monitoring path-group logical-router <name> set deviceconfig high-availability group monitoring path-monitoring path-group logical-router <name> enabled <yes|no> set deviceconfig high-availability group monitoring path-monitoring path-group logical-router <name> failure-condition <any|all> set deviceconfig high-availability group monitoring path-monitoring path-group logical-router <name> ping-interval <200-60000> set deviceconfig high-availability group monitoring path-monitoring path-group logical-router <name> ping-count <3-10> set deviceconfig high-availability group monitoring path-monitoring path-group logical-router <name> destination-ip-group set deviceconfig high-availability group monitoring path-monitoring path-group logical-router <name> destination-ip-group <name> set deviceconfig high-availability group monitoring path-monitoring path-group logical-router <name> destination-ip-group <name> destination-ip [ <destination-ip1> <destination-ip2>... ] set deviceconfig high-availability group monitoring path-monitoring path-group logical-router <name> destination-ip-group <name> enabled <yes|no> set deviceconfig high-availability group monitoring path-monitoring path-group logical-router <name> destination-ip-group <name> failure-condition <any|all>
set mgt-config users <name> preferences saved-log-query decryption set mgt-config users <name> preferences saved-log-query decryption <name> set mgt-config users <name> preferences saved-log-query decryption <name> query <value>
set network profiles zone-protection-profile <name> l2-sec-group-tag-protection set network profiles zone-protection-profile <name> l2-sec-group-tag-protection tags set network profiles zone-protection-profile <name> l2-sec-group-tag-protection tags <name> set network profiles zone-protection-profile <name> l2-sec-group-tag-protection tags <name> tag <value> set network profiles zone-protection-profile <name> l2-sec-group-tag-protection tags <name> enable <yes|no>
set network logical-router set network logical-router <name> set network logical-router <name> vrf set network logical-router <name> vrf <name> set network logical-router <name> vrf <name> interface [ <interface1> <interface2>... ] set network logical-router <name> vrf <name> bgp set network logical-router <name> vrf <name> bgp enable <yes|no> set network logical-router <name> vrf <name> bgp router-id <ip/netmask> set network logical-router <name> vrf <name> bgp enforce-first-as <yes|no> set network logical-router <name> vrf <name> bgp fast-external-failover <yes|no> set network logical-router <name> vrf <name> bgp ecmp-multi-as <yes|no> set network logical-router <name> vrf <name> bgp local-as <1-4294967295> set network logical-router <name> vrf <name> bgp med set network logical-router <name> vrf <name> bgp med always-compare-med <yes|no> set network logical-router <name> vrf <name> bgp med deterministic-med-comparison <yes|no> set network logical-router <name> vrf <name> bgp default-local-preference <0-4294967295> set network logical-router <name> vrf <name> bgp graceful-restart set network logical-router <name> vrf <name> bgp graceful-restart enable <yes|no> set network logical-router <name> vrf <name> bgp graceful-restart stale-route-time <1-3600> set network logical-router <name> vrf <name> bgp graceful-restart max-peer-restart-time <1-3600>
set network logical-router <name> vrf <name> bgp peer-group set network logical-router <name> vrf <name> bgp peer-group <name> set network logical-router <name> vrf <name> bgp peer-group <name> enable <yes|no> set network logical-router <name> vrf <name> bgp peer-group <name> type set network logical-router <name> vrf <name> bgp peer-group <name> type ibgp set network logical-router <name> vrf <name> bgp peer-group <name> type ebgp set network logical-router <name> vrf <name> bgp peer-group <name> address-family set network logical-router <name> vrf <name> bgp peer-group <name> address-family ipv4 set network logical-router <name> vrf <name> bgp peer-group <name> address-family ipv4 unicast <value> set network logical-router <name> vrf <name> bgp peer-group <name> address-family ipv6 set network logical-router <name> vrf <name> bgp peer-group <name> address-family ipv6 unicast <value> set network logical-router <name> vrf <name> bgp peer-group <name> connection-options set network logical-router <name> vrf <name> bgp peer-group <name> connection-options timers <value> set network logical-router <name> vrf <name> bgp peer-group <name> connection-options multihop <0-255> set network logical-router <name> vrf <name> bgp peer-group <name> connection-options authentication <value>
set network logical-router <name> vrf <name> bgp peer-group <name> peer set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> enable <yes|no> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> peer-as <1-4294967295> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> enable-sender-side-loop-detection <yes|no> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> address-family set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> address-family inherit <yes|no> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> address-family ipv4 set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> address-family ipv4 unicast <value> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> address-family ipv6 set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> address-family ipv6 unicast <value> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> local-address set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> local-address interface <value> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> local-address ip <value> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> peer-address set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> peer-address ip <value>|<ip/netmask>|<validate> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> connection-options set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> connection-options timers <value>|<inherit> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> connection-options multihop <0-255>|<inherit> set network logical-router <name> vrf <name> bgp peer-group <name> peer <name> connection-options authentication <value>|<inherit>
set network logical-router <name> vrf <name> bgp redistribution-rule set network logical-router <name> vrf <name> bgp redistribution-rule ipv4 set network logical-router <name> vrf <name> bgp redistribution-rule ipv4 unicast <value> set network logical-router <name> vrf <name> bgp redistribution-rule ipv6 set network logical-router <name> vrf <name> bgp redistribution-rule ipv6 unicast <value> set network logical-router <name> vrf <name> bgp address-family-identifier set network logical-router <name> vrf <name> bgp address-family-identifier ipv4 set network logical-router <name> vrf <name> bgp address-family-identifier ipv4 network set network logical-router <name> vrf <name> bgp address-family-identifier ipv4 network <name> set network logical-router <name> vrf <name> bgp address-family-identifier ipv4 network <name> unicast <yes|no> set network logical-router <name> vrf <name> bgp address-family-identifier ipv6 set network logical-router <name> vrf <name> bgp address-family-identifier ipv6 network set network logical-router <name> vrf <name> bgp address-family-identifier ipv6 network <name> set network logical-router <name> vrf <name> bgp address-family-identifier ipv6 network <name> unicast <yes|no>
set network logical-router <name> vrf <name> routing-table set network logical-router <name> vrf <name> routing-table ip set network logical-router <name> vrf <name> routing-table ip static-route set network logical-router <name> vrf <name> routing-table ip static-route <name> set network logical-router <name> vrf <name> routing-table ip static-route <name> destination <value>|<ip/netmask> set network logical-router <name> vrf <name> routing-table ip static-route <name> interface <value> set network logical-router <name> vrf <name> routing-table ip static-route <name> nexthop set network logical-router <name> vrf <name> routing-table ip static-route <name> nexthop discard set network logical-router <name> vrf <name> routing-table ip static-route <name> nexthop ip-address <value>|<ip/netmask> set network logical-router <name> vrf <name> routing-table ip static-route <name> admin-dist <10-240> set network logical-router <name> vrf <name> routing-table ip static-route <name> metric <1-65535> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor enable <yes|no> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor failure-condition <any|all> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor hold-time <0-1440> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor monitor-destinations set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> enable <yes|no> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> source <value>|<DHCP> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> destination <value> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> interval <1-60> set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> count <3-10>
set network logical-router <name> vrf <name> routing-table ipv6 set network logical-router <name> vrf <name> routing-table ipv6 static-route set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> destination <value>|<ip/netmask> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> interface <value> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> nexthop set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> nexthop discard set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> nexthop ipv6-address <value>|<ip/netmask> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> admin-dist <10-240> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> metric <1-65535> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor enable <yes|no> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor failure-condition <any|all> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor hold-time <0-1440> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor monitor-destinations set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor monitor-destinations <name> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor monitor-destinations <name> enable <yes|no> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor monitor-destinations <name> source <value> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor monitor-destinations <name> destination <value> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor monitor-destinations <name> interval <1-60> set network logical-router <name> vrf <name> routing-table ipv6 static-route <name> path-monitor monitor-destinations <name> count <3-10>
set network logical-router <name> vrf <name> ecmp set network logical-router <name> vrf <name> ecmp enable <yes|no> set network logical-router <name> vrf <name> ecmp algorithm set network logical-router <name> vrf <name> ecmp algorithm ip-modulo set network logical-router <name> vrf <name> ecmp algorithm ip-hash set network logical-router <name> vrf <name> ecmp algorithm ip-hash src-only <yes|no> set network logical-router <name> vrf <name> ecmp algorithm ip-hash use-port <yes|no> set network logical-router <name> vrf <name> ecmp algorithm ip-hash hash-seed <0-4294967295> set network logical-router <name> vrf <name> ecmp algorithm weighted-round-robin set network logical-router <name> vrf <name> ecmp algorithm weighted-round-robin interface set network logical-router <name> vrf <name> ecmp algorithm weighted-round-robin interface <name> set network logical-router <name> vrf <name> ecmp algorithm weighted-round-robin interface <name> weight <1-255> set network logical-router <name> vrf <name> ecmp algorithm balanced-round-robin set network logical-router <name> vrf <name> ecmp max-path <2-4> set network logical-router <name> vrf <name> ecmp symmetric-return <yes|no> set network logical-router <name> vrf <name> ecmp strict-source-path <yes|no>
set network routing-profile set network routing-profile bgp set network routing-profile bgp auth-profile set network routing-profile bgp auth-profile <name> set network routing-profile bgp auth-profile <name> secret <value> set network routing-profile bgp timer-profile set network routing-profile bgp timer-profile <name> set network routing-profile bgp timer-profile <name> keep-alive-interval <1-1200> set network routing-profile bgp timer-profile <name> hold-time <3-3600> set network routing-profile bgp timer-profile <name> min-route-adv-interval <1-600> set network routing-profile bgp address-family-profile set network routing-profile bgp address-family-profile <name> set network routing-profile bgp address-family-profile <name> ipv4 set network routing-profile bgp address-family-profile <name> ipv4 unicast set network routing-profile bgp address-family-profile <name> ipv4 unicast add-path set network routing-profile bgp address-family-profile <name> ipv4 unicast add-path tx-all-paths <yes|no> set network routing-profile bgp address-family-profile <name> ipv4 unicast add-path tx-bestpath-per-AS <yes|no> set network routing-profile bgp address-family-profile <name> ipv4 unicast allowas-in set network routing-profile bgp address-family-profile <name> ipv4 unicast allowas-in origin set network routing-profile bgp address-family-profile <name> ipv4 unicast allowas-in occurrence <1-10> set network routing-profile bgp address-family-profile <name> ipv4 unicast as-override <yes|no> set network routing-profile bgp address-family-profile <name> ipv4 unicast default-originate <yes|no> set network routing-profile bgp address-family-profile <name> ipv4 unicast maximum-prefix set network routing-profile bgp address-family-profile <name> ipv4 unicast maximum-prefix num_prefixes <1-4294967295> set network routing-profile bgp address-family-profile <name> ipv4 unicast maximum-prefix threshold <1-100> set network routing-profile bgp address-family-profile <name> ipv4 unicast maximum-prefix action set network routing-profile bgp address-family-profile <name> ipv4 unicast maximum-prefix action warning-only set network routing-profile bgp address-family-profile <name> ipv4 unicast maximum-prefix action restart set network routing-profile bgp address-family-profile <name> ipv4 unicast maximum-prefix action restart interval <1-65535> set network routing-profile bgp address-family-profile <name> ipv4 unicast next-hop set network routing-profile bgp address-family-profile <name> ipv4 unicast next-hop self set network routing-profile bgp address-family-profile <name> ipv4 unicast next-hop self-force set network routing-profile bgp address-family-profile <name> ipv4 unicast remove-private-AS set network routing-profile bgp address-family-profile <name> ipv4 unicast remove-private-AS all set network routing-profile bgp address-family-profile <name> ipv4 unicast remove-private-AS replace-AS set network routing-profile bgp address-family-profile <name> ipv4 unicast route-reflector-client <yes|no> set network routing-profile bgp address-family-profile <name> ipv4 unicast send-community set network routing-profile bgp address-family-profile <name> ipv4 unicast send-community all set network routing-profile bgp address-family-profile <name> ipv4 unicast send-community both set network routing-profile bgp address-family-profile <name> ipv4 unicast send-community extended set network routing-profile bgp address-family-profile <name> ipv4 unicast send-community large set network routing-profile bgp address-family-profile <name> ipv4 unicast send-community standard
set network routing-profile bgp address-family-profile <name> ipv6 set network routing-profile bgp address-family-profile <name> ipv6 unicast set network routing-profile bgp address-family-profile <name> ipv6 unicast add-path set network routing-profile bgp address-family-profile <name> ipv6 unicast add-path tx-all-paths <yes|no> set network routing-profile bgp address-family-profile <name> ipv6 unicast add-path tx-bestpath-per-AS <yes|no> set network routing-profile bgp address-family-profile <name> ipv6 unicast allowas-in set network routing-profile bgp address-family-profile <name> ipv6 unicast allowas-in origin set network routing-profile bgp address-family-profile <name> ipv6 unicast allowas-in occurrence <1-10> set network routing-profile bgp address-family-profile <name> ipv6 unicast as-override <yes|no> set network routing-profile bgp address-family-profile <name> ipv6 unicast default-originate <yes|no> set network routing-profile bgp address-family-profile <name> ipv6 unicast maximum-prefix set network routing-profile bgp address-family-profile <name> ipv6 unicast maximum-prefix num_prefixes <1-4294967295> set network routing-profile bgp address-family-profile <name> ipv6 unicast maximum-prefix threshold <1-100> set network routing-profile bgp address-family-profile <name> ipv6 unicast maximum-prefix action set network routing-profile bgp address-family-profile <name> ipv6 unicast maximum-prefix action warning-only set network routing-profile bgp address-family-profile <name> ipv6 unicast maximum-prefix action restart set network routing-profile bgp address-family-profile <name> ipv6 unicast maximum-prefix action restart interval <1-65535> set network routing-profile bgp address-family-profile <name> ipv6 unicast next-hop set network routing-profile bgp address-family-profile <name> ipv6 unicast next-hop self set network routing-profile bgp address-family-profile <name> ipv6 unicast next-hop self-force set network routing-profile bgp address-family-profile <name> ipv6 unicast remove-private-AS set network routing-profile bgp address-family-profile <name> ipv6 unicast remove-private-AS all set network routing-profile bgp address-family-profile <name> ipv6 unicast remove-private-AS replace-AS set network routing-profile bgp address-family-profile <name> ipv6 unicast route-reflector-client <yes|no> set network routing-profile bgp address-family-profile <name> ipv6 unicast send-community set network routing-profile bgp address-family-profile <name> ipv6 unicast send-community all set network routing-profile bgp address-family-profile <name> ipv6 unicast send-community both set network routing-profile bgp address-family-profile <name> ipv6 unicast send-community extended set network routing-profile bgp address-family-profile <name> ipv6 unicast send-community large set network routing-profile bgp address-family-profile <name> ipv6 unicast send-community standard
set network routing-profile bgp redistribution-profile set network routing-profile bgp redistribution-profile <name> set network routing-profile bgp redistribution-profile <name> ipv4 set network routing-profile bgp redistribution-profile <name> ipv4 unicast set network routing-profile bgp redistribution-profile <name> ipv4 unicast static set network routing-profile bgp redistribution-profile <name> ipv4 unicast static enable <yes|no> set network routing-profile bgp redistribution-profile <name> ipv4 unicast static metric <1-65535> set network routing-profile bgp redistribution-profile <name> ipv4 unicast connected set network routing-profile bgp redistribution-profile <name> ipv4 unicast connected enable <yes|no> set network routing-profile bgp redistribution-profile <name> ipv4 unicast connected metric <1-65535> set network routing-profile bgp redistribution-profile <name> ipv6 set network routing-profile bgp redistribution-profile <name> ipv6 unicast set network routing-profile bgp redistribution-profile <name> ipv6 unicast static set network routing-profile bgp redistribution-profile <name> ipv6 unicast static enable <yes|no> set network routing-profile bgp redistribution-profile <name> ipv6 unicast static metric <1-65535> set network routing-profile bgp redistribution-profile <name> ipv6 unicast connected set network routing-profile bgp redistribution-profile <name> ipv6 unicast connected enable <yes|no> set network routing-profile bgp redistribution-profile <name> ipv6 unicast connected metric <1-65535>
set network dhcp interface <name> server reserved <name> description <value> set network shared-gateway <name> log-settings email <name> server <name> protocol <SMTP|TLS> set network shared-gateway <name> log-settings email <name> server <name> port <1-65535> set network shared-gateway <name> log-settings email <name> server <name> tls-version <1.2|1.1> set network shared-gateway <name> log-settings email <name> server <name> auth <Auto|Login|Plain> set network shared-gateway <name> log-settings email <name> server <name> certificate-profile <value> set network shared-gateway <name> log-settings email <name> server <name> username <value> set network shared-gateway <name> log-settings email <name> server <name> password <value> set network shared-gateway <name> log-settings email <name> format decryption <value> set network shared-gateway <name> log-settings syslog <name> format decryption <value>
set network shared-gateway <name> log-settings http <name> format decryption set network shared-gateway <name> log-settings http <name> format decryption name <value> set network shared-gateway <name> log-settings http <name> format decryption url-format <value> set network shared-gateway <name> log-settings http <name> format decryption headers set network shared-gateway <name> log-settings http <name> format decryption headers <name> set network shared-gateway <name> log-settings http <name> format decryption headers <name> value <value> set network shared-gateway <name> log-settings http <name> format decryption params set network shared-gateway <name> log-settings http <name> format decryption params <name> set network shared-gateway <name> log-settings http <name> format decryption params <name> value <value> set network shared-gateway <name> log-settings http <name> format decryption payload <value>
set network shared-gateway <name> log-settings profiles <name> match-list <name> quarantine <yes|no> set network shared-gateway <name> rulebase sdwan rules <name> saas-quality-profile <value> set network shared-gateway <name> rulebase sdwan rules <name> error-correction-profile <value>
set shared device-object set shared device-object <name> set shared device-object <name> description <value> set shared device-object <name> category [ <category1> <category2>... ] set shared device-object <name> profile [ <profile1> <profile2>... ] set shared device-object <name> osfamily [ <osfamily1> <osfamily2>... ] set shared device-object <name> os [ <os1> <os2>... ] set shared device-object <name> model [ <model1> <model2>... ] set shared device-object <name> vendor [ <vendor1> <vendor2>... ]
set shared profiles virus <name> mlav-engine-filebased-enabled set shared profiles virus <name> mlav-engine-filebased-enabled <name> set shared profiles virus <name> mlav-engine-filebased-enabled <name> mlav-policy-action <enable|enable(alert-only)|disable> set shared profiles virus <name> decoder <name> mlav-action <default|allow|alert|drop|reset-client|reset-server|reset-both>
set shared profiles virus <name> mlav-exception set shared profiles virus <name> mlav-exception <name> set shared profiles virus <name> mlav-exception <name> filename <value> set shared profiles virus <name> mlav-exception <name> description <value>
set shared profiles spyware <name> botnet-domains dns-security-categories set shared profiles spyware <name> botnet-domains dns-security-categories <name> set shared profiles spyware <name> botnet-domains dns-security-categories <name> action <default|allow|block|sinkhole> set shared profiles spyware <name> botnet-domains dns-security-categories <name> log-level <default|none|low|informational|medium|high|critical> set shared profiles spyware <name> botnet-domains dns-security-categories <name> packet-capture <disable|single-packet|extended-capture>
set shared profiles spyware <name> botnet-domains whitelist set shared profiles spyware <name> botnet-domains whitelist <name> set shared profiles spyware <name> botnet-domains whitelist <name> description <value> set shared profiles url-filtering <name> mlav-category-exception [ <mlav-category-exception1> <mlav-category-exception2>... ]
set shared profiles url-filtering <name> mlav-engine-urlbased-enabled set shared profiles url-filtering <name> mlav-engine-urlbased-enabled <name> set shared profiles url-filtering <name> mlav-engine-urlbased-enabled <name> mlav-policy-action <block|alert|allow>
set shared profiles sdwan-saas-quality set shared profiles sdwan-saas-quality <name> set shared profiles sdwan-saas-quality <name> monitor-mode adaptive set shared profiles sdwan-saas-quality <name> monitor-mode static-ip ip-address set shared profiles sdwan-saas-quality <name> monitor-mode static-ip ip-address <name> set shared profiles sdwan-saas-quality <name> monitor-mode static-ip ip-address <name> probe-interval <1-3600> set shared profiles sdwan-saas-quality <name> monitor-mode static-ip fqdn set shared profiles sdwan-saas-quality <name> monitor-mode static-ip fqdn fqdn-name <value> set shared profiles sdwan-saas-quality <name> monitor-mode static-ip fqdn probe-interval <1-3600> set shared profiles sdwan-saas-quality <name> monitor-mode http-https set shared profiles sdwan-saas-quality <name> monitor-mode http-https monitored-url <value> set shared profiles sdwan-saas-quality <name> monitor-mode http-https probe-interval <1-3600>
set shared profiles sdwan-error-correction set shared profiles sdwan-error-correction <name> set shared profiles sdwan-error-correction <name> activation-threshold <1-99> set shared profiles sdwan-error-correction <name> mode set shared profiles sdwan-error-correction <name> mode forward-error-correction set shared profiles sdwan-error-correction <name> mode forward-error-correction ratio <10% (20:2)|20% (20:4)|30% (20:6)|40% (20:8)|50% (20:10)> set shared profiles sdwan-error-correction <name> mode forward-error-correction transmit-hold-timer <1-5000> set shared profiles sdwan-error-correction <name> mode packet-duplication set shared profiles sdwan-error-correction <name> mode packet-duplication transmit-hold-timer-pd <1-5000>
set shared profiles decryption <name> ssl-forward-proxy block-tls13-downgrade-no-resource <yes|no> set shared profiles decryption <name> ssl-inbound-proxy block-tls13-downgrade-no-resource <yes|no>
set shared profiles decryption <name> ssl-protocol-settings enc-algo-chacha20-poly1305 <yes|no> set shared external-list <name> type predefined-url set shared external-list <name> type predefined-url exception-list [ <exception-list1> <exception-list2>... ] set shared external-list <name> type predefined-url description <value> set shared external-list <name> type predefined-url url <value>
set shared reports <name> type appstat group-by <serial|vsys_name|device_name|vsys|name|risk|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subcategory-of-name|category-of-name|risk-of-name|container-of-name|technology-of-name> set shared reports <name> type appstat sortby <nbytes|nsess|npkts|nthreats> set shared reports <name> type decryption set shared reports <name> type decryption aggregate-by [ <aggregate-by1> <aggregate-by2>... ] set shared reports <name> type decryption group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|vsys_name|device_name|tls_version|tls_keyxchg|tls_enc|tls_auth|ec_curve|err_index|root_status|proxy_type|policy_name|cn|issuer_cn|root_cn|sni|error|src_dag|dst_dag|src_edl|dst_edl|container_id|pod_namespace|pod_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time> set shared reports <name> type decryption values [ <values1> <values2>... ] set shared reports <name> type decryption labels [ <labels1> <labels2>... ] set shared reports <name> type decryption sortby <repeatcnt|nunique-of-src_profile|nunique-of-dst_profile>
set shared reports <name> type desum set shared reports <name> type desum aggregate-by [ <aggregate-by1> <aggregate-by2>... ] set shared reports <name> type desum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|srcuser|dstuser|vsys|tls_version|tls_keyxchg|tls_enc|tls_auth|policy_name|sni|error|err_index|src_edl|dst_edl|container_id|pod_namespace|pod_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|outbound_if|inbound_if|rule|dport|sport|proto> set shared reports <name> type desum values [ <values1> <values2>... ] set shared reports <name> type desum labels [ <labels1> <labels2>... ] set shared reports <name> type desum sortby <repeatcnt|nunique-of-src_profile|nunique-of-dst_profile>
set shared reports <name> type threat group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|vsys_name|device_name|parent_session_id|parent_start_time|threatid|category|severity|direction|http_method|nssai_sst|http2_connection|xff_ip|threat_name|src_edl|dst_edl|dynusergroup_name|hostid|partial_hash|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|misc|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subcategory-of-app|category-of-app|technology-of-app|risk-of-app|container-of-app|pbf-s2c|pbf-c2s|flag-nat|flag-pcap|subtype|transaction|captive-portal|flag-proxy|non-std-dport|tunnelid|monitortag|users|category-of-threatid|threat-type> set shared reports <name> type wildfire group-by <app|category|category-of-app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl> set shared reports <name> type data values [ <values1> <values2>... ] set shared reports <name> type data labels [ <labels1> <labels2>... ] set shared reports <name> type data sortby <repeatcnt|nunique-of-users> set shared reports <name> type data aggregate-by [ <aggregate-by1> <aggregate-by2>... ]
set shared reports <name> type data group-by <action|app|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|subtype|technology-of-app|container-of-app|threatid|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|data-type|filename|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac> set shared reports <name> type thsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|rule|threatid|srcuser|dstuser|srcloc|dstloc|xff_ip|vsys|from|to|dport|action|severity|inbound_if|outbound_if|category|parent_session_id|parent_start_time|tunnel|direction|assoc_id|ppid|http2_connection|rule_uuid|threat_name|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subcategory-of-app|category-of-app|technology-of-app|risk-of-app|container-of-app|subtype|tunnelid|monitortag|category-of-threatid|threat-type> set shared reports <name> type thsum sortby <sessions|count|nunique-of-apps|nunique-of-users|nunique-of-src_profile|nunique-of-dst_profile> set shared reports <name> type traffic group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|vsys_name|device_name|parent_session_id|parent_start_time|category|session_end_reason|action_source|nssai_sst|nssai_sd|http2_connection|xff_ip|dynusergroup_name|src_edl|dst_edl|hostid|session_owner|policy_id|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|decrypt-mirror|threat-type|flag-nat|flag-pcap|captive-portal|flag-proxy|non-std-dport|transaction|sym-return|sessionid|sesscache_l7_done|subcategory-of-app|category-of-app|technology-of-app|risk-of-app|container-of-app|tunnelid|monitortag> set shared reports <name> type traffic sortby <repeatcnt|bytes|bytes_sent|bytes_received|packets|pkts_sent|pkts_received|chunks|chunks_sent|chunks_received|nunique-of-users|elapsed|nunique-of-src_profile|nunique-of-dst_profile> set shared reports <name> type urlsum group-by <serial|time_generated|vsys_name|device_name|app|category|src|dst|rule|srcuser|dstuser|srcloc|dstloc|vsys|from|to|dev_serial|inbound_if|outbound_if|dport|action|tunnel|url_domain|user_agent|http_method|http2_connection|parent_session_id|parent_start_time|rule_uuid|xff_ip|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|url_category_list|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|nunique-of-users|tunnelid|monitortag|subcategory-of-app|category-of-app|technology-of-app|risk-of-app|container-of-app> set shared reports <name> type trsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|xff_ip|rule|srcuser|dstuser|srcloc|dstloc|category|vsys|from|to|sessions|dport|action|tunnel|inbound_if|outbound_if|parent_session_id|parent_start_time|assoc_id|http2_connection|rule_uuid|src_edl|dst_edl|dynusergroup_name|s_decrypted|s_encrypted|hostid|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subcategory-of-app|category-of-app|technology-of-app|risk-of-app|container-of-app|tunnelid|monitortag|standard-ports-of-app|ncontent> set shared reports <name> type trsum sortby <bytes|sessions|bytes_sent|bytes_received|nthreats|nftrans|ndpmatches|nurlcount|chunks|chunks_sent|chunks_received|ncontent|nunique-of-apps|nunique-of-users|nunique-of-src_profile|nunique-of-dst_profile> set shared reports <name> type userid group-by <serial|time_generated|vsys_name|device_name|vsys|ip|user|datasourcename|beginport|endport|datasource|datasourcetype|factortype|factorcompletiontime|factorno|tag_name|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subtype> set shared reports <name> type auth group-by <serial|time_generated|vsys_name|device_name|vsys|ip|user|normalize_user|object|authpolicy|authid|vendor|clienttype|event|factorno|authproto|rule_uuid|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|serverprofile|desc|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac> set shared reports <name> type iptag group-by <serial|time_generated|vsys_name|device_name|vsys|ip|tag_name|event_id|datasourcename|datasource_type|datasource_subtype|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time> set shared reports <name> type hipmatch group-by <serial|time_generated|vsys_name|device_name|srcuser|vsys|machinename|src|matchname|os|matchtype|srcipv6|hostid|devcategory|profile|model|vendor|osfamily|osversion|mac|devhost|source|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|hostname|osfamily|osversion>
set shared log-settings userid match-list <name> quarantine <yes|no> set shared log-settings hipmatch match-list <name> quarantine <yes|no> set shared log-settings correlation match-list <name> quarantine <yes|no>
set shared log-settings email <name> server <name> protocol <SMTP|TLS> set shared log-settings email <name> server <name> port <1-65535> set shared log-settings email <name> server <name> tls-version <1.2|1.1> set shared log-settings email <name> server <name> auth <Auto|Login|Plain> set shared log-settings email <name> server <name> certificate-profile <value> set shared log-settings email <name> server <name> username <value> set shared log-settings email <name> server <name> password <value>
set shared log-settings email <name> format decryption <value> set shared log-settings syslog <name> format decryption <value> set shared log-settings http <name> format decryption set shared log-settings http <name> format decryption name <value> set shared log-settings http <name> format decryption headers set shared log-settings http <name> format decryption headers <name> set shared log-settings http <name> format decryption headers <name> value <value> set shared log-settings http <name> format decryption params set shared log-settings http <name> format decryption params <name> set shared log-settings http <name> format decryption params <name> value <value> set shared log-settings http <name> format decryption payload <value>
set shared log-settings profile <name> match-list <name> quarantine <yes|no> set shared ssl-tls-service-profile <name> protocol-settings enc-algo-chacha20-poly1305 <yes|no>
set shared admin-role <name> role device webui monitor logs decryption <enable|disable> set shared admin-role <name> role device webui objects devices <enable|read-only|disable> set shared admin-role <name> role device webui objects sdwan sdwan-saas-quality-profile <enable|read-only|disable> set shared admin-role <name> role device webui objects sdwan sdwan-error-correction-profile <enable|read-only|disable> set shared admin-role <name> role device webui network routing set shared admin-role <name> role device webui network routing logical-routers <enable|read-only|disable> set shared admin-role <name> role device webui network routing routing-profiles set shared admin-role <name> role device webui network routing routing-profiles bgp <enable|read-only|disable> set shared admin-role <name> role device webui device data-redistribution <enable|read-only|disable> set shared admin-role <name> role device webui device device-quarantine <enable|read-only|disable> set shared admin-role <name> role device webui device certificate-management ssh-service-profile <enable|read-only|disable> set shared admin-role <name> role device webui device policy-recommendation <enable|read-only|disable>
set shared admin-role <name> role device webui operations set shared admin-role <name> role device webui operations reboot <enable|disable> set shared admin-role <name> role device webui operations generate-tech-support-file <enable|disable> set shared admin-role <name> role device webui operations generate-stats-dump-file <enable|disable> set shared admin-role <name> role device webui operations download-core-files <enable|disable> set shared admin-role <name> role device xmlapi iot <enable|disable>
set shared admin-role <name> role device restapi set shared admin-role <name> role device restapi objects set shared admin-role <name> role device restapi objects addresses <enable|read-only|disable> set shared admin-role <name> role device restapi objects address-groups <enable|read-only|disable> set shared admin-role <name> role device restapi objects regions <enable|read-only|disable> set shared admin-role <name> role device restapi objects dynamic-user-groups <enable|read-only|disable> set shared admin-role <name> role device restapi objects applications <enable|read-only|disable> set shared admin-role <name> role device restapi objects application-groups <enable|read-only|disable> set shared admin-role <name> role device restapi objects application-filters <enable|read-only|disable> set shared admin-role <name> role device restapi objects services <enable|read-only|disable> set shared admin-role <name> role device restapi objects service-groups <enable|read-only|disable> set shared admin-role <name> role device restapi objects tags <enable|read-only|disable> set shared admin-role <name> role device restapi objects devices <enable|read-only|disable> set shared admin-role <name> role device restapi objects external-dynamic-lists <enable|read-only|disable> set shared admin-role <name> role device restapi objects custom-data-patterns <enable|read-only|disable> set shared admin-role <name> role device restapi objects custom-spyware-signatures <enable|read-only|disable> set shared admin-role <name> role device restapi objects custom-vulnerability-signatures <enable|read-only|disable> set shared admin-role <name> role device restapi objects custom-url-categories <enable|read-only|disable> set shared admin-role <name> role device restapi objects antivirus-security-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects anti-spyware-security-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects vulnerability-protection-security-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects url-filtering-security-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects file-blocking-security-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects wildfire-analysis-security-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects data-filtering-security-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects dos-protection-security-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects security-profile-groups <enable|read-only|disable> set shared admin-role <name> role device restapi objects log-forwarding-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects authentication-enforcements <enable|read-only|disable> set shared admin-role <name> role device restapi objects decryption-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects decryption-forwarding-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects schedules <enable|read-only|disable> set shared admin-role <name> role device restapi objects sdwan-path-quality-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi objects sdwan-traffic-distribution-profiles <enable|read-only|disable>
set shared admin-role <name> role device restapi policies set shared admin-role <name> role device restapi policies security-rules <enable|read-only|disable> set shared admin-role <name> role device restapi policies nat-rules <enable|read-only|disable> set shared admin-role <name> role device restapi policies qos-rules <enable|read-only|disable> set shared admin-role <name> role device restapi policies policy-based-forwarding-rules <enable|read-only|disable> set shared admin-role <name> role device restapi policies decryption-rules <enable|read-only|disable> set shared admin-role <name> role device restapi policies tunnel-inspection-rules <enable|read-only|disable> set shared admin-role <name> role device restapi policies application-override-rules <enable|read-only|disable> set shared admin-role <name> role device restapi policies authentication-rules <enable|read-only|disable> set shared admin-role <name> role device restapi policies dos-rules <enable|read-only|disable> set shared admin-role <name> role device restapi policies sdwan-rules <enable|read-only|disable>
set shared admin-role <name> role device restapi network set shared admin-role <name> role device restapi network aggregate-ethernet-interfaces <enable|read-only|disable> set shared admin-role <name> role device restapi network ethernet-interfaces <enable|read-only|disable> set shared admin-role <name> role device restapi network vlan-interfaces <enable|read-only|disable> set shared admin-role <name> role device restapi network loopback-interfaces <enable|read-only|disable> set shared admin-role <name> role device restapi network tunnel-interfaces <enable|read-only|disable> set shared admin-role <name> role device restapi network zones <enable|read-only|disable> set shared admin-role <name> role device restapi network vlans <enable|read-only|disable> set shared admin-role <name> role device restapi network virtual-wires <enable|read-only|disable> set shared admin-role <name> role device restapi network virtual-routers <enable|read-only|disable> set shared admin-role <name> role device restapi network logical-routers <enable|read-only|disable> set shared admin-role <name> role device restapi network bgp-routing-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi network ipsec-tunnels <enable|read-only|disable> set shared admin-role <name> role device restapi network gre-tunnels <enable|read-only|disable> set shared admin-role <name> role device restapi network dhcp-servers <enable|read-only|disable> set shared admin-role <name> role device restapi network dhcp-relays <enable|read-only|disable> set shared admin-role <name> role device restapi network dns-proxies <enable|read-only|disable> set shared admin-role <name> role device restapi network qos-interfaces <enable|read-only|disable> set shared admin-role <name> role device restapi network lldp <enable|read-only|disable> set shared admin-role <name> role device restapi network ike-gateway-network-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi network ipsec-crypto-network-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi network ike-crypto-network-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi network tunnel-monitor-network-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi network interface-management-network-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi network zone-protection-network-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi network qos-network-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi network lldp-network-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi network bfd-network-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi network sdwan-interfaces <enable|read-only|disable> set shared admin-role <name> role device restapi network sdwan-interface-profiles <enable|read-only|disable> set shared admin-role <name> role device restapi device set shared admin-role <name> role device restapi device virtual-systems <enable|read-only|disable>
set shared admin-role <name> role vsys webui monitor logs decryption <enable|disable> set shared admin-role <name> role vsys webui objects devices <enable|read-only|disable> set shared admin-role <name> role vsys webui objects sdwan sdwan-saas-quality-profile <enable|read-only|disable> set shared admin-role <name> role vsys webui objects sdwan sdwan-error-correction-profile <enable|read-only|disable> set shared admin-role <name> role vsys webui device setup telemetry <read-only|disable> set shared admin-role <name> role vsys webui device data-redistribution <enable|read-only|disable> set shared admin-role <name> role vsys webui device device-quarantine <enable|read-only|disable> set shared admin-role <name> role vsys webui device certificate-management ssh-service-profile <enable|read-only|disable> set shared admin-role <name> role vsys webui device policy-recommendation <enable|read-only|disable>
set shared admin-role <name> role vsys webui operations set shared admin-role <name> role vsys webui operations reboot <enable|disable> set shared admin-role <name> role vsys webui operations generate-tech-support-file <enable|disable> set shared admin-role <name> role vsys webui operations generate-stats-dump-file <enable|disable> set shared admin-role <name> role vsys webui operations download-core-files <enable|disable> set shared admin-role <name> role vsys xmlapi iot <enable|disable>
set shared admin-role <name> role vsys restapi set shared admin-role <name> role vsys restapi objects set shared admin-role <name> role vsys restapi objects addresses <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects address-groups <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects regions <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects dynamic-user-groups <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects applications <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects application-groups <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects application-filters <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects services <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects service-groups <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects tags <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects devices <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects external-dynamic-lists <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects custom-data-patterns <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects custom-spyware-signatures <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects custom-vulnerability-signatures <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects custom-url-categories <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects antivirus-security-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects anti-spyware-security-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects vulnerability-protection-security-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects url-filtering-security-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects file-blocking-security-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects wildfire-analysis-security-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects data-filtering-security-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects dos-protection-security-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects security-profile-groups <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects log-forwarding-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects authentication-enforcements <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects decryption-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects decryption-forwarding-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects schedules <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects sdwan-path-quality-profiles <enable|read-only|disable> set shared admin-role <name> role vsys restapi objects sdwan-traffic-distribution-profiles <enable|read-only|disable>
set shared admin-role <name> role vsys restapi policies set shared admin-role <name> role vsys restapi policies security-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi policies nat-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi policies qos-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi policies policy-based-forwarding-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi policies decryption-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi policies tunnel-inspection-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi policies application-override-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi policies authentication-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi policies dos-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi policies sdwan-rules <enable|read-only|disable> set shared admin-role <name> role vsys restapi network set shared admin-role <name> role vsys restapi network zones <enable|read-only|disable> set shared admin-role <name> role vsys restapi device set shared admin-role <name> role vsys restapi device virtual-systems <enable|read-only|disable>
set shared icd set shared icd cloud-addr set shared icd cloud-addr address<value> set shared icd cloud-addr port <80-65535>
set vsys <name> import network logical-router [ <logical-router1> <logical-router2>... ] set vsys <name> log-settings email <name> server <name> protocol <SMTP|TLS> set vsys <name> log-settings email <name> server <name> port <1-65535> set vsys <name> log-settings email <name> server <name> tls-version <1.2|1.1> set vsys <name> log-settings email <name> server <name> auth <Auto|Login|Plain> set vsys <name> log-settings email <name> server <name> certificate-profile <value> set vsys <name> log-settings email <name> server <name> username <value> set vsys <name> log-settings email <name> server <name> password <value>
set vsys <name> log-settings email <name> format decryption <value> set vsys <name> log-settings syslog <name> format decryption <value> set vsys <name> log-settings http <name> format decryption set vsys <name> log-settings http <name> format decryption name <value> set vsys <name> log-settings http <name> format decryption url-format <value> set vsys <name> log-settings http <name> format decryption headers set vsys <name> log-settings http <name> format decryption headers <name> set vsys <name> log-settings http <name> format decryption headers <name> value <value> set vsys <name> log-settings http <name> format decryption params set vsys <name> log-settings http <name> format decryption params <name> set vsys <name> log-settings http <name> format decryption params <name> value <value> set vsys <name> log-settings http <name> format decryption payload <value>
set vsys<name> log-settings profiles <name> match-list <name> quarantine <yes|no> set vsys <name> ssl-tls-service-profile <name> protocol-settings enc-algo-chacha20-poly1305 <yes|no>
set vsys <name> redistribution-agent set vsys <name> redistribution-agent <name> set vsys <name> redistribution-agent <name> serial-number <value> set vsys <name> redistribution-agent <name> host-port set vsys <name> redistribution-agent <name> host-port host <ip/netmask>|<value> set vsys <name> redistribution-agent <name> host-port ldap-proxy <yes|no> set vsys <name> redistribution-agent <name> host-port port <1-65535> set vsys <name> redistribution-agent <name> host-port collectorname <value> set vsys <name> redistribution-agent <name> host-port secret <value> set vsys <name> redistribution-agent <name> disabled <yes|no> set vsys <name> redistribution-agent <name> ip-user-mappings <yes|no> set vsys <name> redistribution-agent <name> ip-tags <yes|no> set vsys <name> redistribution-agent <name> user-tags <yes|no> set vsys <name> redistribution-agent <name> hip <yes|no> set vsys <name> redistribution-agent <name> quarantine-list <yes|no>
set vsys <name> ipuser-include-exclude-list set vsys <name> ipuser-include-exclude-list include-exclude-network set vsys <name> ipuser-include-exclude-list include-exclude-network <name> set vsys <name> ipuser-include-exclude-list include-exclude-network <name> disabled <yes|no> set vsys <name> ipuser-include-exclude-list include-exclude-network <name> discovery <include|exclude> set vsys <name> ipuser-include-exclude-list include-exclude-network <name> network-address <ip/netmask> set vsys <name> ipuser-include-exclude-list include-exclude-network-sequence set vsys <name> ipuser-include-exclude-list include-exclude-network-sequence include-exclude-network [ <include-exclude-network1> <include-exclude-network2>... ]
set vsys <name> iptag-include-exclude-list set vsys <name> iptag-include-exclude-list include-exclude-network set vsys <name> iptag-include-exclude-list include-exclude-network <name> set vsys <name> iptag-include-exclude-list include-exclude-network <name> disabled <yes|no> set vsys <name> iptag-include-exclude-list include-exclude-network <name> discovery <include|exclude> set vsys <name> iptag-include-exclude-list include-exclude-network <name> network-address <ip/netmask> set vsys <name> iptag-include-exclude-list include-exclude-network-sequence set vsys <name> iptag-include-exclude-list include-exclude-network-sequence include-exclude-network [ <include-exclude-network1> <include-exclude-network2>... ]
set vsys <name> redistribution-collector set vsys <name> redistribution-collector setting set vsys <name> redistribution-collector setting collectorname <value> set vsys <name> redistribution-collector setting secret <value> set vsys <name> user-id-collector syslog-parse-profile <name> field-identifier address-per-log <1-3>
set vsys <name> zone <name> enable-device-identification <yes|no> set vsys <name> zone <name> device-acl set vsys <name> zone <name> device-acl include-list [ <include-list1> <include-list2>... ] set vsys <name> zone <name> device-acl exclude-list [ <exclude-list1> <exclude-list2>... ]
set vsys <name> sdwan-interface-profile <name> vpn-data-tunnel-support <yes|no> set vsys <name> sdwan-interface-profile <name> error-correction <yes|no>
set vsys <name> global-protect global-protect-portal <name> portal-config client-auth <name> auto-retrieve-passcode <yes|no> set vsys <name> global-protect global-protect-portal <name> portal-config log-success <yes|no> set vsys <name> global-protect global-protect-portal <name> portal-config log-fail <yes|no> set vsys <name> global-protect global-protect-portal <name> portal-config log-setting <value> set vsys <name> global-protect global-protect-portal <name> client-config configs <name> hip-collection custom-checks linux set vsys <name> global-protect global-protect-portal <name> client-config configs <name> hip-collection custom-checks linux process-list [ <process-list1> <process-list2>... ] set vsys <name> global-protect global-protect-gateway <name> client-auth <name> auto-retrieve-passcode <yes|no> set vsys <name> global-protect global-protect-gateway <name> block-quarantined-devices <yes|no> set vsys <name> global-protect global-protect-gateway <name> log-success <yes|no> set vsys <name> global-protect global-protect-gateway <name> log-fail <yes|no> set vsys <name> global-protect global-protect-gateway <name> log-setting <value>
set vsys <name> profiles virus <name> mlav-engine-filebased-enabled set vsys <name> profiles virus <name> mlav-engine-filebased-enabled <name> set vsys <name> profiles virus <name> mlav-engine-filebased-enabled <name> mlav-policy-action <enable|enable(alert-only)|disable> set vsys <name> profiles virus <name> decoder <name> mlav-action <default|allow|alert|drop|reset-client|reset-server|reset-both> set vsys <name> profiles virus <name> mlav-exception set vsys <name> profiles virus <name> mlav-exception <name> set vsys <name> profiles virus <name> mlav-exception <name> filename <value> set vsys <name> profiles virus <name> mlav-exception <name> description <value>
set vsys <name> profiles spyware <name> botnet-domains dns-security-categories set vsys <name> profiles spyware <name> botnet-domains dns-security-categories <name> set vsys <name> profiles spyware <name> botnet-domains dns-security-categories <name> action <default|allow|block|sinkhole> set vsys <name> profiles spyware <name> botnet-domains dns-security-categories <name> log-level <default|none|low|informational|medium|high|critical> set vsys <name> profiles spyware <name> botnet-domains dns-security-categories <name> packet-capture <disable|single-packet|extended-capture> set vsys <name> profiles spyware <name> botnet-domains whitelist set vsys <name> profiles spyware <name> botnet-domains whitelist <name> set vsys <name> profiles spyware <name> botnet-domains whitelist <name> description <value>
set vsys <name> profiles url-filtering <name> mlav-category-exception [ <mlav-category-exception1> <mlav-category-exception2>... ] set vsys <name> profiles url-filtering <name> mlav-engine-urlbased-enabled set vsys <name> profiles url-filtering <name> mlav-engine-urlbased-enabled <name> set vsys <name> profiles url-filtering <name> mlav-engine-urlbased-enabled <name> mlav-policy-action <block|alert|allow>
set vsys <name> profiles sdwan-saas-quality set vsys <name> profiles sdwan-saas-quality <name> set vsys <name> profiles sdwan-saas-quality <name> monitor-mode set vsys <name> profiles sdwan-saas-quality <name> monitor-mode adaptive set vsys <name> profiles sdwan-saas-quality <name> monitor-mode static-ip set vsys <name> profiles sdwan-saas-quality <name> monitor-mode static-ip ip-address set vsys <name> profiles sdwan-saas-quality <name> monitor-mode static-ip ip-address <name> set vsys <name> profiles sdwan-saas-quality <name> monitor-mode static-ip ip-address <name> probe-interval <1-3600> set vsys <name> profiles sdwan-saas-quality <name> monitor-mode static-ip fqdn set vsys <name> profiles sdwan-saas-quality <name> monitor-mode static-ip fqdn fqdn-name <value> set vsys <name> profiles sdwan-saas-quality <name> monitor-mode static-ip fqdn probe-interval <1-3600> set vsys <name> profiles sdwan-saas-quality <name> monitor-mode http-https set vsys <name> profiles sdwan-saas-quality <name> monitor-mode http-https monitored-url <value> set vsys <name> profiles sdwan-saas-quality <name> monitor-mode http-https probe-interval <1-3600>
set vsys <name> profiles sdwan-error-correction set vsys <name> profiles sdwan-error-correction <name> set vsys <name> profiles sdwan-error-correction <name> activation-threshold <1-99> set vsys <name> profiles sdwan-error-correction <name> mode set vsys <name> profiles sdwan-error-correction <name> mode forward-error-correction set vsys <name> profiles sdwan-error-correction <name> mode forward-error-correction ratio <10% (20:2)|20% (20:4)|30% (20:6)|40% (20:8)|50% (20:10)> set vsys <name> profiles sdwan-error-correction <name> mode forward-error-correction transmit-hold-timer <1-5000> set vsys <name> profiles sdwan-error-correction <name> mode packet-duplication set vsys <name> profiles sdwan-error-correction <name> mode packet-duplication transmit-hold-timer-pd <1-5000> set vsys <name> profiles decryption <name> ssl-forward-proxy block-tls13-downgrade-no-resource <yes|no> set vsys <name> profiles decryption <name> ssl-inbound-proxy block-tls13-downgrade-no-resource <yes|no>
set vsys <name> profiles decryption <name> ssl-protocol-settings enc-algo-chacha20-poly1305 <yes|no> set vsys <name> reports <name> type appstat group-by <serial|vsys_name|device_name|vsys|name|risk|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subcategory-of-name|category-of-name|risk-of-name|container-of-name|technology-of-name> set vsys <name> reports <name> type appstat sortby <nbytes|nsess|npkts|nthreats> set vsys <name> reports <name> type decryption set vsys <name> reports <name> type decryption aggregate-by [ <aggregate-by1> <aggregate-by2>... ] set vsys <name> reports <name> type decryption group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|vsys_name|device_name|tls_version|tls_keyxchg|tls_enc|tls_auth|ec_curve|err_index|root_status|proxy_type|policy_name|cn|issuer_cn|root_cn|sni|error|src_dag|dst_dag|src_edl|dst_edl|container_id|pod_namespace|pod_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time> set vsys <name> reports <name> type decryption sortby <repeatcnt|nunique-of-src_profile|nunique-of-dst_profile> set vsys <name> reports <name> type desum set vsys <name> reports <name> type desum aggregate-by [ <aggregate-by1> <aggregate-by2>... ] set vsys <name> reports <name> type desum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|srcuser|dstuser|vsys|tls_version|tls_keyxchg|tls_enc|tls_auth|policy_name|sni|error|err_index|src_edl|dst_edl|container_id|pod_namespace|pod_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|outbound_if|inbound_if|rule|dport|sport|proto> set vsys <name> reports <name> type desum values [ <values1> <values2>... ] set vsys <name> reports <name> type desum labels [ <labels1> <labels2>... ] set vsys <name> reports <name> type desum sortby <repeatcnt|nunique-of-src_profile|nunique-of-dst_profile> set vsys <name> reports <name> type threat group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|vsys_name|device_name|parent_session_id|parent_start_time|threatid|category|severity|direction|http_method|nssai_sst|http2_connection|xff_ip|threat_name|src_edl|dst_edl|dynusergroup_name|hostid|partial_hash|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|misc|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subcategory-of-app|category-of-app|technology-of-app|risk-of-app|container-of-app|pbf-s2c|pbf-c2s|flag-nat|flag-pcap|subtype|transaction|captive-portal|flag-proxy|non-std-dport|tunnelid|monitortag|users|category-of-threatid|threat-type> set vsys <name> reports <name> type wildfire group-by <app|category|category-of-app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl> set vsys <name> reports <name> type data values [ <values1> <values2>... ] set vsys <name> reports <name> type data labels [ <labels1> <labels2>... ] set vsys <name> reports <name> type data sortby <repeatcnt|nunique-of-users>
set vsys <name> reports <name> type data set vsys <name> reports <name> type data aggregate-by [ <aggregate-by1> <aggregate-by2>... ] set vsys <name> reports <name> type data group-by <action|app|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|subtype|technology-of-app|container-of-app|threatid|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|data-type|filename|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac> set vsys <name> reports <name> type thsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|rule|threatid|srcuser|dstuser|srcloc|dstloc|xff_ip|vsys|from|to|dport|action|severity|inbound_if|outbound_if|category|parent_session_id|parent_start_time|tunnel|direction|assoc_id|ppid|http2_connection|rule_uuid|threat_name|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subcategory-of-app|category-of-app|technology-of-app|risk-of-app|container-of-app|subtype|tunnelid|monitortag|category-of-threatid|threat-type> set vsys <name> reports <name> type thsum sortby <sessions|count|nunique-of-apps|nunique-of-users|nunique-of-src_profile|nunique-of-dst_profile> set vsys <name> reports <name> type traffic group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|vsys_name|device_name|parent_session_id|parent_start_time|category|session_end_reason|action_source|nssai_sst|nssai_sd|http2_connection|xff_ip|dynusergroup_name|src_edl|dst_edl|hostid|session_owner|policy_id|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|decrypt-mirror|threat-type|flag-nat|flag-pcap|captive-portal|flag-proxy|non-std-dport|transaction|sym-return|sessionid|sesscache_l7_done|subcategory-of-app|category-of-app|technology-of-app|risk-of-app|container-of-app|tunnelid|monitortag> set vsys <name> reports <name> type traffic sortby <repeatcnt|bytes|bytes_sent|bytes_received|packets|pkts_sent|pkts_received|chunks|chunks_sent|chunks_received|nunique-of-users|elapsed|nunique-of-src_profile|nunique-of-dst_profile> set vsys <name> reports <name> type urlsum group-by <serial|time_generated|vsys_name|device_name|app|category|src|dst|rule|srcuser|dstuser|srcloc|dstloc|vsys|from|to|dev_serial|inbound_if|outbound_if|dport|action|tunnel|url_domain|user_agent|http_method|http2_connection|parent_session_id|parent_start_time|rule_uuid|xff_ip|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|url_category_list|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|nunique-of-users|tunnelid|monitortag|subcategory-of-app|category-of-app|technology-of-app|risk-of-app|container-of-app> set vsys <name> reports <name> type trsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|xff_ip|rule|srcuser|dstuser|srcloc|dstloc|category|vsys|from|to|sessions|dport|action|tunnel|inbound_if|outbound_if|parent_session_id|parent_start_time|assoc_id|http2_connection|rule_uuid|src_edl|dst_edl|dynusergroup_name|s_decrypted|s_encrypted|hostid|nssai_sst|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subcategory-of-app|category-of-app|technology-of-app|risk-of-app|container-of-app|tunnelid|monitortag|standard-ports-of-app|ncontent> set vsys <name> reports <name> type trsum sortby <bytes|sessions|bytes_sent|bytes_received|nthreats|nftrans|ndpmatches|nurlcount|chunks|chunks_sent|chunks_received|ncontent|nunique-of-apps|nunique-of-users|nunique-of-src_profile|nunique-of-dst_profile> set vsys <name> reports <name> type tunnelsum group-by <action|app|category-of-app|dst|risk-of-app|rule|rule_uuid|src|subcategory-of-app|technology-of-app|container-of-app|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|serial|vsys_name|device_name|tunnelid|monitortag|parent_session_id|parent_start_time|tunnel|tunnel_insp_rule|src_dag|dst_dag|src_edl|dst_edl> set vsys <name> reports <name> type userid group-by <serial|time_generated|vsys_name|device_name|vsys|ip|user|datasourcename|beginport|endport|datasource|datasourcetype|factortype|factorcompletiontime|factorno|tag_name|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subtype> set vsys <name> reports <name> type auth group-by <serial|time_generated|vsys_name|device_name|vsys|ip|user|normalize_user|object|authpolicy|authid|vendor|clienttype|event|factorno|authproto|rule_uuid|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|serverprofile|desc|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac> set vsys <name> reports <name> type auth sortby <repeatcnt|time_generated|vendor> set vsys <name> reports <name> type iptag group-by <serial|time_generated|vsys_name|device_name|vsys|ip|tag_name|event_id|datasourcename|datasource_type|datasource_subtype|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time> set vsys <name> reports <name> type hipmatch group-by <serial|time_generated|vsys_name|device_name|srcuser|vsys|machinename|src|matchname|os|matchtype|srcipv6|hostid|devcategory|profile|model|vendor|osfamily|osversion|mac|devhost|source|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|hostname|osfamily|osversion>
set vsys <name> external-list <name> type predefined-url set vsys <name> external-list <name> type predefined-url exception-list [ <exception-list1> <exception-list2>... ] set vsys <name> external-list <name> type predefined-url description <value> set vsys <name> external-list <name> type predefined-url url <value>
set vsys <name> device-object set vsys <name> device-object <name> set vsys <name> device-object <name> description <value> set vsys <name> device-object <name> category [ <category1> <category2>... ] set vsys <name> device-object <name> profile [ <profile1> <profile2>... ] set vsys <name> device-object <name> osfamily [ <osfamily1> <osfamily2>... ] set vsys <name> device-object <name> os [ <os1> <os2>... ] set vsys <name> device-object <name> model [ <model1> <model2>... ] set vsys <name> device-object <name> vendor [ <vendor1> <vendor2>... ]
set vsys <name> rulebase security rules <name> source-hip [ <source-hip1> <source-hip2>... ] set vsys <name> rulebase security rules <name> destination-hip [ <destination-hip1> <destination-hip2>... ] set vsys <name> rulebase decryption rules <name> source-hip [ <source-hip1> <source-hip2>... ] set vsys <name> rulebase decryption rules <name> destination-hip [ <destination-hip1> <destination-hip2>... ] set vsys <name> rulebase decryption rules <name> log-success <yes|no> set vsys <name> rulebase decryption rules <name> log-fail <yes|no> set vsys <name> rulebase decryption rules <name> log-setting <value> set vsys <name> rulebase authentication rules <name> source-hip [ <source-hip1> <source-hip2>... ] set vsys <name> rulebase authentication rules <name> destination-hip [ <destination-hip1> <destination-hip2>... ] set vsys <name> rulebase qos rules <name> source-hip [ <source-hip1> <source-hip2>... ] set vsys <name> rulebase qos rules <name> destination-hip [ <destination-hip1> <destination-hip2>... ] set vsys <name> rulebase sdwan rules <name> saas-quality-profile <value> set vsys <name> rulebase sdwan rules <name> error-correction-profile <value>