Prisma SD-WAN
Use the Device Toolkit
Table of Contents
Use the Device Toolkit
Understand the device toolkit commands to get information on Standard VPN status and
statistics.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The dump servicelink summary all, dump interface config
interface, dump servicelink status, dump
servicelink stats device toolkit commands provide Standard VPN status and
statistics.
Use the Device Toolkit (Panorama Managed CloudBlade)
dump servicelink summary all
# dump servicelink summary all -------------- SERVICE LINKS ---------------------------------- Total : 3 TotalUP : 3 TotalDown : 0--------------------------------------------------------------- SlDev SlName StatusExtState ParentDev LocalIP PeerType IpsecProfile --------------------------------------------------------------- sl1 AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_1 up tunnel_up eth1 10.65.13.75 13.3 7.21.105 IPsec AUTO-PRISMA_IPSEC-Profile sl2 AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_2 up tunnel_up eth2 10.65.13.101 13.37.21.105 IPsec AUTO-PRISMA_IPSEC-Profile sl3 AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_3 up tunnel_up eth3 10.65.13.63 13.37.21.105 IPsec AUTO-PRISMA_IPSEC-Profile
dump interface config <SL Name>
# dump interface config AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_3 Interface : AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_3 Description : Prisma Access info: Ecmp Onboarding: AUTO-CGX_4GWDVZPEUK4_ECMP_b930 IPSEC Tunnel: AUTO-CGX_4GWDVZPEUK4_03_b930 IKE Gateway: AUTO-CGX_4GWDVZPEUK4_03_b930 Prisma License: AGGREGATE ID : 16401072290950137 Type : service_link (ipsec) Admin State : up Alarms : enabled NetworkContextID : IpfixCollectorContextID : IpfixFilterContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : 172.16.0.4/31 Parent Interface : 3 Parent Device : eth3 Peer : 13.37.21.105 Service Endpoint : Prisma France North (eu-west-3) IPSec Profile : AUTO-PRISMA_IPSEC-Profile Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel@mycompany.com Key Exchange : ikev2 IKE Reauth : no IKE Lifetime : 8 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : ecp384/aes256/sha512 ESP Lifetime : 1 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : ecp384/aes256/sha512 DPD Enabled : yes DPD Delay : 10 DPD Timeout : 30 Authentication Override Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel.2@mycompany.com
dump servicelink status
ServiceLink : sl1 Interface : AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_1 Description : Prisma Access info: Ecmp Onboarding: AUTO-CGX_4GWDVZPEUK4_ECMP_b930 IPSEC Tunnel: AUTO-CGX_4GWDVZPEUK4_01_b930 IKE Gateway: AUTO-CGX_4GWDVZPEUK4_01_b930 Prisma License: AGGREGATE ID : 16401072282390080 Type : service_link (ipsec) Admin State : up Alarms : enabled NetworkContextID : IpfixCollectorContextID : IpfixFilterContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : 172.16.0.0/31 Parent Interface : 1 Parent Device : eth1 Peer : 13.37.21.105 Service Endpoint : Prisma France North (eu-west-3) IPSec Profile : AUTO-PRISMA_IPSEC-Profile Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel@mycompany.com Key Exchange : ikev2 IKE Reauth : no IKE Lifetime : 8 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : ecp384/aes256/sha512 ESP Lifetime : 1 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : ecp384/aes256/sha512 DPD Enabled : yes DPD Delay : 10 DPD Timeout : 30 Authentication Override Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel.0@mycompany.com Device : sl1 State : up Last Change : 2021-12-21 17:42:25.300 (13h1m6s ago) Address : 172.16.0.0/31 Route : 0.0.0.0/0 via 172.16.0.0 metric 0 Extended State : tunnel_up IPSec Algo : AES_CBC_256_HMAC_SHA2_512_256 Ike Algo : AES_CBC_256HMAC_SHA2_512_256 Remote IP : 13.37.21.105 Local IP : 10.65.13.75 IkeLastRekeyed : 2021-12-22 01:19:09.464995104 +0000 UTC IkeNextRekey : 2021-12-22 08:47:37.464995715 +0000 UTC IPsecLastRekeyed: 2021-12-22 06:22:01.044216549 +0000 UTC IPsecNextRekey : 2021-12-22 07:10:47.044217863 +0000 UTC Peer configured on interface Ipv4Addr: 13.37.21.105 --------------------------------------------------------------- Liveliness probe status --------------------------------------------------------------- Type : icmp Ipv4 : 8.8.8.8 Status : true Latency(ms) : 194 Last updated : 2021-12-21T18:49:44
dump servicelink stats
# dump servicelink stats sldev=sl1 Type: IPSECNo of times IkeRekeyed : 1 No of times ChildRekeyed : 15 No of times HoldDown : 0 No of times TunnelUp : 1 No of times TunnelDown : 18 No of Incoming Bytes : 2590182 No of Outgoing Bytes : 1564073 No of Incoming Packets : 34181 No of Outgoing Packets : 19951
For more information on device toolkit commands, refer to the Prisma SD-WAN.
Use the Device Toolkit (Cloud Managed CloudeBlade)
dump servicelink summary
all
Public-BLR-Branch3K#dump servicelink summary all -------------- SERVICE LINKS ---------------------------------- Total : 3 TotalUP : 3 TotalDown : 0--------------------------------------------------------------- SlDev SlName Status ExtState ParentDev LocalIP Peer Type IpsecProfile --------------------------------------------------------------- sl1 AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_3 up tunnel_up eth3 10.65.14.220 13.36.105.111 IPsec AUTO-PRISMA_IPSEC-Profiles l5 AUTO-PRISMA_IPSEC-Tunnel_eu-west-1_2 up tunnel_up eth2 10.65.14.182 54.155.42.17 IPsec AUTO-PRISMA_IPSEC-Profiles l6 AUTO-PRISMA_IPSEC-Tunnel_eu-west-1_6.1 up tunnel_up eth6.1 10.65.14.233 54.155.42.17 IPsec AUTO-PRISMA_IPSEC-Profile
dump interface config
interface
Public-BLR-Branch3K# dump interface config AUTO-PRISMA_IPSEC-Tunnel_eu-west-1_2 Interface : AUTO-PRISMA_IPSEC-Tunnel_eu-west-1_2 Description : Prisma Access info: Remote Onboarding: AUTO-CGX_4FGSWEMJM9Y_02_3730 IPSEC Tunnel: AUTO-CGX_4FGSWEMJM9Y_02_3730 IKE Gateway: AUTO-CGX_4FGSWEMJM9Y_02_3730 Prisma License: FWAAS-AGGREGATE ID : 16249349845770079 Type : service_link (ipsec) Admin State : up Alarms : enabled NetworkContextID : IpfixCollectorContextID : IpfixFilterContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : 172.16.0.14/31 Parent Interface : 2 Parent Device : eth2 Peer : 54.155.42.17 Service Endpoint : Prisma Ireland (eu-west-1) IPSec Profile : AUTO-PRISMA_IPSEC-Profile Authentication Type : none Key Exchange : ikev2 IKE Reauth : no IKE Lifetime : 8 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : ecp384/aes256/sha512 ESP Lifetime : 1 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : ecp384/aes256/sha512 DPD Enabled : yes DPD Delay : 10 DPD Timeout : 30 Authentication Override Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel.7@mycompany.com
dump servicelink
status
Public-BLR-Branch3K# dump servicelink status slname=AUTO-PRISMA_IPSEC-Tunnel_eu-west-1_2 ServiceLink : sl5 Interface : AUTO-PRISMA_IPSEC-Tunnel_eu-west-1_2 Description : Prisma Access info: Remote Onboarding: AUTO-CGX_4FGSWEMJM9Y_02_3730 IPSEC Tunnel: AUTO-CGX_4FGSWEMJM9Y_02_3730 IKE Gateway: AUTO-CGX_4FGSWEMJM9Y_02_3730 Prisma License: FWAAS-AGGREGATE ID : 16249349845770079 Type : service_link (ipsec) Admin State : up Alarms : enabled NetworkContextID : IpfixCollectorContextID : IpfixFilterContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : 172.16.0.14/31 Parent Interface : 2 Parent Device : eth2 Peer : 54.155.42.17 Service Endpoint : Prisma Ireland (eu-west-1) IPSec Profile : AUTO-PRISMA_IPSEC-Profile Authentication Type : none Key Exchange : ikev2 IKE Reauth : no IKE Lifetime : 8 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : ecp384/aes256/sha512 ESP Lifetime : 1 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : ecp384/aes256/sha512 DPD Enabled : yes DPD Delay : 10 DPD Timeout : 30 Authentication Override Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel.7@mycompany.com Device : sl5 State : up Last Change : 2021-06-29 09:39:57.339 (35m57s ago) Address : 172.16.0.14/31 Route : 0.0.0.0/0 via 172.16.0.14 metric 0 Extended State : tunnel_up IPSec Algo : AES_CBC_256_HMAC_SHA2_512_256 Ike Algo : AES_CBC_256HMAC_SHA2_512_256 Remote IP : 54.155.42.17 Local IP : 10.65.14.182 IkeNextRekey : 2021-06-29 16:55:33.326195219 +0000 UTC IPsecNextRekey : 2021-06-29 10:28:17.326193834 +0000 UTC Peer configured on interface Ipv4Addr: 54.155.42.17 --------------------------------------------------------------- Liveliness probe status --------------------------------------------------------------- Type : icmp Ipv4 : 192.168.200.254 Status : true Latency(ms) : 156 Last updated : 2021-06-29T10:13:35
dump servicelink
stats
Public-BLR-Branch3K# dump servicelink stats slname=AUTO-PRISMA_IPSEC-Tunnel_eu-west-1_2 Type: IPSEC No of times IkeRekeyed : 0 No of times ChildRekeyed : 2 No of times HoldDown : 0 No of times TunnelUp : 8 No of times TunnelDown : 10 No of Incoming Bytes : 370190 No of Outgoing Bytes : 120773 No of Incoming Packets : 4750 No of Outgoing Packets : 2073
For more information on device toolkit commands, refer to the Prisma SD-WAN.
