Next-Generation Firewall
Get Started with the CLI
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
Get Started with the CLI
Learn how to use the PAN command-line interface (CLI) to monitor and configure your
firewall or Panorama device, including access methods, SSH connections, and basic
navigation.
Where Can I Use This? | What Do I Need? |
---|---|
NGFW (Managed by PAN-OS or Panorama) |
|
Every Palo Alto Networks device includes a command-line interface (CLI) that allows
you to monitor and configure the device. Although this guide does not provide
detailed command reference information, it does provide the information you need to
learn how to use the CLI. It includes information to help you find the command you
need and how to get syntactical help after you find it. It also explains how to
verify the SSH connection to the firewall when you access the CLI remotely, and how
to refresh the SSH keys and configure key options when connecting to the management
interface.
Use a terminal emulator, such as PuTTY, to connect to the CLI of a Palo Alto Networks
device in one of the following ways:
- SSH Connection—To ensure you are logging in to your firewall and not a malicious device, you can verify the SSH connection to the firewall when you perform initial configuration. After you have completed initial configuration, you can establish a CLI connection over the network using a secure shell (SSH) connection.
- Serial Connection—If you have not yet completed initial configuration or if you chose not to enable SSH on the Palo Alto Networks device, you can establish a direct serial connection from a serial interface on your management computer to the Console port on the device.
- Launch the terminal emulation software and select the type of connection (Serial or SSH).
- To establish an SSH connection, enter the hostname or IP address of the device you want to connect to and set the port to 22.
- To establish a Serial connection, connect a serial interface on management computer to the Console port on the device. Configure the Serial connection settings in the terminal emulation software as follows:
- Data rate: 9600
- Data bits: 8
- Parity: none
- Stop bits: 1
- Flow control: none
When prompted to log in, enter your administrative username.The default superuser username is admin. To set up CLI access for other administrative users, see Give Administrators Access to the CLI.If prompted to acknowledge the login banner, enter Yes.Enter the administrative password.The default superuser password is admin. However, for security reasons you should immediately change the admin password.After you log in, the message of the day displays, followed by the CLI prompt in Operational mode:username@hostname>
You can tell you are in operational mode because the command prompt ends with a >.