|
If you want to . . . |
Use . . . |
M-Series Appliance Mode of Operation (Panorama, Log Collector, or PAN-DB Private Cloud Mode)
Switching the mode reboots the M-Series appliance, deletes any existing log data, and deletes all configurations except the management access settings.
|
|
Display the current operational mode.
|
> show system info | match system-mode
|
|
Switch from Panorama mode to Log Collector mode.
|
> request system system-mode logger
|
|
Switch from Panorama mode to PAN-DB private cloud mode (M-500 appliance only).
|
> request system system-mode panurldb
|
|
Switch from Log Collector mode or PAN-DB private cloud mode (M-500 appliance only) to Panorama mode.
|
> request system system-mode panorama
|
|
Panorama Management Server
|
|
Change the output for show commands to a format that you can run as CLI commands.
|
> set cli config-output-mode set
The following is an example of the output for the
show device-group
command after setting the output format:
# show device-group branch-offices
set device-group branch-offices devices
set device-group branch-offices pre-rulebase
...
|
|
Enable or disable the connection between a firewall and Panorama. You must enter this command from the firewall CLI.
|
> set panorama [off | on]
|
|
Synchronize the configuration of M-Series appliance high availability (HA) peers.
|
> request high-availability sync-to-remote [running-config | candidate-config]
|
|
Reboot multiple firewalls or Dedicated Log Collectors.
|
> request batch reboot [devices | log-collectors] <serial-number>
|
|
Device Groups and Templates
|
|
Show the history of device group commits, status of the connection to Panorama, and other information for the firewalls assigned to a device group.
|
> show devicegroups name <device-group-name>
|
|
Show the history of template commits, status of the connection to Panorama, and other information for the firewalls assigned to a template.
|
> show templates name <template-name>
|
|
Show all the policy rules and objects pushed from Panorama to a firewall. You must enter this command from the firewall CLI.
|
> show config pushed-shared-policy
|
|
Show all the network and device settings pushed from Panorama to a firewall. You must enter this command from the firewall CLI.
|
> show config pushed-template
|
|
Log Collection
|
|
Show the current rate at which the Panorama management server or a Dedicated Log Collector receives firewall logs.
|
> debug log-collector log-collection-stats show incoming-logs
|
|
Show status information for log forwarding to the Panorama management server or a Dedicated Log Collector from a particular firewall (for example, the last received and generated log of each type).
When you run this command at the firewall CLI (skip the
device <firewall-serial-number>
argument), the output also shows how many logs the firewall has forwarded.
|
> show logging-status device <firewall-serial-number>
|
|
Clear logs by type.
Running this command on the Panorama management server clears logs that Panorama and Dedicated Log Collectors generated, as well as any firewall logs that the Panorama management server collected. Running this command on a Dedicated Log Collector clears the logs that it collected from firewalls.
|
> clear log [acc | alarm | config | hipmatch | system | threat | traffic]
|
