PAN-OS® CLI Quick Start
  1. Home
  2. PAN-OS
  3. PAN-OS® CLI Quick Start
  4. Get Started with the CLI
  5. Find a Command
Previous
Next
The find command helps you find a command when you don't know where to start looking in the hierarchy. The command—which is available in all CLI modes—has two forms. Used alone, find command displays the entire command hierarchy. Used with the keyword parameter, find command keyword displays all commands that contain the specified keyword.
 You can also view a complete listing of all PAN-OS 7.1 CLI commands or view the CLI changes between the current and previous PAN-OS release.
View the Entire Command Hierarchy Find a Specific Command Using a Keyword Search
View the Entire Command Hierarchy
Use find command without any parameters to display the entire command hierarchy in the current command mode. For example, running this command from operational mode on a VM-Series Palo Alto Networks device yields the following (partial result):
admin@7-1-VM> find command
target set <value>
target show
schedule uar-report user <value> user-group <value> skip-detailed-browsing <yes|no> title <value> period <value> start-time <value> end-time <value> vsys <value>
schedule botnet-report period <last-calendar-day|last-24-hrs> topn <1-500> query <value>
clear arp <value>|<all>
clear neighbor <value>|<all>
clear mac <value>|<all>
clear job id <0-4294967295>
clear query id <0-4294967295>
clear query all-by-session
clear report id <0-4294967295>
clear report all-by-session
clear report cache
clear log traffic
clear log threat
clear log config
clear log system
clear log alarm
clear log acc
clear log hipmatch
clear log userid
clear log iptag
clear wildfire counters
clear counter interface
clear counter global name <value>
clear counter global filter category <value> severity <value> aspect <value> pac
ket-filter <yes|no>
clear counter all
clear session id <1-4294967295>
clear session all filter nat <none|source|destination|both> ssl-decrypt <yes|no> type <flow|predict> state <initial|opening|active|discard|closing|closed> from <value> to <value> source <ip/netmask> destination <ip/netmask> source-user <value> destination-user <value> source-port <1-65535> destination-port <1-65535> protocol <1-255> application <value> rule <value> nat-rule <value> qos-rule <value> pbf-rule <value> dos-rule <value> hw-interface <value> min-kb <1-1048576> qos-node-id <0-5000>|<-2> qos-class <1-8> vsys-name <value>|<any>
clear application-signature statistics
clear nat-rule-cache rule <value>
clear statistics
clear high-availability control-link statistics
clear high-availability transitions
clear vpn ike-sa gateway <value>
clear vpn ipsec-sa tunnel <value>
clear vpn ike-preferred-version gateway <value>
clear vpn ike-hashurl
clear vpn flow tunnel-id <1-2147483648>
clear dhcp lease all expired-only
clear dhcp lease interface clear dhcp lease interface <name> ip <ip/netmask>
:
Find a Specific Command Using a Keyword Search
Use find command keyword to locate all commands that have a specified keyword.
admin@7-1-VM# find command keyword <keyword>
For example, suppose you want to configure certificate authentication and you want the Palo Alto Networks device to get the username from a field in the certificate, but you don’t know the command. In this case you might use find command keyword to search for commands that contain username in the command syntax.
admin@7-1-VM> configure
Entering configuration mode
[edit]
admin@7-1-VM# find command keyword username
show shared certificate-profile <name> username-field
set deviceconfig system log-export-schedule <name> protocol ftp username <value>
set deviceconfig system log-export-schedule <name> protocol scp username <value>
set deviceconfig setting wildfire session-info-select exclude-username <yes|no>
set mgt-config password-complexity block-username-inclusion <yes|no>
set network interface ethernet <name> layer3 pppoe username <value>
set shared authentication-profile <name> username-modifier <value>|<validate>|<%USERINPUT%|%USERINPUT%@%USERDOMAIN%|%USERDOMAIN%\%USERINPUT%>
set shared certificate-profile <name> username-field
set shared certificate-profile <name> username-field subject <common-name>
set shared certificate-profile <name> username-field subject-alt <email|principal-name>
set vm-info-source <name> VMware-ESXi username <value>
set vm-info-source <name> VMware-vCenter username <value>
set user-id-collector setting ntlm-username <value>
set user-id-collector syslog-parse-profile <name> regex-identifier username-regex <value>
set user-id-collector syslog-parse-profile <name> field-identifier username-prefix <value>
set user-id-collector syslog-parse-profile <name> field-identifier username-delimiter <value>
[edit]
admin@7-1-VM#
From the resulting lists of commands, you can identify that the command you need is:
admin@7-1-VM# set shared certificate-profile <name> username-field
If you’re not sure exactly what to enter in the command line, you can then Get Help on Command Syntax.
Previous
Next

Related Documentation

CLI Jump Start

CLI Jump Start The following table provides quick start information for configuring the features of Palo Alto Networks devices from the CLI. Where applicable for ...

Monitor and Troubleshoot DHCP

Monitor and Troubleshoot DHCP You can view the status of dynamic address leases that your DHCP server has assigned or that your DHCP client has ...

DHCP Addressing

DHCP Addressing DHCP Address Allocation Methods DHCP Leases DHCP Address Allocation Methods There are three ways that a DHCP server either assigns or sends an ...

Get Help on Command Syntax

Get Help on Command Syntax After you Find a Command you can get help on the specific command syntax by using the built-in CLI help. ...

CLI Cheat Sheet: Networking

CLI Cheat Sheet: Networking Use the following table to quickly locate commands for common networking tasks: If you want to . . . Use . ...

Device > Setup > Operations

Device > Setup > Operations Device > Setup > Operations Panorama > Setup > Operations You can perform the following tasks to manage the running ...

Run the Test Authentication Command

Run the Test Authentication Command Run the Test Authentication Command On the PAN-OS firewall or Panorama server, Configure an authentication profile. You do not need ...

Device > Setup > Management

Device > Setup > Management Device > Setup > Management Panorama > Setup > Management On a firewall, select Device > Setup > Management to ...

CLI Cheat Sheet: User-ID

CLI Cheat Sheet: User-ID Use the following commands to perform common User-ID configuration and monitoring tasks. To see more comprehensive logging information enable debug mode ...

Test a Local Database Authentication Profile

Test a Local Database Authentication Profile The following example shows how to test a Local Database authentication profile named LocalDB for a user named User1-LocalDB ...

© 2019 Palo Alto Networks, Inc. All rights reserved.