End-of-Life (EoL)
After you Find a Command you can get help on the specific command syntax by using the built-in CLI help. To get help, enter a ? at any level of the hierarchy.
Get Help on a Command
For example, suppose you want to configure the primary DNS server settings on the Palo Alto Networks device using find command keyword with dns as the keyword value, you already know that the command is set deviceconfig system dns-setting , but you’re not exactly sure how to use the command to set the primary DNS server setting. In this case, you would enter as much of the command as you know (or start typing it and press Tab for automatic command completion), and then add a question mark at the end of the line before pressing Enter, like this:
admin@PA-3060# set deviceconfig system dns-setting ?
> dns-proxy-object Dns proxy object to use for resolving fqdns
> servers Primary and secondary dns servers
<Enter> Finish input
Notice that the question mark doesn’t appear in the command line when you type it, but a list of the available commands appears. You can continue getting syntactical help all through the hierarchy:
admin@7-1-VM# set deviceconfig system dns-setting servers ?
+ primary Primary DNS server IP address
+ secondary Secondary DNS server IP address
<Enter> Finish input
admin@7-1-VM# set deviceconfig system dns-setting servers primary ?
<ip> <ip>
Use the Tab key in the middle of entering a command and the command will automatically complete, provided there are no other commands that match the letters you have typed thus far. For example, if you type set dev and then press Tab, the CLI will recognize that the command you are entering is deviceconfig and automatically finish populating the command line.
Interpret the Command Help
Use the following table to help interpret the command options you see when you use the ? to get help.
Symbol Description
* Indicates that the option is required. For example, when importing a configuration over secure copy (SCP), specifying the from parameter is required, as indicated by the * from notation. admin@PA-3060> scp import configuration ? + remote-port SSH port number on remote host + source-ip Set source address to specified interface address * from Source (username@host:path)
> Indicates that there are additional nested commands. For example, when configuring DNS settings, there are additional nested commands for configuring a DNS proxy object and for specifying primary and secondary DNS servers: admin@PA-3060# set deviceconfig system dns-setting ? > dns-proxy-object Dns proxy object to use for resolving fqdns > servers Primary and secondary dns servers <Enter> Finish input
+ Indicates that the option has an associated value that you must enter. For example, when setting up a high availability configuration, notice that the + enabled notation indicates that you must supply a value for this option: admin@PA-3060# set deviceconfig high-availability ? + enabled enabled > group HA group configuration > interface HA interface configuration <Enter> Finish input Getting help for the enabled option shows that you must enter a value of yes or no : admin@PA-3060# set deviceconfig high-availability enabled ? no no yes yes
| Allows you to filter command output. You can either specify a match value, which will only show command output that matches the value you specify, or you can specify an except value, which will only show command output except for the value you specify. For example, use the | match option to display only the app-version in the output of the show system info command: admin@PA-3060> show system info | match app-version app-version: 500-2712 Similarly, to show all users in your group lists who are not part of your organization, you should show the user group list, but exclude the organizational unit (ou) for your organization. Notice that, although there are a total of 4555 user-to-group mappings, with the | except filter you can easily see the small list of users who are part of external groups: admin@PA-3060> show user group list | except ou=acme cn=sap_globaladmin,cn=users,dc=acme,dc=local cn=dnsupdateproxy,ou=admin groups,ou=administrator accounts,dc=acme,dc=local cn=dhcp administrators,ou=admin groups,ou=administrator accounts,dc=acme,dc=local cn=helpservicesgroup,cn=users,dc=acme,dc=local cn=exchange domain servers,cn=users,dc=acme,dc=local cn=network configuration operators,cn=builtin,dc=acme,dc=local cn=dhcp users,ou=admin groups,ou=administrator accounts,dc=acme,dc=local cn=exchange windows permissions,ou=microsoft exchange security groups,dc=acme,dc=local cn=wins users,cn=users,dc=acme,dc=local cn=enterprise read-only domain controllers,cn=users,dc=acme,dc=local cn=print-server-admins,ou=admin groups,ou=administrator accounts,dc=acme,dc=local cn=telnetclients,cn=users,dc=acme,dc=local cn=servicenowpasswordreset,ou=admin groups,ou=administrator accounts,dc=acme,dc=local cn=delegated setup,ou=microsoft exchange security groups,dc=acme,dc=local Total: 4555 * : Custom Group </result></response> admin@PA-3060>

Recommended For You