CLI Commands for Dynamic IP Addresses and Tags
The Command Line Interface on the firewall and Panorama give you a detailed view into the different sources from which tags and IP addresses are dynamically registered. It also allows you to audit registered and unregistered tags. The following examples illustrate the capabilities in the CLI.
View all registered IP addresses that match the tag, state.poweredOn or that are not tagged as vSwitch0.
show log iptag tag_name equal state.poweredOnshow log iptag tag_name not-equal switch.vSwitch0
View all dynamically registered IP addresses that were sourced by VM Information Source with name vmware1 and tagged as poweredOn.
show vm-monitor source source-name vmware1 tag state.poweredOn registered-ip all registered IP Tags ---------------------- --------------- fe80::20c:29ff:fe69:2f76 "state.poweredOn" 10.1.22.100 "state.poweredOn" 2001:1890:12f2:11:20c:29ff:fe69:2f76"state.poweredOn" fe80::20c:29ff:fe69:2f80 "state.poweredOn" 192.168.1.102 "state.poweredOn" 10.1.22.105 "state.poweredOn" 2001:1890:12f2:11:2cf8:77a9:5435:c0d"state.poweredOn" fe80::2cf8:77a9:5435:c0d "state.poweredOn"
Clear all IP addresses and tags learned from a specific VM Monitoring source without disconnecting the source.
debug vm-monitor clear source-name <name>
Display IP addresses registered from all sources.
show object registered-ip all
Display the count for IP addresses registered from all sources.
show object registered-ip all option count
Clear IP addresses registered from all sources
debug object registered-ip clear all
Add or delete tags for a given IP address that was registered using the XML API.
debug object registered-ip test [<register/unregister>] <ip/netmask><tag>
View all tags registered from a specific information source.
show vm-monitor source source-name vmware1 tag all vlanId.4095 vswitch.vSwitch1 host-ip.10.1.5.22 portgroup.TOBEUSED hostname.panserver22 portgroup.VM Network 2 datacenter.ha-datacenter vlanId.0 state.poweredOn vswitch.vSwitch0 vmname.Ubuntu22-100 vmname.win2k8-22-105 resource-pool.Resources vswitch.vSwitch2 guestos.Ubuntu Linux 32-bit guestos.Microsoft Windows Server 2008 32-bit annotation. version.vmx-08 portgroup.VM Network vm-info-source.vmware1 uuid.564d362c-11cd-b27f-271f-c361604dfad7 uuid.564dd337-677a-eb8d-47db-293bd6692f76 Total: 22
View all tags registered from a specific data source, for example from the VM Monitoring Agent on the firewall, the XML API, Windows User-ID Agent or the CLI.
View all tags that are registered for a specific IP address (across all sources).
debug object registered-ip show tag-source ip ip_address tag all
Use Tags to Group and Visually Distinguish Objects
Use Tags to Group and Visually Distinguish Objects You can tag objects to group related items and add color to the tag in order to ...
Use Dynamic Address Groups in Policy
Use Dynamic Address Groups in Policy Dynamic address groups are used in policy. They allow you to create policy that automatically adapts to changes—adds, moves, ...
Objects > Address Groups
Objects > Address Groups To simplify the creation of security policies, addresses that require the same security settings can be combined into address groups. An ...
Register IP Addresses and Tags Dynamically
Register IP Addresses and Tags Dynamically To mitigate the challenges of scale, lack of flexibility and performance, the architecture in networks today allows for clients, ...
Set Up VM Monitoring on Azure
To start collecting IP address-to-tag mapping, set up the VM Monitoring agent to execute as a cron task. ...
Policy Policies allow you to enforce rules and take action. The different types of policy rules that you can create on the firewall are: Security, ...
Objects > Tags
Objects > Tags Tags allow you to group objects using keywords or phrases. Tags can be applied to address objects, address groups (static and dynamic), ...
Use the Tag Browser
Use the Tag Browser Policies > Rulebase (Security, NAT, QoS...) The tag browser presents a summary of all the tags used within a rulebase (policy ...
Use the Tag Browser
Use the Tag Browser The tag browser provides a way to view all the tags used within a rulebase. In rulebases with a large number ...