Use the Device Toolkit
Table of Contents
Expand all | Collapse all
-
- Prisma Access for Networks Non-Aggregate Bandwidth Licensing
- IPSec Termination Nodes Within Prisma
- IPSec Termination Node Logic (Panorama Managed)
- Determine Region Bandwidth Utilization
- Determine IPSec Termination Nodes Method #1 (Remote Networking On-Boarding)
- Determine IPSec Termination Nodes Method #2 (Panorama API Method)
- IPSec Termination Node Conventions and Tag Nomenclature
-
- Onboard a Non-ECMP Enabled Site
- Set Additional Information Tag
- Configure BGP
- Assign Interface-Level Tags for Non-ECMP Sites
- Prisma Access for Networks Region List
- Prisma Access CloudBlade Tag Information
- Edit Application Policy Network Rules
- Understand Service and Data Center Groups
- Verify Standard VPN Endpoints
- Configure Standard Groups
- Assign Domains to Sites
- Use Groups in Network Policy Rules
- Enable, Pause, Disable, and Uninstall the Integration
Use the Device Toolkit
312 PIC
The following device toolkit commands
provide Standard VPN status and statistics.
dump servicelink summary all
# dump servicelink summary all -------------- SERVICE LINKS ---------------------------------- Total : 3 TotalUP : 3 TotalDown : 0--------------------------------------------------------------- SlDev SlName StatusExtState ParentDev LocalIP PeerType IpsecProfile --------------------------------------------------------------- sl1 AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_1 up tunnel_up eth1 10.65.13.75 13.3 7.21.105 IPsec AUTO-PRISMA_IPSEC-Profile sl2 AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_2 up tunnel_up eth2 10.65.13.101 13.37.21.105 IPsec AUTO-PRISMA_IPSEC-Profile sl3 AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_3 up tunnel_up eth3 10.65.13.63 13.37.21.105 IPsec AUTO-PRISMA_IPSEC-Profile
dump interface config <SL Name>
# dump interface config AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_3 Interface : AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_3 Description : Prisma Access info: Ecmp Onboarding: AUTO-CGX_4GWDVZPEUK4_ECMP_b930 IPSEC Tunnel: AUTO-CGX_4GWDVZPEUK4_03_b930 IKE Gateway: AUTO-CGX_4GWDVZPEUK4_03_b930 Prisma License: AGGREGATE ID : 16401072290950137 Type : service_link (ipsec) Admin State : up Alarms : enabled NetworkContextID : IpfixCollectorContextID : IpfixFilterContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : 172.16.0.4/31 Parent Interface : 3 Parent Device : eth3 Peer : 13.37.21.105 Service Endpoint : Prisma France North (eu-west-3) IPSec Profile : AUTO-PRISMA_IPSEC-Profile Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel@mycompany.com Key Exchange : ikev2 IKE Reauth : no IKE Lifetime : 8 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : ecp384/aes256/sha512 ESP Lifetime : 1 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : ecp384/aes256/sha512 DPD Enabled : yes DPD Delay : 10 DPD Timeout : 30 Authentication Override Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel.2@mycompany.com
dump servicelink status
ServiceLink : sl1 Interface : AUTO-PRISMA_IPSEC-Tunnel_eu-west-3_1 Description : Prisma Access info: Ecmp Onboarding: AUTO-CGX_4GWDVZPEUK4_ECMP_b930 IPSEC Tunnel: AUTO-CGX_4GWDVZPEUK4_01_b930 IKE Gateway: AUTO-CGX_4GWDVZPEUK4_01_b930 Prisma License: AGGREGATE ID : 16401072282390080 Type : service_link (ipsec) Admin State : up Alarms : enabled NetworkContextID : IpfixCollectorContextID : IpfixFilterContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : 172.16.0.0/31 Parent Interface : 1 Parent Device : eth1 Peer : 13.37.21.105 Service Endpoint : Prisma France North (eu-west-3) IPSec Profile : AUTO-PRISMA_IPSEC-Profile Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel@mycompany.com Key Exchange : ikev2 IKE Reauth : no IKE Lifetime : 8 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : ecp384/aes256/sha512 ESP Lifetime : 1 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : ecp384/aes256/sha512 DPD Enabled : yes DPD Delay : 10 DPD Timeout : 30 Authentication Override Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel.0@mycompany.com Device : sl1 State : up Last Change : 2021-12-21 17:42:25.300 (13h1m6s ago) Address : 172.16.0.0/31 Route : 0.0.0.0/0 via 172.16.0.0 metric 0 Extended State : tunnel_up IPSec Algo : AES_CBC_256_HMAC_SHA2_512_256 Ike Algo : AES_CBC_256HMAC_SHA2_512_256 Remote IP : 13.37.21.105 Local IP : 10.65.13.75 IkeLastRekeyed : 2021-12-22 01:19:09.464995104 +0000 UTC IkeNextRekey : 2021-12-22 08:47:37.464995715 +0000 UTC IPsecLastRekeyed: 2021-12-22 06:22:01.044216549 +0000 UTC IPsecNextRekey : 2021-12-22 07:10:47.044217863 +0000 UTC Peer configured on interface Ipv4Addr: 13.37.21.105 --------------------------------------------------------------- Liveliness probe status --------------------------------------------------------------- Type : icmp Ipv4 : 8.8.8.8 Status : true Latency(ms) : 194 Last updated : 2021-12-21T18:49:44
dump servicelink stats
# dump servicelink stats sldev=sl1 Type: IPSECNo of times IkeRekeyed : 1 No of times ChildRekeyed : 15 No of times HoldDown : 0 No of times TunnelUp : 1 No of times TunnelDown : 18 No of Incoming Bytes : 2590182 No of Outgoing Bytes : 1564073 No of Incoming Packets : 34181 No of Outgoing Packets : 19951
For more information on device toolkit commands, refer to the Prisma SD-WAN ION Device CLI
Reference.