Manage LDAP Users and Groups Commands
| Command | Description |
|---|---|
| show user group list | Lists all the Active Directory group that Paloalto firewall reads from LDAP profile |
| show user group-mapping statistics | List total groups with details of last sync and next sync time |
| debug user-id refresh group-mapping all | Forcefully refresh group mapping |
| show user group name "mention group name as show in show user group list command" | Use double quote to retrieve members of specific Active Directory group |
IPSec VPN Troubleshooting Commands
| Command | Description |
|---|---|
| show vpn ike-sa gateway | List Phase 1 info of specific tunnel |
| show vpn ipsec-sa | List Phase 2 details of all IPSec tunnels |
| show vpn ipsec-sa | match | List Phase 2 info of a specify tunnel that matches the text |
| show vpn ipsec-sa tunnel | List Phase 2 info of a specify tunnel |
| show vpn flow name | Verify traffic passes through tunnel. If encapsulation bytes are increasing and decapsulation is constant, then the firewall is sending traffic via tunnel but is not receiving packets. |
| less mp-log ikemgr.log | View IPSec VPN related logs |
| clear vpn ike-sa gateway | Clear Phase 1 |
| clear vpn ipsec-sa tunnel | Clear Phase 2 |
If you open a file, use these commands to perform certain actions
- q to exit log file and return to prompt
- shift + g to end of file
- g to beginning of file
- /keyword to search specific text, while you are searching, use n for next line and shift + n for previous line
- use arrow keys to scroll up and down
