Paloalto下一代防火墻運維手冊V

Paloalto防火墻運維手冊目錄TOC\o"1-5"\h\z\o"CurrentDocument".下一代防火墻產(chǎn)品簡介 2\o"CurrentDocument".查看會話 4\o"CurrentDocument"查看會話匯總 4\o"CurrentDocument"查看sessionID 5\o"CurrentDocument"條件選擇查看會話 6\o"CurrentDocument"查看當(dāng)前并發(fā)會話數(shù) 6\o"CurrentDocument"會話過多處理方法 7\o"CurrentDocument".清除會話 8\o"CurrentDocument".抓包和過濾 8\o"CurrentDocument".CPU和內(nèi)存查看 10\o"CurrentDocument"管理平臺CPU和內(nèi)存查看 10\o"CurrentDocument"數(shù)據(jù)平臺CPU和內(nèi)存查看 12全局利用率查看 12\o"CurrentDocument".Debug和Less調(diào)試 13\o"CurrentDocument"管理平臺Debug/Less 13\o"CurrentDocument"數(shù)據(jù)平臺Debug/Less 14\o"CurrentDocument"其他Debug/Less 15\o"CurrentDocument".硬件異常查看及處理 16\o"CurrentDocument"電源狀態(tài)查看 16\o"CurrentDocument"風(fēng)扇狀態(tài)查看 17\o"CurrentDocument"設(shè)備溫度查看 17\o"CurrentDocument".日志查看 18\o"CurrentDocument"告警日志查看 18\o"CurrentDocument"配置日志查看 18\o"CurrentDocument"其他日志查看 19\o"CurrentDocument".雙機(jī)熱備異常處理 20\o"CurrentDocument".內(nèi)網(wǎng)用戶丟包排除方法 21聯(lián)通測試 21\o"CurrentDocument"會話查詢 22\o"CurrentDocument"接口丟包查詢 22\o"CurrentDocument"抓包分析 23\o"CurrentDocument".VPN故障處理 23\o"CurrentDocument".版本升級 24\o"CurrentDocument"Software升級 24\o"CurrentDocument"Dynamic升級 25\o"CurrentDocument".恢復(fù)配置和口令 25\o"CurrentDocument"配置恢復(fù) 25\o"CurrentDocument"口令恢復(fù) 26\o"CurrentDocument".其他運維命令 26\o"CurrentDocument"規(guī)劃化配置命令 26系統(tǒng)重啟命令 27查看應(yīng)用狀態(tài)命令 27\o"CurrentDocument"系統(tǒng)空間查看命令 28\o"CurrentDocument"系統(tǒng)進(jìn)程查看命令 28\o"CurrentDocument"系統(tǒng)基本信息查看命令 29\o"CurrentDocument"ARP查看命令 29\o"CurrentDocument"路由查看命令 30\o"CurrentDocument"安全策略查看命令 30\o"CurrentDocument"NAT策略查看命令 31\o"CurrentDocument"系統(tǒng)服務(wù)查看命令 31\o"CurrentDocument"NAT命中查看命令 31\o"CurrentDocument"UserIP-Mapping查看命令 32\o"CurrentDocument".其他故障處理 32\o"CurrentDocument"硬件故障 32\o"CurrentDocument"軟件故障 32接口狀態(tài)查看 32軟件故障 錯誤!未定義書簽。.下一代防火墻產(chǎn)品簡介

Paloalto下一代防火墻(NGFW)是應(yīng)用層安全平臺。解決了網(wǎng)絡(luò)復(fù)雜結(jié)構(gòu)，具有強大的應(yīng)用識別、威脅防范、用戶識別控制、優(yōu)越的性能和高中低端設(shè)備選擇。數(shù)據(jù)包處理流程圖:.查看會話可以通過查看會話是否創(chuàng)建以及會話詳細(xì)信息來確定報文是否正常通過防火墻，如果會話已經(jīng)建立，并且一直有后續(xù)報文命中刷新,基本可以排除防火墻的問題。查看會話匯總命令：showsessioninfo舉例：admin@PA-VM>showsessioninfoNumberNumberofofsessionssupported:acxivesessions:NumberofactiveTCPsessions:Numberofactiveudpsessions:NumberofacxiveICMPsessions:Numberofactivebcastsessions:Numberofactivemcastsessions:Numberofacxivepredictsessions:sessioritabieuf11ization:Numberofsessionscreatedsincebootup:Packetrate:Throughput:Newconnect!onestabHshrate:sessiontimeouitTCPdefaulttimeout:TCPsessionfimeoutbeforesyn-ackreceived:TCPsessionfimeoutbefore3-wayhandshakingTCPsessioinfimeoutafterFIN/RST： 'UDPdefaultfimcout:ICMPdefaulttimeout:otherIPdefaulttimeout:captivePortalsessiontimeout:secssecssecssecssecssecssecssecs說明：通過以上命令可以查看到設(shè)備支持會話數(shù)的最大值，從而檢查是否有負(fù)載的情況發(fā)生。2.2.查看sessionID命令：showsessionidXX舉例：S2CT1口崎j：sourcetdsx:proro：SPOfT：stnt:a:sreu二口『ds±userHnknowninnknownadmlii^Spa-?050?show 12了2石口unknawnunkndvndport5置ypu二78511szarit.1inelirmeouxtimeroliveretailbytecountCc2s>tota-lbytecount2c^>1Ayoir7packarcnLiinr(cZs")"Iayer7packetcounit<32cJvsysapgl1cadonru"esessiontobeloggedatendsessiDn1n與qgsH口nager=ass"iansynrizadfromhApaaraddrass/porttrans1ationnat-rLile1ayer7pracess1ogurlT11cer1ngeiiiaJD!edsessionviasyn-co-okiessession-terminatedonhostsessiontraverses~unnelicnpeHvopor七n"l=□=="!an"1ngrass*irrtar-￡n亡口egrcs-aint:erfacesessionqosrule

tsanJUl270a；06s42.2013：3600sec:35J2sec：6&Z：21T2:vsysitQC5psnaxpal1cy:True:True:ralSQ:souirca-i-dastinatian:natigoCvsysl)tcoifhplexedtFaise:Faise;Faise:Faise:IFal=o:qthicrn?at:X/Q:cthernctX/3：N/ACelass4>說明：從以上命令中可以看出到底是否存在非法流量，可以通過檢查源地址和目的地址端口等信息條件選擇查看會話命令：showsessionallfiltersource[ip]destination[ip]application[app]舉例：^dmiin^PA-2050>showsessionallfiltersource192.15S.100.71applicMlonissl-IID Applicafion StateTypeFlagSrc[5port]|/zene/Proto(trmnmlkanEdIP[Port])Vsys D5t[Dport]/ZQne(tranislatedIP[Port])143125ssl ACTIVEFLOtaNS1920165.100.71[5S]/L3-IVUSX(113. LBS[23720])vsysl 63-245.216^134[443]/LB-untrust(63-Nd5.216,134[443])說明：可以檢查一些風(fēng)險會話查看當(dāng)前并發(fā)會話數(shù)命令：showsessioninfo舉例：當(dāng)前并發(fā)會話13個，而最大會話為262138,說明會話利用率并不高，最后一條紅色標(biāo)記為新建數(shù)值。SesslontimeoutTCPdefaulttimeoot:TCPSiessloinfiMieootbeforesyn-ackSesslontimeoutTCPdefaulttimeoot:TCPSiessloinfiMieootbeforesyn-ackr@c@ivied!TCPsessiontimeoutbefore3-wayhandshakingTCPstsssiO'initimeootafterFIN/R5T：UDPdefaultilineonji:ICMPdefaulttimeoirt:05000600O1333363s:60secsNumberofsesslcns5i.ppnrred:7B213BNumberofactivesessions:UNumberoractivieTCPsessions:yNumberofactiveudpsessions:4Numberofactivig1CNPsessions:0Numberofderivehcastsesslons；QNumberofactiviemcastsessions:0Numberofactivepredictsessions：0Sessioritableutilization:0%NuiY)b@rofsiesslDnsinreartiedsincebootup:Packetrate:Throuqhpot:258072623/s21kbpsNewconnectionestablishrate: 0cpsotherIPdefaulttimeout:CaptivePortalsessiontirneout:SessionfimieautIndiscardstate:TCP:90secssUDP：60secssotherIPprotocolSessionacceleratedag-ing; TrueAccelcratedagingthreshold: 80?Sofutilizationscalingfactor:~ 2xSesslonssetupTCP-rejectnon-5YNfirstpacket: TrueHardware-stesslonoflrloading: TruteIPv6firewalling; FalseApplIcationtirlckllingscanparamerers:,Tini史outtodetermineapplicationtriickling: 10secsResourceutilizationthresholdtostartscan:80%Scanscalingfactoroverregularaging: 8Sessionbehaviorwhenresource1initisreached;drop說明：了解設(shè)備當(dāng)前并發(fā)會話情況會話過多處理方法命令：1、showsessionall（檢查所有session）2、showsessionidXX（檢查該session是否不法流量）說明：如果發(fā)現(xiàn)會話數(shù)大于設(shè)備可支撐的性能，需要按照以上步驟檢查和清除或者防御通過第一步發(fā)現(xiàn)占會話總數(shù)較多的ID，通過第二步檢查該ID是否存在不法app或者其他流量，通過Dos保護(hù)或者會話限制該IP數(shù)目（如果確定是攻擊，可以通過安全策略屏蔽該IP地址訪問）。.清除會話命令：Clearsessionall舉例：可通過sessionid、源或目的IP、源或目的端口或清除所有會話。admin&PA-VF<>clearsessional1f1Iter+applicationAppl1cationname+destinationdestinarionijaddress十destiimation-portDestinatidtipart4-d@stination-usserDestinatiD-inuser+dois-nulieDO'Sprotectionrul?namie+f-'□mFromzone+hw-interfacehardware1nierface+mrin-kbminlmuniKBotb/tecount十matifsessionisNAT十mat-ruleNATrulename斗pbf-riLjliePOilicy-Ea&i@d-FQrwardingrulen1amie+protocolIPprotocolvalje+qos-classQoSclass+qos-node-1cQ&snode-1dvalje+qos-ruleQoSmlenanie十ruleSecurityrulename斗sourcesourceIPaddress+source-portsourceport+source-usersourceuser+ss1-decryptsesslon1sdecrypted+sraceflOW5LAL&+toTozone斗typeflowtype+vsys-name<Enter>vsys-naneFinishinput說明：將會話清除。.抓包和過濾在做debug/less或者抓包調(diào)試的時候，最好把PA的fastpath功能關(guān)掉，這樣可以更加完整的看到交互的數(shù)據(jù)報文，關(guān)閉命令為：SetdeviceconfigsettingsessionoffloadnoSetsessionoffloadno命令：1、創(chuàng)建過濾規(guī)則：Debugdataplanepacket-diagsetfiltermatchsourcey.y.y.ydestinationx.x.x.x2、開啟過濾規(guī)則：Debugdataplanepacket-diagsetfilteron3、配置抓包對象：Debugdetaplanepacket-diagsetcapturestagereceivefilex.pcap（抓取來自接口接收的報文）Debugdetaplanepacket-diagsetcapturestagetransmitfilex.pcap（抓取地址轉(zhuǎn)換后的報文）Debugdetaplanepacket-diagsetcapturestagefirewallfilex.pcap（抓取經(jīng)過防火墻的報文）4、全局抓包開關(guān)：Debugdetaplanepacket-diagsetcaptureon5、查看全局抓包配置：Debugdetaplanepacket-diagshowsetting6、關(guān)閉抓包Debugdetaplanepacket-diagsetcaptureoff7、清除所有抓包內(nèi)容Debugdetaplanepacket-diagclearall8、刪除文件Deletedebug-filterfilex.pcap舉例:admih@pa-vim>debugdataplartepacket-diagshowsettingPacketdiagnosissettingPacketfilterEnabled:Matchpre-parsedpacket:yesyesLoggingEnabled:noLog-thirottle:no5ync-log-by-ticks:yesFeatuires:Counters:PacketcaptureEnableel:no5naplen:0說明：paloalt?？梢酝ㄟ^抓包的方式來分析故障情況。.CPU和內(nèi)存查看管理平臺CPU和內(nèi)存查看命令：showsystemresources舉例：

adm1n&PA-2050>showsysicmresowrcestop-Ql:19i44up11days,16：441s1usera1oadaverage:0-00F0B02a0,05TamKs■二94total.工「un”ing?935lEepirijg.as?toppEcI? 0(omijiE標(biāo)工王1.5*與g；]1二W%Eh95.卓"I，二]口崛字； i立口用!步庵?; t1口工行」. g帛T&L0k七虧底⑷. -i"ir&ea mFBINkT5iii1~j~Wr.s]~Sirfap:ZOOBOiB-ilirraEaT^,93r72kusecf,=I?9,9S71izkfree；, JEWROrfc―cachedPID142812Q94USER1234&6T-S92zi56s6-72sis7890-J13032Ilxll222_slr>rb-6667244S7Illnlnnnllll-.r7777'0361R66170717061HfilooaoTOTOOaoaooooaoa_ooooaoa_ooooaoa_o60on2322R2R2222222222222z2222■1■-2222PID142812Q94USER1234&6T-S92zi56s6-72sis7890-J13032Ilxll222_slr>rb-6667244S7Illnlnnnllll-.r7777'0361R66170717061HfilooaoTOTOOaoaooooaoa_ooooaoa_ooooaoa_o60on2322R2R2222222222222z2222■1■-222222工1227Rooaoaoflooa_oaoflooaoaoflooaoaG-oooa_oa_o40onp1-NI4468S7￡60IS16VIRT10206172ooooooooooooooooouooooooooooofio.u^nriKBQOQOOOOQOQOOOOQOQOOOOQOQOOOOQOOd-OORo4-nOSDODODOODODODOODODODOODODODOODODOBOO^s02Baq7EsTk3MR2S由OPLI枷E冏T1ME+8MMAN口ooooooooooooooooooooooooooooooooooooon42口口口0。00口口口0。00口口口0。00口口口0。00口口口0000門1610000000OOOOOOOOOOO0OOOOOOOOOOOOOOO1ooOooooO口oooOO□oOOoooooooooooon口510N口1DD04aQaooooQDDoooOQ00.口口.QDDoooOQ41.00.口口.QoOO□ouaDOR0O1加61020010OS9201160402oa00008940oa00oaoooooo00IO00oaoo0300004500462g01工oppythcminitkthreaddmigration/0ksofrlrqd/Omigration/1ksofr1rqd/levents/0everrts/lkhrelperasync/ngrsytic_supersbdi-defaultkblockd/Okbloclkd/1ata/oata/1ata_auxkhubdkseriodrpclod/0rpciod/1k^^apdnano/0aio/1nfsiodocteon-ethernescsi_ieh_oscsi_eh_lmtdblo-ckdusbhid_resunierUcjoumaldudevdkjournaldkjoumiald1Anrl說明：通過以上命令可以查詢到數(shù)據(jù)平臺的cpu使用情況和內(nèi)存使用情況。如發(fā)現(xiàn)CPU過高的情況，可以通過showsystemresourcesfollow這個命令去檢查到底是哪項應(yīng)用有超負(fù)載行為：-1可以檢查哪個CPU頻率高，默認(rèn)為合并-M可以檢查內(nèi)存使用率是否過高檢查異常應(yīng)用是否必要使用，否則請關(guān)閉，如果不清楚需要開case分析問題。

ulabalccurK.Br3：ElapCMlTl*?iSlfKdIKC5匕/]'11舊：t.l?0S*tCWKyhIlkrjiEii斗叫sry■^iiETlpdan舞齊pkLSWE-lffT-trfflCl1?dEHS-lcri-crl-Gcir-d但:■Icri-佃口Jl-errarsMi.1nn_rBnnMTyflw_rcv_Brrr[U」CtCLq_J：卻」flrcriar-no_1nte_r*：Elafelfl?H1。齒工rCv*注:;溫；;工EriOn_t<pL_nC<i_5yn-j(|rC!pt-lcw_^hd_11Jbcxjrfc-cp『1=*-F1d_lrIoh_XJI9_[cl_niraf 3_ixr'?:tffcdgfidroE-ri u?tts&d1^331-^iw的：注wN?皿:Xg1292757tW2T37H11JW-422d9?工口力皿西51?KL331C171幺抬舟1112MQ5^-0271037d^931!MCM7211(lUflS31r^D1rir0irt-E\tfti1?■&I1rre1M口?Tirn1rt-odrapdropdropriracIH。1"drnpdrap“%drapdrapdropdropdroprirappMk?C口時打Q*k*r工曰4的juaim『抬￡l面sefi-lwchilaiFlwWg:WTig■Mg落Tlx■Mg■Huwri?■Mgri?■MgDkrp-ixrajoLr-EBakch優(yōu)y-r?CM-CCruaur-EBFHQLrCA□WoervEQ-rcHP?"X。事討口JTttPJTL*^rrioMVTltRjuiiianSKfitTita-Airdfa-HVdftf-HlTCfCTr?*rdtanurdfa-HvdTyzrti^Kk-ecsrrirs^credP*=kK?&Ilacac-idfdflRAltaiui1g ab_『fhM5S1WJllMMrf5?51E5;nasin-TsIrueal1cd的54CE>ll￡Car4叼S4CuFlCy即11。C>W￡kM55li*WIw^-SllailofiMEr■■■Elanradriejeicnar?cr3VTUi1tE?dco^rrlaidpP?ckK.3Efc-cpp?d:flaw5L*qar?c?i-aH■rrar&aLkrc-5dropped!302iq racaE1時4dA-dpp*ri;?rrrdiidin：b「4t七Pack-K-atk-D(iped:I：F-j&diaibImdanimrf1KlifdLAIvta4fr<MOffliUdAiKAS3fEcXtwcra^sMm^e/門口制pxtKMT5?31EJiiriip：m?NrUFtlqnJWT代frrtawr^l=03310-13?tup:JMircek*TIPa!ItKaEl-Hir?9_i11i31-掌ETCP-p“K0TinlChOuL片M￡-Eh^atkKJ[JrDpptEl； EP-iThCift3白N*Phu匕y匕齒ped:urtiirdlTCPhrudcaiaFP?ck-?.3*cfip?d:n-orautafarIPnuldcui:oaEksctdrDppid.tper-a^his-7*ro?atKtt：，ife-Dppfri;r?oroLfcePsck-K-i匕Dpp?d:noiriPliftijthj印3刷MHn!11cw_parn風(fēng)_14.1mfl<mfiltsa14jafCr1 me_i」_口曠inMfl*_p*r5eJd_rCD5jffTrin11ch_parnis一ipo-rorriOH-par-sa.IaPd【！Or_HT3e71K*K邙edJ|￡W「「Fl?_doi._pr_i_u-^plyEE1flwfl_ipfr*q_r?C7rig-1爐”6-T「曰【上"-史必-w空至1€1421315mHL13IT*；!為mudrap口「口。dr>3pdropdrapHE口drapInrn能TltraWg林二:比0串"5+psrx-iD3TB*RETX-Ipars?-W土tdaE"ipfrAfl■￡業(yè)3PltkKEPUfXfiCE^3LkK3際KeP■二kK?wk-BCfi"ackK5Ra=kK-aEPFr叼rt-WMri'F?「ULcheck=4^*￥xd:T-￡P(guān),KiWIH-EthjrdIPla-iffthbidr#以口；ill/#tcp布匹口>?匚□燈即ptd；?iwaiidpTiajjsTehr^WMri'?n-j^l-14T*a1M4Q3(5aH+^|H*x)rirDfipflri:in-91a'hd邪adrirnjndrDppad.1ardaicadi打印ptrl;?f*aTC^edqpefn:rpmx匕中p?d：7U1I-protKtiEnapEl-aiFiipfiriiiFHIEaFKIIh*?d"0■中1空:掰2EP產(chǎn):r"-、咿C#十r*EifW目討口”直第15口藝、、生赳生空 一一一.一數(shù)據(jù)平臺CPU和內(nèi)存查看命令：showrunningresource-monitor舉例：admin@PA-2O5O>showrunningresource-monitorKesourcemoninorlngsamp11ngdaxa(persecond^:CPUcorCPUcorduring1asx60seconds:7PU1OAdsarnplingbygrojp:=1ow_lookup=1ow_fastpathriow_s1owpaifiFlow_forwardingrlow_mgifftplow_ctrlnac_resuInu%flow_nip0%dfa_result0%moduleinternal0%aho_result0%zlp_resuIt0%pktlog_forwardimg酰pc-i啊flow_host1%說明：通過以上命令可以查詢到管理平臺的cpu使用率，查看該CPU哪個應(yīng)用占用的程序比較大，根據(jù)情況關(guān)閉相關(guān)應(yīng)用，例如flow_lookup是檢查會話是否存在進(jìn)程，flow_forwarding是transmit地址轉(zhuǎn)換進(jìn)程，如果不確定的情況下開case解決問題。5.3.全局利用率查看

命令:showcounterglobal舉例：adfjii4FA-w>shotw globaleloftalcoixirers-E1ipaedtinesincel45t5-srrpling;5?,5d9aeccindsdascripnc^anpack?C5r-BC?1p-ackecsCfafl5Il1CT€ClP-acketsrccciv-edfro?controlpl-tn?P-ackccstraru-nidascripnc^anpack?C5r-BC?1p-ackecsCfafl5Il1CT€ClP-acketsrccciv-edfro?controlpl-tn?P-ackccstraru-nict-edcdcoficrnlp"larePsEketsdropfied:de^apjiu'l-acianet「effraicantrdplcneMLrbflrofuidraqucjx1agsrif*{ms)spAridanMririrqpackfii-diA.glogs1411-1oopptffnp口rtrtrrTT

￡r-?nn￡pkT_r-fti：vpki-stni-flwiJiost-pkt-revflw_hn3t_pkt_xncflcwi_hn3t_dec-ap_err1o^_lHd_rcq_CTic1畸l/匚一di?g_usloi-alccwnrers/ 7說明：可以根據(jù)數(shù)據(jù)平臺和管理平臺綜合情況，去查看具體哪個應(yīng)用利用率超標(biāo)，綜合判斷引起故障的要點。.Debug和Less調(diào)試在PA的debug是為了獲取等多的排障詳細(xì)信息，這個命令相當(dāng)于show的命令，主要是查看管理平臺和數(shù)據(jù)平臺額外信息從而判斷問題的根本原因。Less為管理和數(shù)據(jù)平臺log日志的查看，對比起GUI使用CLI的less能看到更多的詳細(xì)數(shù)據(jù)交互信息，從而判斷問題的根本原因。管理平臺Debug/Less命令：lessmp-log/tailfollowyesmp-log舉例：

admin@PA-VM>lessmp-log1ay亡iiiljotnet.1egdevsrv.1ngdp-moriiitor.log.2ceyrngr.1Dgnast@rd-inajnager-apps.1ognp-moinitor.log.2 -ir_conntrack.log)an_nigint_firstboot.lag]anio.log.old'asmgr.log;nmpdLlog&P|jjriEEJ■1(JL|-brdaqenT.logdhepa-log-ehmon.loq1ogrevr.logmasterd_manager-infra.logmp-noniifor.lo-g.3pan_comm_0.logpan_task_l.logpanlogs-partition.logreboot.1ogsslmgr.1ogchasd.logdnsproxycl-logha_agent.1ogmastercl.logb.logmp-monitor_1ocpan_dha.log'pariLurl_clowinlcpdtre.logreport_gen.1ocsslvpn.1og'iuyad.logi/sd.1og?r-^-」**jHZbm*, ■■?e T 一 T1M.—sysdagtrii.1oguseridd.log說明：查看管理平臺日志信息可以通過輔助命令去實現(xiàn):MHHHHHHHHMl-3-J-3-J-nMHHHHHHHHMl-3-J-3-J-nfififi-b-JLLLLi-ILLLLLattrinJiuchrasulcsuch'adlu-ar/！eW皿_attrinJiuchrasulcsuch'adlu-ar/！eW皿_dur?y_i￡_idiin_s￡_prDfa11-n-rcfg.ap?rat"ianal-noda-n-rcfg.apfirat^arul-noddsdririIAmthanticating1oral-adniniadrrinsucracdfidpan_auttid_pri>r-ft5s_authrfl5urc(pan_auihd.cil=&6}::pan_authdorD-r-ftssauclrflsult:Rfiquastrc^-fliv-bdtoLFilticfcsharod..'1_dum^_"<adninK_profiI?_.'adinnErrarspan.auThdLnlM：k_usari；pan_auThd_lac=.]db_LrciIs.czflM]!fall-tdcounlockUs-gt'aiiiHri'hlkRwi匚化=匚春上 Frail1Q2.16B.12.2.pari_gct_sy5Tara_cnd_DiJtpui(pancfg_utT1s.ci42755-ducuxing:/us-r/lacal/b-in/sAipan_auttid_gflrwratt.sysxari1DgtpsFi.auThd.c:K12):￡￡C.nablfl^ra.l5dpan_gct_iy^Tflricnd_DuipuTLpan_cfg_uTi1s.c:4?75J:flucuxing:/u&rylacalybinys€tipaH.auTPdL：ar8.1!ce_rflq(pan.anihd.c!3J17):Auttid:gacgroupF-s-qu-Gdcpari_auttid_hartdlfl_grnLp_r-tqSpan_authd.ci122DJ!壇tm-arrDlft.-ad^rain/farus-cr數(shù)據(jù)平臺Debug/Less命令：debugdataplane舉例：admHn@PA-VM>debuqdataplane>flow-conxro'lEnable/Disableflowcontrola■fpgaDebugcontent-fpga>"internalDebugdaraplan€internalstare>memoryEx.aminedataplanememoryamonitorDebugdaxaplan^monitordetai1anatnat>packet-dnagPacket-relateddiagnoais>poolDebugbufferpoolsAPOWDebugpackerschcduUngenglne>processDebugdataplaneprocessaresetResetdataplanesetfings>showShowdataplan€runn-ingdataatask-heartbeatDebugdataplanetaskhearxbeat>tasksal1pan_xasks>tupEx.aminedataplanetupstaXe>testverifysystemsetrlngswixhxesxcases說明：使用debugdataplane可以查看數(shù)據(jù)平臺流量，例如內(nèi)存

的詳細(xì)使用情況等。其他Debug/Less命令：debugikeglobalondebug（查看VPNike信息）lessmp-logikemgr.log（查看VPNike日志信息）aami門*總一金口、aami門*總一金口、口:>adrnin^FA-2050>less2013-06-3010二弘:332013-06-3010;34;332013-06-5010134]332013-06-3010：34：352012-06-3010:24:352013-06-3010：34：35tip-log1kemgr,loq,,TNFOj:?aic:34?:mann():start-ingpanikerPTDis2316；IHFQ];nain.c;345;mainQ;dPENSELDIR;'Vetc/pki/tls"：INFO]:nain.cmainO:reidirigconfig/etcApn/ikemgr.conf'DESUG^I:1ke_coinf.c:4269::1ke_co<TF_check_CDns1srency():checkingconfiguration:工ImfcJ-nain.cM60：!mainiQ:++4+++++4++++4++J++++++++工++++4++4++++4+++++4~+jimfo]：nalnrcM6i：ma1niO-iredaemonstartonsunoun3010：M：3520132OL3-G&-3O10;34Dm3010:34:37Jm3Q10:34:37Jun301Q:34:37Jiin3010:14:37Jun301QJ34B73un3010;34;37Jun301&;^4;42Jm3010-^34:412JUH3Q1Q：34：47Jun3Q10:14:47jun30JUFI3QJun30Jyn30Jm30;W5[INFQ]:nain.c;42OL3-G&-3O10;34Dm3010:34:37Jm3Q10:34:37Jun301Q:34:37Jiin3010:14:37Jun301QJ34B73un3010;34;37Jun301&;^4;42Jm3010-^34:412JUH3Q1Q：34：47Jun3Q10:14:47jun30JUFI3QJun30Jyn30Jm30;W5[INFQ]:nain.c;462;main();++4+++++4++++4++4++++++++++++++++++.++4+++++4+?-2777n55555T44444□mM33rqr>口比0;0:口門1111nwaitingtogetlastcommittedconfigurationwarning:elog_callbackCpan_elog.c:41):ElogbeingproxiedError:pan_crqagenT：_geT：_lastcfg(pan_cfgagenr:.c:S31)i:€an11ferch1asrcQinirdiiedcanfigurarichiavailatileError:pan_c.fgagen(_wrice_sysd_boQlean_5ync￡pan_cfgagent,c:124):cfgagentregisterfailedir?try1/5.sieepingfor5seconds,..Error;pan_c,fgag?nt_write_s-ysd_baol^an.syrictpan_cfgagent.c ;cfgagentregisterfailledintry2/Sasieepingfor5secords□a.Error:pan_cfgagem_wr1^e_s-ysd_baolean_syrc(pan_cfgagent.c:124):cfgagentregisterfailed1mtry3/5.e!eepirigfor5seconds...Error:pan_cfgagem_wr1ce.sysd.boolean_5yncCpan_cfgagenr,c:1?4):cfg^geniregisierfailed1nrry4/5.sleepingfor5seconds,.,lasrsyncsyncsyncsyncsyncconfigmodifynradifymodifymodifynradifysineedataplane<5w.mgmr.rumlffre..<swumgmt-runtimeow.mgnTT.runtime.<5憎.mgmi.rumiJMmgmt-runtime.Error;pan_c.fgagent_write.sy5d.boQleanjyricCpan_cfgagenrt:.c;12U);_ _ _Error:pan_cfgagent.enable[pan_cfgagent.c:&38):fai1edtoregister"CDinfigagentwiElhmanagemenwarning;eToacal1backCpanalog.-c:41)sElogbeingproxiedadrmriGPA-205Q>taiIroilewyesup-logik^nigr.logikemgr!pamke_daemonphase1firishedikemgr; 'ke.daemanphase2started15151515DB：39:36DB;^IO;3ODS：40：30OB:40:30DS：40：30withstarus-1panikepanIKEikemgr:p;phase-2triggered.Ehase-2trigg^1e_da.emoripF君：ig€redwhennoti5c2finishednecessary?skippeda2015-07-2712:50;52[INFO];panike_debug_level_cb4=>Jdll2712:50:571fmoni-requesr-pui(daemon/panlke_5y5d_1fKc:055)16wrireiopipe:debug.!evelDull2712:50:S7ifmDni_jrequest_get(daemor/panike_sysd_if.c:071):16readfrompipe,msgtype1jul2712：50；57pan_i&g_pracflssCdieiiiori/panike_iysd_1f.c:969):reguesLfrompipe；debug_level2013-07-2712:50:57[INFO]:panike_sysd_impl.c:200:panike_debijg_level_cb():parrike_debug_level_cb5=>5說明：查看VPNike交互過程，可以通過tailfollowyes的方式實時查看數(shù)據(jù)報文的交互。命令：debuglog-receiverstatistics（查看日志情況）lessmp-loglogrcvr.log（查看日志緩存情況）舉例：

admin@PA-2050>debug1og-receiverstafisficsLogincomlnigrat€:Logwrittenrate:corrupxedpackers:corruptedurlpackets:Logsd-iscarded(qu吧uigfull):Traffic1ogswritten:URL1ogswritten:Anti-viruslogswr-itten:spyware-Iogswritten:Attacklogswrlrren:vulnerablllty1ogswritten:Fileexxlogswrlrren:URLcacheageauxcounx:URLcachefu"l"Icount:□/sec0/seco'aa5005406URLcachekeyexn5tcount:oooooooooTraff-icTrafficTrafficTraff-icalairmsala『msa]airmsalairdroppeddue

droppeddue

droppeddueLogincomlnigrat€:Logwrittenrate:corrupxedpackers:corruptedurlpackets:Logsd-iscarded(qu吧uigfull):Traffic1ogswritten:URL1ogswritten:Anti-viruslogswr-itten:spyware-Iogswritten:Attacklogswrlrren:vulnerablllty1ogswritten:Fileexxlogswrlrren:URLcacheageauxcounx:URLcachefu"l"Icount:□/sec0/seco'aa5005406URLcachekeyexn5tcount:oooooooooTraff-icTrafficTrafficTraff-icalairmsala『msa]airmsalairdroppeddue

droppeddue

droppedduetototosysdwriteglobalrateeachsourceLogForward1nLogForwardcount:gen-er^xedcount;queu?count:failures:0limiting:□rate_11mifingLogForwarddiscarded(queuefull)

LogForwarddlscjird^d(senderror)count:count:^fiir>}Pi-20iO=-less logrtMr,ICKji10:M:3J============lwrcvksiarc==========?:34:3d5/sd-orkerFO]: scarrinjbp..i：14 sysd-orkerll]:2r(to2ibO:scarrlnj卬…I：14：365網(wǎng)Event：5KCE55alner-pA^ctebug1:雨用我陛弓?:14:37M536conralner口/酬carch^a三JJ：d2M；>U"W34：d5卜::i I：-Lh:iI'|iI-.M!HlErrorfmlogrwr」Erroripii-iogrcvr_ln1i_5KkeTErrori n1i_5c>ckeTError:pin_1ogrcMr_ln1T_5c>ckeTe「e「：pii_loarc.Mr_1n1i_SKkeiErroripii_i0flrtvr_1n1T_5KkeiErroripii_noarc.vr_1n1i_SKkeiErroripii-iogrcvr_ln1i_5KkeTErrori n1i_5c>ckeTp*n1c?grcvrln1T50€keT/■aru1國」軌€如下"n ；國」包elwemh”；包白1*軟"H2：:口i1_1兇丁￡8如5.Cfl8i2>!.csi8i2>:口#1_1網(wǎng)丁￡885"打射；!》;口*1_1國』￡強的廿.C￡18i2>：p-an_"loa_recelMer.c:li9i2>:carracTClS?.O.d1lOWO)fiiledcornecKlS?.(i.O1IDKi的railedcorriecTtlS?,0.01IDEi的railedcomecT(127.0.0.lilOKiOJifilled-corvtecT(12?.0.0l-lOCOdSriiied-CiMTWCTCIS?,0.Ci.lilOMOJfaTlediconrtecT(12?.O.Cil-10CsJ(iifiiieci-canrtecT(12?.0.0l-lOCOdiTaiied-comecKlSMJ.O1-lOCOi^riiled-comecT(127.0.0.lilOKiOJifilled-comect(ilTOO)railed^torrecT(127.0.01il&MO)fallediIerT-fTijid^jerrno1峭err-RoidG西產(chǎn)吁U6?”一吁U€>er'r-no^U€.'函FRO：1J€.'errno;1峭(西廣「CM1J6.'(西產(chǎn)即彳U6?心”吁U€>terr*no-id€>SQMCSfQn飛國conr^cilanr-efysedconnecTlonr"父心國connecTlon產(chǎn)coMCTlan產(chǎn)仃心&icarwiecT1an『父usedcoiw?!CTlan飛Us國coimecTlan嚴(yán)打心edcoiw^cHon嚴(yán)MwedconnecTlon產(chǎn)coMCTlan產(chǎn)仃心&icon^ecTian廣鵬心國說明：可以通過該命令來檢查日志工作情況。.硬件異常查看及處理電源狀態(tài)查看命令：showsystemenvironmentalspower舉例：

ddurinChnwsystemervlronnenta15power power siotDescripfionAlarmvolts501.05vPowerFtarilFal5E1.04SO1.IVPowerRai1Raise1.09501.2VPowerRallFalse1.20501.SvPowerRan1False1.B0502.5VPowerRan1Faise2.49SO3.3VPowerRan1False3.34SO5.0VPowerRai1False4.91500vrtcEanteryFalse2.49說明：當(dāng)Alarm列為True時，表示電源狀態(tài)異常，此時需要檢查供電設(shè)施（如機(jī)柜電源及電源插排）是否正常供電，在確認(rèn)供電正常，防火墻電源仍然異常時，可以生成診斷信息文件，提供給PaloAlto廠商case處理，以確認(rèn)電源模塊是否故障或損壞。風(fēng)扇狀態(tài)查看命令：showsystemenvironmentalsfans舉例：iows-vs-tenienvironmentalsfans（sior Des-cription a!arm RPM5SO Fan#1aperafional Palse TrueSO Fan#2aperafional Raise True說明：當(dāng)Alarm為True時，表示風(fēng)扇狀態(tài)異常。RPMs為False時，表示風(fēng)扇不轉(zhuǎn)。此時需到現(xiàn)場檢查設(shè)備風(fēng)扇是否轉(zhuǎn)動（用手放在風(fēng)扇后面，看是否能感受到風(fēng)）。如果風(fēng)扇不轉(zhuǎn)，則需要對其進(jìn)行更換。設(shè)備溫度查看命令：

showsystemenvironmentalsthermal舉例:siotDescriprionAlarmDegreeac50Temperatureat?B30EU85]False40.00SOTemperatureatLIONFalse41.00SOTemperaxureatphyEu87]Faise4-0.00SOTemperaxureatCPLDUS8]Faise42.00adpa-20showsystemerrvironmentalsthermal Thermal 說明：當(dāng)Alarm為True時，表示溫度狀態(tài)異常。異常時需要確定機(jī)房溫度是否過高，或者散熱系統(tǒng)是否受阻。.日志查看告警日志查看命令：showlogalarm舉例：admln@PA-vw>show1ogalarm+ack_adminack-adrwin+adm~inadm-in+csv-outputcsv-output+direct!ondirection十dportdport+dstdst+end-fimeend-fi十opaqueopaque十quieryquery+rece1ve_fimerGceive_fime十rulegrouprulegroup十sportsport+srcSPC+start-timestart-fime十T-iime-acknowledgedfime-acknowledg€d+vsysvsys1Pipethroughacommand<EnTer>FinishInput說明：告警可以根據(jù)屬性篩選如開始時間或者結(jié)束時間等等配置日志查看命令：

showlogconfig舉例：admHn&PA-VM>showlogconfigclient -cn€rt+cmdcmd十CSV-OUTpUTcsv-outputd-irccfiondirecfion+end-fimeend-time十queryquery十receivie_timereceive_time+resultresult+srarr-rlmestart-tlme1Pipethroughacommand<Enter>Finishiupntadmin?PA-VM>showlogconfigstart-timeequal2006/D8/01@10:00:00TimgHostcomma,ndAdminclientResult2013/05/0721: :0SGTadminCLTSucceeded2013/05/0721:3^:3conmitachrinCLIsubnritted2013/05/07??:08:47IQ?.168.1?.2se-admiinU'ebSucceeded2013/05/0722:11:15se-adminwebsucceeded2013/05/0722:13:04se-admiinin'ebFai1ed2013/05/0722:13:13SETadminWebFai1ed2012/05/0722:13:27setadmiinU'ebfat1ed2013/05/0722:13:51SGTadminWebFai1ed2012/05/0722:15:10se-admiinU'ebsucceeded2013/05/0722:16:24SGTadminWebsucceeded2013/05/0800:55:41192.168,12,2setadminw^bBuccp^dpd2013/05/0800:58:36setadminwebsucceeded2013/05/0800:58：3S192.168.12,2pditadminwpbBuccppdpd2013/05/0801:18:25editachrinwebSucceeded2013/05/0803:00:48192.168,12,2setadminwpb5uccppdpd2O1B/O5/0B22:16:41seTadminwebFai1ed2013/05/0822:50:07192,168.12,2setadminw^bsuccppdpd2013/05/0901:37:27SETadminwebsucceeded2013/05/09QI:37：39192.168,12.2setadni-jnwpbsuccepdpd2013/05/0901:38:45SGTadminwebsucceeded2013/05/09QI: 192.168,12.2setadni-jnwpbsuccppdpd2013/05/0902:08:22SGTadminwebsucceeded2013/05/090?:09：121??.168.1?,2setAdminwpbsuccp^dpd說明：可以通過條件選擇來篩選需要的配置日志信息其他日志查看命令：showlog舉例：admn（^PA-VM>show1oqAalarmshowa.1arm1ogs.appstatTogs>appstJitshowconfig5howct>nfIg1ogs>dailythsumShowdai1ythsum1ogs>dallytrsumshowdallyrrsum1ogs>datashowdata1ogshipmatcn1ogs>hipmatchShow>hourlythsumshowhourlythsum1ogs>hourlytr^umshowhourlyrrsum1ogs>systiemrnrejrtShowshowsystem1ogstnreat1ogs>rh5um5howthsum1ogs>trafficShowtrafficTogs-rrsumshowtrsum1ogs>url5howurl1ogsshowuserid1ogs->wecklythsumshowwecklythsum1ogs>weeklytrsumshowweeklyrrsum1ogsAwlIdflr^eshowwil