Scribd
Upload
223 views16 pages

Firewall CLI Commands Guide

The document provides a comprehensive list of CLI commands for various firewalls including FortiGate, Palo Alto, Cisco ASA, Cisco ISE, and Checkpoint. Each section details specific commands for configuration, management, and monitoring of the respective firewalls. It serves as a quick reference guide for network professionals managing these devices.

Uploaded by

Shahzad Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
223 views16 pages

Firewall CLI Commands Guide

The document provides a comprehensive list of CLI commands for various firewalls including FortiGate, Palo Alto, Cisco ASA, Cisco ISE, and Checkpoint. Each section details specific commands for configuration, management, and monitoring of the respective firewalls. It serves as a quick reference guide for network professionals managing these devices.

Uploaded by

Shahzad Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

www.networkjourney.

com CLI COMMANDS FGT, PA, ASA, ISE, CP

Contents
1. FortiGate Firewall CLI Commands ..........................................................................................................2
2. Palo Alto Firewall CLI Commands ...........................................................................................................5
3. Cisco ASA Firewall CLI Commands .........................................................................................................8
4. Cisco ISE CLI Commands .......................................................................................................................... 11
5. Checkpoint Firewall CLI Commands ................................................................................................... 14

CLI COMMANDS FOR


1. FORTIGATE FIREWALL
2. PALOALTO FIREWALL
3. CISCO ASA FIREWALL
4. CISCO ISE
5. CHECKPOINT FIREWALL

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 1 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

1. FortiGate Firewall CLI Commands

config system global # Enter system configuration

set hostname <hostname> # Set FortiGate hostname

set timezone <timezone> # Set timezone

config system interface # Enter interface configuration

edit port1 # Edit interface port1

set ip 192.168.1.1/24 # Assign IP to interface

set allowaccess ping http https ssh # Allow management access

end # Exit configuration mode

config system global # Enter system configuration

set hostname <hostname> # Set FortiGate hostname

set timezone <timezone> # Set timezone

config system interface # Enter interface configuration

edit port1 # Edit interface port1

set ip 192.168.1.1/24 # Assign IP to interface

set allowaccess ping http https ssh # Allow management access

end # Exit configuration mode

config system global # Enter system configuration

set hostname <hostname> # Set FortiGate hostname

set timezone <timezone> # Set timezone

config system interface # Enter interface configuration

edit port1 # Edit interface port1

set ip 192.168.1.1/24 # Assign IP to interface

set allowaccess ping http https ssh # Allow management access

end # Exit configuration mode

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 2 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

config system global # Enter system configuration

set hostname <hostname> # Set FortiGate hostname

set timezone <timezone> # Set timezone

config system interface # Enter interface configuration

edit port1 # Edit interface port1

set ip 192.168.1.1/24 # Assign IP to interface

set allowaccess ping http https ssh # Allow management access

end # Exit configuration mode

config system global # Enter system configuration

set hostname <hostname> # Set FortiGate hostname

set timezone <timezone> # Set timezone

config system interface # Enter interface configuration

edit port1 # Edit interface port1

set ip 192.168.1.1/24 # Assign IP to interface

set allowaccess ping http https ssh # Allow management access

end # Exit configuration mode

config system global # Enter system configuration

set hostname <hostname> # Set FortiGate hostname

set timezone <timezone> # Set timezone

config system interface # Enter interface configuration

edit port1 # Edit interface port1

set ip 192.168.1.1/24 # Assign IP to interface

set allowaccess ping http https ssh # Allow management access

end # Exit configuration mode

config system global # Enter system configuration

set hostname <hostname> # Set FortiGate hostname

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 3 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

set timezone <timezone> # Set timezone

config system interface # Enter interface configuration

edit port1 # Edit interface port1

set ip 192.168.1.1/24 # Assign IP to interface

set allowaccess ping http https ssh # Allow management access

end # Exit configuration mode

config system global # Enter system configuration

set hostname <hostname> # Set FortiGate hostname

set timezone <timezone> # Set timezone

config system interface # Enter interface configuration

edit port1 # Edit interface port1

set ip 192.168.1.1/24 # Assign IP to interface

set allowaccess ping http https ssh # Allow management access

end # Exit configuration mode

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 4 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

2. Palo Alto Firewall CLI Commands

configure # Enter configuration mode

commit # Save changes

show configuration # View running configuration

set network interface ethernet1/1 ip 192.168.1.1/24 # Assign IP

show routing route # Display routing table

ping host <IP> # Ping a host

show running security-policy # Show security policies

configure # Enter configuration mode

commit # Save changes

show configuration # View running configuration

set network interface ethernet1/1 ip 192.168.1.1/24 # Assign IP

show routing route # Display routing table

ping host <IP> # Ping a host

show running security-policy # Show security policies

configure # Enter configuration mode

commit # Save changes

show configuration # View running configuration

set network interface ethernet1/1 ip 192.168.1.1/24 # Assign IP

show routing route # Display routing table

ping host <IP> # Ping a host

show running security-policy # Show security policies

configure # Enter configuration mode

commit # Save changes

show configuration # View running configuration

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 5 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

set network interface ethernet1/1 ip 192.168.1.1/24 # Assign IP

show routing route # Display routing table

ping host <IP> # Ping a host

show running security-policy # Show security policies

configure # Enter configuration mode

commit # Save changes

show configuration # View running configuration

set network interface ethernet1/1 ip 192.168.1.1/24 # Assign IP

show routing route # Display routing table

ping host <IP> # Ping a host

show running security-policy # Show security policies

configure # Enter configuration mode

commit # Save changes

show configuration # View running configuration

set network interface ethernet1/1 ip 192.168.1.1/24 # Assign IP

show routing route # Display routing table

ping host <IP> # Ping a host

show running security-policy # Show security policies

configure # Enter configuration mode

commit # Save changes

show configuration # View running configuration

set network interface ethernet1/1 ip 192.168.1.1/24 # Assign IP

show routing route # Display routing table

ping host <IP> # Ping a host

show running security-policy # Show security policies

configure # Enter configuration mode

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 6 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

commit # Save changes

show configuration # View running configuration

set network interface ethernet1/1 ip 192.168.1.1/24 # Assign IP

show routing route # Display routing table

ping host <IP> # Ping a host

show running security-policy # Show security policies

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 7 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

3. Cisco ASA Firewall CLI Commands

enable # Enter privileged mode

configure terminal # Enter configuration mode

show running-config # Show current configuration

write memory # Save configuration

interface GigabitEthernet0/1 # Enter interface mode

ip address 192.168.1.1 255.255.255.0 # Assign IP

exit # Exit interface mode

enable # Enter privileged mode

configure terminal # Enter configuration mode

show running-config # Show current configuration

write memory # Save configuration

interface GigabitEthernet0/1 # Enter interface mode

ip address 192.168.1.1 255.255.255.0 # Assign IP

exit # Exit interface mode

enable # Enter privileged mode

configure terminal # Enter configuration mode

show running-config # Show current configuration

write memory # Save configuration

interface GigabitEthernet0/1 # Enter interface mode

ip address 192.168.1.1 255.255.255.0 # Assign IP

exit # Exit interface mode

enable # Enter privileged mode

configure terminal # Enter configuration mode

show running-config # Show current configuration

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 8 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

write memory # Save configuration

interface GigabitEthernet0/1 # Enter interface mode

ip address 192.168.1.1 255.255.255.0 # Assign IP

exit # Exit interface mode

enable # Enter privileged mode

configure terminal # Enter configuration mode

show running-config # Show current configuration

write memory # Save configuration

interface GigabitEthernet0/1 # Enter interface mode

ip address 192.168.1.1 255.255.255.0 # Assign IP

exit # Exit interface mode

enable # Enter privileged mode

configure terminal # Enter configuration mode

show running-config # Show current configuration

write memory # Save configuration

interface GigabitEthernet0/1 # Enter interface mode

ip address 192.168.1.1 255.255.255.0 # Assign IP

exit # Exit interface mode

enable # Enter privileged mode

configure terminal # Enter configuration mode

show running-config # Show current configuration

write memory # Save configuration

interface GigabitEthernet0/1 # Enter interface mode

ip address 192.168.1.1 255.255.255.0 # Assign IP

exit # Exit interface mode

enable # Enter privileged mode

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 9 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

configure terminal # Enter configuration mode

show running-config # Show current configuration

write memory # Save configuration

interface GigabitEthernet0/1 # Enter interface mode

ip address 192.168.1.1 255.255.255.0 # Assign IP

exit # Exit interface mode

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 10 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

4. Cisco ISE CLI Commands

show version # Show Cisco ISE version

show udi # Show device details

show clock # Show system time

show logging application ise-admin.log tail # View admin logs

show users # Display logged-in users

application stop ise # Stop ISE services

application start ise # Start ISE services

show version # Show Cisco ISE version

show udi # Show device details

show clock # Show system time

show logging application ise-admin.log tail # View admin logs

show users # Display logged-in users

application stop ise # Stop ISE services

application start ise # Start ISE services

show version # Show Cisco ISE version

show udi # Show device details

show clock # Show system time

show logging application ise-admin.log tail # View admin logs

show users # Display logged-in users

application stop ise # Stop ISE services

application start ise # Start ISE services

show version # Show Cisco ISE version

show udi # Show device details

show clock # Show system time

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 11 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

show logging application ise-admin.log tail # View admin logs

show users # Display logged-in users

application stop ise # Stop ISE services

application start ise # Start ISE services

show version # Show Cisco ISE version

show udi # Show device details

show clock # Show system time

show logging application ise-admin.log tail # View admin logs

show users # Display logged-in users

application stop ise # Stop ISE services

application start ise # Start ISE services

show version # Show Cisco ISE version

show udi # Show device details

show clock # Show system time

show logging application ise-admin.log tail # View admin logs

show users # Display logged-in users

application stop ise # Stop ISE services

application start ise # Start ISE services

show version # Show Cisco ISE version

show udi # Show device details

show clock # Show system time

show logging application ise-admin.log tail # View admin logs

show users # Display logged-in users

application stop ise # Stop ISE services

application start ise # Start ISE services

show version # Show Cisco ISE version

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 12 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

show udi # Show device details

show clock # Show system time

show logging application ise-admin.log tail # View admin logs

show users # Display logged-in users

application stop ise # Stop ISE services

application start ise # Start ISE services

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 13 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

5. Checkpoint Firewall CLI Commands

show version all # Show Checkpoint version

fw stat # Show firewall policy status

cpstop # Stop all Checkpoint services

cpstart # Start all Checkpoint services

fw unloadlocal # Unload local security policy

fw monitor # Packet capture utility

show interfaces # Show all network interfaces

show version all # Show Checkpoint version

fw stat # Show firewall policy status

cpstop # Stop all Checkpoint services

cpstart # Start all Checkpoint services

fw unloadlocal # Unload local security policy

fw monitor # Packet capture utility

show interfaces # Show all network interfaces

show version all # Show Checkpoint version

fw stat # Show firewall policy status

cpstop # Stop all Checkpoint services

cpstart # Start all Checkpoint services

fw unloadlocal # Unload local security policy

fw monitor # Packet capture utility

show interfaces # Show all network interfaces

show version all # Show Checkpoint version

fw stat # Show firewall policy status

cpstop # Stop all Checkpoint services

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 14 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

cpstart # Start all Checkpoint services

fw unloadlocal # Unload local security policy

fw monitor # Packet capture utility

show interfaces # Show all network interfaces

show version all # Show Checkpoint version

fw stat # Show firewall policy status

cpstop # Stop all Checkpoint services

cpstart # Start all Checkpoint services

fw unloadlocal # Unload local security policy

fw monitor # Packet capture utility

show interfaces # Show all network interfaces

show version all # Show Checkpoint version

fw stat # Show firewall policy status

cpstop # Stop all Checkpoint services

cpstart # Start all Checkpoint services

fw unloadlocal # Unload local security policy

fw monitor # Packet capture utility

show interfaces # Show all network interfaces

show version all # Show Checkpoint version

fw stat # Show firewall policy status

cpstop # Stop all Checkpoint services

cpstart # Start all Checkpoint services

fw unloadlocal # Unload local security policy

fw monitor # Packet capture utility

show interfaces # Show all network interfaces

show version all # Show Checkpoint version

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 15 of 16


www.networkjourney.com CLI COMMANDS FGT, PA, ASA, ISE, CP

fw stat # Show firewall policy status

cpstop # Stop all Checkpoint services

cpstart # Start all Checkpoint services

fw unloadlocal # Unload local security policy

fw monitor # Packet capture utility

show interfaces # Show all network interfaces

Document prepared by Sagar Dhawan, Youtube: NetworkJourney | +91 9739521088 Page 16 of 16

You might also like