Display the current operational mode.
show system info | match system-mode
Switch from Panorama mode to Log Collector mode.
request system system-mode logger
Switch from Panorama mode to PAN-DB private cloud mode (M-500 appliance only).
request system system-mode panurldb
Switch an M-Series appliance from Log Collector mode or PAN-DB private cloud mode (M-500 appliance only) to Panorama mode.
request system system-mode panorama
Switch the Panorama virtual appliance from Legacy mode to Panorama mode.
request system system-mode panorama
Switch the Panorama virtual appliance from Panorama mode to Legacy mode.
request system system-mode legacy
Panorama Management Server
Change the output for show commands to a format that you can run as CLI commands.
set cli config-output-mode set
The following is an example of the output for the show device-group command after setting the output format:
# show device-group branch-offices set device-group branch-offices devices set device-group branch-offices pre-rulebase ...
Enable or disable the connection between a firewall and Panorama. You must enter this command from the firewall CLI.
set panorama [off | on]
Synchronize the configuration of M-Series appliance high availability (HA) peers.
request high-availability sync-to-remote [running-config | candidate-config]
Reboot multiple firewalls or Dedicated Log Collectors.
request batch reboot [devices | log-collectors]
Change the interval in seconds (default is 10; range is 5 to 60) at which Panorama polls devices (firewalls and Log Collectors) to determine the progress of software or content updates. Panorama displays the progress when you deploy the updates to devices. Decreasing the interval makes the progress report more accurate but increases traffic between Panorama and the devices.
set dlsrvr poll-interval <5-60>
Device Groups and Templates
Show the history of device group commits, status of the connection to Panorama, and other information for the firewalls assigned to a device group.
show devicegroups name
Show the history of template commits, status of the connection to Panorama, and other information for the firewalls assigned to a template.
show templates name
Show all the policy rules and objects pushed from Panorama to a firewall. You must enter this command from the firewall CLI.
show config pushed-shared-policy
Show all the network and device settings pushed from Panorama to a firewall. You must enter this command from the firewall CLI.
show config pushed-template
Log Collection
Show the current rate at which the Panorama management server or a Dedicated Log Collector receives firewall logs.
debug log-collector log-collection-stats show incoming-logs
Show the quantity and status of logs that Panorama or a Dedicated Log Collector forwarded to external servers (such as syslog servers) as well as the auto-tagging status of the logs. Tracking dropped logs helps you troubleshoot connectivity issues.
debug log-collector log-collection-stats show log-forwarding-stats
Show status information for log forwarding to the Panorama management server or a Dedicated Log Collector from a particular firewall (such as the last received and generated log of each type).
When you run this command at the firewall CLI (skip the device argument), the output also shows how many logs the firewall has forwarded.
show logging-status device
Clear logs by type.
Running this command on the Panorama management server clears logs that Panorama and Dedicated Log Collectors generated, as well as any firewall logs that the Panorama management server collected. Running this command on a Dedicated Log Collector clears the logs that it collected from firewalls.
clear log [acc | alarm | config | hipmatch | system | threat | traffic]