Pan Os 81 Cli Commands

PAN-OS 8.
1 Configure Commands
check pending-changes
check full-commit-required
check data-access-passwd system
save config to <value> partial shared-object <excluded> device-and-network <excluded> admin [ <admin1> <admin2>...
]
save config to <value> partial shared-object <excluded> device-and-network <excluded> no-vsys
save config to <value> partial shared-object <excluded> device-and-network <excluded> vsys [ <vsys1> <vsys2>... ]
save device-state
revert config partial shared-object <excluded> device-and-network <excluded> admin [ <admin1> <admin2>... ]
revert config partial shared-object <excluded> device-and-network <excluded> no-vsys
revert config partial shared-object <excluded> device-and-network <excluded> vsys [ <vsys1> <vsys2>... ]
load config key <value>|<default> from <value>
load config key <value>|<default> version <value>|<1-1048576>
load config key <value>|<default> last-saved
load config key <value>|<default> partial from <value> from-xpath <value> to-xpath <value> mode
<merge|replace|append>
load device-state
commit description <value> force partial device-and-network <excluded> shared-object <excluded> admin [ <admin1>
<admin2>... ]
commit description <value> force partial device-and-network <excluded> shared-object <excluded> no-vsys
commit description <value> force partial device-and-network <excluded> shared-object <excluded> vsys [ <vsys1>
<vsys2>... ]
commit description <value> partial device-and-network <excluded> shared-object <
excluded> admin [ <admin1> <admin2>... ]
excluded> no-vsys
excluded> vsys [ <vsys1> <vsys2>... ]
validate full
validate partial device-and-network <excluded> shared-object <excluded> admin [
<admin1> <admin2>... ]
validate partial device-and-network <excluded> shared-object <excluded> no-vsys

validate partial device-and-network <excluded> shared-object <excluded> vsys [
<vsys1> <vsys2>... ]
find command keyword <value>
show deviceconfig
show deviceconfig system
show deviceconfig system type
show deviceconfig system type
show deviceconfig system type static
show deviceconfig system type dhcp-client
show deviceconfig system dns-setting
show deviceconfig system dns-setting
show deviceconfig system dns-setting servers
show deviceconfig system ntp-servers
show deviceconfig system ntp-servers primary-ntp-server
show deviceconfig system ntp-servers primary-ntp-server authentication-type
show deviceconfig system ntp-servers primary-ntp-server authentication-type none
show deviceconfig system ntp-servers primary-ntp-server authentication-type symm
etric-key
etric-key algorithm
etric-key algorithm md5
etric-key algorithm sha1
show deviceconfig system ntp-servers primary-ntp-server authentication-type auto
key
show deviceconfig system ntp-servers secondary-ntp-server
show deviceconfig system ntp-servers secondary-ntp-server authentication-type
show deviceconfig system ntp-servers secondary-ntp-server authentication-type no
ne
show deviceconfig system ntp-servers secondary-ntp-server authentication-type sy

mmetric-key
mmetric-key algorithm
mmetric-key algorithm md5
mmetric-key algorithm sha1
show deviceconfig system ntp-servers secondary-ntp-server authentication-type au
tokey
show deviceconfig system hsm-settings
show deviceconfig system hsm-settings provider
show deviceconfig system hsm-settings provider
show deviceconfig system hsm-settings provider safenet-network
show deviceconfig system hsm-settings provider safenet-network hsm-server
show deviceconfig system hsm-settings provider safenet-network hsm-server <name>
show deviceconfig system hsm-settings provider safenet-network ha
show deviceconfig system hsm-settings provider thales-nshield-connect
show deviceconfig system hsm-settings provider thales-nshield-connect hsm-server
show deviceconfig system hsm-settings provider thales-nshield-connect hsm-server
<name>
show deviceconfig system hsm-settings provider none
show deviceconfig system ssh
show deviceconfig system ssh ciphers
show deviceconfig system ssh ciphers ha
show deviceconfig system ssh ciphers ha aes128-cbc
show deviceconfig system ssh ciphers ha aes128-ctr

show deviceconfig system ssh ciphers ha aes128-gcm
show deviceconfig system ssh ciphers ha aes256-gcm
show deviceconfig system ssh ciphers mgmt
show deviceconfig system ssh ciphers mgmt aes128-cbc
show deviceconfig system ssh ciphers mgmt aes128-ctr
show deviceconfig system ssh ciphers mgmt aes128-gcm
show deviceconfig system ssh ciphers mgmt aes256-gcm
show deviceconfig system ssh mac
show deviceconfig system ssh mac ha
show deviceconfig system ssh mac ha hmac-sha1
show deviceconfig system ssh mac ha hmac-sha2-256
show deviceconfig system ssh mac ha hmac-sha2-512
show deviceconfig system ssh mac mgmt
show deviceconfig system ssh mac mgmt hmac-sha1
show deviceconfig system ssh mac mgmt hmac-sha2-256
show deviceconfig system ssh mac mgmt hmac-sha2-512
show deviceconfig system ssh regenerate-hostkeys
show deviceconfig system ssh regenerate-hostkeys ha
show deviceconfig system ssh regenerate-hostkeys ha key-type
show deviceconfig system ssh regenerate-hostkeys ha key-type ECDSA
show deviceconfig system ssh regenerate-hostkeys ha key-type RSA
show deviceconfig system ssh regenerate-hostkeys mgmt
show deviceconfig system ssh regenerate-hostkeys mgmt key-type
show deviceconfig system ssh regenerate-hostkeys mgmt key-type ECDSA
show deviceconfig system ssh regenerate-hostkeys mgmt key-type RSA
show deviceconfig system ssh default-hostkey
show deviceconfig system ssh default-hostkey ha
show deviceconfig system ssh default-hostkey ha key-type

show deviceconfig system ssh default-hostkey mgmt
show deviceconfig system ssh default-hostkey mgmt key-type
show deviceconfig system ssh default-hostkey mgmt key-type all
show deviceconfig system ssh session-rekey
show deviceconfig system ssh session-rekey ha
show deviceconfig system ssh session-rekey mgmt
show deviceconfig system snmp-setting
show deviceconfig system snmp-setting snmp-system
show deviceconfig system snmp-setting access-setting
show deviceconfig system snmp-setting access-setting version
show deviceconfig system snmp-setting access-setting version v2c
show deviceconfig system snmp-setting access-setting version v3
show deviceconfig system snmp-setting access-setting version v3 views
show deviceconfig system snmp-setting access-setting version v3 views <name>
show deviceconfig system snmp-setting access-setting version v3 views <name> vie
show deviceconfig system snmp-setting access-setting version v3 views <name> vie
w <name>
show deviceconfig system snmp-setting access-setting version v3 users
show deviceconfig system snmp-setting access-setting version v3 users <name>
show deviceconfig system geo-location
show deviceconfig system service
show deviceconfig system permitted-ip
show deviceconfig system permitted-ip <name>
show deviceconfig system route
show deviceconfig system route service
show deviceconfig system route service <name>
show deviceconfig system route service <name> source
show deviceconfig system route service <name> source-v6
show deviceconfig system route destination
show deviceconfig system route destination <name>
show deviceconfig system route destination <name> source

show deviceconfig system log-link
show deviceconfig system log-link <name>
show deviceconfig system log-export-schedule
show deviceconfig system log-export-schedule <name>
show deviceconfig system log-export-schedule <name> protocol
show deviceconfig system log-export-schedule <name> protocol ftp
show deviceconfig system log-export-schedule <name> protocol scp
show deviceconfig system update-schedule
show deviceconfig system update-schedule statistics-service
show deviceconfig system update-schedule threats
show deviceconfig system update-schedule threats recurring
show deviceconfig system update-schedule threats recurring
show deviceconfig system update-schedule threats recurring every-30-mins
show deviceconfig system update-schedule threats recurring hourly
show deviceconfig system update-schedule threats recurring daily
show deviceconfig system update-schedule threats recurring weekly
show deviceconfig system update-schedule app-profile
show deviceconfig system update-schedule app-profile recurring
show deviceconfig system update-schedule app-profile recurring
show deviceconfig system update-schedule app-profile recurring daily
show deviceconfig system update-schedule app-profile recurring weekly
show deviceconfig system update-schedule anti-virus
show deviceconfig system update-schedule anti-virus recurring
show deviceconfig system update-schedule anti-virus recurring
show deviceconfig system update-schedule anti-virus recurring hourly
show deviceconfig system update-schedule anti-virus recurring daily
show deviceconfig system update-schedule anti-virus recurring weekly
show deviceconfig system update-schedule wildfire
show deviceconfig system update-schedule wildfire recurring
show deviceconfig system update-schedule wildfire recurring
show deviceconfig system update-schedule wildfire recurring every-min
show deviceconfig system update-schedule wildfire recurring every-15-mins

show deviceconfig system update-schedule wildfire recurring every-30-mins
show deviceconfig system update-schedule wildfire recurring every-hour
show deviceconfig system update-schedule wf-private
show deviceconfig system update-schedule wf-private recurring
show deviceconfig system update-schedule wf-private recurring
show deviceconfig system update-schedule wf-private recurring every-5-mins
show deviceconfig system update-schedule wf-private recurring every-hour
show deviceconfig system update-schedule url-database
show deviceconfig system update-schedule url-database recurring
show deviceconfig system update-schedule url-database recurring
show deviceconfig system update-schedule url-database recurring daily
show deviceconfig system update-schedule url-database recurring weekly
show deviceconfig system update-schedule global-protect-clientless-vpn
show deviceconfig system update-schedule global-protect-clientless-vpn recurring
hourly
daily
weekly
show deviceconfig system update-schedule global-protect-datafile
show deviceconfig system update-schedule global-protect-datafile recurring
show deviceconfig system update-schedule global-protect-datafile recurring
show deviceconfig system update-schedule global-protect-datafile recurring hourl
show deviceconfig system update-schedule global-protect-datafile recurring daily

show deviceconfig system update-schedule global-protect-datafile recurring weekl
show deviceconfig system motd-and-banner
show deviceconfig setting
show deviceconfig setting nat
show deviceconfig setting jumbo-frame
show deviceconfig setting icmpv6-rate-limit
show deviceconfig setting nat64
show deviceconfig setting packet
show deviceconfig setting util
show deviceconfig setting pan-url-db
show deviceconfig setting url
show deviceconfig setting global-protect
show deviceconfig setting l3-service
show deviceconfig setting application
show deviceconfig setting application traceroute
show deviceconfig setting autofocus
show deviceconfig setting wildfire
show deviceconfig setting wildfire file-size-limit
show deviceconfig setting wildfire file-size-limit <name>
show deviceconfig setting wildfire session-info-select
show deviceconfig setting ctd
show deviceconfig setting ssl-decrypt
show deviceconfig setting session
show deviceconfig setting tcp
show deviceconfig setting zip
show deviceconfig setting pow
show deviceconfig setting config
show deviceconfig setting logging
show deviceconfig setting logging enhanced-application-logging
show deviceconfig setting logging enhanced-application-logging disable-applicati
on
show deviceconfig setting logging enhanced-application-logging disable-applicati
on <name>
show deviceconfig setting logging enhanced-application-logging disable-global
show deviceconfig setting logging enhanced-application-logging disable-global al
show deviceconfig setting logging enhanced-application-logging disable-global ar
show deviceconfig setting logging enhanced-application-logging disable-global no
n-syn-tcp
show deviceconfig setting logging enhanced-application-logging disable-global ex
t-traffic
show deviceconfig setting logging enhanced-application-logging disable-global hi
p-report
show deviceconfig setting logging logging-service-forwarding
show deviceconfig setting management
show deviceconfig setting management secure-conn-client
show deviceconfig setting management secure-conn-client certificate-type
show deviceconfig setting management secure-conn-client certificate-type
show deviceconfig setting management secure-conn-client certificate-type none
show deviceconfig setting management secure-conn-client certificate-type local
show deviceconfig setting management secure-conn-client certificate-type scep
show deviceconfig setting management quota-settings
show deviceconfig setting management quota-settings log-expiration-period
show deviceconfig setting management quota-settings disk-quota
show deviceconfig setting management common-criteria
show deviceconfig setting management common-criteria self-test-schedule
show deviceconfig setting management common-criteria self-test-schedule crypto
show deviceconfig setting management common-criteria self-test-schedule software
-integrity
show deviceconfig setting management common-criteria self-test-schedule
show deviceconfig setting management common-criteria self-test-schedule crypto

show deviceconfig setting management common-criteria self-test-schedule software
-integrity
show deviceconfig setting management admin-lockout
show deviceconfig setting management browse-activity-report-setting
show deviceconfig setting management device-monitoring
show deviceconfig setting management common-criteria-alarm-generation
show deviceconfig setting management common-criteria-alarm-generation security-p
olicy-limits
show deviceconfig setting management common-criteria-alarm-generation rule-group
-limits
show deviceconfig setting management common-criteria-alarm-generation log-databa
ses-alarm-threshold
show deviceconfig setting logrcvr
show deviceconfig setting vpn
show deviceconfig setting vpn ikev2
show deviceconfig setting custom-logo
show deviceconfig setting custom-logo login-screen
show deviceconfig setting custom-logo main-ui
show deviceconfig setting custom-logo pdf-report-header
show deviceconfig setting custom-logo pdf-report-footer
show deviceconfig high-availability
show deviceconfig high-availability interface
show deviceconfig high-availability interface ha1
show deviceconfig high-availability interface ha1 encryption
show deviceconfig high-availability interface ha1-backup
show deviceconfig high-availability interface ha2-backup
show deviceconfig high-availability group
show deviceconfig high-availability group election-option
show deviceconfig high-availability group election-option timers

show deviceconfig high-availability group election-option timers
show deviceconfig high-availability group election-option timers recommended
show deviceconfig high-availability group election-option timers aggressive
show deviceconfig high-availability group election-option timers advanced
show deviceconfig high-availability group state-synchronization
show deviceconfig high-availability group state-synchronization ha2-keep-alive
show deviceconfig high-availability group configuration-synchronization
show deviceconfig high-availability group mode
show deviceconfig high-availability group mode
show deviceconfig high-availability group mode active-passive
show deviceconfig high-availability group mode active-active
show deviceconfig high-availability group mode active-active network-configurati
on
show deviceconfig high-availability group mode active-active network-configurati
on sync
show deviceconfig high-availability group mode active-active virtual-address
show deviceconfig high-availability group mode active-active virtual-address <na
me>
me> ip
me> ip <name>
me> ip <name>
me> ip <name> floating
me> ip <name> floating device-priority
me> ip <name> arp-load-sharing
me> ip <name> arp-load-sharing

me> ip <name> arp-load-sharing ip-modulo
me> ip <name> arp-load-sharing ip-hash
me> ipv6
me> ipv6 <name>
me> ipv6 <name>
me> ipv6 <name> floating
me> ipv6 <name> floating device-priority
me> ipv6 <name> arp-load-sharing
me> ipv6 <name> arp-load-sharing
me> ipv6 <name> arp-load-sharing ip-modulo
me> ipv6 <name> arp-load-sharing ip-hash
show deviceconfig high-availability group mode active-active session-owner-selec
tion
tion
tion primary-device
tion first-packet
tion first-packet session-setup

tion first-packet session-setup
tion first-packet session-setup primary-device
tion first-packet session-setup first-packet
tion first-packet session-setup ip-modulo
tion first-packet session-setup ip-hash
show deviceconfig high-availability group monitoring
show deviceconfig high-availability group monitoring path-monitoring
show deviceconfig high-availability group monitoring path-monitoring path-group
virtual-wire
virtual-wire <name>
vlan
vlan <name>
virtual-router
virtual-router <name>
show deviceconfig high-availability group monitoring link-monitoring
show deviceconfig high-availability group monitoring link-monitoring link-group
show deviceconfig high-availability group monitoring link-monitoring link-group
<name>
show mgt-config
show mgt-config password-complexity
show mgt-config password-complexity password-change

show mgt-config password-profile
show mgt-config password-profile <name>
show mgt-config password-profile <name> password-change
show mgt-config users
show mgt-config users <name>
show mgt-config users <name> preferences
show mgt-config users <name> preferences saved-log-query
show mgt-config users <name> preferences saved-log-query unified
show mgt-config users <name> preferences saved-log-query unified <name>
show mgt-config users <name> preferences saved-log-query traffic
show mgt-config users <name> preferences saved-log-query traffic <name>
show mgt-config users <name> preferences saved-log-query threat
show mgt-config users <name> preferences saved-log-query threat <name>
show mgt-config users <name> preferences saved-log-query url
show mgt-config users <name> preferences saved-log-query url <name>
show mgt-config users <name> preferences saved-log-query data
show mgt-config users <name> preferences saved-log-query data <name>
show mgt-config users <name> preferences saved-log-query config
show mgt-config users <name> preferences saved-log-query config <name>
show mgt-config users <name> preferences saved-log-query system
show mgt-config users <name> preferences saved-log-query system <name>
show mgt-config users <name> preferences saved-log-query wildfire
show mgt-config users <name> preferences saved-log-query wildfire <name>
show mgt-config users <name> preferences saved-log-query hipmatch
show mgt-config users <name> preferences saved-log-query hipmatch <name>
show mgt-config users <name> preferences saved-log-query corr
show mgt-config users <name> preferences saved-log-query corr <name>
show mgt-config users <name> preferences saved-log-query tunnel
show mgt-config users <name> preferences saved-log-query tunnel <name>
show mgt-config users <name> preferences saved-log-query userid
show mgt-config users <name> preferences saved-log-query userid <name>
show mgt-config users <name> preferences saved-log-query auth

show mgt-config users <name> preferences saved-log-query auth <name>
show mgt-config users <name> preferences saved-log-query alarm
show mgt-config users <name> preferences saved-log-query alarm <name>
show mgt-config users <name> permissions
show mgt-config users <name> permissions role-based
show mgt-config users <name> permissions role-based vsysreader
show mgt-config users <name> permissions role-based vsysreader <name>
show mgt-config users <name> permissions role-based vsysadmin
show mgt-config users <name> permissions role-based vsysadmin <name>
show mgt-config users <name> permissions role-based custom
show mgt-config access-domain
show mgt-config access-domain <name>
show network
show network profiles
show network profiles monitor-profile
show network profiles monitor-profile <name>
show network profiles interface-management-profile
show network profiles interface-management-profile <name>
show network profiles interface-management-profile <name> permitted-ip
show network profiles interface-management-profile <name> permitted-ip <name>
show network profiles zone-protection-profile
show network profiles zone-protection-profile <name>
show network profiles zone-protection-profile <name> scan
show network profiles zone-protection-profile <name> scan <name>
show network profiles zone-protection-profile <name> scan <name> action
show network profiles zone-protection-profile <name> scan <name> action allow
show network profiles zone-protection-profile <name> scan <name> action alert
show network profiles zone-protection-profile <name> scan <name> action block
show network profiles zone-protection-profile <name> scan <name> action block-ip
show network profiles zone-protection-profile <name> scan-white-list
show network profiles zone-protection-profile <name> scan-white-list <name>

show network profiles zone-protection-profile <name> scan-white-list <name>
show network profiles zone-protection-profile <name> flood
show network profiles zone-protection-profile <name> flood tcp-syn
show network profiles zone-protection-profile <name> flood tcp-syn
show network profiles zone-protection-profile <name> flood tcp-syn red
show network profiles zone-protection-profile <name> flood tcp-syn syn-cookies
show network profiles zone-protection-profile <name> flood udp
show network profiles zone-protection-profile <name> flood udp red
show network profiles zone-protection-profile <name> flood icmp
show network profiles zone-protection-profile <name> flood icmp red
show network profiles zone-protection-profile <name> flood icmpv6
show network profiles zone-protection-profile <name> flood icmpv6 red
show network profiles zone-protection-profile <name> flood other-ip
show network profiles zone-protection-profile <name> flood other-ip red
show network profiles zone-protection-profile <name> ipv6
show network profiles zone-protection-profile <name> ipv6 filter-ext-hdr
show network profiles zone-protection-profile <name> ipv6 ignore-inv-pkt
show network profiles zone-protection-profile <name> non-ip-protocol
show network profiles zone-protection-profile <name> non-ip-protocol protocol
show network profiles zone-protection-profile <name> non-ip-protocol protocol <n
ame>
show network profiles lldp-profile
show network profiles lldp-profile <name>
show network profiles lldp-profile <name> option-tlvs
show network profiles lldp-profile <name> option-tlvs management-address
show network profiles lldp-profile <name> option-tlvs management-address iplist
<name>
<name>
show network profiles bfd-profile
show network profiles bfd-profile <name>

show network profiles bfd-profile <name> multihop
show network interface
show network interface ethernet
show network interface ethernet <name>
show network interface ethernet <name>
show network interface ethernet <name> tap
show network interface ethernet <name> ha
show network interface ethernet <name> decrypt-mirror
show network interface ethernet <name> virtual-wire
show network interface ethernet <name> virtual-wire units
show network interface ethernet <name> virtual-wire units <name>
show network interface ethernet <name> virtual-wire lldp
show network interface ethernet <name> virtual-wire lldp high-availability
show network interface ethernet <name> virtual-wire lacp
show network interface ethernet <name> virtual-wire lacp high-availability
show network interface ethernet <name> layer2
show network interface ethernet <name> layer2 units
show network interface ethernet <name> layer2 units <name>
show network interface ethernet <name> layer2 lldp
show network interface ethernet <name> layer2 lldp high-availability
show network interface ethernet <name> layer3
show network interface ethernet <name> layer3 adjust-tcp-mss
show network interface ethernet <name> layer3 ip
show network interface ethernet <name> layer3 ip <name>
show network interface ethernet <name> layer3 ipv6
show network interface ethernet <name> layer3 ipv6 address
show network interface ethernet <name> layer3 ipv6 address <name>
show network interface ethernet <name> layer3 ipv6 address <name> prefix
show network interface ethernet <name> layer3 ipv6 address <name> anycast
show network interface ethernet <name> layer3 ipv6 address <name> advertise
show network interface ethernet <name> layer3 ipv6 neighbor-discovery
show network interface ethernet <name> layer3 ipv6 neighbor-discovery router-adv

ertisement
ertisement dns-support
ertisement dns-support server
ertisement dns-support server <name>
ertisement dns-support suffix
ertisement dns-support suffix <name>
show network interface ethernet <name> layer3 ipv6 neighbor-discovery neighbor
show network interface ethernet <name> layer3 ipv6 neighbor-discovery neighbor <
name>
show network interface ethernet <name> layer3 pppoe
show network interface ethernet <name> layer3 pppoe static-address
show network interface ethernet <name> layer3 pppoe passive
show network interface ethernet <name> layer3 dhcp-client
show network interface ethernet <name> layer3 arp
show network interface ethernet <name> layer3 arp <name>
show network interface ethernet <name> layer3 ndp-proxy
show network interface ethernet <name> layer3 ndp-proxy address
show network interface ethernet <name> layer3 ndp-proxy address <name>
show network interface ethernet <name> layer3 units
show network interface ethernet <name> layer3 units <name>
show network interface ethernet <name> layer3 units <name> adjust-tcp-mss
show network interface ethernet <name> layer3 units <name> ip
show network interface ethernet <name> layer3 units <name> ip <name>
show network interface ethernet <name> layer3 units <name> ipv6
show network interface ethernet <name> layer3 units <name> ipv6 address
show network interface ethernet <name> layer3 units <name> ipv6 address <name>
show network interface ethernet <name> layer3 units <name> ipv6 address <name> p
refix
show network interface ethernet <name> layer3 units <name> ipv6 address <name> a
nycast
show network interface ethernet <name> layer3 units <name> ipv6 address <name> a
dvertise
show network interface ethernet <name> layer3 units <name> ipv6 neighbor-discove
ry
ry router-advertisement
ry router-advertisement dns-support
ry router-advertisement dns-support server
ry router-advertisement dns-support server <name>
ry router-advertisement dns-support suffix
ry router-advertisement dns-support suffix <name>
ry neighbor
ry neighbor <name>
show network interface ethernet <name> layer3 units <name> arp
show network interface ethernet <name> layer3 units <name> arp <name>
show network interface ethernet <name> layer3 units <name> ndp-proxy
show network interface ethernet <name> layer3 units <name> ndp-proxy address
show network interface ethernet <name> layer3 units <name> ndp-proxy address <na
me>
show network interface ethernet <name> layer3 units <name> dhcp-client
show network interface ethernet <name> layer3 lldp
show network interface ethernet <name> layer3 lldp high-availability

show network interface ethernet <name> lacp
show network interface aggregate-ethernet
show network interface aggregate-ethernet <name>
show network interface aggregate-ethernet <name>
show network interface aggregate-ethernet <name> ha
show network interface aggregate-ethernet <name> ha lacp
show network interface aggregate-ethernet <name> decrypt-mirror
show network interface aggregate-ethernet <name> virtual-wire
show network interface aggregate-ethernet <name> virtual-wire units
show network interface aggregate-ethernet <name> virtual-wire units <name>
show network interface aggregate-ethernet <name> virtual-wire lldp
show network interface aggregate-ethernet <name> virtual-wire lldp high-availabi
lity
show network interface aggregate-ethernet <name> layer2
show network interface aggregate-ethernet <name> layer2 units
show network interface aggregate-ethernet <name> layer2 units <name>
show network interface aggregate-ethernet <name> layer2 lacp
show network interface aggregate-ethernet <name> layer2 lacp high-availability
show network interface aggregate-ethernet <name> layer2 lacp high-availability u
se-same-system-mac
show network interface aggregate-ethernet <name> layer2 lldp
show network interface aggregate-ethernet <name> layer2 lldp high-availability
show network interface aggregate-ethernet <name> layer3
show network interface aggregate-ethernet <name> layer3 adjust-tcp-mss
show network interface aggregate-ethernet <name> layer3 ip
show network interface aggregate-ethernet <name> layer3 ip <name>
show network interface aggregate-ethernet <name> layer3 ipv6
show network interface aggregate-ethernet <name> layer3 ipv6 address
show network interface aggregate-ethernet <name> layer3 ipv6 address <name>
show network interface aggregate-ethernet <name> layer3 ipv6 address <name> pref
ix
show network interface aggregate-ethernet <name> layer3 ipv6 address <name> anyc
ast
show network interface aggregate-ethernet <name> layer3 ipv6 address <name> adve
rtise
show network interface aggregate-ethernet <name> layer3 ipv6 neighbor-discovery
router-advertisement
router-advertisement dns-support
router-advertisement dns-support server
router-advertisement dns-support server <name>
router-advertisement dns-support suffix
router-advertisement dns-support suffix <name>
neighbor
neighbor <name>
show network interface aggregate-ethernet <name> layer3 lacp
show network interface aggregate-ethernet <name> layer3 lacp high-availability
show network interface aggregate-ethernet <name> layer3 lacp high-availability u
se-same-system-mac
show network interface aggregate-ethernet <name> layer3 lldp
show network interface aggregate-ethernet <name> layer3 lldp high-availability
show network interface aggregate-ethernet <name> layer3 arp
show network interface aggregate-ethernet <name> layer3 arp <name>
show network interface aggregate-ethernet <name> layer3 ndp-proxy
show network interface aggregate-ethernet <name> layer3 ndp-proxy address
show network interface aggregate-ethernet <name> layer3 ndp-proxy address <name>

show network interface aggregate-ethernet <name> layer3 dhcp-client
show network interface aggregate-ethernet <name> layer3 units
show network interface aggregate-ethernet <name> layer3 units <name>
show network interface aggregate-ethernet <name> layer3 units <name> adjust-tcp-
mss
show network interface aggregate-ethernet <name> layer3 units <name> ip
show network interface aggregate-ethernet <name> layer3 units <name> ip <name>
show network interface aggregate-ethernet <name> layer3 units <name> ipv6
show network interface aggregate-ethernet <name> layer3 units <name> ipv6 addres
s <name>
s <name> prefix
s <name> anycast
s <name> advertise
show network interface aggregate-ethernet <name> layer3 units <name> ipv6 neighb
or-discovery
or-discovery router-advertisement
or-discovery router-advertisement dns-support
or-discovery router-advertisement dns-support server
or-discovery router-advertisement dns-support server <name>
or-discovery router-advertisement dns-support suffix
or-discovery router-advertisement dns-support suffix <name>

or-discovery neighbor
or-discovery neighbor <name>
show network interface aggregate-ethernet <name> layer3 units <name> arp
show network interface aggregate-ethernet <name> layer3 units <name> arp <name>
show network interface aggregate-ethernet <name> layer3 units <name> ndp-proxy
show network interface aggregate-ethernet <name> layer3 units <name> ndp-proxy a
ddress
show network interface aggregate-ethernet <name> layer3 units <name> ndp-proxy a
ddress <name>
show network interface aggregate-ethernet <name> layer3 units <name> dhcp-client
show network interface vlan
show network interface vlan adjust-tcp-mss
show network interface vlan ip
show network interface vlan ip <name>
show network interface vlan ipv6
show network interface vlan ipv6 address
show network interface vlan ipv6 address <name>
show network interface vlan ipv6 address <name> prefix
show network interface vlan ipv6 address <name> anycast
show network interface vlan ipv6 address <name> advertise
show network interface vlan ipv6 neighbor-discovery
show network interface vlan ipv6 neighbor-discovery router-advertisement
show network interface vlan ipv6 neighbor-discovery router-advertisement dns-sup
port
port server
port server <name>

port suffix
port suffix <name>
show network interface vlan ipv6 neighbor-discovery neighbor
show network interface vlan ipv6 neighbor-discovery neighbor <name>
show network interface vlan arp
show network interface vlan arp <name>
show network interface vlan ndp-proxy
show network interface vlan ndp-proxy address
show network interface vlan ndp-proxy address <name>
show network interface vlan dhcp-client
show network interface vlan units
show network interface vlan units <name>
show network interface vlan units <name> adjust-tcp-mss
show network interface vlan units <name> ip
show network interface vlan units <name> ip <name>
show network interface vlan units <name> ipv6
show network interface vlan units <name> ipv6 address
show network interface vlan units <name> ipv6 address <name>
show network interface vlan units <name> ipv6 address <name> prefix
show network interface vlan units <name> ipv6 address <name> anycast
show network interface vlan units <name> ipv6 address <name> advertise
show network interface vlan units <name> ipv6 neighbor-discovery
show network interface vlan units <name> ipv6 neighbor-discovery router-advertis
ement
ement dns-support
ement dns-support server
ement dns-support server <name>

ement dns-support suffix
ement dns-support suffix <name>
show network interface vlan units <name> ipv6 neighbor-discovery neighbor
show network interface vlan units <name> ipv6 neighbor-discovery neighbor <name>
show network interface vlan units <name> arp
show network interface vlan units <name> arp <name>
show network interface vlan units <name> ndp-proxy
show network interface vlan units <name> ndp-proxy address
show network interface vlan units <name> ndp-proxy address <name>
show network interface vlan units <name> dhcp-client
show network interface loopback
show network interface loopback adjust-tcp-mss
show network interface loopback ip
show network interface loopback ip <name>
show network interface loopback ipv6
show network interface loopback ipv6 address
show network interface loopback ipv6 address <name>
show network interface loopback ipv6 address <name> prefix
show network interface loopback ipv6 address <name> anycast
show network interface loopback units
show network interface loopback units <name>
show network interface loopback units <name> adjust-tcp-mss
show network interface loopback units <name> ip
show network interface loopback units <name> ip <name>
show network interface loopback units <name> ipv6
show network interface loopback units <name> ipv6 address
show network interface loopback units <name> ipv6 address <name>
show network interface loopback units <name> ipv6 address <name> prefix
show network interface loopback units <name> ipv6 address <name> anycast
show network interface tunnel

show network interface tunnel ip
show network interface tunnel ip <name>
show network interface tunnel ipv6
show network interface tunnel ipv6 address
show network interface tunnel ipv6 address <name>
show network interface tunnel ipv6 address <name> prefix
show network interface tunnel ipv6 address <name> anycast
show network interface tunnel units
show network interface tunnel units <name>
show network interface tunnel units <name> ip
show network interface tunnel units <name> ip <name>
show network interface tunnel units <name> ipv6
show network interface tunnel units <name> ipv6 address
show network interface tunnel units <name> ipv6 address <name>
show network interface tunnel units <name> ipv6 address <name> prefix
show network interface tunnel units <name> ipv6 address <name> anycast
show network ike
show network ike gateway
show network ike gateway <name>
show network ike gateway <name> peer-address
show network ike gateway <name> peer-address dynamic
show network ike gateway <name> local-address
show network ike gateway <name> local-address
show network ike gateway <name> peer-id
show network ike gateway <name> local-id
show network ike gateway <name> authentication
show network ike gateway <name> authentication pre-shared-key
show network ike gateway <name> authentication certificate
show network ike gateway <name> authentication certificate local-certificate
show network ike gateway <name> authentication certificate local-certificate has
h-and-url
show network ike gateway <name> protocol

show network ike gateway <name> protocol ikev1
show network ike gateway <name> protocol ikev1 dpd
show network ike gateway <name> protocol ikev2
show network ike gateway <name> protocol ikev2 dpd
show network ike gateway <name> protocol-common
show network ike gateway <name> protocol-common nat-traversal
show network ike gateway <name> protocol-common fragmentation
show network ike crypto-profiles
show network ike crypto-profiles ike-crypto-profiles
show network ike crypto-profiles ike-crypto-profiles <name>
show network ike crypto-profiles ike-crypto-profiles <name> lifetime
show network ike crypto-profiles ipsec-crypto-profiles
show network ike crypto-profiles ipsec-crypto-profiles <name>
show network ike crypto-profiles ipsec-crypto-profiles <name>
show network ike crypto-profiles ipsec-crypto-profiles <name> esp
show network ike crypto-profiles ipsec-crypto-profiles <name> ah
show network ike crypto-profiles ipsec-crypto-profiles <name> lifetime
show network ike crypto-profiles ipsec-crypto-profiles <name> lifesize
show network ike crypto-profiles global-protect-app-crypto-profiles
show network ike crypto-profiles global-protect-app-crypto-profiles <name>
show network tunnel
show network tunnel ipsec
show network tunnel ipsec <name>
show network tunnel ipsec <name> tunnel-monitor
show network tunnel ipsec <name>
show network tunnel ipsec <name> auto-key
show network tunnel ipsec <name> auto-key ike-gateway
show network tunnel ipsec <name> auto-key ike-gateway <name>
show network tunnel ipsec <name> auto-key proxy-id
show network tunnel ipsec <name> auto-key proxy-id <name>
show network tunnel ipsec <name> auto-key proxy-id <name> protocol
show network tunnel ipsec <name> auto-key proxy-id <name> protocol any
show network tunnel ipsec <name> auto-key proxy-id <name> protocol tcp
show network tunnel ipsec <name> auto-key proxy-id <name> protocol udp
show network tunnel ipsec <name> auto-key proxy-id-v6
show network tunnel ipsec <name> auto-key proxy-id-v6 <name>
show network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol
show network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol any
show network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol tcp
show network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol udp
show network tunnel ipsec <name> manual-key
show network tunnel ipsec <name> manual-key peer-address
show network tunnel ipsec <name> manual-key local-address
show network tunnel ipsec <name> manual-key local-address
show network tunnel ipsec <name> manual-key
show network tunnel ipsec <name> manual-key esp
show network tunnel ipsec <name> manual-key esp authentication
show network tunnel ipsec <name> manual-key esp authentication
show network tunnel ipsec <name> manual-key esp authentication md5
show network tunnel ipsec <name> manual-key esp authentication sha1
show network tunnel ipsec <name> manual-key esp authentication none
show network tunnel ipsec <name> manual-key esp encryption
show network tunnel ipsec <name> manual-key ah
show network tunnel ipsec <name> manual-key ah
show network tunnel ipsec <name> manual-key ah md5
show network tunnel ipsec <name> manual-key ah sha1
show network tunnel ipsec <name> global-protect-satellite
show network tunnel ipsec <name> global-protect-satellite local-address

show network tunnel ipsec <name> global-protect-satellite local-address
show network tunnel ipsec <name> global-protect-satellite local-address ip
show network tunnel ipsec <name> global-protect-satellite local-address floating
-ip
show network tunnel ipsec <name> global-protect-satellite publish-connected-rout
es
show network tunnel ipsec <name> global-protect-satellite external-ca
show network tunnel global-protect-gateway
show network tunnel global-protect-gateway <name>
show network tunnel global-protect-gateway <name> local-address
show network tunnel global-protect-gateway <name> local-address
show network tunnel global-protect-gateway <name> local-address ip
show network tunnel global-protect-gateway <name> local-address floating-ip
show network tunnel global-protect-gateway <name> ipsec
show network tunnel global-protect-gateway <name> ipsec third-party-client
show network tunnel global-protect-gateway <name> client
show network tunnel global-protect-gateway <name> client inheritance
show network tunnel global-protect-gateway <name> client dns-server
show network tunnel global-protect-gateway <name> client wins-server
show network tunnel global-protect-gateway <name> client exclude-video-traffic
show network tunnel global-protect-site-to-site
show network tunnel global-protect-site-to-site <name>
show network tunnel global-protect-site-to-site <name> local-address
show network tunnel global-protect-site-to-site <name> local-address
show network tunnel global-protect-site-to-site <name> local-address ip
show network tunnel global-protect-site-to-site <name> local-address floating-ip
show network tunnel global-protect-site-to-site <name> client
show network tunnel global-protect-site-to-site <name> client inheritance
show network tunnel global-protect-site-to-site <name> client dns-server
show network tunnel global-protect-site-to-site <name> client split-tunneling
show network tunnel global-protect-site-to-site <name> client tunnel-monitor

show network vlan
show network vlan <name>
show network vlan <name> mac
show network vlan <name> mac <name>
show network vlan <name> virtual-interface
show network qos
show network qos profile
show network qos profile <name>
show network qos profile <name> aggregate-bandwidth
show network qos profile <name> class
show network qos profile <name> class <name>
show network qos profile <name> class <name> class-bandwidth
show network qos interface
show network qos interface <name>
show network qos interface <name> interface-bandwidth
show network qos interface <name> tunnel-traffic
show network qos interface <name> tunnel-traffic groups
show network qos interface <name> tunnel-traffic groups <name>
show network qos interface <name> tunnel-traffic groups <name> members
show network qos interface <name> tunnel-traffic groups <name> members <name>
show network qos interface <name> tunnel-traffic default-group
show network qos interface <name> tunnel-traffic bandwidth
show network qos interface <name> regular-traffic
show network qos interface <name> regular-traffic groups
show network qos interface <name> regular-traffic groups <name>
show network qos interface <name> regular-traffic groups <name> members
show network qos interface <name> regular-traffic groups <name> members <name>
show network qos interface <name> regular-traffic groups <name> members <name> m
atch
show network qos interface <name> regular-traffic groups <name> members <name> m
atch local-address
show network qos interface <name> regular-traffic default-group

show network qos interface <name> regular-traffic bandwidth
show network virtual-wire
show network virtual-wire <name>
show network virtual-wire <name> multicast-firewalling
show network virtual-wire <name> link-state-pass-through
show network virtual-router
show network virtual-router <name>
show network virtual-router <name> routing-table
show network virtual-router <name> routing-table ip
show network virtual-router <name> routing-table ip static-route
show network virtual-router <name> routing-table ip static-route <name>
show network virtual-router <name> routing-table ip static-route <name> nexthop
show network virtual-router <name> routing-table ip static-route <name> nexthop
discard
show network virtual-router <name> routing-table ip static-route <name> route-ta
ble
ble
ble unicast
ble multicast
ble both
ble no-install
show network virtual-router <name> routing-table ip static-route <name> bfd
show network virtual-router <name> routing-table ip static-route <name> path-mon
itor
itor monitor-destinations

itor monitor-destinations <name>
show network virtual-router <name> routing-table ipv6
show network virtual-router <name> routing-table ipv6 static-route
show network virtual-router <name> routing-table ipv6 static-route <name>
show network virtual-router <name> routing-table ipv6 static-route <name> nextho
show network virtual-router <name> routing-table ipv6 static-route <name> nextho
p discard
show network virtual-router <name> routing-table ipv6 static-route <name> route-
table
table
table unicast
table no-install
show network virtual-router <name> routing-table ipv6 static-route <name> bfd
show network virtual-router <name> routing-table ipv6 static-route <name> path-m
onitor
onitor monitor-destinations
onitor monitor-destinations <name>
show network virtual-router <name> multicast
show network virtual-router <name> multicast interface-group
show network virtual-router <name> multicast interface-group <name>
show network virtual-router <name> multicast interface-group <name> group-permis
sion
sion any-source-multicast
sion any-source-multicast <name>

sion source-specific-multicast
sion source-specific-multicast <name>
show network virtual-router <name> multicast interface-group <name> igmp
show network virtual-router <name> multicast interface-group <name> pim
show network virtual-router <name> multicast interface-group <name> pim allowed-
neighbors
show network virtual-router <name> multicast interface-group <name> pim allowed-
neighbors <name>
show network virtual-router <name> multicast ssm-address-space
show network virtual-router <name> multicast ssm-address-space <name>
show network virtual-router <name> multicast spt-threshold
show network virtual-router <name> multicast spt-threshold <name>
show network virtual-router <name> multicast rp
show network virtual-router <name> multicast rp local-rp
show network virtual-router <name> multicast rp local-rp
show network virtual-router <name> multicast rp local-rp static-rp
show network virtual-router <name> multicast rp local-rp candidate-rp
show network virtual-router <name> multicast rp external-rp
show network virtual-router <name> multicast rp external-rp <name>
show network virtual-router <name> protocol
show network virtual-router <name> protocol redist-profile
show network virtual-router <name> protocol redist-profile <name>
show network virtual-router <name> protocol redist-profile <name> filter
show network virtual-router <name> protocol redist-profile <name> filter ospf
show network virtual-router <name> protocol redist-profile <name> filter bgp
show network virtual-router <name> protocol redist-profile <name> action
show network virtual-router <name> protocol redist-profile <name> action no-redi
st
show network virtual-router <name> protocol redist-profile <name> action redist
show network virtual-router <name> protocol redist-profile-ipv6

show network virtual-router <name> protocol redist-profile-ipv6 <name>
show network virtual-router <name> protocol redist-profile-ipv6 <name> filter
show network virtual-router <name> protocol redist-profile-ipv6 <name> filter os
pfv3
show network virtual-router <name> protocol redist-profile-ipv6 <name> filter bg
show network virtual-router <name> protocol redist-profile-ipv6 <name> action
show network virtual-router <name> protocol redist-profile-ipv6 <name> action no
-redist
show network virtual-router <name> protocol redist-profile-ipv6 <name> action re
dist
show network virtual-router <name> protocol rip
show network virtual-router <name> protocol rip timers
show network virtual-router <name> protocol rip auth-profile
show network virtual-router <name> protocol rip auth-profile <name>
show network virtual-router <name> protocol rip auth-profile <name>
show network virtual-router <name> protocol rip auth-profile <name> md5
show network virtual-router <name> protocol rip auth-profile <name> md5 <name>
show network virtual-router <name> protocol rip global-bfd
show network virtual-router <name> protocol rip interface
show network virtual-router <name> protocol rip interface <name>
show network virtual-router <name> protocol rip interface <name> default-route
show network virtual-router <name> protocol rip interface <name> default-route d
isable
show network virtual-router <name> protocol rip interface <name> default-route a
dvertise
show network virtual-router <name> protocol rip interface <name> bfd
show network virtual-router <name> protocol rip export-rules
show network virtual-router <name> protocol rip export-rules <name>
show network virtual-router <name> protocol ospf
show network virtual-router <name> protocol ospf timers
show network virtual-router <name> protocol ospf auth-profile

show network virtual-router <name> protocol ospf auth-profile <name>
show network virtual-router <name> protocol ospf auth-profile <name>
show network virtual-router <name> protocol ospf auth-profile <name> md5
show network virtual-router <name> protocol ospf auth-profile <name> md5 <name>
show network virtual-router <name> protocol ospf global-bfd
show network virtual-router <name> protocol ospf area
show network virtual-router <name> protocol ospf area <name>
show network virtual-router <name> protocol ospf area <name> type
show network virtual-router <name> protocol ospf area <name> type normal
show network virtual-router <name> protocol ospf area <name> type stub
show network virtual-router <name> protocol ospf area <name> type stub default-r
oute
oute disable
oute advertise
show network virtual-router <name> protocol ospf area <name> type nssa
show network virtual-router <name> protocol ospf area <name> type nssa default-r
oute
oute disable
oute advertise
show network virtual-router <name> protocol ospf area <name> type nssa nssa-ext-
range
range <name>
range <name>
range <name> advertise
range <name> suppress
show network virtual-router <name> protocol ospf area <name> range
show network virtual-router <name> protocol ospf area <name> range <name>
show network virtual-router <name> protocol ospf area <name> range <name>
show network virtual-router <name> protocol ospf area <name> range <name> advert
ise
show network virtual-router <name> protocol ospf area <name> range <name> suppre
ss
show network virtual-router <name> protocol ospf area <name> interface
show network virtual-router <name> protocol ospf area <name> interface <name>
show network virtual-router <name> protocol ospf area <name> interface <name> li
nk-type
nk-type broadcast
nk-type p2p
nk-type p2mp
show network virtual-router <name> protocol ospf area <name> interface <name> ne
ighbor
show network virtual-router <name> protocol ospf area <name> interface <name> ne
ighbor <name>
show network virtual-router <name> protocol ospf area <name> interface <name> bf
show network virtual-router <name> protocol ospf area <name> virtual-link
show network virtual-router <name> protocol ospf area <name> virtual-link <name>
show network virtual-router <name> protocol ospf area <name> virtual-link <name>
bfd
show network virtual-router <name> protocol ospf export-rules
show network virtual-router <name> protocol ospf export-rules <name>
show network virtual-router <name> protocol ospf graceful-restart

show network virtual-router <name> protocol ospfv3
show network virtual-router <name> protocol ospfv3 timers
show network virtual-router <name> protocol ospfv3 auth-profile
show network virtual-router <name> protocol ospfv3 auth-profile <name>
show network virtual-router <name> protocol ospfv3 auth-profile <name>
show network virtual-router <name> protocol ospfv3 auth-profile <name> esp
show network virtual-router <name> protocol ospfv3 auth-profile <name> esp authe
ntication
ntication
ntication md5
ntication sha1
ntication sha256
ntication sha384
ntication sha512
ntication none
show network virtual-router <name> protocol ospfv3 auth-profile <name> esp encry
ption
show network virtual-router <name> protocol ospfv3 auth-profile <name> ah
show network virtual-router <name> protocol ospfv3 auth-profile <name> ah
show network virtual-router <name> protocol ospfv3 auth-profile <name> ah md5
show network virtual-router <name> protocol ospfv3 auth-profile <name> ah sha1

show network virtual-router <name> protocol ospfv3 global-bfd
show network virtual-router <name> protocol ospfv3 area
show network virtual-router <name> protocol ospfv3 area <name>
show network virtual-router <name> protocol ospfv3 area <name> type
show network virtual-router <name> protocol ospfv3 area <name> type normal
show network virtual-router <name> protocol ospfv3 area <name> type stub
show network virtual-router <name> protocol ospfv3 area <name> type stub default
-route
-route disable
-route advertise
show network virtual-router <name> protocol ospfv3 area <name> type nssa
show network virtual-router <name> protocol ospfv3 area <name> type nssa default
-route
-route disable
-route advertise
show network virtual-router <name> protocol ospfv3 area <name> type nssa nssa-ex
t-range
t-range <name>
t-range <name>
t-range <name> advertise
t-range <name> suppress
show network virtual-router <name> protocol ospfv3 area <name> range

show network virtual-router <name> protocol ospfv3 area <name> range <name>
show network virtual-router <name> protocol ospfv3 area <name> range <name>
show network virtual-router <name> protocol ospfv3 area <name> range <name> adve
rtise
show network virtual-router <name> protocol ospfv3 area <name> range <name> supp
ress
show network virtual-router <name> protocol ospfv3 area <name> interface
show network virtual-router <name> protocol ospfv3 area <name> interface <name>
link-type
link-type broadcast
link-type p2p
link-type p2mp
neighbor
neighbor <name>
bfd
show network virtual-router <name> protocol ospfv3 area <name> virtual-link
show network virtual-router <name> protocol ospfv3 area <name> virtual-link <nam
e>
show network virtual-router <name> protocol ospfv3 area <name> virtual-link <nam
e> bfd
show network virtual-router <name> protocol ospfv3 export-rules
show network virtual-router <name> protocol ospfv3 export-rules <name>
show network virtual-router <name> protocol ospfv3 graceful-restart
show network virtual-router <name> protocol bgp
show network virtual-router <name> protocol bgp routing-options

show network virtual-router <name> protocol bgp routing-options med
show network virtual-router <name> protocol bgp routing-options graceful-restart
show network virtual-router <name> protocol bgp routing-options aggregate
show network virtual-router <name> protocol bgp auth-profile
show network virtual-router <name> protocol bgp auth-profile <name>
show network virtual-router <name> protocol bgp dampening-profile
show network virtual-router <name> protocol bgp dampening-profile <name>
show network virtual-router <name> protocol bgp global-bfd
show network virtual-router <name> protocol bgp peer-group
show network virtual-router <name> protocol bgp peer-group <name>
show network virtual-router <name> protocol bgp peer-group <name> type
show network virtual-router <name> protocol bgp peer-group <name> type ibgp
show network virtual-router <name> protocol bgp peer-group <name> type ebgp-conf
ed
show network virtual-router <name> protocol bgp peer-group <name> type ibgp-conf
ed
show network virtual-router <name> protocol bgp peer-group <name> type ebgp
show network virtual-router <name> protocol bgp peer-group <name> peer
show network virtual-router <name> protocol bgp peer-group <name> peer <name>
show network virtual-router <name> protocol bgp peer-group <name> peer <name> su
bsequent-address-family-identifier
show network virtual-router <name> protocol bgp peer-group <name> peer <name> lo
cal-address
show network virtual-router <name> protocol bgp peer-group <name> peer <name> pe
er-address
show network virtual-router <name> protocol bgp peer-group <name> peer <name> co
nnection-options
nnection-options incoming-bgp-connection
nnection-options outgoing-bgp-connection
show network virtual-router <name> protocol bgp peer-group <name> peer <name> bf
show network virtual-router <name> protocol bgp policy
show network virtual-router <name> protocol bgp policy import
show network virtual-router <name> protocol bgp policy import rules
show network virtual-router <name> protocol bgp policy import rules <name>
show network virtual-router <name> protocol bgp policy import rules <name> match
address-prefix
address-prefix <name>
as-path
as-path
community
community
extended-community
extended-community
show network virtual-router <name> protocol bgp policy import rules <name> actio
n deny
n allow
n allow update
n allow update as-path
n allow update as-path none
n allow update as-path remove
n allow update community
n allow update community none
n allow update community remove-all
n allow update extended-community
n allow update extended-community none
n allow update extended-community remove-all
show network virtual-router <name> protocol bgp policy export
show network virtual-router <name> protocol bgp policy export rules
show network virtual-router <name> protocol bgp policy export rules <name>
show network virtual-router <name> protocol bgp policy export rules <name> match
address-prefix
as-path
as-path
community
community
extended-community
extended-community
show network virtual-router <name> protocol bgp policy export rules <name> actio
n deny
n allow
n allow update
n allow update as-path none
n allow update as-path remove
n allow update community none
n allow update community remove-all
n allow update extended-community none
n allow update extended-community remove-all
show network virtual-router <name> protocol bgp policy conditional-advertisement
policy
policy <name>
policy <name> non-exist-filters
policy <name> non-exist-filters <name>
policy <name> non-exist-filters <name> match
policy <name> non-exist-filters <name> match address-prefix

policy <name> non-exist-filters <name> match address-prefix <name>
policy <name> non-exist-filters <name> match as-path
policy <name> non-exist-filters <name> match community
policy <name> non-exist-filters <name> match extended-community
policy <name> advertise-filters
policy <name> advertise-filters <name>
policy <name> advertise-filters <name> match
policy <name> advertise-filters <name> match address-prefix
policy <name> advertise-filters <name> match address-prefix <name>
policy <name> advertise-filters <name> match as-path
policy <name> advertise-filters <name> match community

policy <name> advertise-filters <name> match extended-community
show network virtual-router <name> protocol bgp policy aggregation
show network virtual-router <name> protocol bgp policy aggregation address
show network virtual-router <name> protocol bgp policy aggregation address <name
>
> aggregate-route-attributes
> aggregate-route-attributes as-path
> aggregate-route-attributes as-path
> aggregate-route-attributes as-path none
> aggregate-route-attributes community
> aggregate-route-attributes community
> aggregate-route-attributes community none
> aggregate-route-attributes community remove-all
> aggregate-route-attributes extended-community
> aggregate-route-attributes extended-community
> aggregate-route-attributes extended-community none
> aggregate-route-attributes extended-community remove-all
> suppress-filters
> suppress-filters <name>
> suppress-filters <name> match
> suppress-filters <name> match address-prefix
> suppress-filters <name> match address-prefix <name>
> suppress-filters <name> match as-path
> suppress-filters <name> match as-path
> suppress-filters <name> match community
> suppress-filters <name> match community
> suppress-filters <name> match extended-community
> suppress-filters <name> match extended-community
> advertise-filters
> advertise-filters <name>
> advertise-filters <name> match
> advertise-filters <name> match address-prefix
> advertise-filters <name> match address-prefix <name>
> advertise-filters <name> match as-path
> advertise-filters <name> match as-path
> advertise-filters <name> match community
> advertise-filters <name> match community
> advertise-filters <name> match extended-community
> advertise-filters <name> match extended-community
show network virtual-router <name> protocol bgp redist-rules
show network virtual-router <name> protocol bgp redist-rules <name>
show network virtual-router <name> admin-dists
show network virtual-router <name> ecmp
show network virtual-router <name> ecmp algorithm
show network virtual-router <name> ecmp algorithm
show network virtual-router <name> ecmp algorithm ip-modulo
show network virtual-router <name> ecmp algorithm ip-hash
show network virtual-router <name> ecmp algorithm weighted-round-robin
show network virtual-router <name> ecmp algorithm weighted-round-robin interface
show network virtual-router <name> ecmp algorithm weighted-round-robin interface
<name>
show network virtual-router <name> ecmp algorithm balanced-round-robin
show network dns-proxy
show network dns-proxy <name>
show network dns-proxy <name> default
show network dns-proxy <name> default inheritance
show network dns-proxy <name> domain-servers
show network dns-proxy <name> domain-servers <name>
show network dns-proxy <name> cache

show network dns-proxy <name> cache max-ttl
show network dns-proxy <name> static-entries
show network dns-proxy <name> static-entries <name>
show network dns-proxy <name> tcp-queries
show network dns-proxy <name> udp-queries
show network dns-proxy <name> udp-queries retries
show network dhcp
show network dhcp interface
show network dhcp interface <name>
show network dhcp interface <name>
show network dhcp interface <name> server
show network dhcp interface <name> server option
show network dhcp interface <name> server option lease
show network dhcp interface <name> server option lease unlimited
show network dhcp interface <name> server option inheritance
show network dhcp interface <name> server option dns
show network dhcp interface <name> server option wins
show network dhcp interface <name> server option nis
show network dhcp interface <name> server option ntp
show network dhcp interface <name> server option user-defined
show network dhcp interface <name> server option user-defined <name>
show network dhcp interface <name> server option user-defined <name>
show network dhcp interface <name> server reserved
show network dhcp interface <name> server reserved <name>
show network dhcp interface <name> relay
show network dhcp interface <name> relay ip
show network dhcp interface <name> relay ipv6
show network dhcp interface <name> relay ipv6 server
show network dhcp interface <name> relay ipv6 server <name>
show network shared-gateway
show network shared-gateway <name>
show network shared-gateway <name> import

show network shared-gateway <name> import network
show network shared-gateway <name> zone
show network shared-gateway <name> zone <name>
show network shared-gateway <name> zone <name> network
show network shared-gateway <name> zone <name> network
show network shared-gateway <name> zone <name> user-acl
show network shared-gateway <name> address
show network shared-gateway <name> address <name>
show network shared-gateway <name> address <name>
show network shared-gateway <name> address-group
show network shared-gateway <name> address-group <name>
show network shared-gateway <name> address-group <name>
show network shared-gateway <name> address-group <name> dynamic
show network shared-gateway <name> service
show network shared-gateway <name> service <name>
show network shared-gateway <name> service <name> protocol
show network shared-gateway <name> service <name> protocol tcp
show network shared-gateway <name> service <name> protocol tcp override
show network shared-gateway <name> service <name> protocol tcp override no
show network shared-gateway <name> service <name> protocol tcp override yes
show network shared-gateway <name> service <name> protocol udp
show network shared-gateway <name> service <name> protocol udp override
show network shared-gateway <name> service <name> protocol udp override no
show network shared-gateway <name> service <name> protocol udp override yes
show network shared-gateway <name> service <name> protocol sctp
show network shared-gateway <name> service-group
show network shared-gateway <name> service-group <name>
show network shared-gateway <name> tag
show network shared-gateway <name> tag <name>
show network shared-gateway <name> log-settings
show network shared-gateway <name> log-settings snmptrap
show network shared-gateway <name> log-settings snmptrap <name>

show network shared-gateway <name> log-settings snmptrap <name> version
show network shared-gateway <name> log-settings snmptrap <name> version v2c
show network shared-gateway <name> log-settings snmptrap <name> version v2c serv
er
show network shared-gateway <name> log-settings snmptrap <name> version v2c serv
er <name>
show network shared-gateway <name> log-settings snmptrap <name> version v3
show network shared-gateway <name> log-settings snmptrap <name> version v3 serve
show network shared-gateway <name> log-settings snmptrap <name> version v3 serve
r <name>
show network shared-gateway <name> log-settings email
show network shared-gateway <name> log-settings email <name>
show network shared-gateway <name> log-settings email <name> server
show network shared-gateway <name> log-settings email <name> server <name>
show network shared-gateway <name> log-settings email <name> format
show network shared-gateway <name> log-settings email <name> format escaping
show network shared-gateway <name> log-settings syslog
show network shared-gateway <name> log-settings syslog <name>
show network shared-gateway <name> log-settings syslog <name> server
show network shared-gateway <name> log-settings syslog <name> server <name>
show network shared-gateway <name> log-settings syslog <name> format
show network shared-gateway <name> log-settings syslog <name> format escaping
show network shared-gateway <name> log-settings http
show network shared-gateway <name> log-settings http <name>
show network shared-gateway <name> log-settings http <name> server
show network shared-gateway <name> log-settings http <name> server <name>
show network shared-gateway <name> log-settings http <name> format
show network shared-gateway <name> log-settings http <name> format config
show network shared-gateway <name> log-settings http <name> format config header
show network shared-gateway <name> log-settings http <name> format config header
s <name>
show network shared-gateway <name> log-settings http <name> format config params
show network shared-gateway <name> log-settings http <name> format config params
<name>
show network shared-gateway <name> log-settings http <name> format system
show network shared-gateway <name> log-settings http <name> format system header
show network shared-gateway <name> log-settings http <name> format system header
s <name>
show network shared-gateway <name> log-settings http <name> format system params
show network shared-gateway <name> log-settings http <name> format system params
<name>
show network shared-gateway <name> log-settings http <name> format traffic
show network shared-gateway <name> log-settings http <name> format traffic heade
rs
show network shared-gateway <name> log-settings http <name> format traffic heade
rs <name>
show network shared-gateway <name> log-settings http <name> format traffic param
show network shared-gateway <name> log-settings http <name> format traffic param
s <name>
show network shared-gateway <name> log-settings http <name> format threat
show network shared-gateway <name> log-settings http <name> format threat header
show network shared-gateway <name> log-settings http <name> format threat header
s <name>
show network shared-gateway <name> log-settings http <name> format threat params
show network shared-gateway <name> log-settings http <name> format threat params
<name>
show network shared-gateway <name> log-settings http <name> format wildfire
show network shared-gateway <name> log-settings http <name> format wildfire head
ers
show network shared-gateway <name> log-settings http <name> format wildfire head
ers <name>
show network shared-gateway <name> log-settings http <name> format wildfire para
ms
show network shared-gateway <name> log-settings http <name> format wildfire para
ms <name>
show network shared-gateway <name> log-settings http <name> format url
show network shared-gateway <name> log-settings http <name> format url headers
show network shared-gateway <name> log-settings http <name> format url headers <
name>
show network shared-gateway <name> log-settings http <name> format url params
show network shared-gateway <name> log-settings http <name> format url params <n
ame>
show network shared-gateway <name> log-settings http <name> format data
show network shared-gateway <name> log-settings http <name> format data headers
show network shared-gateway <name> log-settings http <name> format data headers
<name>
show network shared-gateway <name> log-settings http <name> format data params
show network shared-gateway <name> log-settings http <name> format data params <
name>
show network shared-gateway <name> log-settings http <name> format tunnel
show network shared-gateway <name> log-settings http <name> format tunnel header
show network shared-gateway <name> log-settings http <name> format tunnel header
s <name>
show network shared-gateway <name> log-settings http <name> format tunnel params
show network shared-gateway <name> log-settings http <name> format tunnel params
<name>
show network shared-gateway <name> log-settings http <name> format auth
show network shared-gateway <name> log-settings http <name> format auth headers
show network shared-gateway <name> log-settings http <name> format auth headers
<name>
show network shared-gateway <name> log-settings http <name> format auth params
show network shared-gateway <name> log-settings http <name> format auth params <
name>
show network shared-gateway <name> log-settings http <name> format userid
show network shared-gateway <name> log-settings http <name> format userid header
show network shared-gateway <name> log-settings http <name> format userid header
s <name>
show network shared-gateway <name> log-settings http <name> format userid params
show network shared-gateway <name> log-settings http <name> format userid params
<name>
show network shared-gateway <name> log-settings http <name> format hip-match
show network shared-gateway <name> log-settings http <name> format hip-match hea
ders
show network shared-gateway <name> log-settings http <name> format hip-match hea
ders <name>
show network shared-gateway <name> log-settings http <name> format hip-match par
ams
show network shared-gateway <name> log-settings http <name> format hip-match par
ams <name>
show network shared-gateway <name> log-settings http <name> format correlation
show network shared-gateway <name> log-settings http <name> format correlation h
eaders
show network shared-gateway <name> log-settings http <name> format correlation h
eaders <name>
show network shared-gateway <name> log-settings http <name> format correlation p
arams
show network shared-gateway <name> log-settings http <name> format correlation p
arams <name>
show network shared-gateway <name> log-settings profiles
show network shared-gateway <name> log-settings profiles <name>
show network shared-gateway <name> log-settings profiles <name> match-list
show network shared-gateway <name> log-settings profiles <name> match-list <name
>
> actions
> actions <name>
> actions <name> type
> actions <name> type tagging
> actions <name> type tagging registration
> actions <name> type tagging registration localhost
> actions <name> type tagging registration panorama
> actions <name> type tagging registration remote
show network shared-gateway <name> rulebase
show network shared-gateway <name> rulebase nat
show network shared-gateway <name> rulebase nat rules
show network shared-gateway <name> rulebase nat rules <name>
show network shared-gateway <name> rulebase nat rules <name> source-translation
dynamic-ip-and-port

dynamic-ip-and-port
dynamic-ip-and-port interface-address
dynamic-ip-and-port interface-address
dynamic-ip
dynamic-ip fallback
dynamic-ip fallback
dynamic-ip fallback interface-address
dynamic-ip fallback interface-address
static-ip
show network shared-gateway <name> rulebase nat rules <name>
show network shared-gateway <name> rulebase nat rules <name> destination-transla
tion
show network shared-gateway <name> rulebase nat rules <name> dynamic-destination
-translation
show network shared-gateway <name> rulebase pbf
show network shared-gateway <name> rulebase pbf rules
show network shared-gateway <name> rulebase pbf rules <name>
show network shared-gateway <name> rulebase pbf rules <name> from
show network shared-gateway <name> rulebase pbf rules <name> from
show network shared-gateway <name> rulebase pbf rules <name> action
show network shared-gateway <name> rulebase pbf rules <name> action
show network shared-gateway <name> rulebase pbf rules <name> action forward
show network shared-gateway <name> rulebase pbf rules <name> action forward next
hop
show network shared-gateway <name> rulebase pbf rules <name> action forward moni
tor
show network shared-gateway <name> rulebase pbf rules <name> action discard
show network shared-gateway <name> rulebase pbf rules <name> action no-pbf
show network shared-gateway <name> rulebase pbf rules <name> enforce-symmetric-r
eturn
eturn nexthop-address-list
eturn nexthop-address-list <name>
show network lldp
show network underlay-net
show network underlay-net ip-mapping
show network underlay-net ip-mapping <name>
show shared
show shared address
show shared address <name>
show shared address <name>
show shared address-group
show shared address-group <name>
show shared address-group <name>
show shared address-group <name> dynamic
show shared application
show shared application <name>
show shared application <name> default
show shared application <name> default ident-by-icmp-type
show shared application <name> default ident-by-icmp6-type
show shared application <name> signature
show shared application <name> signature <name>
show shared application <name> signature <name> and-condition
show shared application <name> signature <name> and-condition <name>
show shared application <name> signature <name> and-condition <name> or-conditio

n
n <name>
n <name> operator
n <name> operator pattern-match
n <name> operator pattern-match qualifier
n <name> operator pattern-match qualifier <name>
n <name> operator greater-than
n <name> operator greater-than qualifier
n <name> operator greater-than qualifier <name>
n <name> operator less-than
n <name> operator less-than qualifier
n <name> operator less-than qualifier <name>
n <name> operator equal-to
show shared application-filter
show shared application-filter <name>
show shared application-group
show shared application-group <name>
show shared service
show shared service <name>
show shared service <name> protocol

show shared service <name> protocol tcp
show shared service <name> protocol tcp override
show shared service <name> protocol tcp override no
show shared service <name> protocol tcp override yes
show shared service <name> protocol udp
show shared service <name> protocol udp override
show shared service <name> protocol udp override no
show shared service <name> protocol udp override yes
show shared service <name> protocol sctp
show shared service-group
show shared service-group <name>
show shared profiles
show shared profiles hip-objects
show shared profiles hip-objects <name>
show shared profiles hip-objects <name> host-info
show shared profiles hip-objects <name> host-info criteria
show shared profiles hip-objects <name> host-info criteria domain
show shared profiles hip-objects <name> host-info criteria domain
show shared profiles hip-objects <name> host-info criteria os
show shared profiles hip-objects <name> host-info criteria os
show shared profiles hip-objects <name> host-info criteria os contains
show shared profiles hip-objects <name> host-info criteria os contains
show shared profiles hip-objects <name> host-info criteria client-version
show shared profiles hip-objects <name> host-info criteria client-version
show shared profiles hip-objects <name> host-info criteria host-name
show shared profiles hip-objects <name> host-info criteria host-name
show shared profiles hip-objects <name> host-info criteria host-id
show shared profiles hip-objects <name> host-info criteria host-id
show shared profiles hip-objects <name> network-info
show shared profiles hip-objects <name> network-info criteria
show shared profiles hip-objects <name> network-info criteria network
show shared profiles hip-objects <name> network-info criteria network is

show shared profiles hip-objects <name> network-info criteria network is wifi
show shared profiles hip-objects <name> network-info criteria network is mobile
show shared profiles hip-objects <name> network-info criteria network is unknown
show shared profiles hip-objects <name> network-info criteria network is-not
show shared profiles hip-objects <name> network-info criteria network is-not wif
show shared profiles hip-objects <name> network-info criteria network is-not mob
ile
show shared profiles hip-objects <name> network-info criteria network is-not eth
ernet
show shared profiles hip-objects <name> network-info criteria network is-not unk
nown
show shared profiles hip-objects <name> patch-management
show shared profiles hip-objects <name> patch-management criteria
show shared profiles hip-objects <name> patch-management criteria missing-patche
s severity
s severity
show shared profiles hip-objects <name> patch-management vendor
show shared profiles hip-objects <name> patch-management vendor <name>
show shared profiles hip-objects <name> data-loss-prevention
show shared profiles hip-objects <name> data-loss-prevention criteria
show shared profiles hip-objects <name> data-loss-prevention vendor
show shared profiles hip-objects <name> data-loss-prevention vendor <name>
show shared profiles hip-objects <name> firewall
show shared profiles hip-objects <name> firewall criteria
show shared profiles hip-objects <name> firewall vendor
show shared profiles hip-objects <name> firewall vendor <name>
show shared profiles hip-objects <name> anti-malware

show shared profiles hip-objects <name> anti-malware criteria
show shared profiles hip-objects <name> anti-malware criteria virdef-version
show shared profiles hip-objects <name> anti-malware criteria virdef-version
show shared profiles hip-objects <name> anti-malware criteria virdef-version wit
hin
show shared profiles hip-objects <name> anti-malware criteria virdef-version not
-within
show shared profiles hip-objects <name> anti-malware criteria product-version
show shared profiles hip-objects <name> anti-malware criteria product-version
show shared profiles hip-objects <name> anti-malware criteria product-version wi
thin
show shared profiles hip-objects <name> anti-malware criteria product-version no
t-within
show shared profiles hip-objects <name> anti-malware criteria last-scan-time
show shared profiles hip-objects <name> anti-malware criteria last-scan-time
show shared profiles hip-objects <name> anti-malware criteria last-scan-time not
-available
show shared profiles hip-objects <name> anti-malware criteria last-scan-time wit
hin
show shared profiles hip-objects <name> anti-malware criteria last-scan-time not
-within
show shared profiles hip-objects <name> anti-malware vendor
show shared profiles hip-objects <name> anti-malware vendor <name>
show shared profiles hip-objects <name> disk-backup
show shared profiles hip-objects <name> disk-backup criteria
show shared profiles hip-objects <name> disk-backup criteria last-backup-time
show shared profiles hip-objects <name> disk-backup criteria last-backup-time
show shared profiles hip-objects <name> disk-backup criteria last-backup-time no
t-available
show shared profiles hip-objects <name> disk-backup criteria last-backup-time wi
thin
show shared profiles hip-objects <name> disk-backup criteria last-backup-time no

t-within
show shared profiles hip-objects <name> disk-backup vendor
show shared profiles hip-objects <name> disk-backup vendor <name>
show shared profiles hip-objects <name> disk-encryption
show shared profiles hip-objects <name> disk-encryption criteria
show shared profiles hip-objects <name> disk-encryption criteria encrypted-locat
ions
ions <name>
ions <name> encryption-state
show shared profiles hip-objects <name> disk-encryption vendor
show shared profiles hip-objects <name> disk-encryption vendor <name>
show shared profiles hip-objects <name> custom-checks
show shared profiles hip-objects <name> custom-checks criteria
show shared profiles hip-objects <name> custom-checks criteria process-list
show shared profiles hip-objects <name> custom-checks criteria process-list <nam
e>
show shared profiles hip-objects <name> custom-checks criteria registry-key
show shared profiles hip-objects <name> custom-checks criteria registry-key <nam
e>
e> registry-value
e> registry-value <name>
show shared profiles hip-objects <name> custom-checks criteria plist
show shared profiles hip-objects <name> custom-checks criteria plist <name>
show shared profiles hip-objects <name> custom-checks criteria plist <name> key
show shared profiles hip-objects <name> custom-checks criteria plist <name> key
<name>
show shared profiles hip-objects <name> mobile-device
show shared profiles hip-objects <name> mobile-device criteria

show shared profiles hip-objects <name> mobile-device criteria last-checkin-time
within
not-within
show shared profiles hip-objects <name> mobile-device criteria imei
show shared profiles hip-objects <name> mobile-device criteria imei
show shared profiles hip-objects <name> mobile-device criteria model
show shared profiles hip-objects <name> mobile-device criteria model
show shared profiles hip-objects <name> mobile-device criteria phone-number
show shared profiles hip-objects <name> mobile-device criteria phone-number
show shared profiles hip-objects <name> mobile-device criteria serial-number
show shared profiles hip-objects <name> mobile-device criteria serial-number
show shared profiles hip-objects <name> mobile-device criteria tag
show shared profiles hip-objects <name> mobile-device criteria tag
show shared profiles hip-objects <name> mobile-device criteria applications
show shared profiles hip-objects <name> mobile-device criteria applications has-
malware
malware no
malware yes
malware yes excludes
malware yes excludes <name>
show shared profiles hip-objects <name> mobile-device criteria applications incl
udes
show shared profiles hip-objects <name> mobile-device criteria applications incl

udes <name>
show shared profiles virus
show shared profiles virus <name>
show shared profiles virus <name> decoder
show shared profiles virus <name> decoder <name>
show shared profiles virus <name> application
show shared profiles virus <name> application <name>
show shared profiles virus <name> threat-exception
show shared profiles virus <name> threat-exception <name>
show shared profiles spyware
show shared profiles spyware <name>
show shared profiles spyware <name> botnet-domains
show shared profiles spyware <name> botnet-domains lists
show shared profiles spyware <name> botnet-domains lists <name>
show shared profiles spyware <name> botnet-domains lists <name> action
show shared profiles spyware <name> botnet-domains lists <name> action alert
show shared profiles spyware <name> botnet-domains lists <name> action allow
show shared profiles spyware <name> botnet-domains lists <name> action block
show shared profiles spyware <name> botnet-domains lists <name> action sinkhole
show shared profiles spyware <name> botnet-domains sinkhole
show shared profiles spyware <name> botnet-domains threat-exception
show shared profiles spyware <name> botnet-domains threat-exception <name>
show shared profiles spyware <name> rules
show shared profiles spyware <name> rules <name>
show shared profiles spyware <name> rules <name> action
show shared profiles spyware <name> rules <name> action default
show shared profiles spyware <name> rules <name> action allow
show shared profiles spyware <name> rules <name> action alert
show shared profiles spyware <name> rules <name> action drop
show shared profiles spyware <name> rules <name> action reset-client
show shared profiles spyware <name> rules <name> action reset-server
show shared profiles spyware <name> rules <name> action reset-both

show shared profiles spyware <name> rules <name> action block-ip
show shared profiles spyware <name> threat-exception
show shared profiles spyware <name> threat-exception <name>
show shared profiles spyware <name> threat-exception <name> action
show shared profiles spyware <name> threat-exception <name> action default
show shared profiles spyware <name> threat-exception <name> action allow
show shared profiles spyware <name> threat-exception <name> action alert
show shared profiles spyware <name> threat-exception <name> action drop
show shared profiles spyware <name> threat-exception <name> action reset-both
show shared profiles spyware <name> threat-exception <name> action reset-client
show shared profiles spyware <name> threat-exception <name> action reset-server
show shared profiles spyware <name> threat-exception <name> action block-ip
show shared profiles spyware <name> threat-exception <name> exempt-ip
show shared profiles spyware <name> threat-exception <name> exempt-ip <name>
show shared profiles vulnerability
show shared profiles vulnerability <name>
show shared profiles vulnerability <name> rules
show shared profiles vulnerability <name> rules <name>
show shared profiles vulnerability <name> rules <name> action
show shared profiles vulnerability <name> rules <name> action default
show shared profiles vulnerability <name> rules <name> action allow
show shared profiles vulnerability <name> rules <name> action alert
show shared profiles vulnerability <name> rules <name> action drop
show shared profiles vulnerability <name> rules <name> action reset-client
show shared profiles vulnerability <name> rules <name> action reset-server
show shared profiles vulnerability <name> rules <name> action reset-both
show shared profiles vulnerability <name> rules <name> action block-ip
show shared profiles vulnerability <name> threat-exception
show shared profiles vulnerability <name> threat-exception <name>
show shared profiles vulnerability <name> threat-exception <name> action
show shared profiles vulnerability <name> threat-exception <name> action default

show shared profiles vulnerability <name> threat-exception <name> action allow
show shared profiles vulnerability <name> threat-exception <name> action alert
show shared profiles vulnerability <name> threat-exception <name> action drop
show shared profiles vulnerability <name> threat-exception <name> action reset-c
lient
show shared profiles vulnerability <name> threat-exception <name> action reset-s
erver
show shared profiles vulnerability <name> threat-exception <name> action reset-b
oth
show shared profiles vulnerability <name> threat-exception <name> action block-i
show shared profiles vulnerability <name> threat-exception <name> time-attribute
show shared profiles vulnerability <name> threat-exception <name> exempt-ip
show shared profiles vulnerability <name> threat-exception <name> exempt-ip <nam
e>
show shared profiles url-filtering
show shared profiles url-filtering <name>
show shared profiles url-filtering <name> credential-enforcement
show shared profiles url-filtering <name> credential-enforcement mode
show shared profiles url-filtering <name> credential-enforcement mode disabled
show shared profiles url-filtering <name> credential-enforcement mode ip-user
show shared profiles url-filtering <name> credential-enforcement mode domain-cre
dentials
show shared profiles url-filtering <name> http-header-insertion
show shared profiles url-filtering <name> http-header-insertion <name>
show shared profiles url-filtering <name> http-header-insertion <name> type
show shared profiles url-filtering <name> http-header-insertion <name> type <nam
e>
e> headers

e> headers <name>
show shared profiles file-blocking
show shared profiles file-blocking <name>
show shared profiles file-blocking <name> rules
show shared profiles file-blocking <name> rules <name>
show shared profiles wildfire-analysis
show shared profiles wildfire-analysis <name>
show shared profiles wildfire-analysis <name> rules
show shared profiles wildfire-analysis <name> rules <name>
show shared profiles custom-url-category
show shared profiles custom-url-category <name>
show shared profiles data-objects
show shared profiles data-objects <name>
show shared profiles data-objects <name> pattern-type
show shared profiles data-objects <name> pattern-type predefined
show shared profiles data-objects <name> pattern-type predefined pattern
show shared profiles data-objects <name> pattern-type predefined pattern <name>
show shared profiles data-objects <name> pattern-type regex
show shared profiles data-objects <name> pattern-type regex pattern
show shared profiles data-objects <name> pattern-type regex pattern <name>
show shared profiles data-objects <name> pattern-type file-properties
show shared profiles data-objects <name> pattern-type file-properties pattern
show shared profiles data-objects <name> pattern-type file-properties pattern <n
ame>
show shared profiles data-filtering
show shared profiles data-filtering <name>
show shared profiles data-filtering <name> rules
show shared profiles data-filtering <name> rules <name>
show shared profiles hip-profiles
show shared profiles hip-profiles <name>
show shared profiles dos-protection
show shared profiles dos-protection <name>

show shared profiles dos-protection <name> flood
show shared profiles dos-protection <name> flood tcp-syn
show shared profiles dos-protection <name> flood tcp-syn
show shared profiles dos-protection <name> flood tcp-syn red
show shared profiles dos-protection <name> flood tcp-syn red block
show shared profiles dos-protection <name> flood tcp-syn syn-cookies
show shared profiles dos-protection <name> flood tcp-syn syn-cookies block
show shared profiles dos-protection <name> flood udp
show shared profiles dos-protection <name> flood udp red
show shared profiles dos-protection <name> flood udp red block
show shared profiles dos-protection <name> flood icmp
show shared profiles dos-protection <name> flood icmp red
show shared profiles dos-protection <name> flood icmp red block
show shared profiles dos-protection <name> flood icmpv6
show shared profiles dos-protection <name> flood icmpv6 red
show shared profiles dos-protection <name> flood icmpv6 red block
show shared profiles dos-protection <name> flood other-ip
show shared profiles dos-protection <name> flood other-ip red
show shared profiles dos-protection <name> flood other-ip red block
show shared profiles dos-protection <name> resource
show shared profiles dos-protection <name> resource sessions
show shared profiles decryption
show shared profiles decryption <name>
show shared profiles decryption <name> ssl-forward-proxy
show shared profiles decryption <name> ssl-inbound-proxy
show shared profiles decryption <name> ssl-protocol-settings
show shared profiles decryption <name> ssl-no-proxy
show shared profiles decryption <name> ssh-proxy
show shared profile-group
show shared profile-group <name>
show shared schedule
show shared schedule <name>

show shared schedule <name> schedule-type
show shared schedule <name> schedule-type recurring
show shared schedule <name> schedule-type recurring weekly
show shared threats
show shared threats vulnerability
show shared threats vulnerability <name>
show shared threats vulnerability <name> affected-host
show shared threats vulnerability <name> default-action
show shared threats vulnerability <name> default-action alert
show shared threats vulnerability <name> default-action drop
show shared threats vulnerability <name> default-action reset-client
show shared threats vulnerability <name> default-action reset-server
show shared threats vulnerability <name> default-action reset-both
show shared threats vulnerability <name> default-action block-ip
show shared threats vulnerability <name> default-action allow
show shared threats vulnerability <name> signature
show shared threats vulnerability <name> signature standard
show shared threats vulnerability <name> signature standard <name>
show shared threats vulnerability <name> signature standard <name> and-condition
<name>
<name> or-condition
<name> or-condition <name>
<name> or-condition <name> operator
<name> or-condition <name> operator less-than
<name> or-condition <name> operator less-than qualifier

<name> or-condition <name> operator less-than qualifier <name>
<name> or-condition <name> operator equal-to
<name> or-condition <name> operator equal-to qualifier
<name> or-condition <name> operator equal-to qualifier <name>
<name> or-condition <name> operator greater-than
<name> or-condition <name> operator greater-than qualifier
<name> or-condition <name> operator greater-than qualifier <name>
<name> or-condition <name> operator pattern-match
<name> or-condition <name> operator pattern-match qualifier
<name> or-condition <name> operator pattern-match qualifier <name>
show shared threats vulnerability <name> signature combination
show shared threats vulnerability <name> signature combination time-attribute
show shared threats vulnerability <name> signature combination and-condition
show shared threats vulnerability <name> signature combination and-condition <na
me>
me> or-condition
me> or-condition <name>
show shared threats spyware
show shared threats spyware <name>
show shared threats spyware <name> default-action

show shared threats spyware <name> default-action alert
show shared threats spyware <name> default-action drop
show shared threats spyware <name> default-action reset-client
show shared threats spyware <name> default-action reset-server
show shared threats spyware <name> default-action reset-both
show shared threats spyware <name> default-action block-ip
show shared threats spyware <name> default-action allow
show shared threats spyware <name> signature
show shared threats spyware <name> signature standard
show shared threats spyware <name> signature standard <name>
show shared threats spyware <name> signature standard <name> and-condition
show shared threats spyware <name> signature standard <name> and-condition <name
>
> or-condition
> or-condition <name>
> or-condition <name> operator
> or-condition <name> operator less-than
> or-condition <name> operator less-than qualifier
> or-condition <name> operator less-than qualifier <name>
> or-condition <name> operator equal-to
> or-condition <name> operator equal-to qualifier
> or-condition <name> operator equal-to qualifier <name>
> or-condition <name> operator greater-than
> or-condition <name> operator greater-than qualifier
> or-condition <name> operator greater-than qualifier <name>
> or-condition <name> operator pattern-match
> or-condition <name> operator pattern-match qualifier
> or-condition <name> operator pattern-match qualifier <name>
show shared threats spyware <name> signature combination
show shared threats spyware <name> signature combination time-attribute
show shared threats spyware <name> signature combination and-condition
show shared threats spyware <name> signature combination and-condition <name>
show shared threats spyware <name> signature combination and-condition <name> or
-condition
show shared threats spyware <name> signature combination and-condition <name> or
-condition <name>
show shared external-list
show shared external-list <name>
show shared external-list <name> type
show shared external-list <name> type predefined-ip
show shared external-list <name> type ip
show shared external-list <name> type ip auth
show shared external-list <name> type ip recurring
show shared external-list <name> type ip recurring
show shared external-list <name> type ip recurring hourly
show shared external-list <name> type ip recurring five-minute
show shared external-list <name> type ip recurring daily
show shared external-list <name> type ip recurring weekly
show shared external-list <name> type ip recurring monthly

show shared external-list <name> type domain
show shared external-list <name> type domain auth
show shared external-list <name> type domain recurring
show shared external-list <name> type domain recurring
show shared external-list <name> type domain recurring hourly
show shared external-list <name> type domain recurring five-minute
show shared external-list <name> type domain recurring daily
show shared external-list <name> type domain recurring weekly
show shared external-list <name> type domain recurring monthly
show shared external-list <name> type url
show shared external-list <name> type url auth
show shared external-list <name> type url recurring
show shared external-list <name> type url recurring
show shared external-list <name> type url recurring hourly
show shared external-list <name> type url recurring five-minute
show shared external-list <name> type url recurring daily
show shared external-list <name> type url recurring weekly
show shared external-list <name> type url recurring monthly
show shared tag
show shared tag <name>
show shared authentication-object
show shared authentication-object <name>
show shared global-protect
show shared global-protect clientless-app
show shared global-protect clientless-app <name>
show shared global-protect clientless-app-group
show shared global-protect clientless-app-group <name>
show shared reports
show shared reports <name>
show shared reports <name> type
show shared reports <name> type appstat
show shared reports <name> type threat

show shared reports <name> type url
show shared reports <name> type wildfire
show shared reports <name> type data
show shared reports <name> type thsum
show shared reports <name> type traffic
show shared reports <name> type urlsum
show shared reports <name> type trsum
show shared reports <name> type tunnel
show shared reports <name> type tunnelsum
show shared reports <name> type userid
show shared reports <name> type auth
show shared reports <name> type hipmatch
show shared report-group
show shared report-group <name>
show shared report-group <name> custom-widget
show shared report-group <name> custom-widget <name>
show shared report-group <name> custom-widget <name>
show shared report-group <name> all
show shared report-group <name> all entry
show shared report-group <name> selected-zone
show shared report-group <name> selected-zone entry
show shared report-group <name> selected-user-group
show shared report-group <name> selected-user-group entry
show shared report-group <name> variable
show shared report-group <name> variable <name>
show shared pdf-summary-report
show shared pdf-summary-report <name>
show shared pdf-summary-report <name> header
show shared pdf-summary-report <name> footer
show shared pdf-summary-report <name> predefined-widget

show shared pdf-summary-report <name> predefined-widget <name>
show shared pdf-summary-report <name> custom-widget
show shared pdf-summary-report <name> custom-widget <name>
show shared email-scheduler
show shared email-scheduler <name>
show shared email-scheduler <name> recurring
show shared email-scheduler <name> recurring disabled
show shared email-scheduler <name> recurring daily
show shared botnet
show shared botnet configuration
show shared botnet configuration http
show shared botnet configuration http malware-sites
show shared botnet configuration http dynamic-dns
show shared botnet configuration http ip-domains
show shared botnet configuration http recent-domains
show shared botnet configuration http executables-from-unknown-sites
show shared botnet configuration unknown-applications
show shared botnet configuration unknown-applications unknown-tcp
show shared botnet configuration unknown-applications unknown-tcp session-length
show shared botnet configuration unknown-applications unknown-udp
show shared botnet configuration unknown-applications unknown-udp session-length
show shared botnet configuration other-applications
show shared botnet report
show shared override
show shared override application
show shared override application <name>
show shared alg-override
show shared alg-override application
show shared alg-override application <name>
show shared authentication-profile

show shared authentication-profile <name>
show shared authentication-profile <name> single-sign-on
show shared authentication-profile <name> lockout
show shared authentication-profile <name> method
show shared authentication-profile <name> method none
show shared authentication-profile <name> method local-database
show shared authentication-profile <name> method radius
show shared authentication-profile <name> method ldap
show shared authentication-profile <name> method kerberos
show shared authentication-profile <name> method tacplus
show shared authentication-profile <name> method saml-idp
show shared authentication-profile <name> multi-factor-auth
show shared authentication-sequence
show shared authentication-sequence <name>
show shared certificate-profile
show shared certificate-profile <name>
show shared certificate-profile <name> username-field
show shared certificate-profile <name> CA
show shared certificate-profile <name> CA <name>
show shared server-profile
show shared server-profile ldap
show shared server-profile ldap <name>
show shared server-profile ldap <name> server
show shared server-profile ldap <name> server <name>
show shared server-profile radius
show shared server-profile radius <name>
show shared server-profile radius <name> protocol
show shared server-profile radius <name> protocol CHAP
show shared server-profile radius <name> protocol PAP
show shared server-profile radius <name> protocol PEAP-MSCHAPv2
show shared server-profile radius <name> protocol PEAP-with-GTC
show shared server-profile radius <name> protocol EAP-TTLS-with-PAP

show shared server-profile radius <name> server
show shared server-profile radius <name> server <name>
show shared server-profile kerberos
show shared server-profile kerberos <name>
show shared server-profile kerberos <name> server
show shared server-profile kerberos <name> server <name>
show shared server-profile tacplus
show shared server-profile tacplus <name>
show shared server-profile tacplus <name> server
show shared server-profile tacplus <name> server <name>
show shared server-profile saml-idp
show shared server-profile saml-idp <name>
show shared server-profile netflow
show shared server-profile netflow <name>
show shared server-profile netflow <name> template-refresh-rate
show shared server-profile netflow <name> server
show shared server-profile netflow <name> server <name>
show shared server-profile mfa-server-profile
show shared server-profile mfa-server-profile <name>
show shared server-profile mfa-server-profile <name> mfa-config
show shared server-profile mfa-server-profile <name> mfa-config <name>
show shared log-settings
show shared log-settings system
show shared log-settings system match-list
show shared log-settings system match-list <name>
show shared log-settings system match-list <name> actions
show shared log-settings system match-list <name> actions <name>
show shared log-settings system match-list <name> actions <name> type
show shared log-settings config
show shared log-settings config match-list
show shared log-settings config match-list <name>
show shared log-settings userid

show shared log-settings userid match-list
show shared log-settings userid match-list <name>
show shared log-settings userid match-list <name> actions
show shared log-settings userid match-list <name> actions <name>
show shared log-settings userid match-list <name> actions <name> type
show shared log-settings userid match-list <name> actions <name> type tagging
show shared log-settings userid match-list <name> actions <name> type tagging re
gistration
gistration localhost
gistration panorama
gistration remote
show shared log-settings hipmatch
show shared log-settings hipmatch match-list
show shared log-settings hipmatch match-list <name>
show shared log-settings hipmatch match-list <name> actions
show shared log-settings hipmatch match-list <name> actions <name>
show shared log-settings hipmatch match-list <name> actions <name> type
show shared log-settings hipmatch match-list <name> actions <name> type tagging
registration
registration localhost
registration panorama
registration remote
show shared log-settings correlation
show shared log-settings correlation match-list
show shared log-settings correlation match-list <name>

show shared log-settings correlation match-list <name> actions
show shared log-settings correlation match-list <name> actions <name>
show shared log-settings correlation match-list <name> actions <name> type
show shared log-settings correlation match-list <name> actions <name> type taggi
ng
ng registration
ng registration localhost
ng registration panorama
ng registration remote
show shared log-settings snmptrap
show shared log-settings snmptrap <name>
show shared log-settings snmptrap <name> version
show shared log-settings snmptrap <name> version v2c
show shared log-settings snmptrap <name> version v2c server
show shared log-settings snmptrap <name> version v2c server <name>
show shared log-settings snmptrap <name> version v3
show shared log-settings snmptrap <name> version v3 server
show shared log-settings snmptrap <name> version v3 server <name>
show shared log-settings email
show shared log-settings email <name>
show shared log-settings email <name> server
show shared log-settings email <name> server <name>
show shared log-settings email <name> format
show shared log-settings email <name> format escaping
show shared log-settings syslog
show shared log-settings syslog <name>
show shared log-settings syslog <name> server
show shared log-settings syslog <name> server <name>

show shared log-settings syslog <name> format
show shared log-settings syslog <name> format escaping
show shared log-settings http
show shared log-settings http <name>
show shared log-settings http <name> server
show shared log-settings http <name> server <name>
show shared log-settings http <name> format
show shared log-settings http <name> format config
show shared log-settings http <name> format config headers
show shared log-settings http <name> format config headers <name>
show shared log-settings http <name> format config params
show shared log-settings http <name> format config params <name>
show shared log-settings http <name> format system
show shared log-settings http <name> format system headers
show shared log-settings http <name> format system headers <name>
show shared log-settings http <name> format system params
show shared log-settings http <name> format system params <name>
show shared log-settings http <name> format traffic
show shared log-settings http <name> format traffic headers
show shared log-settings http <name> format traffic headers <name>
show shared log-settings http <name> format traffic params
show shared log-settings http <name> format traffic params <name>
show shared log-settings http <name> format threat
show shared log-settings http <name> format threat headers
show shared log-settings http <name> format threat headers <name>
show shared log-settings http <name> format threat params
show shared log-settings http <name> format threat params <name>
show shared log-settings http <name> format wildfire
show shared log-settings http <name> format wildfire headers
show shared log-settings http <name> format wildfire headers <name>
show shared log-settings http <name> format wildfire params
show shared log-settings http <name> format wildfire params <name>

show shared log-settings http <name> format url
show shared log-settings http <name> format url headers
show shared log-settings http <name> format url headers <name>
show shared log-settings http <name> format url params
show shared log-settings http <name> format url params <name>
show shared log-settings http <name> format data
show shared log-settings http <name> format data headers
show shared log-settings http <name> format data headers <name>
show shared log-settings http <name> format data params
show shared log-settings http <name> format data params <name>
show shared log-settings http <name> format tunnel
show shared log-settings http <name> format tunnel headers
show shared log-settings http <name> format tunnel headers <name>
show shared log-settings http <name> format tunnel params
show shared log-settings http <name> format tunnel params <name>
show shared log-settings http <name> format auth
show shared log-settings http <name> format auth headers
show shared log-settings http <name> format auth headers <name>
show shared log-settings http <name> format auth params
show shared log-settings http <name> format auth params <name>
show shared log-settings http <name> format userid
show shared log-settings http <name> format userid headers
show shared log-settings http <name> format userid headers <name>
show shared log-settings http <name> format userid params
show shared log-settings http <name> format userid params <name>
show shared log-settings http <name> format hip-match
show shared log-settings http <name> format hip-match headers
show shared log-settings http <name> format hip-match headers <name>
show shared log-settings http <name> format hip-match params
show shared log-settings http <name> format hip-match params <name>
show shared log-settings http <name> format correlation
show shared log-settings http <name> format correlation headers

show shared log-settings http <name> format correlation headers <name>
show shared log-settings http <name> format correlation params
show shared log-settings http <name> format correlation params <name>
show shared log-settings profiles
show shared log-settings profiles <name>
show shared log-settings profiles <name> match-list
show shared log-settings profiles <name> match-list <name>
show shared log-settings profiles <name> match-list <name> actions
show shared log-settings profiles <name> match-list <name> actions <name>
show shared log-settings profiles <name> match-list <name> actions <name> type
show shared log-settings profiles <name> match-list <name> actions <name> type t
agging
agging registration
agging registration localhost
agging registration panorama
agging registration remote
show shared certificate
show shared certificate <name>
show shared ssl-tls-service-profile
show shared ssl-tls-service-profile <name>
show shared ssl-tls-service-profile <name> protocol-settings
show shared response-page
show shared response-page global-protect-portal-custom-login-page
show shared response-page global-protect-portal-custom-login-page <name>
show shared response-page global-protect-portal-custom-home-page
show shared response-page global-protect-portal-custom-home-page <name>

show shared response-page global-protect-portal-custom-help-page
show shared response-page global-protect-portal-custom-help-page <name>
show shared response-page global-protect-portal-custom-welcome-page
show shared response-page global-protect-portal-custom-welcome-page <name>
show shared local-user-database
show shared local-user-database user
show shared local-user-database user <name>
show shared local-user-database user-group
show shared local-user-database user-group <name>
show shared ocsp-responder
show shared ocsp-responder <name>
show shared ssl-decrypt
show shared ssl-decrypt forward-trust-certificate
show shared ssl-decrypt forward-untrust-certificate
show shared ssl-decrypt ssl-exclude-cert
show shared ssl-decrypt ssl-exclude-cert <name>
show shared admin-role
show shared admin-role <name>
show shared admin-role <name> role
show shared admin-role <name> role device
show shared admin-role <name> role device webui
show shared admin-role <name> role device webui monitor
show shared admin-role <name> role device webui monitor logs
show shared admin-role <name> role device webui monitor automated-correlation-en
gine
show shared admin-role <name> role device webui monitor pdf-reports
show shared admin-role <name> role device webui monitor custom-reports
show shared admin-role <name> role device webui policies
show shared admin-role <name> role device webui objects
show shared admin-role <name> role device webui objects global-protect
show shared admin-role <name> role device webui objects custom-objects
show shared admin-role <name> role device webui objects security-profiles

show shared admin-role <name> role device webui objects decryption
show shared admin-role <name> role device webui network
show shared admin-role <name> role device webui network global-protect
show shared admin-role <name> role device webui network network-profiles
show shared admin-role <name> role device webui device
show shared admin-role <name> role device webui device setup
show shared admin-role <name> role device webui device certificate-management
show shared admin-role <name> role device webui device log-settings
show shared admin-role <name> role device webui device server-profile
show shared admin-role <name> role device webui device local-user-database
show shared admin-role <name> role device webui privacy
show shared admin-role <name> role device webui save
show shared admin-role <name> role device webui commit
show shared admin-role <name> role device webui global
show shared admin-role <name> role device xmlapi
show shared admin-role <name> role vsys
show shared admin-role <name> role vsys webui
show shared admin-role <name> role vsys webui monitor
show shared admin-role <name> role vsys webui monitor logs
show shared admin-role <name> role vsys webui monitor automated-correlation-engi
ne
show shared admin-role <name> role vsys webui monitor pdf-reports
show shared admin-role <name> role vsys webui monitor custom-reports
show shared admin-role <name> role vsys webui policies
show shared admin-role <name> role vsys webui objects
show shared admin-role <name> role vsys webui objects global-protect
show shared admin-role <name> role vsys webui objects custom-objects
show shared admin-role <name> role vsys webui objects security-profiles
show shared admin-role <name> role vsys webui objects decryption
show shared admin-role <name> role vsys webui network
show shared admin-role <name> role vsys webui network global-protect
show shared admin-role <name> role vsys webui device

show shared admin-role <name> role vsys webui device setup
show shared admin-role <name> role vsys webui device certificate-management
show shared admin-role <name> role vsys webui device log-settings
show shared admin-role <name> role vsys webui device server-profile
show shared admin-role <name> role vsys webui device local-user-database
show shared admin-role <name> role vsys webui privacy
show shared admin-role <name> role vsys webui save
show shared admin-role <name> role vsys webui commit
show shared admin-role <name> role vsys xmlapi
show shared scep
show shared scep <name>
show shared scep <name> scep-challenge
show shared scep <name> scep-challenge none
show shared scep <name> scep-challenge dynamic
show shared scep <name> algorithm
show shared scep <name> algorithm rsa
show shared scep <name> certificate-attributes
show vsys
show vsys <name>
show vsys <name> setting
show vsys <name> setting nat
show vsys <name> setting ssl-decrypt
show vsys <name> import
show vsys <name> import network
show vsys <name> import resource
show vsys <name> route
show vsys <name> route service
show vsys <name> route service <name>
show vsys <name> route service <name> source
show vsys <name> route service <name> source-v6
show vsys <name> authentication-profile
show vsys <name> authentication-profile <name>

show vsys <name> authentication-profile <name> single-sign-on
show vsys <name> authentication-profile <name> lockout
show vsys <name> authentication-profile <name> method
show vsys <name> authentication-profile <name> method none
show vsys <name> authentication-profile <name> method local-database
show vsys <name> authentication-profile <name> method radius
show vsys <name> authentication-profile <name> method ldap
show vsys <name> authentication-profile <name> method kerberos
show vsys <name> authentication-profile <name> method tacplus
show vsys <name> authentication-profile <name> method saml-idp
show vsys <name> authentication-profile <name> multi-factor-auth
show vsys <name> authentication-sequence
show vsys <name> authentication-sequence <name>
show vsys <name> certificate-profile
show vsys <name> certificate-profile <name>
show vsys <name> certificate-profile <name> username-field
show vsys <name> certificate-profile <name> CA
show vsys <name> certificate-profile <name> CA <name>
show vsys <name> server-profile
show vsys <name> server-profile ldap
show vsys <name> server-profile ldap <name>
show vsys <name> server-profile ldap <name> server
show vsys <name> server-profile ldap <name> server <name>
show vsys <name> server-profile radius
show vsys <name> server-profile radius <name>
show vsys <name> server-profile radius <name> protocol
show vsys <name> server-profile radius <name> protocol CHAP
show vsys <name> server-profile radius <name> protocol PAP
show vsys <name> server-profile radius <name> protocol PEAP-MSCHAPv2
show vsys <name> server-profile radius <name> protocol PEAP-with-GTC
show vsys <name> server-profile radius <name> protocol EAP-TTLS-with-PAP
show vsys <name> server-profile radius <name> server

show vsys <name> server-profile radius <name> server <name>
show vsys <name> server-profile kerberos
show vsys <name> server-profile kerberos <name>
show vsys <name> server-profile kerberos <name> server
show vsys <name> server-profile kerberos <name> server <name>
show vsys <name> server-profile tacplus
show vsys <name> server-profile tacplus <name>
show vsys <name> server-profile tacplus <name> server
show vsys <name> server-profile tacplus <name> server <name>
show vsys <name> server-profile saml-idp
show vsys <name> server-profile saml-idp <name>
show vsys <name> server-profile netflow
show vsys <name> server-profile netflow <name>
show vsys <name> server-profile netflow <name> template-refresh-rate
show vsys <name> server-profile netflow <name> server
show vsys <name> server-profile netflow <name> server <name>
show vsys <name> server-profile dns
show vsys <name> server-profile dns <name>
show vsys <name> server-profile dns <name> inheritance
show vsys <name> server-profile dns <name> source
show vsys <name> server-profile dns <name> source-v6
show vsys <name> server-profile mfa-server-profile
show vsys <name> server-profile mfa-server-profile <name>
show vsys <name> server-profile mfa-server-profile <name> mfa-config
show vsys <name> server-profile mfa-server-profile <name> mfa-config <name>
show vsys <name> dns-proxy
show vsys <name> dns-proxy <name>
show vsys <name> dns-proxy <name> domain-servers
show vsys <name> dns-proxy <name> domain-servers <name>
show vsys <name> dns-proxy <name> cache
show vsys <name> dns-proxy <name> cache max-ttl
show vsys <name> dns-proxy <name> static-entries

show vsys <name> dns-proxy <name> static-entries <name>
show vsys <name> dns-proxy <name> tcp-queries
show vsys <name> dns-proxy <name> udp-queries
show vsys <name> dns-proxy <name> udp-queries retries
show vsys <name> log-settings
show vsys <name> log-settings snmptrap
show vsys <name> log-settings snmptrap <name>
show vsys <name> log-settings snmptrap <name> version
show vsys <name> log-settings snmptrap <name> version v2c
show vsys <name> log-settings snmptrap <name> version v2c server
show vsys <name> log-settings snmptrap <name> version v2c server <name>
show vsys <name> log-settings snmptrap <name> version v3
show vsys <name> log-settings snmptrap <name> version v3 server
show vsys <name> log-settings snmptrap <name> version v3 server <name>
show vsys <name> log-settings email
show vsys <name> log-settings email <name>
show vsys <name> log-settings email <name> server
show vsys <name> log-settings email <name> server <name>
show vsys <name> log-settings email <name> format
show vsys <name> log-settings email <name> format escaping
show vsys <name> log-settings syslog
show vsys <name> log-settings syslog <name>
show vsys <name> log-settings syslog <name> server
show vsys <name> log-settings syslog <name> server <name>
show vsys <name> log-settings syslog <name> format
show vsys <name> log-settings syslog <name> format escaping
show vsys <name> log-settings http
show vsys <name> log-settings http <name>
show vsys <name> log-settings http <name> server
show vsys <name> log-settings http <name> server <name>
show vsys <name> log-settings http <name> format
show vsys <name> log-settings http <name> format config

show vsys <name> log-settings http <name> format config headers
show vsys <name> log-settings http <name> format config headers <name>
show vsys <name> log-settings http <name> format config params
show vsys <name> log-settings http <name> format config params <name>
show vsys <name> log-settings http <name> format system
show vsys <name> log-settings http <name> format system headers
show vsys <name> log-settings http <name> format system headers <name>
show vsys <name> log-settings http <name> format system params
show vsys <name> log-settings http <name> format system params <name>
show vsys <name> log-settings http <name> format traffic
show vsys <name> log-settings http <name> format traffic headers
show vsys <name> log-settings http <name> format traffic headers <name>
show vsys <name> log-settings http <name> format traffic params
show vsys <name> log-settings http <name> format traffic params <name>
show vsys <name> log-settings http <name> format threat
show vsys <name> log-settings http <name> format threat headers
show vsys <name> log-settings http <name> format threat headers <name>
show vsys <name> log-settings http <name> format threat params
show vsys <name> log-settings http <name> format threat params <name>
show vsys <name> log-settings http <name> format wildfire
show vsys <name> log-settings http <name> format wildfire headers
show vsys <name> log-settings http <name> format wildfire headers <name>
show vsys <name> log-settings http <name> format wildfire params
show vsys <name> log-settings http <name> format wildfire params <name>
show vsys <name> log-settings http <name> format url
show vsys <name> log-settings http <name> format url headers
show vsys <name> log-settings http <name> format url headers <name>
show vsys <name> log-settings http <name> format url params
show vsys <name> log-settings http <name> format url params <name>
show vsys <name> log-settings http <name> format data
show vsys <name> log-settings http <name> format data headers
show vsys <name> log-settings http <name> format data headers <name>
show vsys <name> log-settings http <name> format data params
show vsys <name> log-settings http <name> format data params <name>
show vsys <name> log-settings http <name> format tunnel
show vsys <name> log-settings http <name> format tunnel headers
show vsys <name> log-settings http <name> format tunnel headers <name>
show vsys <name> log-settings http <name> format tunnel params
show vsys <name> log-settings http <name> format tunnel params <name>
show vsys <name> log-settings http <name> format auth
show vsys <name> log-settings http <name> format auth headers
show vsys <name> log-settings http <name> format auth headers <name>
show vsys <name> log-settings http <name> format auth params
show vsys <name> log-settings http <name> format auth params <name>
show vsys <name> log-settings http <name> format userid
show vsys <name> log-settings http <name> format userid headers
show vsys <name> log-settings http <name> format userid headers <name>
show vsys <name> log-settings http <name> format userid params
show vsys <name> log-settings http <name> format userid params <name>
show vsys <name> log-settings http <name> format hip-match
show vsys <name> log-settings http <name> format hip-match headers
show vsys <name> log-settings http <name> format hip-match headers <name>
show vsys <name> log-settings http <name> format hip-match params
show vsys <name> log-settings http <name> format hip-match params <name>
show vsys <name> log-settings http <name> format correlation
show vsys <name> log-settings http <name> format correlation headers
show vsys <name> log-settings http <name> format correlation headers <name>
show vsys <name> log-settings http <name> format correlation params
show vsys <name> log-settings http <name> format correlation params <name>
show vsys <name> log-settings profiles
show vsys <name> log-settings profiles <name>
show vsys <name> log-settings profiles <name> match-list
show vsys <name> log-settings profiles <name> match-list <name>
show vsys <name> log-settings profiles <name> match-list <name> actions

show vsys <name> log-settings profiles <name> match-list <name> actions <name>
show vsys <name> log-settings profiles <name> match-list <name> actions <name> t
ype
ype tagging
ype tagging registration
ype tagging registration localhost
ype tagging registration panorama
ype tagging registration remote
show vsys <name> certificate
show vsys <name> certificate <name>
show vsys <name> ssl-tls-service-profile
show vsys <name> ssl-tls-service-profile <name>
show vsys <name> ssl-tls-service-profile <name> protocol-settings
show vsys <name> response-page
show vsys <name> response-page global-protect-portal-custom-login-page
show vsys <name> response-page global-protect-portal-custom-login-page <name>
show vsys <name> response-page global-protect-portal-custom-home-page
show vsys <name> response-page global-protect-portal-custom-home-page <name>
show vsys <name> response-page global-protect-portal-custom-help-page
show vsys <name> response-page global-protect-portal-custom-help-page <name>
show vsys <name> response-page global-protect-portal-custom-welcome-page
show vsys <name> response-page global-protect-portal-custom-welcome-page <name>
show vsys <name> local-user-database
show vsys <name> local-user-database user
show vsys <name> local-user-database user <name>

show vsys <name> local-user-database user-group
show vsys <name> local-user-database user-group <name>
show vsys <name> ssl-decrypt
show vsys <name> ssl-decrypt forward-trust-certificate
show vsys <name> ssl-decrypt forward-untrust-certificate
show vsys <name> ssl-decrypt ssl-exclude-cert
show vsys <name> ssl-decrypt ssl-exclude-cert <name>
show vsys <name> ocsp-responder
show vsys <name> ocsp-responder <name>
show vsys <name> scep
show vsys <name> scep <name>
show vsys <name> scep <name> scep-challenge
show vsys <name> scep <name> scep-challenge none
show vsys <name> scep <name> scep-challenge dynamic
show vsys <name> scep <name> algorithm
show vsys <name> scep <name> algorithm rsa
show vsys <name> scep <name> certificate-attributes
show vsys <name> ts-agent
show vsys <name> ts-agent <name>
show vsys <name> user-id-ssl-auth
show vsys <name> user-id-agent
show vsys <name> user-id-agent <name>
show vsys <name> user-id-agent <name>
show vsys <name> user-id-agent <name> host-port
show vsys <name> vm-info-source
show vsys <name> vm-info-source <name>
show vsys <name> vm-info-source <name>
show vsys <name> vm-info-source <name> AWS-VPC
show vsys <name> vm-info-source <name> Google-Compute-Engine
show vsys <name> vm-info-source <name> Google-Compute-Engine service-auth-type
show vsys <name> vm-info-source <name> Google-Compute-Engine service-auth-type s
ervice-in-gce
show vsys <name> vm-info-source <name> Google-Compute-Engine service-auth-type s
ervice-account
show vsys <name> vm-info-source <name> VMware-ESXi
show vsys <name> vm-info-source <name> VMware-vCenter
show vsys <name> user-id-agent-sequence
show vsys <name> group-mapping
show vsys <name> group-mapping <name>
show vsys <name> group-mapping <name> custom-group
show vsys <name> group-mapping <name> custom-group <name>
show vsys <name> captive-portal
show vsys <name> captive-portal mode
show vsys <name> captive-portal mode transparent
show vsys <name> captive-portal mode redirect
show vsys <name> captive-portal mode redirect session-cookie
show vsys <name> captive-portal ntlm-auth
show vsys <name> user-id-collector
show vsys <name> user-id-collector setting
show vsys <name> user-id-collector syslog-parse-profile
show vsys <name> user-id-collector syslog-parse-profile <name>
show vsys <name> user-id-collector syslog-parse-profile <name>
show vsys <name> user-id-collector syslog-parse-profile <name> regex-identifier
show vsys <name> user-id-collector syslog-parse-profile <name> field-identifier
show vsys <name> user-id-collector server-monitor
show vsys <name> user-id-collector server-monitor <name>
show vsys <name> user-id-collector server-monitor <name>
show vsys <name> user-id-collector server-monitor <name> active-directory
show vsys <name> user-id-collector server-monitor <name> exchange
show vsys <name> user-id-collector server-monitor <name> e-directory
show vsys <name> user-id-collector server-monitor <name> syslog
show vsys <name> user-id-collector server-monitor <name> syslog syslog-parse-pro
file
show vsys <name> user-id-collector server-monitor <name> syslog syslog-parse-pro

file <name>
show vsys <name> user-id-collector include-exclude-network
show vsys <name> user-id-collector include-exclude-network <name>
show vsys <name> user-id-collector include-exclude-network-sequence
show vsys <name> url-admin-override
show vsys <name> url-admin-override mode
show vsys <name> url-admin-override mode transparent
show vsys <name> url-admin-override mode redirect
show vsys <name> zone
show vsys <name> zone <name>
show vsys <name> zone <name> network
show vsys <name> zone <name> network
show vsys <name> zone <name> network tunnel
show vsys <name> zone <name> user-acl
show vsys <name> global-protect
show vsys <name> global-protect global-protect-portal
show vsys <name> global-protect global-protect-portal <name>
show vsys <name> global-protect global-protect-portal <name> portal-config
show vsys <name> global-protect global-protect-portal <name> portal-config local
-address
-address
-address ip
-address floating-ip
show vsys <name> global-protect global-protect-portal <name> portal-config clien
t-auth
show vsys <name> global-protect global-protect-portal <name> portal-config clien
t-auth <name>
show vsys <name> global-protect global-protect-portal <name> clientless-vpn
show vsys <name> global-protect global-protect-portal <name> clientless-vpn logi

n-lifetime
show vsys <name> global-protect global-protect-portal <name> clientless-vpn inac
tivity-logout
show vsys <name> global-protect global-protect-portal <name> clientless-vpn cryp
to-settings
to-settings ssl-protocol
to-settings server-cert-verification
show vsys <name> global-protect global-protect-portal <name> clientless-vpn apps
-to-user-mapping
show vsys <name> global-protect global-protect-portal <name> clientless-vpn apps
-to-user-mapping <name>
show vsys <name> global-protect global-protect-portal <name> clientless-vpn prox
y-server-setting
y-server-setting <name>
y-server-setting <name> proxy-server
show vsys <name> global-protect global-protect-portal <name> client-config
show vsys <name> global-protect global-protect-portal <name> client-config root-
ca
show vsys <name> global-protect global-protect-portal <name> client-config root-
ca <name>
show vsys <name> global-protect global-protect-portal <name> client-config confi
gs
gs <name>
gs <name> gateways
gs <name> gateways internal

gs <name> gateways internal list
gs <name> gateways internal list <name>
gs <name> gateways internal list <name>
gs <name> gateways internal list <name> ip
gs <name> gateways external
gs <name> gateways external list
gs <name> gateways external list <name>
gs <name> gateways external list <name>
gs <name> gateways external list <name> ip
gs <name> gateways external list <name> priority-rule
gs <name> gateways external list <name> priority-rule <name>
gs <name> internal-host-detection
gs <name> internal-host-detection-v6
gs <name> agent-ui
gs <name> agent-ui welcome-page
gs <name> hip-collection
gs <name> hip-collection exclusion
gs <name> hip-collection exclusion category
gs <name> hip-collection exclusion category <name>
gs <name> hip-collection exclusion category <name> vendor
gs <name> hip-collection exclusion category <name> vendor <name>
gs <name> hip-collection custom-checks
gs <name> hip-collection custom-checks windows
gs <name> hip-collection custom-checks windows registry-key
gs <name> hip-collection custom-checks windows registry-key <name>
gs <name> hip-collection custom-checks mac-os
gs <name> hip-collection custom-checks mac-os plist
gs <name> hip-collection custom-checks mac-os plist <name>
gs <name> agent-config
gs <name> gp-app-config
gs <name> gp-app-config config
gs <name> gp-app-config config <name>

gs <name> client-certificate
gs <name> authentication-override
gs <name> authentication-override accept-cookie
gs <name> authentication-override accept-cookie cookie-lifetime
show vsys <name> global-protect global-protect-portal <name> satellite-config
show vsys <name> global-protect global-protect-portal <name> satellite-config cl
ient-certificate
ient-certificate local
ient-certificate scep
show vsys <name> global-protect global-protect-portal <name> satellite-config co
nfigs
nfigs <name>
nfigs <name> gateways
nfigs <name> gateways <name>
nfigs <name> gateways <name>
nfigs <name> gateways <name> ip
show vsys <name> global-protect global-protect-gateway
show vsys <name> global-protect global-protect-gateway <name>
show vsys <name> global-protect global-protect-gateway <name> remote-user-tunnel
-configs

-configs <name>
-configs <name> authentication-override
-configs <name> authentication-override accept-cookie
-configs <name> authentication-override accept-cookie cookie-lifetime
-configs <name> split-tunneling
-configs <name> split-tunneling include-domains
-configs <name> split-tunneling include-domains list
-configs <name> split-tunneling include-domains list <name>
-configs <name> split-tunneling exclude-domains
-configs <name> split-tunneling exclude-domains list
-configs <name> split-tunneling exclude-domains list <name>
show vsys <name> global-protect global-protect-gateway <name> client-auth
show vsys <name> global-protect global-protect-gateway <name> client-auth <name>
show vsys <name> global-protect global-protect-gateway <name> local-address
show vsys <name> global-protect global-protect-gateway <name> local-address
show vsys <name> global-protect global-protect-gateway <name> local-address ip
show vsys <name> global-protect global-protect-gateway <name> local-address floa
ting-ip
show vsys <name> global-protect global-protect-gateway <name> roles
show vsys <name> global-protect global-protect-gateway <name> roles <name>
show vsys <name> global-protect global-protect-gateway <name> roles <name> login

-lifetime
show vsys <name> global-protect global-protect-gateway <name> roles <name> inact
ivity-logout
show vsys <name> global-protect global-protect-gateway <name> roles <name> disco
nnect-on-idle
show vsys <name> global-protect global-protect-gateway <name> hip-notification
show vsys <name> global-protect global-protect-gateway <name> hip-notification <
name>
name> match-message
name> not-match-message
show vsys <name> global-protect global-protect-mdm
show vsys <name> global-protect global-protect-mdm <name>
show vsys <name> global-protect clientless-app
show vsys <name> global-protect clientless-app <name>
show vsys <name> global-protect clientless-app-group
show vsys <name> global-protect clientless-app-group <name>
show vsys <name> profiles
show vsys <name> profiles hip-objects
show vsys <name> profiles hip-objects <name>
show vsys <name> profiles hip-objects <name> host-info
show vsys <name> profiles hip-objects <name> host-info criteria
show vsys <name> profiles hip-objects <name> host-info criteria domain
show vsys <name> profiles hip-objects <name> host-info criteria domain
show vsys <name> profiles hip-objects <name> host-info criteria os
show vsys <name> profiles hip-objects <name> host-info criteria os
show vsys <name> profiles hip-objects <name> host-info criteria os contains
show vsys <name> profiles hip-objects <name> host-info criteria os contains
show vsys <name> profiles hip-objects <name> host-info criteria client-version
show vsys <name> profiles hip-objects <name> host-info criteria client-version
show vsys <name> profiles hip-objects <name> host-info criteria host-name

show vsys <name> profiles hip-objects <name> host-info criteria host-name
show vsys <name> profiles hip-objects <name> host-info criteria host-id
show vsys <name> profiles hip-objects <name> host-info criteria host-id
show vsys <name> profiles hip-objects <name> network-info
show vsys <name> profiles hip-objects <name> network-info criteria
show vsys <name> profiles hip-objects <name> network-info criteria network
show vsys <name> profiles hip-objects <name> network-info criteria network is
show vsys <name> profiles hip-objects <name> network-info criteria network is wi
fi
show vsys <name> profiles hip-objects <name> network-info criteria network is mo
bile
show vsys <name> profiles hip-objects <name> network-info criteria network is un
known
show vsys <name> profiles hip-objects <name> network-info criteria network is-no
t wifi
t mobile
t ethernet
t unknown
show vsys <name> profiles hip-objects <name> patch-management
show vsys <name> profiles hip-objects <name> patch-management criteria
show vsys <name> profiles hip-objects <name> patch-management criteria missing-p
atches
atches severity
atches severity
show vsys <name> profiles hip-objects <name> patch-management vendor

show vsys <name> profiles hip-objects <name> patch-management vendor <name>
show vsys <name> profiles hip-objects <name> data-loss-prevention
show vsys <name> profiles hip-objects <name> data-loss-prevention criteria
show vsys <name> profiles hip-objects <name> data-loss-prevention vendor
show vsys <name> profiles hip-objects <name> data-loss-prevention vendor <name>
show vsys <name> profiles hip-objects <name> firewall
show vsys <name> profiles hip-objects <name> firewall criteria
show vsys <name> profiles hip-objects <name> firewall vendor
show vsys <name> profiles hip-objects <name> firewall vendor <name>
show vsys <name> profiles hip-objects <name> anti-malware
show vsys <name> profiles hip-objects <name> anti-malware criteria
show vsys <name> profiles hip-objects <name> anti-malware criteria virdef-versio
n within
n not-within
show vsys <name> profiles hip-objects <name> anti-malware criteria product-versi
on
on
on within
on not-within
show vsys <name> profiles hip-objects <name> anti-malware criteria last-scan-tim

e not-available
e within
e not-within
show vsys <name> profiles hip-objects <name> anti-malware vendor
show vsys <name> profiles hip-objects <name> anti-malware vendor <name>
show vsys <name> profiles hip-objects <name> disk-backup
show vsys <name> profiles hip-objects <name> disk-backup criteria
show vsys <name> profiles hip-objects <name> disk-backup criteria last-backup-ti
me
me
me not-available
me within
me not-within
show vsys <name> profiles hip-objects <name> disk-backup vendor
show vsys <name> profiles hip-objects <name> disk-backup vendor <name>
show vsys <name> profiles hip-objects <name> disk-encryption
show vsys <name> profiles hip-objects <name> disk-encryption criteria
show vsys <name> profiles hip-objects <name> disk-encryption criteria encrypted-
locations
locations <name>
locations <name> encryption-state
show vsys <name> profiles hip-objects <name> disk-encryption vendor
show vsys <name> profiles hip-objects <name> disk-encryption vendor <name>
show vsys <name> profiles hip-objects <name> custom-checks

show vsys <name> profiles hip-objects <name> custom-checks criteria
show vsys <name> profiles hip-objects <name> custom-checks criteria process-list
show vsys <name> profiles hip-objects <name> custom-checks criteria process-list
<name>
show vsys <name> profiles hip-objects <name> custom-checks criteria registry-key
<name>
<name> registry-value
<name> registry-value <name>
show vsys <name> profiles hip-objects <name> custom-checks criteria plist
show vsys <name> profiles hip-objects <name> custom-checks criteria plist <name>
key
key <name>
show vsys <name> profiles hip-objects <name> mobile-device
show vsys <name> profiles hip-objects <name> mobile-device criteria
show vsys <name> profiles hip-objects <name> mobile-device criteria last-checkin
-time
-time
-time within
-time not-within
show vsys <name> profiles hip-objects <name> mobile-device criteria imei
show vsys <name> profiles hip-objects <name> mobile-device criteria imei

show vsys <name> profiles hip-objects <name> mobile-device criteria model
show vsys <name> profiles hip-objects <name> mobile-device criteria model
show vsys <name> profiles hip-objects <name> mobile-device criteria phone-number
show vsys <name> profiles hip-objects <name> mobile-device criteria phone-number
show vsys <name> profiles hip-objects <name> mobile-device criteria serial-numbe
show vsys <name> profiles hip-objects <name> mobile-device criteria serial-numbe
show vsys <name> profiles hip-objects <name> mobile-device criteria tag
show vsys <name> profiles hip-objects <name> mobile-device criteria tag
show vsys <name> profiles hip-objects <name> mobile-device criteria applications
has-malware
has-malware no
has-malware yes
has-malware yes excludes
has-malware yes excludes <name>
includes
includes <name>
show vsys <name> profiles virus
show vsys <name> profiles virus <name>
show vsys <name> profiles virus <name> decoder
show vsys <name> profiles virus <name> decoder <name>

show vsys <name> profiles virus <name> application
show vsys <name> profiles virus <name> application <name>
show vsys <name> profiles virus <name> threat-exception
show vsys <name> profiles virus <name> threat-exception <name>
show vsys <name> profiles spyware
show vsys <name> profiles spyware <name>
show vsys <name> profiles spyware <name> botnet-domains
show vsys <name> profiles spyware <name> botnet-domains lists
show vsys <name> profiles spyware <name> botnet-domains lists <name>
show vsys <name> profiles spyware <name> botnet-domains lists <name> action
show vsys <name> profiles spyware <name> botnet-domains lists <name> action aler
show vsys <name> profiles spyware <name> botnet-domains lists <name> action allo
show vsys <name> profiles spyware <name> botnet-domains lists <name> action bloc
show vsys <name> profiles spyware <name> botnet-domains lists <name> action sink
hole
show vsys <name> profiles spyware <name> botnet-domains sinkhole
show vsys <name> profiles spyware <name> botnet-domains threat-exception
show vsys <name> profiles spyware <name> botnet-domains threat-exception <name>
show vsys <name> profiles spyware <name> rules
show vsys <name> profiles spyware <name> rules <name>
show vsys <name> profiles spyware <name> rules <name> action
show vsys <name> profiles spyware <name> rules <name> action default
show vsys <name> profiles spyware <name> rules <name> action allow
show vsys <name> profiles spyware <name> rules <name> action alert
show vsys <name> profiles spyware <name> rules <name> action drop
show vsys <name> profiles spyware <name> rules <name> action reset-client
show vsys <name> profiles spyware <name> rules <name> action reset-server
show vsys <name> profiles spyware <name> rules <name> action reset-both
show vsys <name> profiles spyware <name> rules <name> action block-ip
show vsys <name> profiles spyware <name> threat-exception
show vsys <name> profiles spyware <name> threat-exception <name>
show vsys <name> profiles spyware <name> threat-exception <name> action
show vsys <name> profiles spyware <name> threat-exception <name> action default
show vsys <name> profiles spyware <name> threat-exception <name> action allow
show vsys <name> profiles spyware <name> threat-exception <name> action alert
show vsys <name> profiles spyware <name> threat-exception <name> action drop
show vsys <name> profiles spyware <name> threat-exception <name> action reset-bo
th
show vsys <name> profiles spyware <name> threat-exception <name> action reset-cl
ient
show vsys <name> profiles spyware <name> threat-exception <name> action reset-se
rver
show vsys <name> profiles spyware <name> threat-exception <name> action block-ip
show vsys <name> profiles spyware <name> threat-exception <name> exempt-ip
show vsys <name> profiles spyware <name> threat-exception <name> exempt-ip <name
>
show vsys <name> profiles vulnerability
show vsys <name> profiles vulnerability <name>
show vsys <name> profiles vulnerability <name> rules
show vsys <name> profiles vulnerability <name> rules <name>
show vsys <name> profiles vulnerability <name> rules <name> action
show vsys <name> profiles vulnerability <name> rules <name> action default
show vsys <name> profiles vulnerability <name> rules <name> action allow
show vsys <name> profiles vulnerability <name> rules <name> action alert
show vsys <name> profiles vulnerability <name> rules <name> action drop
show vsys <name> profiles vulnerability <name> rules <name> action reset-client
show vsys <name> profiles vulnerability <name> rules <name> action reset-server
show vsys <name> profiles vulnerability <name> rules <name> action reset-both
show vsys <name> profiles vulnerability <name> rules <name> action block-ip
show vsys <name> profiles vulnerability <name> threat-exception

show vsys <name> profiles vulnerability <name> threat-exception <name>
show vsys <name> profiles vulnerability <name> threat-exception <name> action
show vsys <name> profiles vulnerability <name> threat-exception <name> action de
fault
show vsys <name> profiles vulnerability <name> threat-exception <name> action al
low
show vsys <name> profiles vulnerability <name> threat-exception <name> action al
ert
show vsys <name> profiles vulnerability <name> threat-exception <name> action dr
op
show vsys <name> profiles vulnerability <name> threat-exception <name> action re
set-client
set-server
set-both
show vsys <name> profiles vulnerability <name> threat-exception <name> action bl
ock-ip
show vsys <name> profiles vulnerability <name> threat-exception <name> time-attr
ibute
show vsys <name> profiles vulnerability <name> threat-exception <name> exempt-ip
show vsys <name> profiles vulnerability <name> threat-exception <name> exempt-ip
<name>
show vsys <name> profiles url-filtering
show vsys <name> profiles url-filtering <name>
show vsys <name> profiles url-filtering <name> credential-enforcement
show vsys <name> profiles url-filtering <name> credential-enforcement mode
show vsys <name> profiles url-filtering <name> credential-enforcement mode disab
led
show vsys <name> profiles url-filtering <name> credential-enforcement mode ip-us
er
show vsys <name> profiles url-filtering <name> credential-enforcement mode domai
n-credentials
show vsys <name> profiles url-filtering <name> http-header-insertion
show vsys <name> profiles url-filtering <name> http-header-insertion <name>
show vsys <name> profiles url-filtering <name> http-header-insertion <name> type
<name>
<name> headers
<name> headers <name>
show vsys <name> profiles file-blocking
show vsys <name> profiles file-blocking <name>
show vsys <name> profiles file-blocking <name> rules
show vsys <name> profiles file-blocking <name> rules <name>
show vsys <name> profiles wildfire-analysis
show vsys <name> profiles wildfire-analysis <name>
show vsys <name> profiles wildfire-analysis <name> rules
show vsys <name> profiles wildfire-analysis <name> rules <name>
show vsys <name> profiles custom-url-category
show vsys <name> profiles custom-url-category <name>
show vsys <name> profiles data-objects
show vsys <name> profiles data-objects <name>
show vsys <name> profiles data-objects <name> pattern-type
show vsys <name> profiles data-objects <name> pattern-type predefined
show vsys <name> profiles data-objects <name> pattern-type predefined pattern
show vsys <name> profiles data-objects <name> pattern-type predefined pattern <n
ame>
show vsys <name> profiles data-objects <name> pattern-type regex
show vsys <name> profiles data-objects <name> pattern-type regex pattern
show vsys <name> profiles data-objects <name> pattern-type regex pattern <name>
show vsys <name> profiles data-objects <name> pattern-type file-properties
show vsys <name> profiles data-objects <name> pattern-type file-properties patte
rn
show vsys <name> profiles data-objects <name> pattern-type file-properties patte
rn <name>
show vsys <name> profiles data-filtering
show vsys <name> profiles data-filtering <name>
show vsys <name> profiles data-filtering <name> rules
show vsys <name> profiles data-filtering <name> rules <name>
show vsys <name> profiles hip-profiles
show vsys <name> profiles hip-profiles <name>
show vsys <name> profiles dos-protection
show vsys <name> profiles dos-protection <name>
show vsys <name> profiles dos-protection <name> flood
show vsys <name> profiles dos-protection <name> flood tcp-syn
show vsys <name> profiles dos-protection <name> flood tcp-syn
show vsys <name> profiles dos-protection <name> flood tcp-syn red
show vsys <name> profiles dos-protection <name> flood tcp-syn red block
show vsys <name> profiles dos-protection <name> flood tcp-syn syn-cookies
show vsys <name> profiles dos-protection <name> flood tcp-syn syn-cookies block
show vsys <name> profiles dos-protection <name> flood udp
show vsys <name> profiles dos-protection <name> flood udp red
show vsys <name> profiles dos-protection <name> flood udp red block
show vsys <name> profiles dos-protection <name> flood icmp
show vsys <name> profiles dos-protection <name> flood icmp red
show vsys <name> profiles dos-protection <name> flood icmp red block
show vsys <name> profiles dos-protection <name> flood icmpv6
show vsys <name> profiles dos-protection <name> flood icmpv6 red
show vsys <name> profiles dos-protection <name> flood icmpv6 red block
show vsys <name> profiles dos-protection <name> flood other-ip
show vsys <name> profiles dos-protection <name> flood other-ip red
show vsys <name> profiles dos-protection <name> flood other-ip red block
show vsys <name> profiles dos-protection <name> resource
show vsys <name> profiles dos-protection <name> resource sessions
show vsys <name> profiles decryption
show vsys <name> profiles decryption <name>
show vsys <name> profiles decryption <name> ssl-forward-proxy
show vsys <name> profiles decryption <name> ssl-inbound-proxy
show vsys <name> profiles decryption <name> ssl-protocol-settings
show vsys <name> profiles decryption <name> ssl-no-proxy
show vsys <name> profiles decryption <name> ssh-proxy
show vsys <name> profiles forwarding
show vsys <name> profiles forwarding <name>
show vsys <name> profiles forwarding <name>
show vsys <name> profiles forwarding <name> transparent
show vsys <name> profiles forwarding <name> routed
show vsys <name> profiles forwarding <name> routed security-chain
show vsys <name> profiles forwarding <name> routed security-chain <name>
show vsys <name> profiles forwarding <name> health-check
show vsys <name> profile-group
show vsys <name> profile-group <name>
show vsys <name> service
show vsys <name> service <name>
show vsys <name> service <name> protocol
show vsys <name> service <name> protocol tcp
show vsys <name> service <name> protocol tcp override
show vsys <name> service <name> protocol tcp override no
show vsys <name> service <name> protocol tcp override yes
show vsys <name> service <name> protocol udp
show vsys <name> service <name> protocol udp override
show vsys <name> service <name> protocol udp override no
show vsys <name> service <name> protocol udp override yes
show vsys <name> service <name> protocol sctp
show vsys <name> service-group

show vsys <name> service-group <name>
show vsys <name> reports
show vsys <name> reports <name>
show vsys <name> reports <name> type
show vsys <name> reports <name> type appstat
show vsys <name> reports <name> type threat
show vsys <name> reports <name> type url
show vsys <name> reports <name> type wildfire
show vsys <name> reports <name> type data
show vsys <name> reports <name> type thsum
show vsys <name> reports <name> type traffic
show vsys <name> reports <name> type urlsum
show vsys <name> reports <name> type trsum
show vsys <name> reports <name> type tunnel
show vsys <name> reports <name> type tunnelsum
show vsys <name> reports <name> type userid
show vsys <name> reports <name> type auth
show vsys <name> reports <name> type hipmatch
show vsys <name> report-group
show vsys <name> report-group <name>
show vsys <name> report-group <name> custom-widget
show vsys <name> report-group <name> custom-widget <name>
show vsys <name> report-group <name> custom-widget <name>
show vsys <name> report-group <name> all
show vsys <name> report-group <name> all entry
show vsys <name> report-group <name> selected-zone
show vsys <name> report-group <name> selected-zone entry
show vsys <name> report-group <name> selected-user-group
show vsys <name> report-group <name> selected-user-group entry
show vsys <name> report-group <name> variable

show vsys <name> report-group <name> variable <name>
show vsys <name> pdf-summary-report
show vsys <name> pdf-summary-report <name>
show vsys <name> pdf-summary-report <name> header
show vsys <name> pdf-summary-report <name> footer
show vsys <name> pdf-summary-report <name> custom-widget
show vsys <name> pdf-summary-report <name> custom-widget <name>
show vsys <name> email-scheduler
show vsys <name> email-scheduler <name>
show vsys <name> email-scheduler <name> recurring
show vsys <name> email-scheduler <name> recurring disabled
show vsys <name> email-scheduler <name> recurring daily
show vsys <name> external-list
show vsys <name> external-list <name>
show vsys <name> external-list <name> type
show vsys <name> external-list <name> type predefined-ip
show vsys <name> external-list <name> type ip
show vsys <name> external-list <name> type ip auth
show vsys <name> external-list <name> type ip recurring
show vsys <name> external-list <name> type ip recurring
show vsys <name> external-list <name> type ip recurring hourly
show vsys <name> external-list <name> type ip recurring five-minute
show vsys <name> external-list <name> type ip recurring daily
show vsys <name> external-list <name> type ip recurring weekly
show vsys <name> external-list <name> type ip recurring monthly
show vsys <name> external-list <name> type domain
show vsys <name> external-list <name> type domain auth
show vsys <name> external-list <name> type domain recurring
show vsys <name> external-list <name> type domain recurring
show vsys <name> external-list <name> type domain recurring hourly
show vsys <name> external-list <name> type domain recurring five-minute
show vsys <name> external-list <name> type domain recurring daily

show vsys <name> external-list <name> type domain recurring weekly
show vsys <name> external-list <name> type domain recurring monthly
show vsys <name> external-list <name> type url
show vsys <name> external-list <name> type url auth
show vsys <name> external-list <name> type url recurring
show vsys <name> external-list <name> type url recurring
show vsys <name> external-list <name> type url recurring hourly
show vsys <name> external-list <name> type url recurring five-minute
show vsys <name> external-list <name> type url recurring daily
show vsys <name> external-list <name> type url recurring weekly
show vsys <name> external-list <name> type url recurring monthly
show vsys <name> address
show vsys <name> address <name>
show vsys <name> address <name>
show vsys <name> address-group
show vsys <name> address-group <name>
show vsys <name> address-group <name>
show vsys <name> address-group <name> dynamic
show vsys <name> schedule
show vsys <name> schedule <name>
show vsys <name> schedule <name> schedule-type
show vsys <name> schedule <name> schedule-type recurring
show vsys <name> schedule <name> schedule-type recurring weekly
show vsys <name> threats
show vsys <name> threats vulnerability
show vsys <name> threats vulnerability <name>
show vsys <name> threats vulnerability <name> affected-host
show vsys <name> threats vulnerability <name> default-action
show vsys <name> threats vulnerability <name> default-action alert
show vsys <name> threats vulnerability <name> default-action drop
show vsys <name> threats vulnerability <name> default-action reset-client
show vsys <name> threats vulnerability <name> default-action reset-server

show vsys <name> threats vulnerability <name> default-action reset-both
show vsys <name> threats vulnerability <name> default-action block-ip
show vsys <name> threats vulnerability <name> default-action allow
show vsys <name> threats vulnerability <name> signature
show vsys <name> threats vulnerability <name> signature standard
show vsys <name> threats vulnerability <name> signature standard <name>
show vsys <name> threats vulnerability <name> signature standard <name> and-cond
ition
ition <name>
ition <name> or-condition
ition <name> or-condition <name>
ition <name> or-condition <name> operator
ition <name> or-condition <name> operator less-than
ition <name> or-condition <name> operator less-than qualifier
ition <name> or-condition <name> operator less-than qualifier <name>
ition <name> or-condition <name> operator equal-to
ition <name> or-condition <name> operator equal-to qualifier
ition <name> or-condition <name> operator equal-to qualifier <name>
ition <name> or-condition <name> operator greater-than
ition <name> or-condition <name> operator greater-than qualifier

ition <name> or-condition <name> operator greater-than qualifier <name>
ition <name> or-condition <name> operator pattern-match
ition <name> or-condition <name> operator pattern-match qualifier
ition <name> or-condition <name> operator pattern-match qualifier <name>
show vsys <name> threats vulnerability <name> signature combination
show vsys <name> threats vulnerability <name> signature combination time-attribu
te
show vsys <name> threats vulnerability <name> signature combination and-conditio
n <name>
n <name> or-condition
n <name> or-condition <name>
show vsys <name> threats spyware
show vsys <name> threats spyware <name>
show vsys <name> threats spyware <name> default-action
show vsys <name> threats spyware <name> default-action alert
show vsys <name> threats spyware <name> default-action drop
show vsys <name> threats spyware <name> default-action reset-client
show vsys <name> threats spyware <name> default-action reset-server
show vsys <name> threats spyware <name> default-action reset-both
show vsys <name> threats spyware <name> default-action block-ip
show vsys <name> threats spyware <name> default-action allow
show vsys <name> threats spyware <name> signature
show vsys <name> threats spyware <name> signature standard
show vsys <name> threats spyware <name> signature standard <name>

show vsys <name> threats spyware <name> signature standard <name> and-condition
<name>
<name> or-condition
show vsys <name> threats spyware <name> signature combination
show vsys <name> threats spyware <name> signature combination time-attribute
show vsys <name> threats spyware <name> signature combination and-condition
show vsys <name> threats spyware <name> signature combination and-condition <nam
e>
e> or-condition
e> or-condition <name>
show vsys <name> application
show vsys <name> application <name>
show vsys <name> application <name> default
show vsys <name> application <name> default ident-by-icmp-type
show vsys <name> application <name> default ident-by-icmp6-type
show vsys <name> application <name> signature
show vsys <name> application <name> signature <name>
show vsys <name> application <name> signature <name> and-condition
show vsys <name> application <name> signature <name> and-condition <name>
show vsys <name> application <name> signature <name> and-condition <name> or-con
dition
dition <name>
dition <name> operator
dition <name> operator pattern-match
dition <name> operator pattern-match qualifier
dition <name> operator pattern-match qualifier <name>
dition <name> operator greater-than
dition <name> operator greater-than qualifier
dition <name> operator greater-than qualifier <name>
dition <name> operator less-than
dition <name> operator less-than qualifier
dition <name> operator less-than qualifier <name>
dition <name> operator equal-to
show vsys <name> application-tag
show vsys <name> application-tag <name>
show vsys <name> application-filter
show vsys <name> application-filter <name>
show vsys <name> application-group
show vsys <name> application-group <name>
show vsys <name> region
show vsys <name> region <name>
show vsys <name> region <name> geo-location
show vsys <name> tag
show vsys <name> tag <name>
show vsys <name> authentication-object
show vsys <name> authentication-object <name>
show vsys <name> rulebase
show vsys <name> rulebase security
show vsys <name> rulebase security rules
show vsys <name> rulebase security rules <name>
show vsys <name> rulebase security rules <name> option
show vsys <name> rulebase security rules <name> profile-setting

show vsys <name> rulebase security rules <name> profile-setting profiles
show vsys <name> rulebase security rules <name> qos
show vsys <name> rulebase security rules <name> qos marking
show vsys <name> rulebase security rules <name> qos marking follow-c2s-flow
show vsys <name> rulebase default-security-rules
show vsys <name> rulebase default-security-rules rules
show vsys <name> rulebase default-security-rules rules <name>
show vsys <name> rulebase default-security-rules rules <name> profile-setting
show vsys <name> rulebase default-security-rules rules <name> profile-setting pr
ofiles
show vsys <name> rulebase application-override
show vsys <name> rulebase application-override rules
show vsys <name> rulebase application-override rules <name>
show vsys <name> rulebase decryption
show vsys <name> rulebase decryption rules
show vsys <name> rulebase decryption rules <name>
show vsys <name> rulebase decryption rules <name> type
show vsys <name> rulebase decryption rules <name> type ssl-forward-proxy
show vsys <name> rulebase decryption rules <name> type ssh-proxy
show vsys <name> rulebase authentication
show vsys <name> rulebase authentication rules
show vsys <name> rulebase authentication rules <name>
show vsys <name> rulebase tunnel-inspect
show vsys <name> rulebase tunnel-inspect rules
show vsys <name> rulebase tunnel-inspect rules <name>
show vsys <name> rulebase tunnel-inspect rules <name> inspect-options
show vsys <name> rulebase tunnel-inspect rules <name> zone-assign
show vsys <name> rulebase tunnel-inspect rules <name> monitor-options
show vsys <name> rulebase tunnel-inspect rules <name> monitor-options log-settin
g-override
show vsys <name> rulebase nat
show vsys <name> rulebase nat rules

show vsys <name> rulebase nat rules <name>
show vsys <name> rulebase nat rules <name> source-translation
show vsys <name> rulebase nat rules <name> source-translation
show vsys <name> rulebase nat rules <name> source-translation dynamic-ip-and-por
t interface-address
t interface-address
show vsys <name> rulebase nat rules <name> source-translation dynamic-ip
show vsys <name> rulebase nat rules <name> source-translation dynamic-ip fallbac
k interface-address
k interface-address
show vsys <name> rulebase nat rules <name> source-translation static-ip
show vsys <name> rulebase nat rules <name>
show vsys <name> rulebase nat rules <name> destination-translation
show vsys <name> rulebase nat rules <name> dynamic-destination-translation
show vsys <name> rulebase qos
show vsys <name> rulebase qos rules
show vsys <name> rulebase qos rules <name>
show vsys <name> rulebase qos rules <name> dscp-tos
show vsys <name> rulebase qos rules <name> dscp-tos any
show vsys <name> rulebase qos rules <name> dscp-tos codepoints
show vsys <name> rulebase qos rules <name> dscp-tos codepoints <name>
show vsys <name> rulebase qos rules <name> dscp-tos codepoints <name>
show vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> ef
show vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> af
show vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> cs
show vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> tos
show vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> custom
show vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> custom cod
epoint
show vsys <name> rulebase qos rules <name> action
show vsys <name> rulebase pbf
show vsys <name> rulebase pbf rules
show vsys <name> rulebase pbf rules <name>
show vsys <name> rulebase pbf rules <name> from
show vsys <name> rulebase pbf rules <name> from
show vsys <name> rulebase pbf rules <name> action
show vsys <name> rulebase pbf rules <name> action
show vsys <name> rulebase pbf rules <name> action forward
show vsys <name> rulebase pbf rules <name> action forward nexthop
show vsys <name> rulebase pbf rules <name> action forward monitor
show vsys <name> rulebase pbf rules <name> action discard
show vsys <name> rulebase pbf rules <name> action no-pbf
show vsys <name> rulebase pbf rules <name> enforce-symmetric-return
show vsys <name> rulebase pbf rules <name> enforce-symmetric-return nexthop-addr
ess-list
show vsys <name> rulebase pbf rules <name> enforce-symmetric-return nexthop-addr
ess-list <name>
show vsys <name> rulebase dos
show vsys <name> rulebase dos rules
show vsys <name> rulebase dos rules <name>
show vsys <name> rulebase dos rules <name> from
show vsys <name> rulebase dos rules <name> from
show vsys <name> rulebase dos rules <name> to
show vsys <name> rulebase dos rules <name> to

show vsys <name> rulebase dos rules <name> protection
show vsys <name> rulebase dos rules <name> protection aggregate
show vsys <name> rulebase dos rules <name> protection classified
show vsys <name> rulebase dos rules <name> protection classified classification-
criteria
show vsys <name> rulebase dos rules <name> action
show vsys <name> rulebase dos rules <name> action
show vsys <name> rulebase dos rules <name> action deny
show vsys <name> rulebase dos rules <name> action allow
show vsys <name> rulebase dos rules <name> action protect
set deviceconfig
set deviceconfig system
set deviceconfig system type
set deviceconfig system type
set deviceconfig system type static
set deviceconfig system type dhcp-client
set deviceconfig system type dhcp-client send-hostname <yes|no>
set deviceconfig system type dhcp-client send-client-id <yes|no>
set deviceconfig system type dhcp-client accept-dhcp-hostname <yes|no>
set deviceconfig system type dhcp-client accept-dhcp-domain <yes|no>
set deviceconfig system login-banner <value>
set deviceconfig system ack-login-banner <yes|no>
set deviceconfig system hostname <value>
set deviceconfig system domain <value>
set deviceconfig system speed-duplex <auto-negotiate|10Mbps-half-duplex|10Mbps-f
ull-duplex|100Mbps-half-duplex|100Mbps-full-duplex|1Gbps-half-duplex|1Gbps-full-
duplex>
set deviceconfig system mtu <576-1500>
set deviceconfig system ip-address <ip/netmask>
set deviceconfig system netmask <value>
set deviceconfig system default-gateway <ip/netmask>
set deviceconfig system ipv6-address <ip/netmask>

set deviceconfig system ipv6-default-gateway <ip/netmask>
set deviceconfig system authentication-profile <value>
set deviceconfig system certificate-profile <value>
set deviceconfig system syslog-certificate <value>
set deviceconfig system ssl-tls-service-profile <value>
set deviceconfig system dns-setting
set deviceconfig system dns-setting
set deviceconfig system dns-setting servers
set deviceconfig system dns-setting servers primary <ip/netmask>
set deviceconfig system dns-setting servers secondary <ip/netmask>
set deviceconfig system dns-setting dns-proxy-object <value>
set deviceconfig system fqdn-refresh-time <600-14399>
set deviceconfig system fqdn-forcerefresh-time <14400-86400>
set deviceconfig system panorama-server <value>
set deviceconfig system panorama-server-2 <value>
set deviceconfig system ntp-servers
set deviceconfig system ntp-servers primary-ntp-server
set deviceconfig system ntp-servers primary-ntp-server ntp-server-address <value
>
set deviceconfig system ntp-servers primary-ntp-server authentication-type
set deviceconfig system ntp-servers primary-ntp-server authentication-type none
set deviceconfig system ntp-servers primary-ntp-server authentication-type symme
tric-key
tric-key key-id <1-65534>
tric-key algorithm
tric-key algorithm md5
tric-key algorithm md5 authentication-key <value>

tric-key algorithm sha1
tric-key algorithm sha1 authentication-key <value>
set deviceconfig system ntp-servers primary-ntp-server authentication-type autok
ey
set deviceconfig system ntp-servers secondary-ntp-server
set deviceconfig system ntp-servers secondary-ntp-server ntp-server-address <val
ue>
set deviceconfig system ntp-servers secondary-ntp-server authentication-type
set deviceconfig system ntp-servers secondary-ntp-server authentication-type non
set deviceconfig system ntp-servers secondary-ntp-server authentication-type sym
metric-key
metric-key key-id <1-65534>
metric-key algorithm
metric-key algorithm md5
metric-key algorithm md5 authentication-key <value>
metric-key algorithm sha1
metric-key algorithm sha1 authentication-key <value>
set deviceconfig system ntp-servers secondary-ntp-server authentication-type aut
okey
set deviceconfig system update-server <value>
set deviceconfig system server-verification <yes|no>
set deviceconfig system secure-proxy-server <value>
set deviceconfig system secure-proxy-port <1-65535>
set deviceconfig system secure-proxy-user <value>

set deviceconfig system secure-proxy-password <value>
set deviceconfig system hsm-settings
set deviceconfig system hsm-settings provider
set deviceconfig system hsm-settings provider
set deviceconfig system hsm-settings provider safenet-network
set deviceconfig system hsm-settings provider safenet-network hsm-server
set deviceconfig system hsm-settings provider safenet-network hsm-server <name>
set deviceconfig system hsm-settings provider safenet-network hsm-server <name>
server-address <ip/netmask>
set deviceconfig system hsm-settings provider safenet-network ha
set deviceconfig system hsm-settings provider safenet-network ha auto-recovery-r
etry <0-500>
set deviceconfig system hsm-settings provider safenet-network ha ha-group-name <
value>
set deviceconfig system hsm-settings provider thales-nshield-connect
set deviceconfig system hsm-settings provider thales-nshield-connect hsm-server
<name>
<name> server-address <ip/netmask>
set deviceconfig system hsm-settings provider thales-nshield-connect rfs-address
<ip/netmask>
set deviceconfig system hsm-settings provider none
set deviceconfig system ssh
set deviceconfig system ssh ciphers
set deviceconfig system ssh ciphers ha
set deviceconfig system ssh ciphers ha aes128-cbc
set deviceconfig system ssh ciphers ha aes128-ctr

set deviceconfig system ssh ciphers ha aes128-gcm
set deviceconfig system ssh ciphers ha aes256-gcm
set deviceconfig system ssh ciphers mgmt
set deviceconfig system ssh ciphers mgmt aes128-cbc
set deviceconfig system ssh ciphers mgmt aes128-ctr
set deviceconfig system ssh ciphers mgmt aes128-gcm
set deviceconfig system ssh ciphers mgmt aes256-gcm
set deviceconfig system ssh mac
set deviceconfig system ssh mac ha
set deviceconfig system ssh mac ha hmac-sha1
set deviceconfig system ssh mac ha hmac-sha2-256
set deviceconfig system ssh mac ha hmac-sha2-512
set deviceconfig system ssh mac mgmt
set deviceconfig system ssh mac mgmt hmac-sha1
set deviceconfig system ssh mac mgmt hmac-sha2-256
set deviceconfig system ssh mac mgmt hmac-sha2-512
set deviceconfig system ssh regenerate-hostkeys
set deviceconfig system ssh regenerate-hostkeys ha
set deviceconfig system ssh regenerate-hostkeys ha key-type
set deviceconfig system ssh regenerate-hostkeys ha key-type ECDSA
set deviceconfig system ssh regenerate-hostkeys ha key-type ECDSA key-length <25
6|384|521>
set deviceconfig system ssh regenerate-hostkeys ha key-type RSA
set deviceconfig system ssh regenerate-hostkeys ha key-type RSA key-length <2048
|3072|4096>
set deviceconfig system ssh regenerate-hostkeys mgmt
set deviceconfig system ssh regenerate-hostkeys mgmt key-type
set deviceconfig system ssh regenerate-hostkeys mgmt key-type ECDSA

set deviceconfig system ssh regenerate-hostkeys mgmt key-type ECDSA key-length <
256|384|521>
set deviceconfig system ssh regenerate-hostkeys mgmt key-type RSA
set deviceconfig system ssh regenerate-hostkeys mgmt key-type RSA key-length <20
48|3072|4096>
set deviceconfig system ssh default-hostkey
set deviceconfig system ssh default-hostkey ha
set deviceconfig system ssh default-hostkey ha key-type
set deviceconfig system ssh default-hostkey ha key-type ECDSA <256|384|521>
set deviceconfig system ssh default-hostkey ha key-type RSA <2048|3072|4096>
set deviceconfig system ssh default-hostkey mgmt
set deviceconfig system ssh default-hostkey mgmt key-type
set deviceconfig system ssh default-hostkey mgmt key-type ECDSA <256|384|521>
set deviceconfig system ssh default-hostkey mgmt key-type RSA <2048|3072|4096>
set deviceconfig system ssh default-hostkey mgmt key-type all
set deviceconfig system ssh session-rekey
set deviceconfig system ssh session-rekey ha
set deviceconfig system ssh session-rekey ha data <10-4000>|<default>
set deviceconfig system ssh session-rekey ha interval <10-3600>|<none>
set deviceconfig system ssh session-rekey ha packets <12-27>|<default>
set deviceconfig system ssh session-rekey mgmt
set deviceconfig system ssh session-rekey mgmt data <10-4000>|<default>
set deviceconfig system ssh session-rekey mgmt interval <10-3600>|<none>
set deviceconfig system ssh session-rekey mgmt packets <12-27>|<default>
set deviceconfig system snmp-setting
set deviceconfig system snmp-setting snmp-system
set deviceconfig system snmp-setting snmp-system location <value>
set deviceconfig system snmp-setting snmp-system contact <value>
set deviceconfig system snmp-setting snmp-system send-event-specific-traps <yes|
no>
set deviceconfig system snmp-setting access-setting
set deviceconfig system snmp-setting access-setting version

set deviceconfig system snmp-setting access-setting version v2c
set deviceconfig system snmp-setting access-setting version v2c snmp-community-s
tring <value>
set deviceconfig system snmp-setting access-setting version v3
set deviceconfig system snmp-setting access-setting version v3 views
set deviceconfig system snmp-setting access-setting version v3 views <name>
set deviceconfig system snmp-setting access-setting version v3 views <name> view
<name>
<name> oid <value>
<name> option <include|exclude>
<name> mask <value>
set deviceconfig system snmp-setting access-setting version v3 users
set deviceconfig system snmp-setting access-setting version v3 users <name>
set deviceconfig system snmp-setting access-setting version v3 users <name> view
<value>
set deviceconfig system snmp-setting access-setting version v3 users <name> auth
pwd <value>
set deviceconfig system snmp-setting access-setting version v3 users <name> priv
pwd <value>
set deviceconfig system locale <value>|<en|es|ja|fr|zh_CN|zh_TW>
set deviceconfig system domain-lookup-url <value>
set deviceconfig system ip-address-lookup-url <value>
set deviceconfig system geo-location
set deviceconfig system geo-location latitude <value>
set deviceconfig system geo-location longitude <value>
set deviceconfig system service
set deviceconfig system service disable-http <yes|no>

set deviceconfig system service disable-https <yes|no>
set deviceconfig system service disable-telnet <yes|no>
set deviceconfig system service disable-ssh <yes|no>
set deviceconfig system service disable-icmp <yes|no>
set deviceconfig system service disable-snmp <yes|no>
set deviceconfig system service disable-userid-service <yes|no>
set deviceconfig system service disable-userid-syslog-listener-ssl <yes|no>
set deviceconfig system service disable-userid-syslog-listener-udp <yes|no>
set deviceconfig system service disable-http-ocsp <yes|no>
set deviceconfig system permitted-ip
set deviceconfig system permitted-ip <name>
set deviceconfig system permitted-ip <name> description <value>
set deviceconfig system route
set deviceconfig system route service
set deviceconfig system route service <name>
set deviceconfig system route service <name> source
set deviceconfig system route service <name> source interface <value>
set deviceconfig system route service <name> source address <value>
set deviceconfig system route service <name> source-v6
set deviceconfig system route service <name> source-v6 interface <value>
set deviceconfig system route service <name> source-v6 address <value>
set deviceconfig system route destination
set deviceconfig system route destination <name>
set deviceconfig system route destination <name> source
set deviceconfig system route destination <name> source interface <value>
set deviceconfig system route destination <name> source address <value>
set deviceconfig system log-link
set deviceconfig system log-link <name>
set deviceconfig system log-link <name> url <value>
set deviceconfig system log-export-schedule
set deviceconfig system log-export-schedule <name>
set deviceconfig system log-export-schedule <name> description <value>

set deviceconfig system log-export-schedule <name> enable <yes|no>
set deviceconfig system log-export-schedule <name> log-type <traffic|threat|tunn
el|userid|auth|url|data|hipmatch|wildfire>
set deviceconfig system log-export-schedule <name> start-time <value>
set deviceconfig system log-export-schedule <name> protocol
set deviceconfig system log-export-schedule <name> protocol ftp
set deviceconfig system log-export-schedule <name> protocol ftp hostname <value>
set deviceconfig system log-export-schedule <name> protocol ftp port <1-65535>
set deviceconfig system log-export-schedule <name> protocol ftp path <value>
set deviceconfig system log-export-schedule <name> protocol ftp username <value>
set deviceconfig system log-export-schedule <name> protocol ftp password <value>
set deviceconfig system log-export-schedule <name> protocol ftp passive-mode <ye
s|no>
set deviceconfig system log-export-schedule <name> protocol scp
set deviceconfig system log-export-schedule <name> protocol scp hostname <value>
set deviceconfig system log-export-schedule <name> protocol scp port <1-65535>
set deviceconfig system log-export-schedule <name> protocol scp path <value>
set deviceconfig system log-export-schedule <name> protocol scp username <value>
set deviceconfig system log-export-schedule <name> protocol scp password <value>
set deviceconfig system update-schedule
set deviceconfig system update-schedule statistics-service
set deviceconfig system update-schedule statistics-service application-reports <
yes|no>
set deviceconfig system update-schedule statistics-service threat-prevention-rep
orts <yes|no>
set deviceconfig system update-schedule statistics-service threat-prevention-inf
ormation <yes|no>
set deviceconfig system update-schedule statistics-service threat-prevention-pca
p <yes|no>
set deviceconfig system update-schedule statistics-service passive-dns-monitorin
g <yes|no>
set deviceconfig system update-schedule statistics-service url-reports <yes|no>

set deviceconfig system update-schedule statistics-service health-performance-re
ports <yes|no>
set deviceconfig system update-schedule statistics-service file-identification-r
eports <yes|no>
set deviceconfig system update-schedule threats
set deviceconfig system update-schedule threats recurring
set deviceconfig system update-schedule threats recurring
set deviceconfig system update-schedule threats recurring every-30-mins
set deviceconfig system update-schedule threats recurring every-30-mins at <0-29
>
set deviceconfig system update-schedule threats recurring every-30-mins action <
download-only|download-and-install>
set deviceconfig system update-schedule threats recurring every-30-mins disable-
new-content <yes|no>
set deviceconfig system update-schedule threats recurring hourly
set deviceconfig system update-schedule threats recurring hourly at <0-59>
set deviceconfig system update-schedule threats recurring hourly action <downloa
d-only|download-and-install>
set deviceconfig system update-schedule threats recurring hourly disable-new-con
tent <yes|no>
set deviceconfig system update-schedule threats recurring daily
set deviceconfig system update-schedule threats recurring daily at <value>
set deviceconfig system update-schedule threats recurring daily action <download
-only|download-and-install>
set deviceconfig system update-schedule threats recurring daily disable-new-cont
ent <yes|no>
set deviceconfig system update-schedule threats recurring weekly
set deviceconfig system update-schedule threats recurring weekly day-of-week <su
nday|monday|tuesday|wednesday|thursday|friday|saturday>
set deviceconfig system update-schedule threats recurring weekly at <value>
set deviceconfig system update-schedule threats recurring weekly action <downloa
d-only|download-and-install>
set deviceconfig system update-schedule threats recurring weekly disable-new-con
tent <yes|no>
set deviceconfig system update-schedule threats recurring threshold <1-336>
set deviceconfig system update-schedule threats recurring new-app-threshold <1-3
36>
set deviceconfig system update-schedule threats recurring sync-to-peer <yes|no>
set deviceconfig system update-schedule app-profile
set deviceconfig system update-schedule app-profile recurring
set deviceconfig system update-schedule app-profile recurring
set deviceconfig system update-schedule app-profile recurring daily
set deviceconfig system update-schedule app-profile recurring daily at <value>
set deviceconfig system update-schedule app-profile recurring daily action <down
load-only|download-and-install>
set deviceconfig system update-schedule app-profile recurring weekly
set deviceconfig system update-schedule app-profile recurring weekly day-of-week
<sunday|monday|tuesday|wednesday|thursday|friday|saturday>
set deviceconfig system update-schedule app-profile recurring weekly at <value>
set deviceconfig system update-schedule app-profile recurring weekly action <dow
nload-only|download-and-install>
set deviceconfig system update-schedule app-profile recurring threshold <1-336>
set deviceconfig system update-schedule app-profile recurring sync-to-peer <yes|
no>
set deviceconfig system update-schedule anti-virus
set deviceconfig system update-schedule anti-virus recurring
set deviceconfig system update-schedule anti-virus recurring
set deviceconfig system update-schedule anti-virus recurring hourly
set deviceconfig system update-schedule anti-virus recurring hourly at <0-59>
set deviceconfig system update-schedule anti-virus recurring hourly action <down
set deviceconfig system update-schedule anti-virus recurring daily
set deviceconfig system update-schedule anti-virus recurring daily at <value>
set deviceconfig system update-schedule anti-virus recurring daily action <downl

oad-only|download-and-install>
set deviceconfig system update-schedule anti-virus recurring weekly
set deviceconfig system update-schedule anti-virus recurring weekly day-of-week
<sunday|monday|tuesday|wednesday|thursday|friday|saturday>
set deviceconfig system update-schedule anti-virus recurring weekly at <value>
set deviceconfig system update-schedule anti-virus recurring weekly action <down
set deviceconfig system update-schedule anti-virus recurring threshold <1-336>
set deviceconfig system update-schedule anti-virus recurring sync-to-peer <yes|n
o>
set deviceconfig system update-schedule wildfire
set deviceconfig system update-schedule wildfire recurring
set deviceconfig system update-schedule wildfire recurring
set deviceconfig system update-schedule wildfire recurring every-min
set deviceconfig system update-schedule wildfire recurring every-min action <dow
nload-only|download-and-install>
set deviceconfig system update-schedule wildfire recurring every-15-mins
set deviceconfig system update-schedule wildfire recurring every-15-mins at <0-1
4>
set deviceconfig system update-schedule wildfire recurring every-15-mins action
<download-only|download-and-install>
set deviceconfig system update-schedule wildfire recurring every-30-mins
set deviceconfig system update-schedule wildfire recurring every-30-mins at <0-2
9>
set deviceconfig system update-schedule wildfire recurring every-30-mins action
set deviceconfig system update-schedule wildfire recurring every-hour
set deviceconfig system update-schedule wildfire recurring every-hour at <0-59>
set deviceconfig system update-schedule wildfire recurring every-hour action <do
wnload-only|download-and-install>
set deviceconfig system update-schedule wildfire recurring sync-to-peer <yes|no>
set deviceconfig system update-schedule wf-private

set deviceconfig system update-schedule wf-private recurring
set deviceconfig system update-schedule wf-private recurring
set deviceconfig system update-schedule wf-private recurring every-5-mins
set deviceconfig system update-schedule wf-private recurring every-5-mins at <0-
4>
set deviceconfig system update-schedule wf-private recurring every-5-mins action
set deviceconfig system update-schedule wf-private recurring every-15-mins at <0
-14>
set deviceconfig system update-schedule wf-private recurring every-15-mins actio
n <download-only|download-and-install>
set deviceconfig system update-schedule wf-private recurring every-30-mins at <0
-29>
set deviceconfig system update-schedule wf-private recurring every-30-mins actio
n <download-only|download-and-install>
set deviceconfig system update-schedule wf-private recurring every-hour
set deviceconfig system update-schedule wf-private recurring every-hour at <0-59
>
set deviceconfig system update-schedule wf-private recurring every-hour action <
download-only|download-and-install>
set deviceconfig system update-schedule wf-private recurring sync-to-peer <yes|n
o>
set deviceconfig system update-schedule url-database
set deviceconfig system update-schedule url-database recurring
set deviceconfig system update-schedule url-database recurring
set deviceconfig system update-schedule url-database recurring daily
set deviceconfig system update-schedule url-database recurring daily at <value>
set deviceconfig system update-schedule url-database recurring daily action <dow
nload-and-install>
set deviceconfig system update-schedule url-database recurring weekly

set deviceconfig system update-schedule url-database recurring weekly day-of-wee
k <sunday|monday|tuesday|wednesday|thursday|friday|saturday>
set deviceconfig system update-schedule url-database recurring weekly at <value>
set deviceconfig system update-schedule url-database recurring weekly action <do
wnload-and-install>
set deviceconfig system update-schedule global-protect-clientless-vpn
set deviceconfig system update-schedule global-protect-clientless-vpn recurring
hourly
hourly at <0-59>
hourly action <download-and-install|download-only>
daily
daily at <value>
daily action <download-and-install|download-only>
weekly
weekly day-of-week <sunday|monday|tuesday|wednesday|thursday|friday|saturday>
weekly at <value>
weekly action <download-and-install|download-only>
set deviceconfig system update-schedule global-protect-datafile
set deviceconfig system update-schedule global-protect-datafile recurring
set deviceconfig system update-schedule global-protect-datafile recurring
set deviceconfig system update-schedule global-protect-datafile recurring hourly

at <0-59>
action <download-and-install|download-only>
set deviceconfig system update-schedule global-protect-datafile recurring daily
at <value>
action <download-and-install>
set deviceconfig system update-schedule global-protect-datafile recurring weekly
day-of-week <sunday|monday|tuesday|wednesday|thursday|friday|saturday>
at <value>
action <download-and-install|download-only>
set deviceconfig system motd-and-banner
set deviceconfig system motd-and-banner motd-enable <yes|no>
set deviceconfig system motd-and-banner message <value>
set deviceconfig system motd-and-banner motd-do-not-display-again <yes|no>
set deviceconfig system motd-and-banner motd-title <value>
set deviceconfig system motd-and-banner motd-color <color1|color2|color3|color4|
color5|color6|color7|color8|color9|color10|color11|color12|color13|color14|color
15|color16|color17>
set deviceconfig system motd-and-banner severity <warning|question|error|info>
set deviceconfig system motd-and-banner banner-header <value>
set deviceconfig system motd-and-banner banner-header-color <color1|color2|color
3|color4|color5|color6|color7|color8|color9|color10|color11|color12|color13|colo
r14|color15|color16|color17>
set deviceconfig system motd-and-banner banner-header-text-color <color1|color2|

color3|color4|color5|color6|color7|color8|color9|color10|color11|color12|color13
|color14|color15|color16|color17|color18>
set deviceconfig system motd-and-banner banner-header-footer-match <yes|no>
set deviceconfig system motd-and-banner banner-footer <value>
set deviceconfig system motd-and-banner banner-footer-color <color1|color2|color
3|color4|color5|color6|color7|color8|color9|color10|color11|color12|color13|colo
set deviceconfig system motd-and-banner banner-footer-text-color <color1|color2|
color3|color4|color5|color6|color7|color8|color9|color10|color11|color12|color13
|color14|color15|color16|color17|color18>
set deviceconfig system timezone <Africa/Abidjan|Africa/Accra|Africa/Addis_Ababa
|Africa/Algiers|Africa/Asmara|Africa/Asmera|Africa/Bamako|Africa/Bangui|Africa/B
anjul|Africa/Bissau|Africa/Blantyre|Africa/Brazzaville|Africa/Bujumbura|Africa/C
airo|Africa/Casablanca|Africa/Ceuta|Africa/Conakry|Africa/Dakar|Africa/Dar_es_Sa
laam|Africa/Djibouti|Africa/Douala|Africa/El_Aaiun|Africa/Freetown|Africa/Gaboro
ne|Africa/Harare|Africa/Johannesburg|Africa/Kampala|Africa/Khartoum|Africa/Kigal
i|Africa/Kinshasa|Africa/Lagos|Africa/Libreville|Africa/Lome|Africa/Luanda|Afric
a/Lubumbashi|Africa/Lusaka|Africa/Malabo|Africa/Maputo|Africa/Maseru|Africa/Mbab
ane|Africa/Mogadishu|Africa/Monrovia|Africa/Nairobi|Africa/Ndjamena|Africa/Niame
y|Africa/Nouakchott|Africa/Ouagadougou|Africa/Porto-Novo|Africa/Sao_Tome|Africa/
Timbuktu|Africa/Tripoli|Africa/Tunis|Africa/Windhoek|America/Adak|America/Anchor
age|America/Anguilla|America/Antigua|America/Araguaina|America/Argentina/Buenos_
Aires|America/Argentina/Catamarca|America/Argentina/ComodRivadavia|America/Argen
tina/Cordoba|America/Argentina/Jujuy|America/Argentina/La_Rioja|America/Argentin
a/Mendoza|America/Argentina/Rio_Gallegos|America/Argentina/Salta|America/Argenti
na/San_Juan|America/Argentina/San_Luis|America/Argentina/Tucuman|America/Argenti
na/Ushuaia|America/Aruba|America/Asuncion|America/Atikokan|America/Atka|America/
Bahia|America/Barbados|America/Belem|America/Belize|America/Blanc-Sablon|America
/Boa_Vista|America/Bogota|America/Boise|America/Buenos_Aires|America/Cambridge_B
ay|America/Campo_Grande|America/Cancun|America/Caracas|America/Catamarca|America
/Cayenne|America/Cayman|America/Chicago|America/Chihuahua|America/Coral_Harbour|
America/Cordoba|America/Costa_Rica|America/Cuiaba|America/Curacao|America/Danmar
kshavn|America/Dawson|America/Dawson_Creek|America/Denver|America/Detroit|Americ
a/Dominica|America/Edmonton|America/Eirunepe|America/El_Salvador|America/Ensenad
a|America/Fortaleza|America/Fort_Wayne|America/Glace_Bay|America/Godthab|America
/Goose_Bay|America/Grand_Turk|America/Grenada|America/Guadeloupe|America/Guatema
la|America/Guayaquil|America/Guyana|America/Halifax|America/Havana|America/Hermo
sillo|America/Indiana/Indianapolis|America/Indiana/Knox|America/Indiana/Marengo|
America/Indiana/Petersburg|America/Indianapolis|America/Indiana/Tell_City|Americ
a/Indiana/Vevay|America/Indiana/Vincennes|America/Indiana/Winamac|America/Inuvik
|America/Iqaluit|America/Jamaica|America/Jujuy|America/Juneau|America/Kentucky/L
ouisville|America/Kentucky/Monticello|America/Knox_IN|America/La_Paz|America/Lim
a|America/Los_Angeles|America/Louisville|America/Maceio|America/Managua|America/
Manaus|America/Marigot|America/Martinique|America/Mazatlan|America/Mendoza|Ameri
ca/Menominee|America/Merida|America/Mexico_City|America/Miquelon|America/Moncton
|America/Monterrey|America/Montevideo|America/Montreal|America/Montserrat|Americ
a/Nassau|America/New_York|America/Nipigon|America/Nome|America/Noronha|America/N
orth_Dakota/Center|America/North_Dakota/New_Salem|America/Panama|America/Pangnir
tung|America/Paramaribo|America/Phoenix|America/Port-au-Prince|America/Porto_Acr
e|America/Port_of_Spain|America/Porto_Velho|America/Puerto_Rico|America/Rainy_Ri
ver|America/Rankin_Inlet|America/Recife|America/Regina|America/Resolute|America/
Rio_Branco|America/Rosario|America/Santarem|America/Santiago|America/Santo_Domin
go|America/Sao_Paulo|America/Scoresbysund|America/Shiprock|America/St_Barthelemy
|America/St_Johns|America/St_Kitts|America/St_Lucia|America/St_Thomas|America/St
_Vincent|America/Swift_Current|America/Tegucigalpa|America/Thule|America/Thunder
_Bay|America/Tijuana|America/Toronto|America/Tortola|America/Vancouver|America/V
irgin|America/Whitehorse|America/Winnipeg|America/Yakutat|America/Yellowknife|An
tarctica/Casey|Antarctica/Davis|Antarctica/DumontDUrville|Antarctica/Mawson|Anta
rctica/McMurdo|Antarctica/Palmer|Antarctica/Rothera|Antarctica/South_Pole|Antarc
tica/Syowa|Antarctica/Vostok|Arctic/Longyearbyen|Asia/Aden|Asia/Almaty|Asia/Amma
n|Asia/Anadyr|Asia/Aqtau|Asia/Aqtobe|Asia/Ashgabat|Asia/Ashkhabad|Asia/Baghdad|A
sia/Bahrain|Asia/Baku|Asia/Bangkok|Asia/Beirut|Asia/Bishkek|Asia/Brunei|Asia/Cal
cutta|Asia/Choibalsan|Asia/Chongqing|Asia/Chungking|Asia/Colombo|Asia/Dacca|Asia
/Damascus|Asia/Dhaka|Asia/Dili|Asia/Dubai|Asia/Dushanbe|Asia/Gaza|Asia/Harbin|As
ia/Ho_Chi_Minh|Asia/Hong_Kong|Asia/Hovd|Asia/Irkutsk|Asia/Istanbul|Asia/Jakarta|
Asia/Jayapura|Asia/Jerusalem|Asia/Kabul|Asia/Kamchatka|Asia/Karachi|Asia/Kashgar
|Asia/Kathmandu|Asia/Katmandu|Asia/Kolkata|Asia/Krasnoyarsk|Asia/Kuala_Lumpur|As
ia/Kuching|Asia/Kuwait|Asia/Macao|Asia/Macau|Asia/Magadan|Asia/Makassar|Asia/Man
ila|Asia/Muscat|Asia/Nicosia|Asia/Novokuznetsk|Asia/Novosibirsk|Asia/Omsk|Asia/O
ral|Asia/Phnom_Penh|Asia/Pontianak|Asia/Pyongyang|Asia/Qatar|Asia/Qyzylorda|Asia
/Rangoon|Asia/Riyadh|Asia/Riyadh87|Asia/Riyadh88|Asia/Riyadh89|Asia/Saigon|Asia/
Sakhalin|Asia/Samarkand|Asia/Seoul|Asia/Shanghai|Asia/Singapore|Asia/Taipei|Asia
/Tashkent|Asia/Tbilisi|Asia/Tehran|Asia/Tel_Aviv|Asia/Thimbu|Asia/Thimphu|Asia/T
okyo|Asia/Ujung_Pandang|Asia/Ulaanbaatar|Asia/Ulan_Bator|Asia/Urumqi|Asia/Vienti
ane|Asia/Vladivostok|Asia/Yakutsk|Asia/Yekaterinburg|Asia/Yerevan|Atlantic/Azore
s|Atlantic/Bermuda|Atlantic/Canary|Atlantic/Cape_Verde|Atlantic/Faeroe|Atlantic/
Faroe|Atlantic/Jan_Mayen|Atlantic/Madeira|Atlantic/Reykjavik|Atlantic/South_Geor
gia|Atlantic/Stanley|Atlantic/St_Helena|Australia/ACT|Australia/Adelaide|Austral
ia/Brisbane|Australia/Broken_Hill|Australia/Canberra|Australia/Currie|Australia/
Darwin|Australia/Eucla|Australia/Hobart|Australia/LHI|Australia/Lindeman|Austral
ia/Lord_Howe|Australia/Melbourne|Australia/North|Australia/NSW|Australia/Perth|A
ustralia/Queensland|Australia/South|Australia/Sydney|Australia/Tasmania|Australi
a/Victoria|Australia/West|Australia/Yancowinna|Brazil/Acre|Brazil/DeNoronha|Braz
il/East|Brazil/West|Canada/Atlantic|Canada/Central|Canada/Eastern|Canada/East-Sa
skatchewan|Canada/Mountain|Canada/Newfoundland|Canada/Pacific|Canada/Saskatchewa
n|Canada/Yukon|CET|Chile/Continental|Chile/EasterIsland|CST6CDT|Cuba|EET|Egypt|E
ire|EST|EST5EDT|Etc/GMT|Etc/GMT0|Etc/GMT-0|Etc/GMT+0|Etc/GMT-1|Etc/GMT+1|Etc/GMT
-10|Etc/GMT+10|Etc/GMT-11|Etc/GMT+11|Etc/GMT-12|Etc/GMT+12|Etc/GMT-13|Etc/GMT-14
|Etc/GMT-2|Etc/GMT+2|Etc/GMT-3|Etc/GMT+3|Etc/GMT-4|Etc/GMT+4|Etc/GMT-5|Etc/GMT+5
|Etc/GMT-6|Etc/GMT+6|Etc/GMT-7|Etc/GMT+7|Etc/GMT-8|Etc/GMT+8|Etc/GMT-9|Etc/GMT+9
|Etc/Greenwich|Etc/UCT|Etc/Universal|Etc/UTC|Etc/Zulu|Europe/Amsterdam|Europe/An
dorra|Europe/Athens|Europe/Belfast|Europe/Belgrade|Europe/Berlin|Europe/Bratisla
va|Europe/Brussels|Europe/Bucharest|Europe/Budapest|Europe/Chisinau|Europe/Copen
hagen|Europe/Dublin|Europe/Gibraltar|Europe/Guernsey|Europe/Helsinki|Europe/Isle
_of_Man|Europe/Istanbul|Europe/Jersey|Europe/Kaliningrad|Europe/Kiev|Europe/Lisb
on|Europe/Ljubljana|Europe/London|Europe/Luxembourg|Europe/Madrid|Europe/Malta|E
urope/Mariehamn|Europe/Minsk|Europe/Monaco|Europe/Moscow|Europe/Nicosia|Europe/O
slo|Europe/Paris|Europe/Podgorica|Europe/Prague|Europe/Riga|Europe/Rome|Europe/S
amara|Europe/San_Marino|Europe/Sarajevo|Europe/Simferopol|Europe/Skopje|Europe/S
ofia|Europe/Stockholm|Europe/Tallinn|Europe/Tirane|Europe/Tiraspol|Europe/Uzhgor
od|Europe/Vaduz|Europe/Vatican|Europe/Vienna|Europe/Vilnius|Europe/Volgograd|Eur
ope/Warsaw|Europe/Zagreb|Europe/Zaporozhye|Europe/Zurich|Factory|GB|GB-Eire|GMT|
GMT0|GMT-0|GMT+0|Greenwich|Hongkong|HST|Iceland|Indian/Antananarivo|Indian/Chago
s|Indian/Christmas|Indian/Cocos|Indian/Comoro|Indian/Kerguelen|Indian/Mahe|India
n/Maldives|Indian/Mauritius|Indian/Mayotte|Indian/Reunion|Iran|Israel|Jamaica|Ja
pan|Kwajalein|Libya|MET|Mexico/BajaNorte|Mexico/BajaSur|Mexico/General|Mideast/R
iyadh87|Mideast/Riyadh88|Mideast/Riyadh89|MST|MST7MDT|Navajo|NZ|NZ-CHAT|Pacific/
Apia|Pacific/Auckland|Pacific/Chatham|Pacific/Easter|Pacific/Efate|Pacific/Ender
bury|Pacific/Fakaofo|Pacific/Fiji|Pacific/Funafuti|Pacific/Galapagos|Pacific/Gam
bier|Pacific/Guadalcanal|Pacific/Guam|Pacific/Honolulu|Pacific/Johnston|Pacific/
Kiritimati|Pacific/Kosrae|Pacific/Kwajalein|Pacific/Majuro|Pacific/Marquesas|Pac
ific/Midway|Pacific/Nauru|Pacific/Niue|Pacific/Norfolk|Pacific/Noumea|Pacific/Pa
go_Pago|Pacific/Palau|Pacific/Pitcairn|Pacific/Ponape|Pacific/Port_Moresby|Pacif
ic/Rarotonga|Pacific/Saipan|Pacific/Samoa|Pacific/Tahiti|Pacific/Tarawa|Pacific/
Tongatapu|Pacific/Truk|Pacific/Wake|Pacific/Wallis|Pacific/Yap|Poland|Portugal|P
RC|PST8PDT|ROC|ROK|Singapore|Turkey|UCT|Universal|US/Alaska|US/Aleutian|US/Arizo
na|US/Central|US/Eastern|US/East-Indiana|US/Hawaii|US/Indiana-Starke|US/Michigan
|US/Mountain|US/Pacific|US/Samoa|UTC|WET|W-SU|Zulu>
set deviceconfig setting
set deviceconfig setting nat
set deviceconfig setting nat reserve-ip <yes|no>
set deviceconfig setting nat reserve-time <1-604800>
set deviceconfig setting nat dipp-oversub <1x|2x|4x|8x>
set deviceconfig setting jumbo-frame
set deviceconfig setting jumbo-frame mtu <512-9216>
set deviceconfig setting icmpv6-rate-limit
set deviceconfig setting icmpv6-rate-limit bucket-size <10-65535>
set deviceconfig setting icmpv6-rate-limit packet-rate <1-65535>

set deviceconfig setting nat64
set deviceconfig setting nat64 ipv6-min-network-mtu <1280-9216>
set deviceconfig setting packet
set deviceconfig setting packet ip-frag-limit <yes|no>
set deviceconfig setting util
set deviceconfig setting util assert-crash-once <yes|no>
set deviceconfig setting pan-url-db
set deviceconfig setting pan-url-db cloud-static-list <value>
set deviceconfig setting pan-url-db timeout <1-300>
set deviceconfig setting url
set deviceconfig setting url dynamic-url-timeout <1-720>
set deviceconfig setting url dynamic-url <yes|no>
set deviceconfig setting global-protect
set deviceconfig setting global-protect timeout <3-150>
set deviceconfig setting global-protect keepalive <3-150>
set deviceconfig setting global-protect enable-external-gateway-priority <yes|no
>
set deviceconfig setting global-protect worker-threads <10-100>
set deviceconfig setting l3-service
set deviceconfig setting l3-service timeout <3-125>
set deviceconfig setting application
set deviceconfig setting application identify-unknown-traffic-by-port <yes|no>
set deviceconfig setting application dump-unknown <on|off>
set deviceconfig setting application cache <yes|no>
set deviceconfig setting application use-cache-for-identification <yes|no>
set deviceconfig setting application cache-threshold <1-65535>
set deviceconfig setting application supernode <yes|no>
set deviceconfig setting application heuristics <yes|no>
set deviceconfig setting application notify-user <yes|no>
set deviceconfig setting application bypass-exceed-queue <yes|no>
set deviceconfig setting application traceroute
set deviceconfig setting application traceroute enable <yes|no>

set deviceconfig setting application traceroute ttl-threshold <0-255>
set deviceconfig setting autofocus
set deviceconfig setting autofocus enabled <yes|no>
set deviceconfig setting autofocus autofocus-url <value>
set deviceconfig setting autofocus query-timeout <15-3600>
set deviceconfig setting wildfire
set deviceconfig setting wildfire file-idle-timeout <5-180>
set deviceconfig setting wildfire file-size-limit
set deviceconfig setting wildfire file-size-limit <name>
set deviceconfig setting wildfire file-size-limit <name> size-limit <value>
set deviceconfig setting wildfire file-upload-rate <1-150>
set deviceconfig setting wildfire public-cloud-server <value>
set deviceconfig setting wildfire private-cloud-server <value>
set deviceconfig setting wildfire private-cloud-use-proxy <yes|no>
set deviceconfig setting wildfire disable-signature-verify <yes|no>
set deviceconfig setting wildfire report-benign-file <yes|no>
set deviceconfig setting wildfire report-grayware-file <yes|no>
set deviceconfig setting wildfire session-info-select
set deviceconfig setting wildfire session-info-select exclude-src-ip <yes|no>
set deviceconfig setting wildfire session-info-select exclude-src-port <yes|no>
set deviceconfig setting wildfire session-info-select exclude-dest-ip <yes|no>
set deviceconfig setting wildfire session-info-select exclude-dest-port <yes|no>
set deviceconfig setting wildfire session-info-select exclude-vsys-id <yes|no>
set deviceconfig setting wildfire session-info-select exclude-app-name <yes|no>
set deviceconfig setting wildfire session-info-select exclude-username <yes|no>
set deviceconfig setting wildfire session-info-select exclude-url <yes|no>
set deviceconfig setting wildfire session-info-select exclude-filename <yes|no>
set deviceconfig setting wildfire session-info-select exclude-email-sender <yes|
no>
set deviceconfig setting wildfire session-info-select exclude-email-recipient <y
es|no>
set deviceconfig setting wildfire session-info-select exclude-email-subject <yes

|no>
set deviceconfig setting ctd
set deviceconfig setting ctd x-forwarded-for <yes|no>
set deviceconfig setting ctd strip-x-fwd-for <yes|no>
set deviceconfig setting ctd url-coach-timeout <1-86400>
set deviceconfig setting ctd url-admin-timeout <1-86400>
set deviceconfig setting ctd url-lockout-timeout <1-86400>
set deviceconfig setting ctd url-wait-timeout <1-60>
set deviceconfig setting ctd cap-portal-ask-timeout <0-65535>
set deviceconfig setting ctd cap-portal-ask-requests <1-32>
set deviceconfig setting ctd cap-portal-max-session <0-8192>
set deviceconfig setting ctd cap-portal-html-redirect <yes|no>
set deviceconfig setting ctd http-proxy-use-transaction <yes|no>
set deviceconfig setting ctd tcp-bypass-exceed-queue <yes|no>
set deviceconfig setting ctd udp-bypass-exceed-queue <yes|no>
set deviceconfig setting ctd allow-http-range <yes|no>
set deviceconfig setting ctd extended-capture-segment <1-50>
set deviceconfig setting ctd track-filename <yes|no>
set deviceconfig setting ctd hash-signature-allow <yes|no>
set deviceconfig setting ctd decode-filter-max-depth <1-4>
set deviceconfig setting ctd disable-smbv3-multi-channel <yes|no>
set deviceconfig setting ssl-decrypt
set deviceconfig setting ssl-decrypt url-wait <yes|no>
set deviceconfig setting ssl-decrypt url-proxy <yes|no>
set deviceconfig setting ssl-decrypt notify-user <yes|no>
set deviceconfig setting ssl-decrypt answer-timeout <1-86400>
set deviceconfig setting ssl-decrypt crl <yes|no>
set deviceconfig setting ssl-decrypt ocsp <yes|no>
set deviceconfig setting ssl-decrypt crl-receive-timeout <1-60>
set deviceconfig setting ssl-decrypt ocsp-receive-timeout <1-60>
set deviceconfig setting ssl-decrypt cert-status-timeout <0-60>
set deviceconfig setting ssl-decrypt fwd-proxy-server-cert-key-size-rsa <0|1024|

2048>
set deviceconfig setting ssl-decrypt fwd-proxy-server-cert-key-size-ecdsa <0|256
|384>
set deviceconfig setting ssl-decrypt default-elliptic-curve <192|224|256|384|521
>
set deviceconfig setting ssl-decrypt use-mp-sess-cache <yes|no>
set deviceconfig setting session
set deviceconfig setting session timeout-tcp <1-15999999>
set deviceconfig setting session timeout-udp <1-15999999>
set deviceconfig setting session timeout-icmp <1-15999999>
set deviceconfig setting session timeout-default <1-15999999>
set deviceconfig setting session timeout-tcpinit <1-60>
set deviceconfig setting session timeout-tcphandshake <1-60>
set deviceconfig setting session timeout-tcp-half-closed <1-604800>
set deviceconfig setting session timeout-tcp-time-wait <1-600>
set deviceconfig setting session timeout-tcp-unverified-rst <1-600>
set deviceconfig setting session timeout-captive-portal <1-15999999>
set deviceconfig setting session timeout-discard-tcp <1-15999999>
set deviceconfig setting session timeout-discard-udp <1-15999999>
set deviceconfig setting session timeout-discard-default <1-15999999>
set deviceconfig setting session icmp-unreachable-rate <1-65535>
set deviceconfig setting session timeout-scan <5-30>
set deviceconfig setting session scan-threshold <50-99>
set deviceconfig setting session scan-scaling-factor <2-16>
set deviceconfig setting session accelerated-aging-enable <yes|no>
set deviceconfig setting session accelerated-aging-threshold <50-99>
set deviceconfig setting session accelerated-aging-scaling-factor <2-16>
set deviceconfig setting session packet-buffer-protection-enable <yes|no>
set deviceconfig setting session packet-buffer-protection-alert <0-99>
set deviceconfig setting session packet-buffer-protection-activate <0-99>
set deviceconfig setting session packet-buffer-protection-block-hold-time <0-655
35>
set deviceconfig setting session packet-buffer-protection-block-duration-time <1
-15999999>
set deviceconfig setting session tcp-reject-non-syn <yes|no>
set deviceconfig setting session offload <yes|no>
set deviceconfig setting session ipv6-firewalling <yes|no>
set deviceconfig setting session resource-limit-behavior <bypass|drop>
set deviceconfig setting session multicast-route-setup-buffering <yes|no>
set deviceconfig setting session max-pending-mcast-pkts-per-session <1-2000>
set deviceconfig setting tcp
set deviceconfig setting tcp bypass-exceed-oo-queue <yes|no>
set deviceconfig setting tcp allow-challenge-ack <yes|no>
set deviceconfig setting tcp check-timestamp-option <yes|no>
set deviceconfig setting tcp asymmetric-path <drop|bypass>
set deviceconfig setting tcp urgent-data <clear|oobinline>
set deviceconfig setting tcp drop-zero-flag <yes|no>
set deviceconfig setting tcp strip-mptcp-option <yes|no>
set deviceconfig setting zip
set deviceconfig setting zip enable <yes|no>
set deviceconfig setting zip mode <hw|sw|auto>
set deviceconfig setting pow
set deviceconfig setting pow wqe-tag-check <yes|no>
set deviceconfig setting pow wqe-inuse-check <yes|no>
set deviceconfig setting pow wqe-swbuf-check <yes|no>
set deviceconfig setting pow wqe-hexspeak <yes|no>
set deviceconfig setting pow wqe-swbuf-ref <yes|no>
set deviceconfig setting config
set deviceconfig setting config rematch <yes|no>
set deviceconfig setting logging
set deviceconfig setting logging enhanced-application-logging
set deviceconfig setting logging enhanced-application-logging disable-applicatio
set deviceconfig setting logging enhanced-application-logging disable-applicatio

n <name>
set deviceconfig setting logging enhanced-application-logging disable-global
set deviceconfig setting logging enhanced-application-logging disable-global all
set deviceconfig setting logging enhanced-application-logging disable-global arp
set deviceconfig setting logging enhanced-application-logging disable-global non
-syn-tcp
set deviceconfig setting logging enhanced-application-logging disable-global ext
-traffic
set deviceconfig setting logging enhanced-application-logging disable-global hip
-report
set deviceconfig setting logging enhanced-application-logging enable <yes|no>
set deviceconfig setting logging logging-service-forwarding
set deviceconfig setting logging logging-service-forwarding enable <yes|no>
set deviceconfig setting logging logging-service-forwarding enable-duplicate-log
ging <yes|no>
set deviceconfig setting logging logging-service-forwarding logging-service-regi
ons <value>
set deviceconfig setting logging max-log-rate <0-50000>
set deviceconfig setting logging max-packet-rate <0-2560>
set deviceconfig setting logging log-suppression <yes|no>
set deviceconfig setting management
set deviceconfig setting management secure-conn-client
set deviceconfig setting management secure-conn-client certificate-type
set deviceconfig setting management secure-conn-client certificate-type
set deviceconfig setting management secure-conn-client certificate-type none
set deviceconfig setting management secure-conn-client certificate-type local
set deviceconfig setting management secure-conn-client certificate-type local ce
rtificate <value>
set deviceconfig setting management secure-conn-client certificate-type local ce
rtificate-profile <value>
set deviceconfig setting management secure-conn-client certificate-type scep
set deviceconfig setting management secure-conn-client certificate-type scep sce
p-profile <value>
set deviceconfig setting management secure-conn-client certificate-type scep cer
tificate-profile <value>
set deviceconfig setting management secure-conn-client check-server-identity <ye
s|no>
set deviceconfig setting management secure-conn-client enable-secure-wildfire-co
mmunication <yes|no>
set deviceconfig setting management secure-conn-client enable-secure-pandb-commu
nication <yes|no>
set deviceconfig setting management secure-conn-client enable-secure-panorama-co
mmunication <yes|no>
set deviceconfig setting management secure-conn-client enable-secure-lc-communic
ation <yes|no>
set deviceconfig setting management quota-settings
set deviceconfig setting management quota-settings log-expiration-period
set deviceconfig setting management quota-settings log-expiration-period traffic
<1-2000>
set deviceconfig setting management quota-settings log-expiration-period threat
<1-2000>
set deviceconfig setting management quota-settings log-expiration-period config
<1-2000>
set deviceconfig setting management quota-settings log-expiration-period system
<1-2000>
set deviceconfig setting management quota-settings log-expiration-period alarm <
1-2000>
set deviceconfig setting management quota-settings log-expiration-period appstat
<1-2000>
set deviceconfig setting management quota-settings log-expiration-period trsum <
1-2000>
set deviceconfig setting management quota-settings log-expiration-period thsum <

1-2000>
set deviceconfig setting management quota-settings log-expiration-period urlsum
<1-2000>
set deviceconfig setting management quota-settings log-expiration-period hipmatc
h <1-2000>
set deviceconfig setting management quota-settings log-expiration-period hourlyt
rsum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period dailytr
sum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period weeklyt
rsum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period hourlyt
hsum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period dailyth
sum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period weeklyt
hsum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period hourlyu
rlsum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period dailyur
lsum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period weeklyu
rlsum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period threat-
pcaps <1-2000>
set deviceconfig setting management quota-settings log-expiration-period gtp <1-
2000>
set deviceconfig setting management quota-settings log-expiration-period gtpsum
<1-2000>
set deviceconfig setting management quota-settings log-expiration-period hourlyg
tpsum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period dailygt

psum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period weeklyg
tpsum <1-2000>
set deviceconfig setting management quota-settings log-expiration-period userid
<1-2000>
set deviceconfig setting management quota-settings log-expiration-period auth <1
-2000>
set deviceconfig setting management quota-settings log-expiration-period iptag <
1-2000>
set deviceconfig setting management quota-settings log-expiration-period dlp-log
s <1-2000>
set deviceconfig setting management quota-settings log-expiration-period applica
tion-pcaps <1-2000>
set deviceconfig setting management quota-settings log-expiration-period debug-f
ilter-pcaps <1-2000>
set deviceconfig setting management quota-settings log-expiration-period hip-rep
orts <1-2000>
set deviceconfig setting management quota-settings disk-quota
set deviceconfig setting management quota-settings disk-quota traffic <float>
set deviceconfig setting management quota-settings disk-quota threat <float>
set deviceconfig setting management quota-settings disk-quota config <float>
set deviceconfig setting management quota-settings disk-quota system <float>
set deviceconfig setting management quota-settings disk-quota alarm <float>
set deviceconfig setting management quota-settings disk-quota appstat <float>
set deviceconfig setting management quota-settings disk-quota trsum <float>
set deviceconfig setting management quota-settings disk-quota thsum <float>
set deviceconfig setting management quota-settings disk-quota urlsum <float>
set deviceconfig setting management quota-settings disk-quota hipmatch <float>
set deviceconfig setting management quota-settings disk-quota hourlytrsum <float
>
set deviceconfig setting management quota-settings disk-quota dailytrsum <float>
set deviceconfig setting management quota-settings disk-quota weeklytrsum <float

>
set deviceconfig setting management quota-settings disk-quota hourlythsum <float
>
set deviceconfig setting management quota-settings disk-quota dailythsum <float>
set deviceconfig setting management quota-settings disk-quota weeklythsum <float
>
set deviceconfig setting management quota-settings disk-quota hourlyurlsum <floa
t>
set deviceconfig setting management quota-settings disk-quota dailyurlsum <float
>
set deviceconfig setting management quota-settings disk-quota weeklyurlsum <floa
t>
set deviceconfig setting management quota-settings disk-quota threat-pcaps <floa
t>
set deviceconfig setting management quota-settings disk-quota gtp <float>
set deviceconfig setting management quota-settings disk-quota gtpsum <float>
set deviceconfig setting management quota-settings disk-quota hourlygtpsum <floa
t>
set deviceconfig setting management quota-settings disk-quota dailygtpsum <float
>
set deviceconfig setting management quota-settings disk-quota weeklygtpsum <floa
t>
set deviceconfig setting management quota-settings disk-quota userid <float>
set deviceconfig setting management quota-settings disk-quota auth <float>
set deviceconfig setting management quota-settings disk-quota iptag <float>
set deviceconfig setting management quota-settings disk-quota dlp-logs <float>
set deviceconfig setting management quota-settings disk-quota application-pcaps
<float>
set deviceconfig setting management quota-settings disk-quota debug-filter-pcaps
<float>
set deviceconfig setting management quota-settings disk-quota hip-reports <float
>
set deviceconfig setting management large-core <yes|no>
set deviceconfig setting management disable-predefined-reports [ <disable-prede
fined-reports1> <disable-predefined-reports2>... ]
set deviceconfig setting management disable-predefined-correlation-objs [ <disa
ble-predefined-correlation-objs1> <disable-predefined-correlation-objs2>... ]
set deviceconfig setting management common-criteria
set deviceconfig setting management common-criteria enable-cconly-logs <yes|no>
set deviceconfig setting management common-criteria enable-packet-drop-logs <yes
|no>
set deviceconfig setting management common-criteria skip-authentication-success-
logs <yes|no>
set deviceconfig setting management common-criteria skip-authentication-failure-
logs <yes|no>
set deviceconfig setting management common-criteria enable-tls-session-logging <
yes|no>
set deviceconfig setting management common-criteria enable-ocsp-crl-logs <yes|no
>
set deviceconfig setting management common-criteria enable-ike-logging <yes|no>
set deviceconfig setting management common-criteria skip-configuration-logs-for
[ <skip-configuration-logs-for1> <skip-configuration-logs-for2>... ]
set deviceconfig setting management common-criteria self-test-schedule
set deviceconfig setting management common-criteria self-test-schedule crypto
set deviceconfig setting management common-criteria self-test-schedule crypto st
art-time [ <start-time1> <start-time2>... ]
set deviceconfig setting management common-criteria self-test-schedule software-
integrity
integrity start-time [ <start-time1> <start-time2>... ]
set deviceconfig setting management common-criteria self-test-schedule
set deviceconfig setting management common-criteria self-test-schedule crypto
set deviceconfig setting management common-criteria self-test-schedule crypto st

art-time [ <start-time1> <start-time2>... ]
integrity
integrity start-time [ <start-time1> <start-time2>... ]
set deviceconfig setting management common-criteria enable-tls-session-logging <
yes|no>
set deviceconfig setting management common-criteria enable-ocsp-crl-logs <yes|no
>
set deviceconfig setting management common-criteria enable-ike-logging <yes|no>
set deviceconfig setting management idle-timeout <1-1440>|<0>
set deviceconfig setting management admin-lockout
set deviceconfig setting management admin-lockout failed-attempts <1-10>
set deviceconfig setting management admin-lockout failed-attempts <0-10>
set deviceconfig setting management admin-lockout lockout-time <0-60>
set deviceconfig setting management admin-lockout lockout-time <0-60>
set deviceconfig setting management hostname-type-in-syslog <none|FQDN|hostname|
ipv4-address|ipv6-address>
set deviceconfig setting management report-run-time <value>
set deviceconfig setting management report-expiration-period <1-2000>
set deviceconfig setting management threat-vault-access <yes|no>
set deviceconfig setting management auto-acquire-commit-lock <yes|no>
set deviceconfig setting management rule-hit-count <yes|no>
set deviceconfig setting management canonicalize-block-allow-list <yes|no>
set deviceconfig setting management traffic-stop-on-logdb-full <yes|no>
set deviceconfig setting management enable-log-high-dp-load <yes|no>
set deviceconfig setting management enable-certificate-expiration-check <yes|no>
set deviceconfig setting management max-rows-in-csv-export <1-1048576>
set deviceconfig setting management max-rows-in-pdf-report <1-1048576>
set deviceconfig setting management browse-activity-report-setting
set deviceconfig setting management browse-activity-report-setting average-brows

e-time <1-300>
set deviceconfig setting management browse-activity-report-setting page-load-thr
eshold <1-60>
set deviceconfig setting management max-audit-versions <1-1048576>
set deviceconfig setting management panorama-tcp-receive-timeout <1-240>
set deviceconfig setting management panorama-tcp-send-timeout <1-240>
set deviceconfig setting management panorama-ssl-send-retries <1-64>
set deviceconfig setting management device-monitoring
set deviceconfig setting management device-monitoring enabled <yes|no>
set deviceconfig setting management common-criteria-alarm-generation
set deviceconfig setting management common-criteria-alarm-generation enable-alar
m-generation <yes|no>
set deviceconfig setting management common-criteria-alarm-generation enable-cli-
alarm-notification <yes|no>
set deviceconfig setting management common-criteria-alarm-generation enable-web-
alarm-notification <yes|no>
set deviceconfig setting management common-criteria-alarm-generation enable-audi
ble-alarms <yes|no>
set deviceconfig setting management common-criteria-alarm-generation encrypt-dec
rypt-fail-count <1-4294967295>
set deviceconfig setting management common-criteria-alarm-generation security-po
licy-limits
licy-limits count <1-4294967295>
licy-limits time-interval <30-86400>
set deviceconfig setting management common-criteria-alarm-generation rule-group-
limits
limits count <1-4294967295>
limits time-interval <30-86400>

limits tags [ <tags1> <tags2>... ]
set deviceconfig setting management common-criteria-alarm-generation log-databas
es-alarm-threshold
es-alarm-threshold traffic <0-100>
es-alarm-threshold threat <0-100>
es-alarm-threshold config <0-100>
es-alarm-threshold system <0-100>
es-alarm-threshold alarm <0-100>
es-alarm-threshold hipmatch <0-100>
es-alarm-threshold userid <0-100>
es-alarm-threshold auth <0-100>
es-alarm-threshold gtp <0-100>
es-alarm-threshold sctp <0-100>
set deviceconfig setting logrcvr
set deviceconfig setting logrcvr container-page-timeout <1-60>
set deviceconfig setting vpn
set deviceconfig setting vpn ikev2
set deviceconfig setting vpn ikev2 cookie-threshold <0-65535>
set deviceconfig setting vpn ikev2 max-half-opened-sa <1-65535>
set deviceconfig setting vpn ikev2 certificate-cache-size <0-4000>
set deviceconfig setting custom-logo

set deviceconfig setting custom-logo login-screen
set deviceconfig setting custom-logo login-screen name <value>
set deviceconfig setting custom-logo login-screen content <value>
set deviceconfig setting custom-logo main-ui
set deviceconfig setting custom-logo main-ui name <value>
set deviceconfig setting custom-logo main-ui content <value>
set deviceconfig setting custom-logo pdf-report-header
set deviceconfig setting custom-logo pdf-report-header name <value>
set deviceconfig setting custom-logo pdf-report-header content <value>
set deviceconfig setting custom-logo pdf-report-footer
set deviceconfig setting custom-logo pdf-report-footer name <value>
set deviceconfig setting custom-logo pdf-report-footer content <value>
set deviceconfig high-availability
set deviceconfig high-availability enabled <yes|no>
set deviceconfig high-availability interface
set deviceconfig high-availability interface ha1
set deviceconfig high-availability interface ha1 port <ha1-a|ha1-b|management>
set deviceconfig high-availability interface ha1 link-speed <auto|10|100|1000>
set deviceconfig high-availability interface ha1 link-duplex <auto|full|half>
set deviceconfig high-availability interface ha1 encryption
set deviceconfig high-availability interface ha1 encryption enabled <yes|no>
set deviceconfig high-availability interface ha1 ip-address <ip/netmask>
set deviceconfig high-availability interface ha1 netmask <value>
set deviceconfig high-availability interface ha1 gateway <ip/netmask>
set deviceconfig high-availability interface ha1 monitor-hold-time <1000-60000>
set deviceconfig high-availability interface ha1-backup
set deviceconfig high-availability interface ha1-backup port <ha1-a|ha1-b|manage
ment>
set deviceconfig high-availability interface ha1-backup link-speed <auto|10|100|
1000>
set deviceconfig high-availability interface ha1-backup link-duplex <auto|full|h
alf>
set deviceconfig high-availability interface ha1-backup ip-address <ip/netmask>
set deviceconfig high-availability interface ha1-backup netmask <value>
set deviceconfig high-availability interface ha1-backup gateway <ip/netmask>
set deviceconfig high-availability interface ha2 port <value>|<hsci>
set deviceconfig high-availability interface ha2 ip-address <ip/netmask>
set deviceconfig high-availability interface ha2 netmask <value>
set deviceconfig high-availability interface ha2 gateway <ip/netmask>
set deviceconfig high-availability interface ha2-backup
set deviceconfig high-availability interface ha2-backup port <value>|<hsci>
set deviceconfig high-availability interface ha2-backup ip-address <ip/netmask>
set deviceconfig high-availability interface ha2-backup netmask <value>
set deviceconfig high-availability interface ha2-backup gateway <ip/netmask>
set deviceconfig high-availability interface ha3 port <value>|<hsci>
set deviceconfig high-availability group
set deviceconfig high-availability group group-id <1-63>
set deviceconfig high-availability group description <value>
set deviceconfig high-availability group election-option
set deviceconfig high-availability group election-option device-priority <0-255>
set deviceconfig high-availability group election-option preemptive <yes|no>
set deviceconfig high-availability group election-option heartbeat-backup <yes|n
o>
set deviceconfig high-availability group election-option timers
set deviceconfig high-availability group election-option timers
set deviceconfig high-availability group election-option timers recommended
set deviceconfig high-availability group election-option timers aggressive
set deviceconfig high-availability group election-option timers advanced
set deviceconfig high-availability group election-option timers advanced promoti
on-hold-time <0-60000>
set deviceconfig high-availability group election-option timers advanced hello-i
nterval <8000-60000>
set deviceconfig high-availability group election-option timers advanced heartbe
at-interval <1000-60000>
set deviceconfig high-availability group election-option timers advanced flap-ma
x <0-16>
set deviceconfig high-availability group election-option timers advanced preempt
ion-hold-time <1-60>
set deviceconfig high-availability group election-option timers advanced monitor
-fail-hold-up-time <0-60000>
set deviceconfig high-availability group election-option timers advanced additio
nal-master-hold-up-time <0-60000>
set deviceconfig high-availability group peer-ip <ip/netmask>
set deviceconfig high-availability group peer-ip-backup <ip/netmask>
set deviceconfig high-availability group state-synchronization
set deviceconfig high-availability group state-synchronization enabled <yes|no>
set deviceconfig high-availability group state-synchronization transport <ethern
et|ip|udp>
set deviceconfig high-availability group state-synchronization ha2-keep-alive
set deviceconfig high-availability group state-synchronization ha2-keep-alive en
abled <yes|no>
set deviceconfig high-availability group state-synchronization ha2-keep-alive ac
tion <log-only|split-datapath>
set deviceconfig high-availability group state-synchronization ha2-keep-alive th
reshold <5000-60000>
set deviceconfig high-availability group configuration-synchronization
set deviceconfig high-availability group configuration-synchronization enabled <
yes|no>
set deviceconfig high-availability group mode
set deviceconfig high-availability group mode
set deviceconfig high-availability group mode active-passive
set deviceconfig high-availability group mode active-passive passive-link-state
<shutdown|auto>
set deviceconfig high-availability group mode active-passive monitor-fail-hold-d

own-time <1-60>
set deviceconfig high-availability group mode active-active
set deviceconfig high-availability group mode active-active device-id <0|1>
set deviceconfig high-availability group mode active-active tentative-hold-time
<10-600>|<disabled>
set deviceconfig high-availability group mode active-active network-configuratio
n sync
n sync virtual-router <yes|no>
n sync qos <yes|no>
set deviceconfig high-availability group mode active-active virtual-address
set deviceconfig high-availability group mode active-active virtual-address <nam
e>
e> ip
e> ip <name>
e> ip <name>
e> ip <name> floating
e> ip <name> floating bind-to-active-primary <yes|no>
e> ip <name> floating device-priority
e> ip <name> floating device-priority device-0 <0-255>
e> ip <name> floating device-priority device-1 <0-255>

e> ip <name> floating device-priority failover-on-link-down <yes|no>
e> ip <name> arp-load-sharing
e> ip <name> arp-load-sharing
e> ip <name> arp-load-sharing ip-modulo
e> ip <name> arp-load-sharing ip-hash
e> ip <name> arp-load-sharing ip-hash hash-seed <0-4294967295>
e> ipv6
e> ipv6 <name>
e> ipv6 <name>
e> ipv6 <name> floating
e> ipv6 <name> floating bind-to-active-primary <yes|no>
e> ipv6 <name> floating device-priority
e> ipv6 <name> floating device-priority device-0 <0-255>
e> ipv6 <name> floating device-priority device-1 <0-255>
e> ipv6 <name> floating device-priority failover-on-link-down <yes|no>
e> ipv6 <name> arp-load-sharing

e> ipv6 <name> arp-load-sharing
e> ipv6 <name> arp-load-sharing ip-modulo
e> ipv6 <name> arp-load-sharing ip-hash
e> ipv6 <name> arp-load-sharing ip-hash hash-seed <0-4294967295>
set deviceconfig high-availability group mode active-active session-owner-select
ion
ion
ion primary-device
ion first-packet
ion first-packet session-setup
ion first-packet session-setup
ion first-packet session-setup primary-device
ion first-packet session-setup first-packet
ion first-packet session-setup ip-modulo
ion first-packet session-setup ip-hash
ion first-packet session-setup ip-hash hash-key <source|source-and-destination>
ion first-packet session-setup ip-hash hash-seed <0-4294967295>

set deviceconfig high-availability group monitoring
set deviceconfig high-availability group monitoring path-monitoring
set deviceconfig high-availability group monitoring path-monitoring enabled <yes
|no>
set deviceconfig high-availability group monitoring path-monitoring failure-cond
ition <any|all>
set deviceconfig high-availability group monitoring path-monitoring path-group
set deviceconfig high-availability group monitoring path-monitoring path-group v
irtual-wire
irtual-wire <name>
irtual-wire <name> enabled <yes|no>
irtual-wire <name> failure-condition <any|all>
irtual-wire <name> source-ip <ip/netmask>
irtual-wire <name> destination-ip [ <destination-ip1> <destination-ip2>... ]
irtual-wire <name> ping-interval <200-60000>
irtual-wire <name> ping-count <3-10>
lan
lan <name>
lan <name> enabled <yes|no>
lan <name> failure-condition <any|all>

lan <name> source-ip <ip/netmask>
lan <name> destination-ip [ <destination-ip1> <destination-ip2>... ]
lan <name> ping-interval <200-60000>
lan <name> ping-count <3-10>
irtual-router
irtual-router <name>
irtual-router <name> enabled <yes|no>
irtual-router <name> failure-condition <any|all>
irtual-router <name> destination-ip [ <destination-ip1> <destination-ip2>... ]
irtual-router <name> ping-interval <200-60000>
irtual-router <name> ping-count <3-10>
set deviceconfig high-availability group monitoring link-monitoring
set deviceconfig high-availability group monitoring link-monitoring enabled <yes
|no>
set deviceconfig high-availability group monitoring link-monitoring failure-cond
ition <any|all>
set deviceconfig high-availability group monitoring link-monitoring link-group
set deviceconfig high-availability group monitoring link-monitoring link-group <
name>
name> enabled <yes|no>

name> failure-condition <any|all>
name> interface [ <interface1> <interface2>... ]
set mgt-config
set mgt-config password-complexity
set mgt-config password-complexity enabled <yes|no>
set mgt-config password-complexity block-username-inclusion <yes|no>
set mgt-config password-complexity password-change-on-first-login <yes|no>
set mgt-config password-complexity minimum-length <6-15>
set mgt-config password-complexity minimum-length <0-15>
set mgt-config password-complexity minimum-uppercase-letters <0-15>
set mgt-config password-complexity minimum-lowercase-letters <0-15>
set mgt-config password-complexity minimum-numeric-letters <0-15>
set mgt-config password-complexity minimum-special-characters <0-15>
set mgt-config password-complexity block-repeated-characters <0-15>
set mgt-config password-complexity password-history-count <0-150>
set mgt-config password-complexity new-password-differs-by-characters <0-15>
set mgt-config password-complexity password-change-period-block <0-365>
set mgt-config password-complexity password-change
set mgt-config password-complexity password-change expiration-period <0-365>
set mgt-config password-complexity password-change expiration-warning-period <0-
30>
set mgt-config password-complexity password-change post-expiration-admin-login-c
ount <0-3>
set mgt-config password-complexity password-change post-expiration-grace-period
<0-30>
set mgt-config password-profile
set mgt-config password-profile <name>
set mgt-config password-profile <name> password-change
set mgt-config password-profile <name> password-change expiration-period <0-365>
set mgt-config password-profile <name> password-change expiration-warning-period
<0-30>
set mgt-config password-profile <name> password-change post-expiration-admin-log
in-count <0-3>
set mgt-config password-profile <name> password-change post-expiration-grace-per
iod <0-30>
set mgt-config users
set mgt-config users <name>
set mgt-config users <name> phash <value>
set mgt-config users <name> authentication-profile <value>
set mgt-config users <name> password-profile <value>
set mgt-config users <name> client-certificate-only <yes|no>
set mgt-config users <name> public-key <value>
set mgt-config users <name> public-key <value>
set mgt-config users <name> preferences
set mgt-config users <name> preferences disable-dns <yes|no>
set mgt-config users <name> preferences saved-log-query
set mgt-config users <name> preferences saved-log-query unified
set mgt-config users <name> preferences saved-log-query unified <name>
set mgt-config users <name> preferences saved-log-query unified <name> query <va
lue>
set mgt-config users <name> preferences saved-log-query traffic
set mgt-config users <name> preferences saved-log-query traffic <name>
set mgt-config users <name> preferences saved-log-query traffic <name> query <va
lue>
set mgt-config users <name> preferences saved-log-query threat
set mgt-config users <name> preferences saved-log-query threat <name>
set mgt-config users <name> preferences saved-log-query threat <name> query <val
ue>
set mgt-config users <name> preferences saved-log-query url
set mgt-config users <name> preferences saved-log-query url <name>
set mgt-config users <name> preferences saved-log-query url <name> query <value>
set mgt-config users <name> preferences saved-log-query data
set mgt-config users <name> preferences saved-log-query data <name>

set mgt-config users <name> preferences saved-log-query data <name> query <value
>
set mgt-config users <name> preferences saved-log-query config
set mgt-config users <name> preferences saved-log-query config <name>
set mgt-config users <name> preferences saved-log-query config <name> query <val
ue>
set mgt-config users <name> preferences saved-log-query system
set mgt-config users <name> preferences saved-log-query system <name>
set mgt-config users <name> preferences saved-log-query system <name> query <val
ue>
set mgt-config users <name> preferences saved-log-query wildfire
set mgt-config users <name> preferences saved-log-query wildfire <name>
set mgt-config users <name> preferences saved-log-query wildfire <name> query <v
alue>
set mgt-config users <name> preferences saved-log-query hipmatch
set mgt-config users <name> preferences saved-log-query hipmatch <name>
set mgt-config users <name> preferences saved-log-query hipmatch <name> query <v
alue>
set mgt-config users <name> preferences saved-log-query corr
set mgt-config users <name> preferences saved-log-query corr <name>
set mgt-config users <name> preferences saved-log-query corr <name> query <value
>
set mgt-config users <name> preferences saved-log-query tunnel
set mgt-config users <name> preferences saved-log-query tunnel <name>
set mgt-config users <name> preferences saved-log-query tunnel <name> query <val
ue>
set mgt-config users <name> preferences saved-log-query userid
set mgt-config users <name> preferences saved-log-query userid <name>
set mgt-config users <name> preferences saved-log-query userid <name> query <val
ue>
set mgt-config users <name> preferences saved-log-query auth
set mgt-config users <name> preferences saved-log-query auth <name>

set mgt-config users <name> preferences saved-log-query auth <name> query <value
>
set mgt-config users <name> preferences saved-log-query alarm
set mgt-config users <name> preferences saved-log-query alarm <name>
set mgt-config users <name> preferences saved-log-query alarm <name> query <valu
e>
set mgt-config users <name> permissions
set mgt-config users <name> permissions role-based
set mgt-config users <name> permissions role-based vsysreader
set mgt-config users <name> permissions role-based vsysreader <name>
set mgt-config users <name> permissions role-based vsysreader <name> vsys [ <vs
ys1> <vsys2>... ]
set mgt-config users <name> permissions role-based vsysadmin
set mgt-config users <name> permissions role-based vsysadmin <name>
set mgt-config users <name> permissions role-based vsysadmin <name> vsys [ <vsy
s1> <vsys2>... ]
set mgt-config users <name> permissions role-based devicereader [ <devicereader
1> <devicereader2>... ]
set mgt-config users <name> permissions role-based deviceadmin [ <deviceadmin1>
<deviceadmin2>... ]
set mgt-config users <name> permissions role-based superreader <yes>
set mgt-config users <name> permissions role-based superuser <yes>
set mgt-config users <name> permissions role-based custom
set mgt-config users <name> permissions role-based custom profile <value>
set mgt-config users <name> permissions role-based custom vsys [ <vsys1> <vsys2
>... ]
set mgt-config access-domain
set mgt-config access-domain <name>
set mgt-config access-domain <name> vsys [ <vsys1> <vsys2>... ]
set network
set network profiles
set network profiles monitor-profile

set network profiles monitor-profile <name>
set network profiles monitor-profile <name> interval <2-100>
set network profiles monitor-profile <name> threshold <2-10>
set network profiles monitor-profile <name> action <wait-recover|fail-over>
set network profiles interface-management-profile
set network profiles interface-management-profile <name>
set network profiles interface-management-profile <name> http <yes|no>
set network profiles interface-management-profile <name> https <yes|no>
set network profiles interface-management-profile <name> ping <yes|no>
set network profiles interface-management-profile <name> response-pages <yes|no>
set network profiles interface-management-profile <name> userid-service <yes|no>
set network profiles interface-management-profile <name> userid-syslog-listener-
ssl <yes|no>
set network profiles interface-management-profile <name> userid-syslog-listener-
udp <yes|no>
set network profiles interface-management-profile <name> ssh <yes|no>
set network profiles interface-management-profile <name> telnet <yes|no>
set network profiles interface-management-profile <name> snmp <yes|no>
set network profiles interface-management-profile <name> http-ocsp <yes|no>
set network profiles interface-management-profile <name> permitted-ip
set network profiles interface-management-profile <name> permitted-ip <name>
set network profiles zone-protection-profile
set network profiles zone-protection-profile <name>
set network profiles zone-protection-profile <name> description <value>
set network profiles zone-protection-profile <name> scan
set network profiles zone-protection-profile <name> scan <name>
set network profiles zone-protection-profile <name> scan <name> action
set network profiles zone-protection-profile <name> scan <name> action allow
set network profiles zone-protection-profile <name> scan <name> action alert
set network profiles zone-protection-profile <name> scan <name> action block
set network profiles zone-protection-profile <name> scan <name> action block-ip

track-by <source|source-and-destination>
duration <1-3600>
set network profiles zone-protection-profile <name> scan <name> interval <2-6553
5>
set network profiles zone-protection-profile <name> scan <name> threshold <2-655
35>
set network profiles zone-protection-profile <name> scan-white-list
set network profiles zone-protection-profile <name> scan-white-list <name>
set network profiles zone-protection-profile <name> scan-white-list <name>
set network profiles zone-protection-profile <name> scan-white-list <name> ipv4
<value>
set network profiles zone-protection-profile <name> scan-white-list <name> ipv6
<value>
set network profiles zone-protection-profile <name> flood
set network profiles zone-protection-profile <name> flood tcp-syn
set network profiles zone-protection-profile <name> flood tcp-syn enable <yes|no
>
set network profiles zone-protection-profile <name> flood tcp-syn
set network profiles zone-protection-profile <name> flood tcp-syn red
set network profiles zone-protection-profile <name> flood tcp-syn red alarm-rate
<0-2000000>
set network profiles zone-protection-profile <name> flood tcp-syn red activate-r
ate <1-2000000>
set network profiles zone-protection-profile <name> flood tcp-syn red maximal-ra
te <1-2000000>
set network profiles zone-protection-profile <name> flood tcp-syn syn-cookies
set network profiles zone-protection-profile <name> flood tcp-syn syn-cookies al
arm-rate <0-2000000>
set network profiles zone-protection-profile <name> flood tcp-syn syn-cookies ac
tivate-rate <0-2000000>
set network profiles zone-protection-profile <name> flood tcp-syn syn-cookies ma

ximal-rate <1-2000000>
set network profiles zone-protection-profile <name> flood udp
set network profiles zone-protection-profile <name> flood udp enable <yes|no>
set network profiles zone-protection-profile <name> flood udp red
set network profiles zone-protection-profile <name> flood udp red alarm-rate <0-
2000000>
set network profiles zone-protection-profile <name> flood udp red activate-rate
<1-2000000>
set network profiles zone-protection-profile <name> flood udp red maximal-rate <
1-2000000>
set network profiles zone-protection-profile <name> flood icmp
set network profiles zone-protection-profile <name> flood icmp enable <yes|no>
set network profiles zone-protection-profile <name> flood icmp red
set network profiles zone-protection-profile <name> flood icmp red alarm-rate <0
-2000000>
set network profiles zone-protection-profile <name> flood icmp red activate-rate
<1-2000000>
set network profiles zone-protection-profile <name> flood icmp red maximal-rate
<1-2000000>
set network profiles zone-protection-profile <name> flood icmpv6
set network profiles zone-protection-profile <name> flood icmpv6 enable <yes|no>
set network profiles zone-protection-profile <name> flood icmpv6 red
set network profiles zone-protection-profile <name> flood icmpv6 red alarm-rate
<0-2000000>
set network profiles zone-protection-profile <name> flood icmpv6 red activate-ra
te <1-2000000>
set network profiles zone-protection-profile <name> flood icmpv6 red maximal-rat
e <1-2000000>
set network profiles zone-protection-profile <name> flood other-ip
set network profiles zone-protection-profile <name> flood other-ip enable <yes|n
o>
set network profiles zone-protection-profile <name> flood other-ip red

set network profiles zone-protection-profile <name> flood other-ip red alarm-rat
e <0-2000000>
set network profiles zone-protection-profile <name> flood other-ip red activate-
rate <1-2000000>
set network profiles zone-protection-profile <name> flood other-ip red maximal-r
ate <1-2000000>
set network profiles zone-protection-profile <name> ipv6
set network profiles zone-protection-profile <name> ipv6 routing-header-0 <yes|n
o>
o>
o>
set network profiles zone-protection-profile <name> ipv6 routing-header-4-252 <y
es|no>
set network profiles zone-protection-profile <name> ipv6 routing-header-253 <yes
|no>
|no>
|no>
set network profiles zone-protection-profile <name> ipv6 ipv4-compatible-address
<yes|no>
set network profiles zone-protection-profile <name> ipv6 multicast-source <yes|n
o>
set network profiles zone-protection-profile <name> ipv6 anycast-source <yes|no>
set network profiles zone-protection-profile <name> ipv6 filter-ext-hdr
set network profiles zone-protection-profile <name> ipv6 filter-ext-hdr hop-by-h
op-hdr <yes|no>
set network profiles zone-protection-profile <name> ipv6 filter-ext-hdr routing-
hdr <yes|no>
set network profiles zone-protection-profile <name> ipv6 filter-ext-hdr dest-opt

ion-hdr <yes|no>
set network profiles zone-protection-profile <name> ipv6 ignore-inv-pkt
set network profiles zone-protection-profile <name> ipv6 ignore-inv-pkt dest-unr
each <yes|no>
set network profiles zone-protection-profile <name> ipv6 ignore-inv-pkt pkt-too-
big <yes|no>
set network profiles zone-protection-profile <name> ipv6 ignore-inv-pkt time-exc
eeded <yes|no>
set network profiles zone-protection-profile <name> ipv6 ignore-inv-pkt param-pr
oblem <yes|no>
set network profiles zone-protection-profile <name> ipv6 ignore-inv-pkt redirect
<yes|no>
set network profiles zone-protection-profile <name> ipv6 options-invalid-ipv6-di
scard <yes|no>
set network profiles zone-protection-profile <name> ipv6 icmpv6-too-big-small-mt
u-discard <yes|no>
set network profiles zone-protection-profile <name> ipv6 needless-fragment-hdr <
yes|no>
set network profiles zone-protection-profile <name> ipv6 reserved-field-set-disc
ard <yes|no>
set network profiles zone-protection-profile <name> tcp-reject-non-syn <global|y
es|no>
set network profiles zone-protection-profile <name> strip-mptcp-option <global|y
es|no>
set network profiles zone-protection-profile <name> asymmetric-path <global|drop
|bypass>
set network profiles zone-protection-profile <name> discard-ip-spoof <yes|no>
set network profiles zone-protection-profile <name> discard-ip-frag <yes|no>
set network profiles zone-protection-profile <name> discard-icmp-ping-zero-id <y
es|no>
set network profiles zone-protection-profile <name> discard-icmp-frag <yes|no>
set network profiles zone-protection-profile <name> discard-icmp-large-packet <y

es|no>
set network profiles zone-protection-profile <name> discard-icmp-error <yes|no>
set network profiles zone-protection-profile <name> suppress-icmp-timeexceeded <
yes|no>
set network profiles zone-protection-profile <name> suppress-icmp-needfrag <yes|
no>
set network profiles zone-protection-profile <name> discard-strict-source-routin
g <yes|no>
set network profiles zone-protection-profile <name> discard-loose-source-routing
<yes|no>
set network profiles zone-protection-profile <name> discard-timestamp <yes|no>
set network profiles zone-protection-profile <name> discard-record-route <yes|no
>
set network profiles zone-protection-profile <name> discard-security <yes|no>
set network profiles zone-protection-profile <name> discard-stream-id <yes|no>
set network profiles zone-protection-profile <name> discard-unknown-option <yes|
no>
set network profiles zone-protection-profile <name> discard-malformed-option <ye
s|no>
set network profiles zone-protection-profile <name> discard-overlapping-tcp-segm
ent-mismatch <yes|no>
set network profiles zone-protection-profile <name> strict-ip-check <yes|no>
set network profiles zone-protection-profile <name> remove-tcp-timestamp <yes|no
>
set network profiles zone-protection-profile <name> discard-tcp-split-handshake
<yes|no>
set network profiles zone-protection-profile <name> discard-tcp-syn-with-data <y
es|no>
set network profiles zone-protection-profile <name> discard-tcp-synack-with-data
<yes|no>
set network profiles zone-protection-profile <name> strip-tcp-fast-open-and-data
<yes|no>
set network profiles zone-protection-profile <name> non-ip-protocol
set network profiles zone-protection-profile <name> non-ip-protocol list-type <e
xclude|include>
set network profiles zone-protection-profile <name> non-ip-protocol protocol
set network profiles zone-protection-profile <name> non-ip-protocol protocol <na
me>
me> ether-type <value>
me> enable <yes|no>
set network profiles lldp-profile
set network profiles lldp-profile <name>
set network profiles lldp-profile <name> mode <transmit-receive|transmit-only|re
ceive-only>
set network profiles lldp-profile <name> snmp-syslog-notification <yes|no>
set network profiles lldp-profile <name> option-tlvs
set network profiles lldp-profile <name> option-tlvs port-description <yes|no>
set network profiles lldp-profile <name> option-tlvs system-name <yes|no>
set network profiles lldp-profile <name> option-tlvs system-description <yes|no>
set network profiles lldp-profile <name> option-tlvs system-capabilities <yes|no
>
set network profiles lldp-profile <name> option-tlvs management-address
set network profiles lldp-profile <name> option-tlvs management-address enabled
<yes|no>
set network profiles lldp-profile <name> option-tlvs management-address iplist
set network profiles lldp-profile <name> option-tlvs management-address iplist <
name>
name> interface <value>
name>

name> ipv4 <value>
name> ipv6 <value>
set network profiles bfd-profile
set network profiles bfd-profile <name>
set network profiles bfd-profile <name> mode <active|passive>
set network profiles bfd-profile <name> min-tx-interval <100-2000>
set network profiles bfd-profile <name> min-rx-interval <100-2000>
set network profiles bfd-profile <name> detection-multiplier <2-50>
set network profiles bfd-profile <name> hold-time <0-120000>
set network profiles bfd-profile <name> multihop
set network profiles bfd-profile <name> multihop min-received-ttl <1-254>
set network interface
set network interface ethernet
set network interface ethernet <name>
set network interface ethernet <name> link-speed <value>
set network interface ethernet <name> link-duplex <value>
set network interface ethernet <name> link-state <auto|up|down>
set network interface ethernet <name>
set network interface ethernet <name> tap
set network interface ethernet <name> tap netflow-profile <value>
set network interface ethernet <name> ha
set network interface ethernet <name> decrypt-mirror
set network interface ethernet <name> virtual-wire
set network interface ethernet <name> virtual-wire units
set network interface ethernet <name> virtual-wire units <name>
set network interface ethernet <name> virtual-wire units <name> tag <0-4094>
set network interface ethernet <name> virtual-wire units <name> netflow-profile
<value>
set network interface ethernet <name> virtual-wire units <name> comment <value>
set network interface ethernet <name> virtual-wire units <name> ip-classifier [
<ip-classifier1> <ip-classifier2>... ]
set network interface ethernet <name> virtual-wire netflow-profile <value>
set network interface ethernet <name> virtual-wire lldp
set network interface ethernet <name> virtual-wire lldp enable <yes|no>
set network interface ethernet <name> virtual-wire lldp profile <value>
set network interface ethernet <name> virtual-wire lldp high-availability
set network interface ethernet <name> virtual-wire lldp high-availability passiv
e-pre-negotiation <yes|no>
set network interface ethernet <name> virtual-wire lacp
set network interface ethernet <name> virtual-wire lacp high-availability
set network interface ethernet <name> virtual-wire lacp high-availability passiv
e-pre-negotiation <yes|no>
set network interface ethernet <name> layer2
set network interface ethernet <name> layer2 units
set network interface ethernet <name> layer2 units <name>
set network interface ethernet <name> layer2 units <name> tag <1-4094>
set network interface ethernet <name> layer2 units <name> netflow-profile <value
>
set network interface ethernet <name> layer2 units <name> comment <value>
set network interface ethernet <name> layer2 netflow-profile <value>
set network interface ethernet <name> layer2 lldp
set network interface ethernet <name> layer2 lldp enable <yes|no>
set network interface ethernet <name> layer2 lldp profile <value>
set network interface ethernet <name> layer2 lldp high-availability
set network interface ethernet <name> layer2 lldp high-availability passive-pre-
negotiation <yes|no>
set network interface ethernet <name> layer3
set network interface ethernet <name> layer3 decrypt-forward <yes|no>
set network interface ethernet <name> layer3 mtu <576-9216>
set network interface ethernet <name> layer3 mtu <576-1460>
set network interface ethernet <name> layer3 adjust-tcp-mss
set network interface ethernet <name> layer3 adjust-tcp-mss enable <yes|no>
set network interface ethernet <name> layer3 adjust-tcp-mss ipv4-mss-adjustment

<40-300>
set network interface ethernet <name> layer3 adjust-tcp-mss ipv6-mss-adjustment
<60-300>
set network interface ethernet <name> layer3 untagged-sub-interface <yes|no>
set network interface ethernet <name> layer3 ip
set network interface ethernet <name> layer3 ip <name>
set network interface ethernet <name> layer3 ipv6
set network interface ethernet <name> layer3 ipv6 enabled <yes|no>
set network interface ethernet <name> layer3 ipv6 interface-id <value>|<EUI-64>
set network interface ethernet <name> layer3 ipv6 address
set network interface ethernet <name> layer3 ipv6 address <name>
set network interface ethernet <name> layer3 ipv6 address <name> enable-on-inter
face <yes|no>
set network interface ethernet <name> layer3 ipv6 address <name> prefix
set network interface ethernet <name> layer3 ipv6 address <name> anycast
set network interface ethernet <name> layer3 ipv6 address <name> advertise
set network interface ethernet <name> layer3 ipv6 address <name> advertise enabl
e <yes|no>
set network interface ethernet <name> layer3 ipv6 address <name> advertise valid
-lifetime <0-4294967294>|<infinity>
set network interface ethernet <name> layer3 ipv6 address <name> advertise prefe
rred-lifetime <0-4294967294>|<infinity>
set network interface ethernet <name> layer3 ipv6 address <name> advertise onlin
k-flag <yes|no>
set network interface ethernet <name> layer3 ipv6 address <name> advertise auto-
config-flag <yes|no>
set network interface ethernet <name> layer3 ipv6 neighbor-discovery
set network interface ethernet <name> layer3 ipv6 neighbor-discovery router-adve
rtisement
rtisement enable <yes|no>

rtisement max-interval <4-1800>
rtisement min-interval <3-1350>
rtisement managed-flag <yes|no>
rtisement other-flag <yes|no>
rtisement link-mtu <1280-9216>|<unspecified>
rtisement reachable-time <0-3600000>|<unspecified>
rtisement retransmission-timer <0-4294967295>|<unspecified>
rtisement hop-limit <1-255>|<unspecified>
rtisement lifetime <0-9000>
rtisement router-preference <High|Medium|Low>
rtisement enable-consistency-check <yes|no>
rtisement dns-support
rtisement dns-support enable <yes|no>
rtisement dns-support server
rtisement dns-support server <name>
rtisement dns-support server <name> lifetime <4-3600>

rtisement dns-support suffix
rtisement dns-support suffix <name>
rtisement dns-support suffix <name> lifetime <4-3600>
set network interface ethernet <name> layer3 ipv6 neighbor-discovery enable-ndp-
monitor <yes|no>
set network interface ethernet <name> layer3 ipv6 neighbor-discovery enable-dad
<yes|no>
set network interface ethernet <name> layer3 ipv6 neighbor-discovery dad-attempt
s <0-10>
set network interface ethernet <name> layer3 ipv6 neighbor-discovery ns-interval
<1-3600>
set network interface ethernet <name> layer3 ipv6 neighbor-discovery reachable-t
ime <10-36000>
set network interface ethernet <name> layer3 ipv6 neighbor-discovery neighbor
set network interface ethernet <name> layer3 ipv6 neighbor-discovery neighbor <n
ame>
set network interface ethernet <name> layer3 ipv6 neighbor-discovery neighbor <n
ame> hw-address <value>
set network interface ethernet <name> layer3 pppoe
set network interface ethernet <name> layer3 pppoe enable <yes|no>
set network interface ethernet <name> layer3 pppoe authentication <CHAP|PAP|auto
>
set network interface ethernet <name> layer3 pppoe static-address
set network interface ethernet <name> layer3 pppoe static-address ip <value>
set network interface ethernet <name> layer3 pppoe username <value>
set network interface ethernet <name> layer3 pppoe password <value>
set network interface ethernet <name> layer3 pppoe create-default-route <yes|no>
set network interface ethernet <name> layer3 pppoe default-route-metric <1-65535
>
set network interface ethernet <name> layer3 pppoe access-concentrator <value>

set network interface ethernet <name> layer3 pppoe service <value>
set network interface ethernet <name> layer3 pppoe passive
set network interface ethernet <name> layer3 pppoe passive enable <yes|no>
set network interface ethernet <name> layer3 dhcp-client
set network interface ethernet <name> layer3 dhcp-client enable <yes|no>
set network interface ethernet <name> layer3 dhcp-client create-default-route <y
es|no>
set network interface ethernet <name> layer3 dhcp-client default-route-metric <1
-65535>
set network interface ethernet <name> layer3 arp
set network interface ethernet <name> layer3 arp <name>
set network interface ethernet <name> layer3 arp <name> hw-address <value>
set network interface ethernet <name> layer3 ndp-proxy
set network interface ethernet <name> layer3 ndp-proxy enabled <yes|no>
set network interface ethernet <name> layer3 ndp-proxy address
set network interface ethernet <name> layer3 ndp-proxy address <name>
set network interface ethernet <name> layer3 ndp-proxy address <name> negate <ye
s|no>
set network interface ethernet <name> layer3 interface-management-profile <value
>
set network interface ethernet <name> layer3 units
set network interface ethernet <name> layer3 units <name>
set network interface ethernet <name> layer3 units <name> decrypt-forward <yes|n
o>
set network interface ethernet <name> layer3 units <name> mtu <576-9216>
set network interface ethernet <name> layer3 units <name> adjust-tcp-mss
set network interface ethernet <name> layer3 units <name> adjust-tcp-mss enable
<yes|no>
set network interface ethernet <name> layer3 units <name> adjust-tcp-mss ipv4-ms
s-adjustment <40-300>
set network interface ethernet <name> layer3 units <name> adjust-tcp-mss ipv6-ms
s-adjustment <60-300>
set network interface ethernet <name> layer3 units <name> ip
set network interface ethernet <name> layer3 units <name> ip <name>
set network interface ethernet <name> layer3 units <name> ipv6
set network interface ethernet <name> layer3 units <name> ipv6 enabled <yes|no>
set network interface ethernet <name> layer3 units <name> ipv6 interface-id <val
ue>|<EUI-64>
set network interface ethernet <name> layer3 units <name> ipv6 address
set network interface ethernet <name> layer3 units <name> ipv6 address <name>
set network interface ethernet <name> layer3 units <name> ipv6 address <name> en
able-on-interface <yes|no>
set network interface ethernet <name> layer3 units <name> ipv6 address <name> pr
efix
set network interface ethernet <name> layer3 units <name> ipv6 address <name> an
ycast
set network interface ethernet <name> layer3 units <name> ipv6 address <name> ad
vertise
vertise enable <yes|no>
vertise valid-lifetime <0-4294967294>|<infinity>
vertise preferred-lifetime <0-4294967294>|<infinity>
vertise onlink-flag <yes|no>
vertise auto-config-flag <yes|no>
set network interface ethernet <name> layer3 units <name> ipv6 neighbor-discover
y router-advertisement
y router-advertisement enable <yes|no>

y router-advertisement max-interval <4-1800>
y router-advertisement min-interval <3-1350>
y router-advertisement managed-flag <yes|no>
y router-advertisement other-flag <yes|no>
y router-advertisement link-mtu <1280-9216>|<unspecified>
y router-advertisement reachable-time <0-3600000>|<unspecified>
y router-advertisement retransmission-timer <0-4294967295>|<unspecified>
y router-advertisement hop-limit <1-255>|<unspecified>
y router-advertisement lifetime <0-9000>
y router-advertisement router-preference <High|Medium|Low>
y router-advertisement enable-consistency-check <yes|no>
y router-advertisement dns-support
y router-advertisement dns-support enable <yes|no>
y router-advertisement dns-support server
y router-advertisement dns-support server <name>
y router-advertisement dns-support server <name> lifetime <4-3600>

y router-advertisement dns-support suffix
y router-advertisement dns-support suffix <name>
y router-advertisement dns-support suffix <name> lifetime <4-3600>
y enable-ndp-monitor <yes|no>
y enable-dad <yes|no>
y dad-attempts <0-10>
y ns-interval <1-3600>
y reachable-time <10-36000>
y neighbor
y neighbor <name>
y neighbor <name> hw-address <value>
set network interface ethernet <name> layer3 units <name> arp
set network interface ethernet <name> layer3 units <name> arp <name>
set network interface ethernet <name> layer3 units <name> arp <name> hw-address
<value>
set network interface ethernet <name> layer3 units <name> ndp-proxy
set network interface ethernet <name> layer3 units <name> ndp-proxy enabled <yes
|no>
set network interface ethernet <name> layer3 units <name> ndp-proxy address
set network interface ethernet <name> layer3 units <name> ndp-proxy address <nam
e>
set network interface ethernet <name> layer3 units <name> ndp-proxy address <nam
e> negate <yes|no>
set network interface ethernet <name> layer3 units <name> interface-management-p
rofile <value>
set network interface ethernet <name> layer3 units <name> tag <1-4094>
set network interface ethernet <name> layer3 units <name> dhcp-client
set network interface ethernet <name> layer3 units <name> dhcp-client enable <ye
s|no>
set network interface ethernet <name> layer3 units <name> dhcp-client create-def
ault-route <yes|no>
set network interface ethernet <name> layer3 units <name> dhcp-client default-ro
ute-metric <1-65535>
set network interface ethernet <name> layer3 units <name> netflow-profile <value
>
set network interface ethernet <name> layer3 units <name> comment <value>
set network interface ethernet <name> layer3 netflow-profile <value>
set network interface ethernet <name> layer3 lldp
set network interface ethernet <name> layer3 lldp enable <yes|no>
set network interface ethernet <name> layer3 lldp profile <value>
set network interface ethernet <name> layer3 lldp high-availability
set network interface ethernet <name> layer3 lldp high-availability passive-pre-
negotiation <yes|no>
set network interface ethernet <name> aggregate-group <value>
set network interface ethernet <name> comment <value>
set network interface ethernet <name> lacp
set network interface ethernet <name> lacp port-priority <1-65535>
set network interface aggregate-ethernet
set network interface aggregate-ethernet <name>
set network interface aggregate-ethernet <name>
set network interface aggregate-ethernet <name> ha
set network interface aggregate-ethernet <name> ha lacp
set network interface aggregate-ethernet <name> ha lacp enable <yes|no>

set network interface aggregate-ethernet <name> ha lacp fast-failover <yes|no>
set network interface aggregate-ethernet <name> ha lacp mode <passive|active>
set network interface aggregate-ethernet <name> ha lacp transmission-rate <fast|
slow>
set network interface aggregate-ethernet <name> ha lacp system-priority <1-65535
>
set network interface aggregate-ethernet <name> ha lacp max-ports <1-8>
set network interface aggregate-ethernet <name> decrypt-mirror
set network interface aggregate-ethernet <name> virtual-wire
set network interface aggregate-ethernet <name> virtual-wire units
set network interface aggregate-ethernet <name> virtual-wire units <name>
set network interface aggregate-ethernet <name> virtual-wire units <name> tag <0
-4094>
set network interface aggregate-ethernet <name> virtual-wire units <name> netflo
w-profile <value>
set network interface aggregate-ethernet <name> virtual-wire units <name> commen
t <value>
set network interface aggregate-ethernet <name> virtual-wire units <name> ip-cla
ssifier [ <ip-classifier1> <ip-classifier2>... ]
set network interface aggregate-ethernet <name> virtual-wire netflow-profile <va
lue>
set network interface aggregate-ethernet <name> virtual-wire lldp
set network interface aggregate-ethernet <name> virtual-wire lldp enable <yes|no
>
set network interface aggregate-ethernet <name> virtual-wire lldp profile <value
>
set network interface aggregate-ethernet <name> virtual-wire lldp high-availabil
ity
set network interface aggregate-ethernet <name> virtual-wire lldp high-availabil
ity passive-pre-negotiation <yes|no>
set network interface aggregate-ethernet <name> layer2
set network interface aggregate-ethernet <name> layer2 units

set network interface aggregate-ethernet <name> layer2 units <name>
set network interface aggregate-ethernet <name> layer2 units <name> tag <1-4094>
set network interface aggregate-ethernet <name> layer2 units <name> netflow-prof
ile <value>
set network interface aggregate-ethernet <name> layer2 units <name> comment <val
ue>
set network interface aggregate-ethernet <name> layer2 netflow-profile <value>
set network interface aggregate-ethernet <name> layer2 lacp
set network interface aggregate-ethernet <name> layer2 lacp enable <yes|no>
set network interface aggregate-ethernet <name> layer2 lacp fast-failover <yes|n
o>
set network interface aggregate-ethernet <name> layer2 lacp mode <passive|active
>
set network interface aggregate-ethernet <name> layer2 lacp transmission-rate <f
ast|slow>
set network interface aggregate-ethernet <name> layer2 lacp system-priority <1-6
5535>
set network interface aggregate-ethernet <name> layer2 lacp max-ports <1-8>
set network interface aggregate-ethernet <name> layer2 lacp high-availability
set network interface aggregate-ethernet <name> layer2 lacp high-availability us
e-same-system-mac
e-same-system-mac enable <yes|no>
e-same-system-mac mac-address <value>
set network interface aggregate-ethernet <name> layer2 lacp high-availability pa
ssive-pre-negotiation <yes|no>
set network interface aggregate-ethernet <name> layer2 lldp
set network interface aggregate-ethernet <name> layer2 lldp enable <yes|no>
set network interface aggregate-ethernet <name> layer2 lldp profile <value>
set network interface aggregate-ethernet <name> layer2 lldp high-availability
set network interface aggregate-ethernet <name> layer2 lldp high-availability pa

set network interface aggregate-ethernet <name> layer3
set network interface aggregate-ethernet <name> layer3 decrypt-forward <yes|no>
set network interface aggregate-ethernet <name> layer3 mtu <576-9216>
set network interface aggregate-ethernet <name> layer3 adjust-tcp-mss
set network interface aggregate-ethernet <name> layer3 adjust-tcp-mss enable <ye
s|no>
set network interface aggregate-ethernet <name> layer3 adjust-tcp-mss ipv4-mss-a
djustment <40-300>
set network interface aggregate-ethernet <name> layer3 adjust-tcp-mss ipv6-mss-a
djustment <60-300>
set network interface aggregate-ethernet <name> layer3 untagged-sub-interface <y
es|no>
set network interface aggregate-ethernet <name> layer3 ip
set network interface aggregate-ethernet <name> layer3 ip <name>
set network interface aggregate-ethernet <name> layer3 ipv6
set network interface aggregate-ethernet <name> layer3 ipv6 enabled <yes|no>
set network interface aggregate-ethernet <name> layer3 ipv6 interface-id <value>
|<EUI-64>
set network interface aggregate-ethernet <name> layer3 ipv6 address
set network interface aggregate-ethernet <name> layer3 ipv6 address <name>
set network interface aggregate-ethernet <name> layer3 ipv6 address <name> enabl
e-on-interface <yes|no>
set network interface aggregate-ethernet <name> layer3 ipv6 address <name> prefi
set network interface aggregate-ethernet <name> layer3 ipv6 address <name> anyca
st
set network interface aggregate-ethernet <name> layer3 ipv6 address <name> adver
tise
tise enable <yes|no>
tise valid-lifetime <0-4294967294>|<infinity>
tise preferred-lifetime <0-4294967294>|<infinity>
tise onlink-flag <yes|no>
tise auto-config-flag <yes|no>
set network interface aggregate-ethernet <name> layer3 ipv6 neighbor-discovery
set network interface aggregate-ethernet <name> layer3 ipv6 neighbor-discovery r
outer-advertisement
outer-advertisement enable <yes|no>
outer-advertisement max-interval <4-1800>
outer-advertisement min-interval <3-1350>
outer-advertisement managed-flag <yes|no>
outer-advertisement other-flag <yes|no>
outer-advertisement link-mtu <1280-9216>|<unspecified>
outer-advertisement reachable-time <0-3600000>|<unspecified>
outer-advertisement retransmission-timer <0-4294967295>|<unspecified>
outer-advertisement hop-limit <1-255>|<unspecified>
outer-advertisement lifetime <0-9000>
outer-advertisement router-preference <High|Medium|Low>

outer-advertisement enable-consistency-check <yes|no>
outer-advertisement dns-support
outer-advertisement dns-support enable <yes|no>
outer-advertisement dns-support server
outer-advertisement dns-support server <name>
outer-advertisement dns-support server <name> lifetime <4-3600>
outer-advertisement dns-support suffix
outer-advertisement dns-support suffix <name>
outer-advertisement dns-support suffix <name> lifetime <4-3600>
set network interface aggregate-ethernet <name> layer3 ipv6 neighbor-discovery e
nable-ndp-monitor <yes|no>
set network interface aggregate-ethernet <name> layer3 ipv6 neighbor-discovery e
nable-dad <yes|no>
set network interface aggregate-ethernet <name> layer3 ipv6 neighbor-discovery d
ad-attempts <0-10>
set network interface aggregate-ethernet <name> layer3 ipv6 neighbor-discovery n
s-interval <1-3600>
eachable-time <10-36000>
eighbor
eighbor <name>
eighbor <name> hw-address <value>
set network interface aggregate-ethernet <name> layer3 lacp
set network interface aggregate-ethernet <name> layer3 lacp enable <yes|no>
set network interface aggregate-ethernet <name> layer3 lacp fast-failover <yes|n
o>
set network interface aggregate-ethernet <name> layer3 lacp mode <passive|active
>
set network interface aggregate-ethernet <name> layer3 lacp transmission-rate <f
ast|slow>
set network interface aggregate-ethernet <name> layer3 lacp system-priority <1-6
5535>
set network interface aggregate-ethernet <name> layer3 lacp max-ports <1-8>
set network interface aggregate-ethernet <name> layer3 lacp high-availability
e-same-system-mac
e-same-system-mac enable <yes|no>
e-same-system-mac mac-address <value>
set network interface aggregate-ethernet <name> layer3 lacp high-availability pa
set network interface aggregate-ethernet <name> layer3 lldp
set network interface aggregate-ethernet <name> layer3 lldp enable <yes|no>
set network interface aggregate-ethernet <name> layer3 lldp profile <value>
set network interface aggregate-ethernet <name> layer3 lldp high-availability
set network interface aggregate-ethernet <name> layer3 lldp high-availability pa
set network interface aggregate-ethernet <name> layer3 arp
set network interface aggregate-ethernet <name> layer3 arp <name>
set network interface aggregate-ethernet <name> layer3 arp <name> hw-address <va
lue>
set network interface aggregate-ethernet <name> layer3 ndp-proxy
set network interface aggregate-ethernet <name> layer3 ndp-proxy enabled <yes|no
>
set network interface aggregate-ethernet <name> layer3 ndp-proxy address
set network interface aggregate-ethernet <name> layer3 ndp-proxy address <name>
set network interface aggregate-ethernet <name> layer3 ndp-proxy address <name>
negate <yes|no>
set network interface aggregate-ethernet <name> layer3 interface-management-prof
ile <value>
set network interface aggregate-ethernet <name> layer3 dhcp-client
set network interface aggregate-ethernet <name> layer3 dhcp-client enable <yes|n
o>
set network interface aggregate-ethernet <name> layer3 dhcp-client create-defaul
t-route <yes|no>
set network interface aggregate-ethernet <name> layer3 dhcp-client default-route
-metric <1-65535>
set network interface aggregate-ethernet <name> layer3 units
set network interface aggregate-ethernet <name> layer3 units <name>
set network interface aggregate-ethernet <name> layer3 units <name> decrypt-forw
ard <yes|no>
set network interface aggregate-ethernet <name> layer3 units <name> mtu <576-921
6>
set network interface aggregate-ethernet <name> layer3 units <name> adjust-tcp-m
ss
ss enable <yes|no>
ss ipv4-mss-adjustment <40-300>
ss ipv6-mss-adjustment <60-300>
set network interface aggregate-ethernet <name> layer3 units <name> ip
set network interface aggregate-ethernet <name> layer3 units <name> ip <name>

set network interface aggregate-ethernet <name> layer3 units <name> ipv6
set network interface aggregate-ethernet <name> layer3 units <name> ipv6 enabled
<yes|no>
set network interface aggregate-ethernet <name> layer3 units <name> ipv6 interfa
ce-id <value>|<EUI-64>
set network interface aggregate-ethernet <name> layer3 units <name> ipv6 address
<name>
<name> enable-on-interface <yes|no>
<name> prefix
<name> anycast
<name> advertise
<name> advertise enable <yes|no>
<name> advertise valid-lifetime <0-4294967294>|<infinity>
<name> advertise preferred-lifetime <0-4294967294>|<infinity>
<name> advertise onlink-flag <yes|no>
<name> advertise auto-config-flag <yes|no>
set network interface aggregate-ethernet <name> layer3 units <name> ipv6 neighbo
r-discovery
r-discovery router-advertisement
r-discovery router-advertisement enable <yes|no>
r-discovery router-advertisement max-interval <4-1800>
r-discovery router-advertisement min-interval <3-1350>
r-discovery router-advertisement managed-flag <yes|no>
r-discovery router-advertisement other-flag <yes|no>
r-discovery router-advertisement link-mtu <1280-9216>|<unspecified>
r-discovery router-advertisement reachable-time <0-3600000>|<unspecified>
r-discovery router-advertisement retransmission-timer <0-4294967295>|<unspecifie
d>
r-discovery router-advertisement hop-limit <1-255>|<unspecified>
r-discovery router-advertisement lifetime <0-9000>
r-discovery router-advertisement router-preference <High|Medium|Low>
r-discovery router-advertisement enable-consistency-check <yes|no>
r-discovery router-advertisement dns-support
r-discovery router-advertisement dns-support enable <yes|no>
r-discovery router-advertisement dns-support server
r-discovery router-advertisement dns-support server <name>

r-discovery router-advertisement dns-support server <name> lifetime <4-3600>
r-discovery router-advertisement dns-support suffix
r-discovery router-advertisement dns-support suffix <name>
r-discovery router-advertisement dns-support suffix <name> lifetime <4-3600>
r-discovery enable-ndp-monitor <yes|no>
r-discovery enable-dad <yes|no>
r-discovery dad-attempts <0-10>
r-discovery ns-interval <1-3600>
r-discovery reachable-time <10-36000>
r-discovery neighbor
r-discovery neighbor <name>
r-discovery neighbor <name> hw-address <value>
set network interface aggregate-ethernet <name> layer3 units <name> arp
set network interface aggregate-ethernet <name> layer3 units <name> arp <name>
set network interface aggregate-ethernet <name> layer3 units <name> arp <name> h
w-address <value>
set network interface aggregate-ethernet <name> layer3 units <name> ndp-proxy
set network interface aggregate-ethernet <name> layer3 units <name> ndp-proxy en
abled <yes|no>
set network interface aggregate-ethernet <name> layer3 units <name> ndp-proxy ad

dress
dress <name>
dress <name> negate <yes|no>
set network interface aggregate-ethernet <name> layer3 units <name> interface-ma
nagement-profile <value>
set network interface aggregate-ethernet <name> layer3 units <name> tag <1-4094>
set network interface aggregate-ethernet <name> layer3 units <name> dhcp-client
enable <yes|no>
create-default-route <yes|no>
default-route-metric <1-65535>
set network interface aggregate-ethernet <name> layer3 units <name> netflow-prof
ile <value>
set network interface aggregate-ethernet <name> layer3 units <name> comment <val
ue>
set network interface aggregate-ethernet <name> layer3 netflow-profile <value>
set network interface aggregate-ethernet <name> comment <value>
set network interface vlan
set network interface vlan mtu <576-9216>
set network interface vlan adjust-tcp-mss
set network interface vlan adjust-tcp-mss enable <yes|no>
set network interface vlan adjust-tcp-mss ipv4-mss-adjustment <40-300>
set network interface vlan adjust-tcp-mss ipv6-mss-adjustment <60-300>
set network interface vlan ip
set network interface vlan ip <name>
set network interface vlan ipv6
set network interface vlan ipv6 enabled <yes|no>
set network interface vlan ipv6 interface-id <value>|<EUI-64>

set network interface vlan ipv6 address
set network interface vlan ipv6 address <name>
set network interface vlan ipv6 address <name> enable-on-interface <yes|no>
set network interface vlan ipv6 address <name> prefix
set network interface vlan ipv6 address <name> anycast
set network interface vlan ipv6 address <name> advertise
set network interface vlan ipv6 address <name> advertise enable <yes|no>
set network interface vlan ipv6 address <name> advertise valid-lifetime <0-42949
67294>|<infinity>
set network interface vlan ipv6 address <name> advertise preferred-lifetime <0-4
294967294>|<infinity>
set network interface vlan ipv6 address <name> advertise onlink-flag <yes|no>
set network interface vlan ipv6 address <name> advertise auto-config-flag <yes|n
o>
set network interface vlan ipv6 neighbor-discovery
set network interface vlan ipv6 neighbor-discovery router-advertisement
set network interface vlan ipv6 neighbor-discovery router-advertisement enable <
yes|no>
set network interface vlan ipv6 neighbor-discovery router-advertisement max-inte
rval <4-1800>
set network interface vlan ipv6 neighbor-discovery router-advertisement min-inte
rval <3-1350>
set network interface vlan ipv6 neighbor-discovery router-advertisement managed-
flag <yes|no>
set network interface vlan ipv6 neighbor-discovery router-advertisement other-fl
ag <yes|no>
set network interface vlan ipv6 neighbor-discovery router-advertisement link-mtu
<1280-9216>|<unspecified>
set network interface vlan ipv6 neighbor-discovery router-advertisement reachabl
e-time <0-3600000>|<unspecified>
set network interface vlan ipv6 neighbor-discovery router-advertisement retransm
ission-timer <0-4294967295>|<unspecified>
set network interface vlan ipv6 neighbor-discovery router-advertisement hop-limi
t <1-255>|<unspecified>
set network interface vlan ipv6 neighbor-discovery router-advertisement lifetime
<0-9000>
set network interface vlan ipv6 neighbor-discovery router-advertisement router-p
reference <High|Medium|Low>
set network interface vlan ipv6 neighbor-discovery router-advertisement enable-c
onsistency-check <yes|no>
set network interface vlan ipv6 neighbor-discovery router-advertisement dns-supp
ort
ort enable <yes|no>
ort server
ort server <name>
ort server <name> lifetime <4-3600>
ort suffix
ort suffix <name>
ort suffix <name> lifetime <4-3600>
set network interface vlan ipv6 neighbor-discovery enable-ndp-monitor <yes|no>
set network interface vlan ipv6 neighbor-discovery enable-dad <yes|no>
set network interface vlan ipv6 neighbor-discovery dad-attempts <0-10>
set network interface vlan ipv6 neighbor-discovery ns-interval <1-3600>
set network interface vlan ipv6 neighbor-discovery reachable-time <10-36000>
set network interface vlan ipv6 neighbor-discovery neighbor
set network interface vlan ipv6 neighbor-discovery neighbor <name>
set network interface vlan ipv6 neighbor-discovery neighbor <name> hw-address <v
alue>
set network interface vlan arp
set network interface vlan arp <name>
set network interface vlan arp <name> hw-address <value>
set network interface vlan arp <name> interface <value>
set network interface vlan ndp-proxy
set network interface vlan ndp-proxy enabled <yes|no>
set network interface vlan ndp-proxy address
set network interface vlan ndp-proxy address <name>
set network interface vlan ndp-proxy address <name> negate <yes|no>
set network interface vlan interface-management-profile <value>
set network interface vlan dhcp-client
set network interface vlan dhcp-client enable <yes|no>
set network interface vlan dhcp-client create-default-route <yes|no>
set network interface vlan dhcp-client default-route-metric <1-65535>
set network interface vlan units
set network interface vlan units <name>
set network interface vlan units <name> mtu <576-9216>
set network interface vlan units <name> adjust-tcp-mss
set network interface vlan units <name> adjust-tcp-mss enable <yes|no>
set network interface vlan units <name> adjust-tcp-mss ipv4-mss-adjustment <40-3
00>
set network interface vlan units <name> adjust-tcp-mss ipv6-mss-adjustment <60-3
00>
set network interface vlan units <name> ip
set network interface vlan units <name> ip <name>
set network interface vlan units <name> ipv6
set network interface vlan units <name> ipv6 enabled <yes|no>
set network interface vlan units <name> ipv6 interface-id <value>|<EUI-64>
set network interface vlan units <name> ipv6 address
set network interface vlan units <name> ipv6 address <name>
set network interface vlan units <name> ipv6 address <name> enable-on-interface
<yes|no>
set network interface vlan units <name> ipv6 address <name> prefix
set network interface vlan units <name> ipv6 address <name> anycast
set network interface vlan units <name> ipv6 address <name> advertise
set network interface vlan units <name> ipv6 address <name> advertise enable <ye
s|no>
set network interface vlan units <name> ipv6 address <name> advertise valid-life
time <0-4294967294>|<infinity>
set network interface vlan units <name> ipv6 address <name> advertise preferred-
lifetime <0-4294967294>|<infinity>
set network interface vlan units <name> ipv6 address <name> advertise onlink-fla
g <yes|no>
set network interface vlan units <name> ipv6 address <name> advertise auto-confi
g-flag <yes|no>
set network interface vlan units <name> ipv6 neighbor-discovery
set network interface vlan units <name> ipv6 neighbor-discovery router-advertise
ment
ment enable <yes|no>
ment max-interval <4-1800>
ment min-interval <3-1350>
ment managed-flag <yes|no>
ment other-flag <yes|no>
ment link-mtu <1280-9216>|<unspecified>
ment reachable-time <0-3600000>|<unspecified>

ment retransmission-timer <0-4294967295>|<unspecified>
ment hop-limit <1-255>|<unspecified>
ment lifetime <0-9000>
ment router-preference <High|Medium|Low>
ment enable-consistency-check <yes|no>
ment dns-support
ment dns-support enable <yes|no>
ment dns-support server
ment dns-support server <name>
ment dns-support server <name> lifetime <4-3600>
ment dns-support suffix
ment dns-support suffix <name>
ment dns-support suffix <name> lifetime <4-3600>
set network interface vlan units <name> ipv6 neighbor-discovery enable-ndp-monit
or <yes|no>
set network interface vlan units <name> ipv6 neighbor-discovery enable-dad <yes|
no>
set network interface vlan units <name> ipv6 neighbor-discovery dad-attempts <0-
10>
set network interface vlan units <name> ipv6 neighbor-discovery ns-interval <1-3
600>
set network interface vlan units <name> ipv6 neighbor-discovery reachable-time <
10-36000>
set network interface vlan units <name> ipv6 neighbor-discovery neighbor
set network interface vlan units <name> ipv6 neighbor-discovery neighbor <name>
set network interface vlan units <name> ipv6 neighbor-discovery neighbor <name>
hw-address <value>
set network interface vlan units <name> arp
set network interface vlan units <name> arp <name>
set network interface vlan units <name> arp <name> hw-address <value>
set network interface vlan units <name> arp <name> interface <value>
set network interface vlan units <name> ndp-proxy
set network interface vlan units <name> ndp-proxy enabled <yes|no>
set network interface vlan units <name> ndp-proxy address
set network interface vlan units <name> ndp-proxy address <name>
set network interface vlan units <name> ndp-proxy address <name> negate <yes|no>
set network interface vlan units <name> interface-management-profile <value>
set network interface vlan units <name> dhcp-client
set network interface vlan units <name> dhcp-client enable <yes|no>
set network interface vlan units <name> dhcp-client create-default-route <yes|no
>
set network interface vlan units <name> dhcp-client default-route-metric <1-6553
5>
set network interface vlan units <name> netflow-profile <value>
set network interface vlan units <name> comment <value>
set network interface vlan netflow-profile <value>
set network interface vlan comment <value>
set network interface loopback
set network interface loopback mtu <576-9216>
set network interface loopback adjust-tcp-mss
set network interface loopback adjust-tcp-mss enable <yes|no>
set network interface loopback adjust-tcp-mss ipv4-mss-adjustment <40-300>

set network interface loopback adjust-tcp-mss ipv6-mss-adjustment <60-300>
set network interface loopback ip
set network interface loopback ip <name>
set network interface loopback ipv6
set network interface loopback ipv6 enabled <yes|no>
set network interface loopback ipv6 interface-id <value>|<EUI-64>
set network interface loopback ipv6 address
set network interface loopback ipv6 address <name>
set network interface loopback ipv6 address <name> enable-on-interface <yes|no>
set network interface loopback ipv6 address <name> prefix
set network interface loopback ipv6 address <name> anycast
set network interface loopback interface-management-profile <value>
set network interface loopback units
set network interface loopback units <name>
set network interface loopback units <name> mtu <576-9216>
set network interface loopback units <name> adjust-tcp-mss
set network interface loopback units <name> adjust-tcp-mss enable <yes|no>
set network interface loopback units <name> adjust-tcp-mss ipv4-mss-adjustment <
40-300>
set network interface loopback units <name> adjust-tcp-mss ipv6-mss-adjustment <
60-300>
set network interface loopback units <name> ip
set network interface loopback units <name> ip <name>
set network interface loopback units <name> ipv6
set network interface loopback units <name> ipv6 enabled <yes|no>
set network interface loopback units <name> ipv6 interface-id <value>|<EUI-64>
set network interface loopback units <name> ipv6 address
set network interface loopback units <name> ipv6 address <name>
set network interface loopback units <name> ipv6 address <name> enable-on-interf
ace <yes|no>
set network interface loopback units <name> ipv6 address <name> prefix
set network interface loopback units <name> ipv6 address <name> anycast
set network interface loopback units <name> interface-management-profile <value>
set network interface loopback units <name> netflow-profile <value>
set network interface loopback units <name> comment <value>
set network interface loopback netflow-profile <value>
set network interface loopback comment <value>
set network interface tunnel
set network interface tunnel mtu <576-9216>
set network interface tunnel ip
set network interface tunnel ip <name>
set network interface tunnel ipv6
set network interface tunnel ipv6 enabled <yes|no>
set network interface tunnel ipv6 interface-id <value>|<EUI-64>
set network interface tunnel ipv6 address
set network interface tunnel ipv6 address <name>
set network interface tunnel ipv6 address <name> enable-on-interface <yes|no>
set network interface tunnel ipv6 address <name> prefix
set network interface tunnel ipv6 address <name> anycast
set network interface tunnel interface-management-profile <value>
set network interface tunnel units
set network interface tunnel units <name>
set network interface tunnel units <name> mtu <576-9216>
set network interface tunnel units <name> ip
set network interface tunnel units <name> ip <name>
set network interface tunnel units <name> ipv6
set network interface tunnel units <name> ipv6 enabled <yes|no>
set network interface tunnel units <name> ipv6 interface-id <value>|<EUI-64>
set network interface tunnel units <name> ipv6 address
set network interface tunnel units <name> ipv6 address <name>
set network interface tunnel units <name> ipv6 address <name> enable-on-interfac
e <yes|no>
set network interface tunnel units <name> ipv6 address <name> prefix
set network interface tunnel units <name> ipv6 address <name> anycast
set network interface tunnel units <name> interface-management-profile <value>
set network interface tunnel units <name> netflow-profile <value>
set network interface tunnel units <name> comment <value>
set network interface tunnel netflow-profile <value>
set network interface tunnel comment <value>
set network ike
set network ike gateway
set network ike gateway <name>
set network ike gateway <name> disabled <yes|no>
set network ike gateway <name> ipv6 <yes|no>
set network ike gateway <name> peer-address
set network ike gateway <name> peer-address ip <value>|<ip/netmask>
set network ike gateway <name> peer-address fqdn <value>
set network ike gateway <name> peer-address dynamic
set network ike gateway <name> local-address
set network ike gateway <name> local-address interface <value>
set network ike gateway <name> local-address
set network ike gateway <name> local-address ip <value>
set network ike gateway <name> local-address floating-ip <value>
set network ike gateway <name> peer-id
set network ike gateway <name> peer-id type <value>
set network ike gateway <name> peer-id id <value>
set network ike gateway <name> peer-id matching <exact|wildcard>
set network ike gateway <name> local-id
set network ike gateway <name> local-id type <value>
set network ike gateway <name> local-id id <value>
set network ike gateway <name> authentication
set network ike gateway <name> authentication pre-shared-key
set network ike gateway <name> authentication pre-shared-key key <value>
set network ike gateway <name> authentication certificate
set network ike gateway <name> authentication certificate local-certificate
set network ike gateway <name> authentication certificate local-certificate name

<value>
set network ike gateway <name> authentication certificate local-certificate hash
-and-url
-and-url enable <yes|no>
-and-url base-url <value>
set network ike gateway <name> authentication certificate certificate-profile <v
alue>
set network ike gateway <name> authentication certificate use-management-as-sour
ce <yes|no>
set network ike gateway <name> authentication certificate strict-validation-revo
cation <yes|no>
set network ike gateway <name> authentication certificate allow-id-payload-misma
tch <yes|no>
set network ike gateway <name> protocol
set network ike gateway <name> protocol version <ikev1|ikev2|ikev2-preferred>
set network ike gateway <name> protocol ikev1
set network ike gateway <name> protocol ikev1 exchange-mode <auto|main|aggressiv
e>
set network ike gateway <name> protocol ikev1 ike-crypto-profile <value>
set network ike gateway <name> protocol ikev1 dpd
set network ike gateway <name> protocol ikev1 dpd enable <yes|no>
set network ike gateway <name> protocol ikev1 dpd interval <2-100>
set network ike gateway <name> protocol ikev1 dpd retry <2-100>
set network ike gateway <name> protocol ikev2
set network ike gateway <name> protocol ikev2 ike-crypto-profile <value>
set network ike gateway <name> protocol ikev2 require-cookie <yes|no>
set network ike gateway <name> protocol ikev2 dpd
set network ike gateway <name> protocol ikev2 dpd enable <yes|no>
set network ike gateway <name> protocol ikev2 dpd interval <2-100>
set network ike gateway <name> protocol-common

set network ike gateway <name> protocol-common nat-traversal
set network ike gateway <name> protocol-common nat-traversal enable <yes|no>
set network ike gateway <name> protocol-common nat-traversal keep-alive-interval
<10-3600>
set network ike gateway <name> protocol-common nat-traversal udp-checksum-enable
<yes|no>
set network ike gateway <name> protocol-common passive-mode <yes|no>
set network ike gateway <name> protocol-common fragmentation
set network ike gateway <name> protocol-common fragmentation enable <yes|no>
set network ike crypto-profiles
set network ike crypto-profiles ike-crypto-profiles
set network ike crypto-profiles ike-crypto-profiles <name>
set network ike crypto-profiles ike-crypto-profiles <name> encryption [ <encryp
tion1> <encryption2>... ]
set network ike crypto-profiles ike-crypto-profiles <name> hash [ <hash1> <hash
2>... ]
set network ike crypto-profiles ike-crypto-profiles <name> dh-group [ <dh-group
1> <dh-group2>... ]
set network ike crypto-profiles ike-crypto-profiles <name> lifetime
set network ike crypto-profiles ike-crypto-profiles <name> lifetime seconds <180
-65535>
set network ike crypto-profiles ike-crypto-profiles <name> lifetime minutes <3-6
5535>
set network ike crypto-profiles ike-crypto-profiles <name> lifetime hours <1-655
35>
set network ike crypto-profiles ike-crypto-profiles <name> lifetime days <1-365>
set network ike crypto-profiles ike-crypto-profiles <name> authentication-multip
le <0-50>
set network ike crypto-profiles ipsec-crypto-profiles
set network ike crypto-profiles ipsec-crypto-profiles <name>
set network ike crypto-profiles ipsec-crypto-profiles <name>
set network ike crypto-profiles ipsec-crypto-profiles <name> esp

set network ike crypto-profiles ipsec-crypto-profiles <name> esp encryption [ <
encryption1> <encryption2>... ]
set network ike crypto-profiles ipsec-crypto-profiles <name> esp authentication
[ <authentication1> <authentication2>... ]
set network ike crypto-profiles ipsec-crypto-profiles <name> ah
set network ike crypto-profiles ipsec-crypto-profiles <name> ah authentication
[ <authentication1> <authentication2>... ]
set network ike crypto-profiles ipsec-crypto-profiles <name> dh-group <no-pfs|gr
oup1|group2|group5|group14|group19|group20>
set network ike crypto-profiles ipsec-crypto-profiles <name> lifetime
set network ike crypto-profiles ipsec-crypto-profiles <name> lifetime seconds <1
80-65535>
set network ike crypto-profiles ipsec-crypto-profiles <name> lifetime minutes <3
-65535>
set network ike crypto-profiles ipsec-crypto-profiles <name> lifetime hours <1-6
5535>
set network ike crypto-profiles ipsec-crypto-profiles <name> lifetime days <1-36
5>
set network ike crypto-profiles ipsec-crypto-profiles <name> lifesize
set network ike crypto-profiles ipsec-crypto-profiles <name> lifesize kb <1-6553
5>
set network ike crypto-profiles ipsec-crypto-profiles <name> lifesize mb <1-6553
5>
set network ike crypto-profiles ipsec-crypto-profiles <name> lifesize gb <1-6553
5>
set network ike crypto-profiles ipsec-crypto-profiles <name> lifesize tb <1-6553
5>
set network ike crypto-profiles global-protect-app-crypto-profiles
set network ike crypto-profiles global-protect-app-crypto-profiles <name>
set network ike crypto-profiles global-protect-app-crypto-profiles <name> encryp
tion [ <encryption1> <encryption2>... ]
set network ike crypto-profiles global-protect-app-crypto-profiles <name> authen

tication [ <authentication1> <authentication2>... ]
set network tunnel
set network tunnel ipsec
set network tunnel ipsec <name>
set network tunnel ipsec <name> disabled <yes|no>
set network tunnel ipsec <name> ipv6 <yes|no>
set network tunnel ipsec <name> tunnel-interface <value>
set network tunnel ipsec <name> anti-replay <yes|no>
set network tunnel ipsec <name> copy-tos <yes|no>
set network tunnel ipsec <name> copy-flow-label <yes|no>
set network tunnel ipsec <name> tunnel-monitor
set network tunnel ipsec <name> tunnel-monitor enable <yes|no>
set network tunnel ipsec <name> tunnel-monitor destination-ip <ip/netmask>
set network tunnel ipsec <name> tunnel-monitor proxy-id <value>
set network tunnel ipsec <name> tunnel-monitor tunnel-monitor-profile <value>
set network tunnel ipsec <name>
set network tunnel ipsec <name> auto-key
set network tunnel ipsec <name> auto-key ike-gateway
set network tunnel ipsec <name> auto-key ike-gateway <name>
set network tunnel ipsec <name> auto-key ipsec-crypto-profile <value>
set network tunnel ipsec <name> auto-key proxy-id
set network tunnel ipsec <name> auto-key proxy-id <name>
set network tunnel ipsec <name> auto-key proxy-id <name> local <ip/netmask>
set network tunnel ipsec <name> auto-key proxy-id <name> remote <ip/netmask>
set network tunnel ipsec <name> auto-key proxy-id <name> protocol
set network tunnel ipsec <name> auto-key proxy-id <name> protocol number <1-254>
set network tunnel ipsec <name> auto-key proxy-id <name> protocol any
set network tunnel ipsec <name> auto-key proxy-id <name> protocol tcp
set network tunnel ipsec <name> auto-key proxy-id <name> protocol tcp local-port
<0-65535>
set network tunnel ipsec <name> auto-key proxy-id <name> protocol tcp remote-por
t <0-65535>
set network tunnel ipsec <name> auto-key proxy-id <name> protocol udp
set network tunnel ipsec <name> auto-key proxy-id <name> protocol udp local-port
<0-65535>
set network tunnel ipsec <name> auto-key proxy-id <name> protocol udp remote-por
t <0-65535>
set network tunnel ipsec <name> auto-key proxy-id-v6
set network tunnel ipsec <name> auto-key proxy-id-v6 <name>
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> local <ip/netmask>
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> remote <ip/netmask>
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol number <1-2
54>
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol any
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol tcp
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol tcp local-p
ort <0-65535>
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol tcp remote-
port <0-65535>
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol udp
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol udp local-p
ort <0-65535>
set network tunnel ipsec <name> auto-key proxy-id-v6 <name> protocol udp remote-
port <0-65535>
set network tunnel ipsec <name> manual-key
set network tunnel ipsec <name> manual-key peer-address
set network tunnel ipsec <name> manual-key peer-address ip <ip/netmask>
set network tunnel ipsec <name> manual-key local-address
set network tunnel ipsec <name> manual-key local-address interface <value>
set network tunnel ipsec <name> manual-key local-address
set network tunnel ipsec <name> manual-key local-address ip <value>
set network tunnel ipsec <name> manual-key local-address floating-ip <value>
set network tunnel ipsec <name> manual-key local-spi <value>

set network tunnel ipsec <name> manual-key remote-spi <value>
set network tunnel ipsec <name> manual-key
set network tunnel ipsec <name> manual-key esp
set network tunnel ipsec <name> manual-key esp authentication
set network tunnel ipsec <name> manual-key esp authentication
set network tunnel ipsec <name> manual-key esp authentication md5
set network tunnel ipsec <name> manual-key esp authentication md5 key <value>
set network tunnel ipsec <name> manual-key esp authentication sha1
set network tunnel ipsec <name> manual-key esp authentication sha1 key <value>
set network tunnel ipsec <name> manual-key esp authentication none
set network tunnel ipsec <name> manual-key esp encryption
set network tunnel ipsec <name> manual-key esp encryption algorithm <des|3des|ae
s-128-cbc|aes-192-cbc|aes-256-cbc|null>
set network tunnel ipsec <name> manual-key esp encryption key <value>
set network tunnel ipsec <name> manual-key ah
set network tunnel ipsec <name> manual-key ah
set network tunnel ipsec <name> manual-key ah md5
set network tunnel ipsec <name> manual-key ah md5 key <value>
set network tunnel ipsec <name> manual-key ah sha1
set network tunnel ipsec <name> manual-key ah sha1 key <value>

set network tunnel ipsec <name> global-protect-satellite
set network tunnel ipsec <name> global-protect-satellite portal-address <value>
set network tunnel ipsec <name> global-protect-satellite ipv6-preferred <yes|no>
set network tunnel ipsec <name> global-protect-satellite local-address
set network tunnel ipsec <name> global-protect-satellite local-address interface
<value>
set network tunnel ipsec <name> global-protect-satellite local-address
set network tunnel ipsec <name> global-protect-satellite local-address ip
set network tunnel ipsec <name> global-protect-satellite local-address ip ipv4 <
value>
set network tunnel ipsec <name> global-protect-satellite local-address ip ipv6 <
value>
set network tunnel ipsec <name> global-protect-satellite local-address floating-
ip
ip ipv4 <value>
ip ipv6 <value>
set network tunnel ipsec <name> global-protect-satellite publish-routes [ <publ
ish-routes1> <publish-routes2>... ]
set network tunnel ipsec <name> global-protect-satellite publish-connected-route
set network tunnel ipsec <name> global-protect-satellite publish-connected-route
s enable <yes|no>
set network tunnel ipsec <name> global-protect-satellite external-ca
set network tunnel ipsec <name> global-protect-satellite external-ca local-certi
ficate <value>
set network tunnel ipsec <name> global-protect-satellite external-ca certificate
-profile <value>
set network tunnel global-protect-gateway
set network tunnel global-protect-gateway <name>
set network tunnel global-protect-gateway <name> tunnel-interface <value>

set network tunnel global-protect-gateway <name> local-address
set network tunnel global-protect-gateway <name> local-address ip-address-family
<ipv4|ipv6|ipv4_ipv6>
set network tunnel global-protect-gateway <name> local-address interface <value>
set network tunnel global-protect-gateway <name> local-address
set network tunnel global-protect-gateway <name> local-address ip
set network tunnel global-protect-gateway <name> local-address ip ipv4 <value>
set network tunnel global-protect-gateway <name> local-address ip ipv6 <value>
set network tunnel global-protect-gateway <name> local-address floating-ip
set network tunnel global-protect-gateway <name> local-address floating-ip ipv4
<value>
set network tunnel global-protect-gateway <name> local-address floating-ip ipv6
<value>
set network tunnel global-protect-gateway <name> ipsec
set network tunnel global-protect-gateway <name> ipsec enable <yes|no>
set network tunnel global-protect-gateway <name> ipsec third-party-client
set network tunnel global-protect-gateway <name> ipsec third-party-client enable
<yes|no>
set network tunnel global-protect-gateway <name> ipsec third-party-client group-
name <value>
set network tunnel global-protect-gateway <name> ipsec third-party-client group-
password <value>
set network tunnel global-protect-gateway <name> ipsec third-party-client rekey-
noauth <yes|no>
set network tunnel global-protect-gateway <name> ipsec ipsec-crypto-profile <val
ue>
set network tunnel global-protect-gateway <name> max-user <1-65535>
set network tunnel global-protect-gateway <name> ip-pool [ <ip-pool1> <ip-pool2
>... ]
set network tunnel global-protect-gateway <name> client
set network tunnel global-protect-gateway <name> client inheritance
set network tunnel global-protect-gateway <name> client inheritance source <valu

e>
set network tunnel global-protect-gateway <name> client dns-server
set network tunnel global-protect-gateway <name> client dns-server primary <ip/n
etmask>|<inherited>
set network tunnel global-protect-gateway <name> client dns-server secondary <ip
/netmask>|<inherited>
set network tunnel global-protect-gateway <name> client wins-server
set network tunnel global-protect-gateway <name> client wins-server primary <ip/
netmask>|<validate>|<inherited>
set network tunnel global-protect-gateway <name> client wins-server secondary |<validate>|<inherited>
set network tunnel global-protect-gateway <name> client dns-suffix-inherited <ye
s|no>
set network tunnel global-protect-gateway <name> client dns-suffix [ <dns-suffi
x1> <dns-suffix2>... ]
set network tunnel global-protect-gateway <name> client exclude-video-traffic
set network tunnel global-protect-gateway <name> client exclude-video-traffic en
abled <yes|no>
set network tunnel global-protect-gateway <name> client exclude-video-traffic ap
plications [ <applications1> <applications2>... ]
set network tunnel global-protect-site-to-site
set network tunnel global-protect-site-to-site <name>
set network tunnel global-protect-site-to-site <name> tunnel-interface <value>
set network tunnel global-protect-site-to-site <name> local-address
set network tunnel global-protect-site-to-site <name> local-address ip-address-f
amily <ipv4|ipv6|ipv4_ipv6>
set network tunnel global-protect-site-to-site <name> local-address interface <v
alue>
set network tunnel global-protect-site-to-site <name> local-address
set network tunnel global-protect-site-to-site <name> local-address ip
set network tunnel global-protect-site-to-site <name> local-address ip ipv4 <val
ue>
set network tunnel global-protect-site-to-site <name> local-address ip ipv6 <val
ue>
set network tunnel global-protect-site-to-site <name> local-address floating-ip
ipv4 <value>
ipv6 <value>
set network tunnel global-protect-site-to-site <name> client
set network tunnel global-protect-site-to-site <name> client config-refresh-inte
rval <1-48>
set network tunnel global-protect-site-to-site <name> client ip-pool [ <ip-pool
1> <ip-pool2>... ]
set network tunnel global-protect-site-to-site <name> client inheritance
set network tunnel global-protect-site-to-site <name> client inheritance source
<value>
set network tunnel global-protect-site-to-site <name> client dns-server
set network tunnel global-protect-site-to-site <name> client dns-server primary
<ip/netmask>|<inherited>
set network tunnel global-protect-site-to-site <name> client dns-server secondar
y <ip/netmask>|<inherited>
set network tunnel global-protect-site-to-site <name> client dns-suffix-inherite
d <yes|no>
set network tunnel global-protect-site-to-site <name> client dns-suffix [ <dns-
suffix1> <dns-suffix2>... ]
set network tunnel global-protect-site-to-site <name> client split-tunneling
set network tunnel global-protect-site-to-site <name> client split-tunneling acc
ess-route [ <access-route1> <access-route2>... ]
set network tunnel global-protect-site-to-site <name> client tunnel-monitor
set network tunnel global-protect-site-to-site <name> client tunnel-monitor enab
le <yes|no>
set network tunnel global-protect-site-to-site <name> client tunnel-monitor dest
ination-ip <ip/netmask>
set network tunnel global-protect-site-to-site <name> client tunnel-monitor dest
ination-ipv6 <ip/netmask>
set network tunnel global-protect-site-to-site <name> client tunnel-monitor tunn
el-monitor-profile <value>
set network tunnel global-protect-site-to-site <name> client ipsec-crypto-profil
e <value>
set network tunnel global-protect-site-to-site <name> client accept-published-ro
utes <yes|no>
set network tunnel global-protect-site-to-site <name> client valid-networks [ <
valid-networks1> <valid-networks2>... ]
set network tunnel global-protect-site-to-site <name> client anti-replay <yes|no
>
set network tunnel global-protect-site-to-site <name> client copy-tos <yes|no>
set network vlan
set network vlan <name>
set network vlan <name> interface [ <interface1> <interface2>... ]
set network vlan <name> mac
set network vlan <name> mac <name>
set network vlan <name> mac <name> interface <value>
set network vlan <name> virtual-interface
set network vlan <name> virtual-interface interface <value>
set network qos
set network qos profile
set network qos profile <name>
set network qos profile <name> aggregate-bandwidth
set network qos profile <name> aggregate-bandwidth egress-max <float>
set network qos profile <name> aggregate-bandwidth egress-guaranteed <float>
set network qos profile <name> class
set network qos profile <name> class <name>
set network qos profile <name> class <name> priority <real-time|high|medium|low>
set network qos profile <name> class <name> class-bandwidth
set network qos profile <name> class <name> class-bandwidth egress-max <float>
set network qos profile <name> class <name> class-bandwidth egress-guaranteed <f
loat>
set network qos interface
set network qos interface <name>
set network qos interface <name> enabled <yes|no>
set network qos interface <name> interface-bandwidth
set network qos interface <name> interface-bandwidth egress-max <float>
set network qos interface <name> tunnel-traffic
set network qos interface <name> tunnel-traffic groups
set network qos interface <name> tunnel-traffic groups <name>
set network qos interface <name> tunnel-traffic groups <name> members
set network qos interface <name> tunnel-traffic groups <name> members <name>
set network qos interface <name> tunnel-traffic groups <name> members <name> qos
-profile <value>
set network qos interface <name> tunnel-traffic default-group
set network qos interface <name> tunnel-traffic default-group per-tunnel-qos-pro
file <value>
set network qos interface <name> tunnel-traffic bandwidth
set network qos interface <name> tunnel-traffic bandwidth egress-max <float>
set network qos interface <name> tunnel-traffic bandwidth egress-guaranteed <flo
at>
set network qos interface <name> regular-traffic
set network qos interface <name> regular-traffic groups
set network qos interface <name> regular-traffic groups <name>
set network qos interface <name> regular-traffic groups <name> members
set network qos interface <name> regular-traffic groups <name> members <name>
set network qos interface <name> regular-traffic groups <name> members <name> qo
s-profile <value>
set network qos interface <name> regular-traffic groups <name> members <name> ma
tch
tch local-address
tch local-address interface <value>
tch local-address address [ <address1> <address2>... ]
set network qos interface <name> regular-traffic default-group
set network qos interface <name> regular-traffic default-group qos-profile <valu
e>
set network qos interface <name> regular-traffic bandwidth
set network qos interface <name> regular-traffic bandwidth egress-max <float>
set network qos interface <name> regular-traffic bandwidth egress-guaranteed <fl
oat>
set network virtual-wire
set network virtual-wire <name>
set network virtual-wire <name> interface1 <value>
set network virtual-wire <name> interface2 <value>
set network virtual-wire <name> tag-allowed <0-4094,...>
set network virtual-wire <name> multicast-firewalling
set network virtual-wire <name> multicast-firewalling enable <yes|no>
set network virtual-wire <name> link-state-pass-through
set network virtual-wire <name> link-state-pass-through enable <yes|no>
set network virtual-router
set network virtual-router <name>
set network virtual-router <name> interface [ <interface1> <interface2>... ]
set network virtual-router <name> routing-table
set network virtual-router <name> routing-table ip
set network virtual-router <name> routing-table ip static-route
set network virtual-router <name> routing-table ip static-route <name>
set network virtual-router <name> routing-table ip static-route <name> destinati
on <ip/netmask>
set network virtual-router <name> routing-table ip static-route <name> interface
<value>
set network virtual-router <name> routing-table ip static-route <name> nexthop

set network virtual-router <name> routing-table ip static-route <name> nexthop d
iscard
set network virtual-router <name> routing-table ip static-route <name> nexthop i
p-address <ip/netmask>
set network virtual-router <name> routing-table ip static-route <name> nexthop n
ext-vr <value>
set network virtual-router <name> routing-table ip static-route <name> admin-dis
t <10-240>
set network virtual-router <name> routing-table ip static-route <name> metric <1
-65535>
set network virtual-router <name> routing-table ip static-route <name> route-tab
le
le
le unicast
le multicast
le both
le no-install
set network virtual-router <name> routing-table ip static-route <name> bfd
set network virtual-router <name> routing-table ip static-route <name> bfd profi
le <value>|<None>
set network virtual-router <name> routing-table ip static-route <name> path-moni
tor
tor enable <yes|no>
tor failure-condition <any|all>

tor hold-time <0-1440>
tor monitor-destinations
tor monitor-destinations <name>
tor monitor-destinations <name> enable <yes|no>
tor monitor-destinations <name> source <value>|<DHCP>
tor monitor-destinations <name> destination <value>
tor monitor-destinations <name> interval <1-60>
tor monitor-destinations <name> count <3-10>
set network virtual-router <name> routing-table ipv6
set network virtual-router <name> routing-table ipv6 static-route
set network virtual-router <name> routing-table ipv6 static-route <name>
set network virtual-router <name> routing-table ipv6 static-route <name> destina
tion <ip/netmask>
set network virtual-router <name> routing-table ipv6 static-route <name> interfa
ce <value>
set network virtual-router <name> routing-table ipv6 static-route <name> nexthop
discard
ipv6-address <ip/netmask>
next-vr <value>
set network virtual-router <name> routing-table ipv6 static-route <name> admin-d
ist <10-240>
set network virtual-router <name> routing-table ipv6 static-route <name> metric
<1-65535>
set network virtual-router <name> routing-table ipv6 static-route <name> route-t
able
able
able unicast
able no-install
set network virtual-router <name> routing-table ipv6 static-route <name> bfd
set network virtual-router <name> routing-table ipv6 static-route <name> bfd pro
file <value>|<None>
set network virtual-router <name> routing-table ipv6 static-route <name> path-mo
nitor
nitor enable <yes|no>
nitor failure-condition <any|all>
nitor hold-time <0-1440>
nitor monitor-destinations
nitor monitor-destinations <name>
nitor monitor-destinations <name> enable <yes|no>
nitor monitor-destinations <name> source <value>
nitor monitor-destinations <name> destination <value>

nitor monitor-destinations <name> interval <1-60>
nitor monitor-destinations <name> count <3-10>
set network virtual-router <name> multicast
set network virtual-router <name> multicast enable <yes|no>
set network virtual-router <name> multicast route-ageout-time <210-7200>
set network virtual-router <name> multicast interface-group
set network virtual-router <name> multicast interface-group <name>
set network virtual-router <name> multicast interface-group <name> description <
value>
set network virtual-router <name> multicast interface-group <name> interface [
<interface1> <interface2>... ]
set network virtual-router <name> multicast interface-group <name> group-permiss
ion
ion any-source-multicast
ion any-source-multicast <name>
ion any-source-multicast <name> group-address <ip/netmask>
ion any-source-multicast <name> included <yes|no>
ion source-specific-multicast
ion source-specific-multicast <name>
ion source-specific-multicast <name> group-address <ip/netmask>
ion source-specific-multicast <name> source-address <ip/netmask>
ion source-specific-multicast <name> included <yes|no>

set network virtual-router <name> multicast interface-group <name> igmp
set network virtual-router <name> multicast interface-group <name> igmp enable <
yes|no>
set network virtual-router <name> multicast interface-group <name> igmp version
<1|2|3>
set network virtual-router <name> multicast interface-group <name> igmp max-quer
y-response-time <float>
set network virtual-router <name> multicast interface-group <name> igmp query-in
terval <1-31744>
set network virtual-router <name> multicast interface-group <name> igmp last-mem
ber-query-interval <float>
set network virtual-router <name> multicast interface-group <name> igmp immediat
e-leave <yes|no>
set network virtual-router <name> multicast interface-group <name> igmp robustne
ss <1|2|3|4|5|6|7>
set network virtual-router <name> multicast interface-group <name> igmp max-grou
ps <1-65535>|<unlimited>
set network virtual-router <name> multicast interface-group <name> igmp max-sour
ces <1-65535>|<unlimited>
set network virtual-router <name> multicast interface-group <name> igmp router-a
lert-policing <yes|no>
set network virtual-router <name> multicast interface-group <name> pim
set network virtual-router <name> multicast interface-group <name> pim enable <y
es|no>
set network virtual-router <name> multicast interface-group <name> pim assert-in
terval <0-65534>
set network virtual-router <name> multicast interface-group <name> pim hello-int
erval <0-18000>
set network virtual-router <name> multicast interface-group <name> pim join-prun
e-interval <1-18000>
set network virtual-router <name> multicast interface-group <name> pim dr-priori
ty <0-4294967295>
set network virtual-router <name> multicast interface-group <name> pim bsr-borde
r <yes|no>
set network virtual-router <name> multicast interface-group <name> pim allowed-n
eighbors
set network virtual-router <name> multicast interface-group <name> pim allowed-n
eighbors <name>
set network virtual-router <name> multicast ssm-address-space
set network virtual-router <name> multicast ssm-address-space <name>
set network virtual-router <name> multicast ssm-address-space <name> group-addre
ss <ip/netmask>
set network virtual-router <name> multicast ssm-address-space <name> included <y
es|no>
set network virtual-router <name> multicast spt-threshold
set network virtual-router <name> multicast spt-threshold <name>
set network virtual-router <name> multicast spt-threshold <name> threshold <1-42
94967295>|<never|0>
set network virtual-router <name> multicast rp
set network virtual-router <name> multicast rp local-rp
set network virtual-router <name> multicast rp local-rp
set network virtual-router <name> multicast rp local-rp static-rp
set network virtual-router <name> multicast rp local-rp static-rp interface <val
ue>
set network virtual-router <name> multicast rp local-rp static-rp address <value
>
set network virtual-router <name> multicast rp local-rp static-rp override <yes|
no>
set network virtual-router <name> multicast rp local-rp static-rp group-addresse
s [ <group-addresses1> <group-addresses2>... ]
set network virtual-router <name> multicast rp local-rp candidate-rp
set network virtual-router <name> multicast rp local-rp candidate-rp interface <
value>
set network virtual-router <name> multicast rp local-rp candidate-rp address <va

lue>
set network virtual-router <name> multicast rp local-rp candidate-rp priority <0
-255>
set network virtual-router <name> multicast rp local-rp candidate-rp advertiseme
nt-interval <1-26214>
set network virtual-router <name> multicast rp local-rp candidate-rp group-addre
sses [ <group-addresses1> <group-addresses2>... ]
set network virtual-router <name> multicast rp external-rp
set network virtual-router <name> multicast rp external-rp <name>
set network virtual-router <name> multicast rp external-rp <name> group-addresse
s [ <group-addresses1> <group-addresses2>... ]
set network virtual-router <name> multicast rp external-rp <name> override <yes|
no>
set network virtual-router <name> protocol
set network virtual-router <name> protocol redist-profile
set network virtual-router <name> protocol redist-profile <name>
set network virtual-router <name> protocol redist-profile <name> priority <1-255
>
set network virtual-router <name> protocol redist-profile <name> filter
set network virtual-router <name> protocol redist-profile <name> filter type [
<type1> <type2>... ]
set network virtual-router <name> protocol redist-profile <name> filter interfac
e [ <interface1> <interface2>... ]
set network virtual-router <name> protocol redist-profile <name> filter destinat
ion [ <destination1> <destination2>... ]
set network virtual-router <name> protocol redist-profile <name> filter nexthop
[ <nexthop1> <nexthop2>... ]
set network virtual-router <name> protocol redist-profile <name> filter ospf
set network virtual-router <name> protocol redist-profile <name> filter ospf pat
h-type [ <path-type1> <path-type2>... ]
set network virtual-router <name> protocol redist-profile <name> filter ospf are
a [ <area1> <area2>... ]
set network virtual-router <name> protocol redist-profile <name> filter ospf tag
[ <tag1> <tag2>... ]
set network virtual-router <name> protocol redist-profile <name> filter bgp
set network virtual-router <name> protocol redist-profile <name> filter bgp comm
unity [ <community1> <community2>... ]
set network virtual-router <name> protocol redist-profile <name> filter bgp exte
nded-community [ <extended-community1> <extended-community2>... ]
set network virtual-router <name> protocol redist-profile <name> action
set network virtual-router <name> protocol redist-profile <name> action no-redis
set network virtual-router <name> protocol redist-profile <name> action redist
set network virtual-router <name> protocol redist-profile-ipv6
set network virtual-router <name> protocol redist-profile-ipv6 <name>
set network virtual-router <name> protocol redist-profile-ipv6 <name> priority <
1-255>
set network virtual-router <name> protocol redist-profile-ipv6 <name> filter
set network virtual-router <name> protocol redist-profile-ipv6 <name> filter typ
e [ <type1> <type2>... ]
set network virtual-router <name> protocol redist-profile-ipv6 <name> filter int
erface [ <interface1> <interface2>... ]
set network virtual-router <name> protocol redist-profile-ipv6 <name> filter des
tination [ <destination1> <destination2>... ]
set network virtual-router <name> protocol redist-profile-ipv6 <name> filter nex
thop [ <nexthop1> <nexthop2>... ]
set network virtual-router <name> protocol redist-profile-ipv6 <name> filter osp
fv3
fv3 path-type [ <path-type1> <path-type2>... ]
fv3 area [ <area1> <area2>... ]
fv3 tag [ <tag1> <tag2>... ]

set network virtual-router <name> protocol redist-profile-ipv6 <name> filter bgp
community [ <community1> <community2>... ]
extended-community [ <extended-community1> <extended-community2>... ]
set network virtual-router <name> protocol redist-profile-ipv6 <name> action
set network virtual-router <name> protocol redist-profile-ipv6 <name> action no-
redist
set network virtual-router <name> protocol redist-profile-ipv6 <name> action red
ist
set network virtual-router <name> protocol rip
set network virtual-router <name> protocol rip enable <yes|no>
set network virtual-router <name> protocol rip reject-default-route <yes|no>
set network virtual-router <name> protocol rip allow-redist-default-route <yes|n
o>
set network virtual-router <name> protocol rip timers
set network virtual-router <name> protocol rip timers interval-seconds <1-60>
set network virtual-router <name> protocol rip timers update-intervals <1-255>
set network virtual-router <name> protocol rip timers expire-intervals <1-255>
set network virtual-router <name> protocol rip timers delete-intervals <1-255>
set network virtual-router <name> protocol rip auth-profile
set network virtual-router <name> protocol rip auth-profile <name>
set network virtual-router <name> protocol rip auth-profile <name>
set network virtual-router <name> protocol rip auth-profile <name> password <val
ue>
set network virtual-router <name> protocol rip auth-profile <name> md5
set network virtual-router <name> protocol rip auth-profile <name> md5 <name>
set network virtual-router <name> protocol rip auth-profile <name> md5 <name> ke
y <value>
set network virtual-router <name> protocol rip auth-profile <name> md5 <name> pr
eferred <yes|no>
set network virtual-router <name> protocol rip global-bfd
set network virtual-router <name> protocol rip global-bfd profile <value>|<None>
set network virtual-router <name> protocol rip interface
set network virtual-router <name> protocol rip interface <name>
set network virtual-router <name> protocol rip interface <name> enable <yes|no>
set network virtual-router <name> protocol rip interface <name> default-route
set network virtual-router <name> protocol rip interface <name> default-route di
sable
set network virtual-router <name> protocol rip interface <name> default-route ad
vertise
set network virtual-router <name> protocol rip interface <name> default-route ad
vertise metric <1-15>
set network virtual-router <name> protocol rip interface <name> authentication <
value>
set network virtual-router <name> protocol rip interface <name> mode <normal|pas
sive|send-only>
set network virtual-router <name> protocol rip interface <name> bfd
set network virtual-router <name> protocol rip interface <name> bfd profile <val
ue>|<None|Inherit-vr-global-setting>
set network virtual-router <name> protocol rip export-rules
set network virtual-router <name> protocol rip export-rules <name>
set network virtual-router <name> protocol rip export-rules <name> metric <1-16>
set network virtual-router <name> protocol ospf
set network virtual-router <name> protocol ospf router-id <ip/netmask>
set network virtual-router <name> protocol ospf enable <yes|no>
set network virtual-router <name> protocol ospf reject-default-route <yes|no>
set network virtual-router <name> protocol ospf allow-redist-default-route <yes|
no>
set network virtual-router <name> protocol ospf rfc1583 <yes|no>
set network virtual-router <name> protocol ospf timers
set network virtual-router <name> protocol ospf timers spf-calculation-delay <fl
oat>
set network virtual-router <name> protocol ospf timers lsa-interval <float>
set network virtual-router <name> protocol ospf auth-profile
set network virtual-router <name> protocol ospf auth-profile <name>
set network virtual-router <name> protocol ospf auth-profile <name>
set network virtual-router <name> protocol ospf auth-profile <name> password <va
lue>
set network virtual-router <name> protocol ospf auth-profile <name> md5
set network virtual-router <name> protocol ospf auth-profile <name> md5 <name>
set network virtual-router <name> protocol ospf auth-profile <name> md5 <name> k
ey <value>
set network virtual-router <name> protocol ospf auth-profile <name> md5 <name> p
referred <yes|no>
set network virtual-router <name> protocol ospf global-bfd
set network virtual-router <name> protocol ospf global-bfd profile <value>|<None
>
set network virtual-router <name> protocol ospf area
set network virtual-router <name> protocol ospf area <name>
set network virtual-router <name> protocol ospf area <name> type
set network virtual-router <name> protocol ospf area <name> type normal
set network virtual-router <name> protocol ospf area <name> type stub
set network virtual-router <name> protocol ospf area <name> type stub accept-sum
mary <yes|no>
set network virtual-router <name> protocol ospf area <name> type stub default-ro
ute
ute disable
ute advertise
ute advertise metric <1-255>
set network virtual-router <name> protocol ospf area <name> type nssa
set network virtual-router <name> protocol ospf area <name> type nssa accept-sum
mary <yes|no>
set network virtual-router <name> protocol ospf area <name> type nssa default-ro
ute
ute disable
ute advertise
ute advertise metric <1-255>
ute advertise type <ext-1|ext-2>
set network virtual-router <name> protocol ospf area <name> type nssa nssa-ext-r
ange
ange <name>
ange <name>
ange <name> advertise
ange <name> suppress
set network virtual-router <name> protocol ospf area <name> range
set network virtual-router <name> protocol ospf area <name> range <name>
set network virtual-router <name> protocol ospf area <name> range <name>
set network virtual-router <name> protocol ospf area <name> range <name> adverti
se
set network virtual-router <name> protocol ospf area <name> range <name> suppres
set network virtual-router <name> protocol ospf area <name> interface
set network virtual-router <name> protocol ospf area <name> interface <name>
set network virtual-router <name> protocol ospf area <name> interface <name> ena
ble <yes|no>
set network virtual-router <name> protocol ospf area <name> interface <name> pas
sive <yes|no>
set network virtual-router <name> protocol ospf area <name> interface <name> lin
k-type
k-type broadcast
k-type p2p
k-type p2mp
set network virtual-router <name> protocol ospf area <name> interface <name> met
ric <1-65535>
set network virtual-router <name> protocol ospf area <name> interface <name> pri
ority <0-255>
set network virtual-router <name> protocol ospf area <name> interface <name> hel
lo-interval <0-3600>
set network virtual-router <name> protocol ospf area <name> interface <name> dea
d-counts <3-20>
set network virtual-router <name> protocol ospf area <name> interface <name> ret
ransmit-interval <1-3600>
set network virtual-router <name> protocol ospf area <name> interface <name> tra
nsit-delay <1-3600>
set network virtual-router <name> protocol ospf area <name> interface <name> aut
hentication <value>
set network virtual-router <name> protocol ospf area <name> interface <name> gr-
delay <1-10>
set network virtual-router <name> protocol ospf area <name> interface <name> nei
ghbor
set network virtual-router <name> protocol ospf area <name> interface <name> nei
ghbor <name>
set network virtual-router <name> protocol ospf area <name> interface <name> bfd
set network virtual-router <name> protocol ospf area <name> interface <name> bfd
profile <value>|<None|Inherit-vr-global-setting>
set network virtual-router <name> protocol ospf area <name> virtual-link
set network virtual-router <name> protocol ospf area <name> virtual-link <name>
neighbor-id <ip/netmask>
transit-area-id <value>
enable <yes|no>
hello-interval <0-3600>
dead-counts <3-20>
retransmit-interval <1-3600>
transit-delay <1-3600>
authentication <value>
bfd
bfd profile <value>|<None|Inherit-vr-global-setting>
set network virtual-router <name> protocol ospf export-rules
set network virtual-router <name> protocol ospf export-rules <name>
set network virtual-router <name> protocol ospf export-rules <name> new-path-typ
e <ext-1|ext-2>
set network virtual-router <name> protocol ospf export-rules <name> new-tag <1-4
294967295>|<ip/netmask>
set network virtual-router <name> protocol ospf export-rules <name> metric <1-65
535>
set network virtual-router <name> protocol ospf graceful-restart
set network virtual-router <name> protocol ospf graceful-restart enable <yes|no>
set network virtual-router <name> protocol ospf graceful-restart grace-period <5
-1800>
set network virtual-router <name> protocol ospf graceful-restart helper-enable <
yes|no>
set network virtual-router <name> protocol ospf graceful-restart strict-LSA-chec
king <yes|no>
set network virtual-router <name> protocol ospf graceful-restart max-neighbor-re
start-time <5-1800>
set network virtual-router <name> protocol ospfv3
set network virtual-router <name> protocol ospfv3 router-id <ip/netmask>
set network virtual-router <name> protocol ospfv3 enable <yes|no>
set network virtual-router <name> protocol ospfv3 reject-default-route <yes|no>
set network virtual-router <name> protocol ospfv3 allow-redist-default-route <ye
s|no>
set network virtual-router <name> protocol ospfv3 disable-transit-traffic <yes|n
o>
set network virtual-router <name> protocol ospfv3 timers
set network virtual-router <name> protocol ospfv3 timers spf-calculation-delay <
float>
set network virtual-router <name> protocol ospfv3 timers lsa-interval <float>
set network virtual-router <name> protocol ospfv3 auth-profile
set network virtual-router <name> protocol ospfv3 auth-profile <name>
set network virtual-router <name> protocol ospfv3 auth-profile <name> spi <value
>
set network virtual-router <name> protocol ospfv3 auth-profile <name>
set network virtual-router <name> protocol ospfv3 auth-profile <name> esp
set network virtual-router <name> protocol ospfv3 auth-profile <name> esp authen
tication
tication
tication md5
tication md5 key <value>
tication sha1
tication sha1 key <value>
tication sha256
tication sha384
tication sha512
tication none
set network virtual-router <name> protocol ospfv3 auth-profile <name> esp encryp
tion
tion algorithm <3des|aes-128-cbc|aes-192-cbc|aes-256-cbc|null>
tion key <value>
set network virtual-router <name> protocol ospfv3 auth-profile <name> ah
set network virtual-router <name> protocol ospfv3 auth-profile <name> ah
set network virtual-router <name> protocol ospfv3 auth-profile <name> ah md5
set network virtual-router <name> protocol ospfv3 auth-profile <name> ah md5 key
<value>
set network virtual-router <name> protocol ospfv3 auth-profile <name> ah sha1
set network virtual-router <name> protocol ospfv3 auth-profile <name> ah sha1 ke
y <value>
key <value>
key <value>
key <value>
set network virtual-router <name> protocol ospfv3 global-bfd
set network virtual-router <name> protocol ospfv3 global-bfd profile <value>|<No
ne>
set network virtual-router <name> protocol ospfv3 area
set network virtual-router <name> protocol ospfv3 area <name>
set network virtual-router <name> protocol ospfv3 area <name> authentication <va
lue>
set network virtual-router <name> protocol ospfv3 area <name> type
set network virtual-router <name> protocol ospfv3 area <name> type normal
set network virtual-router <name> protocol ospfv3 area <name> type stub
set network virtual-router <name> protocol ospfv3 area <name> type stub accept-s
ummary <yes|no>
set network virtual-router <name> protocol ospfv3 area <name> type stub default-
route
route disable
route advertise
route advertise metric <1-16777215>
set network virtual-router <name> protocol ospfv3 area <name> type nssa
set network virtual-router <name> protocol ospfv3 area <name> type nssa accept-s
ummary <yes|no>
set network virtual-router <name> protocol ospfv3 area <name> type nssa default-
route
route disable
route advertise
route advertise metric <1-16777215>
route advertise type <ext-1|ext-2>
set network virtual-router <name> protocol ospfv3 area <name> type nssa nssa-ext
-range
-range <name>
-range <name>
-range <name> advertise
-range <name> suppress
set network virtual-router <name> protocol ospfv3 area <name> range
set network virtual-router <name> protocol ospfv3 area <name> range <name>
set network virtual-router <name> protocol ospfv3 area <name> range <name>
set network virtual-router <name> protocol ospfv3 area <name> range <name> adver
tise
set network virtual-router <name> protocol ospfv3 area <name> range <name> suppr
ess
set network virtual-router <name> protocol ospfv3 area <name> interface

set network virtual-router <name> protocol ospfv3 area <name> interface <name>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> e
nable <yes|no>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> i
nstance-id <0-255>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> p
assive <yes|no>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> l
ink-type
ink-type broadcast
ink-type p2p
ink-type p2mp
set network virtual-router <name> protocol ospfv3 area <name> interface <name> m
etric <1-65535>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> p
riority <0-255>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> h
ello-interval <1-3600>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> d
ead-counts <3-20>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> r
etransmit-interval <1-1800>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> t
ransit-delay <1-1800>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> a
uthentication <value>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> g
r-delay <1-10>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> n
eighbor
set network virtual-router <name> protocol ospfv3 area <name> interface <name> n
eighbor <name>
set network virtual-router <name> protocol ospfv3 area <name> interface <name> b
fd
set network virtual-router <name> protocol ospfv3 area <name> interface <name> b
fd profile <value>|<None|Inherit-vr-global-setting>
set network virtual-router <name> protocol ospfv3 area <name> virtual-link
set network virtual-router <name> protocol ospfv3 area <name> virtual-link <name
>
> neighbor-id <ip/netmask>
> transit-area-id <value>
> enable <yes|no>
> instance-id <0-255>
> hello-interval <1-3600>
> dead-counts <3-20>
> retransmit-interval <1-1800>
> transit-delay <1-1800>
> authentication <value>
> bfd
> bfd profile <value>|<None|Inherit-vr-global-setting>

set network virtual-router <name> protocol ospfv3 export-rules
set network virtual-router <name> protocol ospfv3 export-rules <name>
set network virtual-router <name> protocol ospfv3 export-rules <name> new-path-t
ype <ext-1|ext-2>
set network virtual-router <name> protocol ospfv3 export-rules <name> new-tag <1
-4294967295>|<ip/netmask>
set network virtual-router <name> protocol ospfv3 export-rules <name> metric <1-
16777215>
set network virtual-router <name> protocol ospfv3 graceful-restart
set network virtual-router <name> protocol ospfv3 graceful-restart enable <yes|n
o>
set network virtual-router <name> protocol ospfv3 graceful-restart grace-period
<5-1800>
set network virtual-router <name> protocol ospfv3 graceful-restart helper-enable
<yes|no>
set network virtual-router <name> protocol ospfv3 graceful-restart strict-LSA-ch
ecking <yes|no>
set network virtual-router <name> protocol ospfv3 graceful-restart max-neighbor-
restart-time <5-1800>
set network virtual-router <name> protocol bgp
set network virtual-router <name> protocol bgp enable <yes|no>
set network virtual-router <name> protocol bgp router-id <ip/netmask>
set network virtual-router <name> protocol bgp reject-default-route <yes|no>
set network virtual-router <name> protocol bgp allow-redist-default-route <yes|n
o>
set network virtual-router <name> protocol bgp install-route <yes|no>
set network virtual-router <name> protocol bgp ecmp-multi-as <yes|no>
set network virtual-router <name> protocol bgp enforce-first-as <yes|no>
set network virtual-router <name> protocol bgp local-as <1-4294967295>|<value>
set network virtual-router <name> protocol bgp routing-options
set network virtual-router <name> protocol bgp routing-options as-format <2-byte
|4-byte>
set network virtual-router <name> protocol bgp routing-options med
set network virtual-router <name> protocol bgp routing-options med always-compar
e-med <yes|no>
set network virtual-router <name> protocol bgp routing-options med deterministic
-med-comparison <yes|no>
set network virtual-router <name> protocol bgp routing-options default-local-pre
ference <0-4294967295>
set network virtual-router <name> protocol bgp routing-options graceful-restart
enable <yes|no>
stale-route-time <1-3600>
local-restart-time <1-3600>
max-peer-restart-time <1-3600>
set network virtual-router <name> protocol bgp routing-options reflector-cluster
-id <ip/netmask>
set network virtual-router <name> protocol bgp routing-options confederation-mem
ber-as <1-4294967295>|<value>
set network virtual-router <name> protocol bgp routing-options aggregate
set network virtual-router <name> protocol bgp routing-options aggregate aggrega
te-med <yes|no>
set network virtual-router <name> protocol bgp auth-profile
set network virtual-router <name> protocol bgp auth-profile <name>
set network virtual-router <name> protocol bgp auth-profile <name> secret <value
>
set network virtual-router <name> protocol bgp dampening-profile
set network virtual-router <name> protocol bgp dampening-profile <name>
set network virtual-router <name> protocol bgp dampening-profile <name> enable <
yes|no>
set network virtual-router <name> protocol bgp dampening-profile <name> cutoff <
float>
set network virtual-router <name> protocol bgp dampening-profile <name> reuse <f
loat>
set network virtual-router <name> protocol bgp dampening-profile <name> max-hold
-time <1-3600>
set network virtual-router <name> protocol bgp dampening-profile <name> decay-ha
lf-life-reachable <1-3600>
set network virtual-router <name> protocol bgp dampening-profile <name> decay-ha
lf-life-unreachable <1-3600>
set network virtual-router <name> protocol bgp global-bfd
set network virtual-router <name> protocol bgp global-bfd profile <value>|<None>
set network virtual-router <name> protocol bgp peer-group
set network virtual-router <name> protocol bgp peer-group <name>
set network virtual-router <name> protocol bgp peer-group <name> enable <yes|no>
set network virtual-router <name> protocol bgp peer-group <name> aggregated-conf
ed-as-path <yes|no>
set network virtual-router <name> protocol bgp peer-group <name> soft-reset-with
-stored-info <yes|no>
set network virtual-router <name> protocol bgp peer-group <name> type
set network virtual-router <name> protocol bgp peer-group <name> type ibgp
set network virtual-router <name> protocol bgp peer-group <name> type ibgp expor
t-nexthop <original|use-self>
set network virtual-router <name> protocol bgp peer-group <name> type ebgp-confe
set network virtual-router <name> protocol bgp peer-group <name> type ebgp-confe
d export-nexthop <original|use-self>
set network virtual-router <name> protocol bgp peer-group <name> type ibgp-confe
set network virtual-router <name> protocol bgp peer-group <name> type ibgp-confe
d export-nexthop <original|use-self>
set network virtual-router <name> protocol bgp peer-group <name> type ebgp
set network virtual-router <name> protocol bgp peer-group <name> type ebgp impor
t-nexthop <original|use-peer>
set network virtual-router <name> protocol bgp peer-group <name> type ebgp expor
t-nexthop <resolve|use-self>
set network virtual-router <name> protocol bgp peer-group <name> type ebgp remov
e-private-as <yes|no>
set network virtual-router <name> protocol bgp peer-group <name> peer
set network virtual-router <name> protocol bgp peer-group <name> peer <name>
set network virtual-router <name> protocol bgp peer-group <name> peer <name> ena
ble <yes|no>
set network virtual-router <name> protocol bgp peer-group <name> peer <name> pee
r-as <1-4294967295>|<value>
ble-mp-bgp <yes|no>
set network virtual-router <name> protocol bgp peer-group <name> peer <name> add
ress-family-identifier <ipv4|ipv6>
set network virtual-router <name> protocol bgp peer-group <name> peer <name> sub
sequent-address-family-identifier
sequent-address-family-identifier unicast <yes|no>
sequent-address-family-identifier multicast <yes|no>
set network virtual-router <name> protocol bgp peer-group <name> peer <name> loc
al-address
al-address interface <value>
al-address ip <value>
r-address
r-address ip <ip/netmask>
set network virtual-router <name> protocol bgp peer-group <name> peer <name> con
nection-options
nection-options authentication <value>
nection-options keep-alive-interval <1-1200>
nection-options min-route-adv-interval <0-600>
nection-options multihop <0-255>
nection-options open-delay-time <0-240>
nection-options hold-time <3-3600>
nection-options idle-hold-time <1-3600>
nection-options incoming-bgp-connection
nection-options incoming-bgp-connection remote-port <0-65535>
nection-options incoming-bgp-connection allow <yes|no>
nection-options outgoing-bgp-connection
nection-options outgoing-bgp-connection local-port <0-65535>
nection-options outgoing-bgp-connection allow <yes|no>
ble-sender-side-loop-detection <yes|no>
set network virtual-router <name> protocol bgp peer-group <name> peer <name> ref
lector-client <non-client|client|meshed-client>
ring-type <bilateral|unspecified>
set network virtual-router <name> protocol bgp peer-group <name> peer <name> max
-prefixes <1-100000>|<unlimited>
set network virtual-router <name> protocol bgp peer-group <name> peer <name> bfd
set network virtual-router <name> protocol bgp peer-group <name> peer <name> bfd
profile <value>|<None|Inherit-vr-global-setting>
set network virtual-router <name> protocol bgp policy
set network virtual-router <name> protocol bgp policy import
set network virtual-router <name> protocol bgp policy import rules
set network virtual-router <name> protocol bgp policy import rules <name>
set network virtual-router <name> protocol bgp policy import rules <name> enable
<yes|no>
set network virtual-router <name> protocol bgp policy import rules <name> used-b
y [ <used-by1> <used-by2>... ]
set network virtual-router <name> protocol bgp policy import rules <name> match
route-table <unicast|multicast|both>
address-prefix
address-prefix <name> exact <yes|no>
nexthop [ <nexthop1> <nexthop2>... ]
from-peer [ <from-peer1> <from-peer2>... ]
med <0-4294967295>
as-path
as-path
as-path regex <value>
community
community
community regex <value>
extended-community
extended-community
extended-community regex <value>
set network virtual-router <name> protocol bgp policy import rules <name> action
deny
allow
allow dampening <value>
allow update
allow update local-preference <0-4294967295>
allow update med <0-4294967295>

allow update weight <0-65535>
allow update nexthop <ip/netmask>
allow update origin <igp|egp|incomplete>
allow update as-path-limit <1-255>
allow update as-path
allow update as-path none
allow update as-path remove
allow update community
allow update community none
allow update community remove-all
allow update community remove-regex <value>
allow update community append [ <append1> <append2>... ]
allow update community overwrite [ <overwrite1> <overwrite2>... ]
allow update extended-community

allow update extended-community none
allow update extended-community remove-all
allow update extended-community remove-regex <value>
allow update extended-community append [ <append1> <append2>... ]
allow update extended-community overwrite [ <overwrite1> <overwrite2>... ]
set network virtual-router <name> protocol bgp policy export
set network virtual-router <name> protocol bgp policy export rules
set network virtual-router <name> protocol bgp policy export rules <name>
set network virtual-router <name> protocol bgp policy export rules <name> enable
<yes|no>
set network virtual-router <name> protocol bgp policy export rules <name> used-b
y [ <used-by1> <used-by2>... ]
set network virtual-router <name> protocol bgp policy export rules <name> match
route-table <unicast|multicast|both>
address-prefix
address-prefix <name> exact <yes|no>
nexthop [ <nexthop1> <nexthop2>... ]
from-peer [ <from-peer1> <from-peer2>... ]

med <0-4294967295>
as-path
as-path
as-path regex <value>
community
community
community regex <value>
extended-community
extended-community
extended-community regex <value>
set network virtual-router <name> protocol bgp policy export rules <name> action
deny
allow
allow update
allow update local-preference <0-4294967295>

allow update med <0-4294967295>
allow update nexthop <ip/netmask>
allow update origin <igp|egp|incomplete>
allow update as-path-limit <1-255>
allow update as-path none
allow update as-path remove
allow update as-path prepend <1-255>
allow update as-path remove-and-prepend <1-255>
allow update community none
allow update community remove-all
allow update community remove-regex <value>
allow update community append [ <append1> <append2>... ]

allow update community overwrite [ <overwrite1> <overwrite2>... ]
allow update extended-community none
allow update extended-community remove-all
allow update extended-community remove-regex <value>
allow update extended-community append [ <append1> <append2>... ]
allow update extended-community overwrite [ <overwrite1> <overwrite2>... ]
set network virtual-router <name> protocol bgp policy conditional-advertisement
policy
policy <name>
policy <name> enable <yes|no>
policy <name> used-by [ <used-by1> <used-by2>... ]
policy <name> non-exist-filters
policy <name> non-exist-filters <name>
policy <name> non-exist-filters <name> enable <yes|no>

policy <name> non-exist-filters <name> match
policy <name> non-exist-filters <name> match route-table <unicast|multicast|both
>
policy <name> non-exist-filters <name> match address-prefix
policy <name> non-exist-filters <name> match address-prefix <name>
policy <name> non-exist-filters <name> match nexthop [ <nexthop1> <nexthop2>...
policy <name> non-exist-filters <name> match from-peer [ <from-peer1> <from-pee
r2>... ]
policy <name> non-exist-filters <name> match med <0-4294967295>
policy <name> non-exist-filters <name> match as-path regex <value>
policy <name> non-exist-filters <name> match community regex <value>

policy <name> non-exist-filters <name> match extended-community regex <value>
policy <name> advertise-filters
policy <name> advertise-filters <name>
policy <name> advertise-filters <name> enable <yes|no>
policy <name> advertise-filters <name> match
policy <name> advertise-filters <name> match route-table <unicast|multicast|both
>
policy <name> advertise-filters <name> match address-prefix
policy <name> advertise-filters <name> match address-prefix <name>
policy <name> advertise-filters <name> match nexthop [ <nexthop1> <nexthop2>...
policy <name> advertise-filters <name> match from-peer [ <from-peer1> <from-pee
r2>... ]
policy <name> advertise-filters <name> match med <0-4294967295>
policy <name> advertise-filters <name> match as-path regex <value>

policy <name> advertise-filters <name> match community regex <value>
policy <name> advertise-filters <name> match extended-community regex <value>
set network virtual-router <name> protocol bgp policy aggregation
set network virtual-router <name> protocol bgp policy aggregation address
set network virtual-router <name> protocol bgp policy aggregation address <name>
prefix <ip/netmask>
enable <yes|no>
summary <yes|no>
as-set <yes|no>
aggregate-route-attributes
aggregate-route-attributes local-preference <0-4294967295>
aggregate-route-attributes med <0-4294967295>
aggregate-route-attributes weight <0-65535>
aggregate-route-attributes nexthop <ip/netmask>
aggregate-route-attributes origin <igp|egp|incomplete>
aggregate-route-attributes as-path-limit <1-255>
aggregate-route-attributes as-path
aggregate-route-attributes as-path
aggregate-route-attributes as-path none
aggregate-route-attributes as-path prepend <1-255>
aggregate-route-attributes community
aggregate-route-attributes community
aggregate-route-attributes community none
aggregate-route-attributes community remove-all
aggregate-route-attributes community remove-regex <value>
aggregate-route-attributes community append [ <append1> <append2>... ]
aggregate-route-attributes community overwrite [ <overwrite1> <overwrite2>...
aggregate-route-attributes extended-community
aggregate-route-attributes extended-community
aggregate-route-attributes extended-community none
aggregate-route-attributes extended-community remove-all
aggregate-route-attributes extended-community remove-regex <value>
aggregate-route-attributes extended-community append [ <append1> <append2>...
aggregate-route-attributes extended-community overwrite [ <overwrite1> <overwr
ite2>... ]
suppress-filters
suppress-filters <name>
suppress-filters <name> enable <yes|no>
suppress-filters <name> match
suppress-filters <name> match route-table <unicast|multicast|both>
suppress-filters <name> match address-prefix
suppress-filters <name> match address-prefix <name>
suppress-filters <name> match address-prefix <name> exact <yes|no>
suppress-filters <name> match nexthop [ <nexthop1> <nexthop2>... ]
suppress-filters <name> match from-peer [ <from-peer1> <from-peer2>... ]

suppress-filters <name> match med <0-4294967295>
suppress-filters <name> match as-path
suppress-filters <name> match as-path
suppress-filters <name> match as-path regex <value>
suppress-filters <name> match community
suppress-filters <name> match community
suppress-filters <name> match community regex <value>
suppress-filters <name> match extended-community
suppress-filters <name> match extended-community
suppress-filters <name> match extended-community regex <value>
advertise-filters
advertise-filters <name>
advertise-filters <name> enable <yes|no>
advertise-filters <name> match
advertise-filters <name> match route-table <unicast|multicast|both>
advertise-filters <name> match address-prefix

advertise-filters <name> match address-prefix <name>
advertise-filters <name> match address-prefix <name> exact <yes|no>
advertise-filters <name> match nexthop [ <nexthop1> <nexthop2>... ]
advertise-filters <name> match from-peer [ <from-peer1> <from-peer2>... ]
advertise-filters <name> match med <0-4294967295>
advertise-filters <name> match as-path
advertise-filters <name> match as-path
advertise-filters <name> match as-path regex <value>
advertise-filters <name> match community
advertise-filters <name> match community
advertise-filters <name> match community regex <value>
advertise-filters <name> match extended-community
advertise-filters <name> match extended-community
advertise-filters <name> match extended-community regex <value>
set network virtual-router <name> protocol bgp redist-rules
set network virtual-router <name> protocol bgp redist-rules <name>
set network virtual-router <name> protocol bgp redist-rules <name> address-famil
y-identifier <ipv4|ipv6>
set network virtual-router <name> protocol bgp redist-rules <name> route-table <
unicast|multicast|both>
set network virtual-router <name> protocol bgp redist-rules <name> enable <yes|n
o>
set network virtual-router <name> protocol bgp redist-rules <name> set-origin 
set network virtual-router <name> protocol bgp redist-rules <name> set-med <0-42
94967295>
set network virtual-router <name> protocol bgp redist-rules <name> set-local-pre
ference <0-4294967295>
set network virtual-router <name> protocol bgp redist-rules <name> set-as-path-l
imit <1-255>
set network virtual-router <name> protocol bgp redist-rules <name> set-community
[ <set-community1> <set-community2>... ]
set network virtual-router <name> protocol bgp redist-rules <name> set-extended-
community [ <set-extended-community1> <set-extended-community2>... ]
set network virtual-router <name> protocol bgp redist-rules <name> metric <1-655
35>
set network virtual-router <name> admin-dists
set network virtual-router <name> admin-dists static <10-240>
set network virtual-router <name> admin-dists static-ipv6 <10-240>
set network virtual-router <name> admin-dists ospf-int <10-240>
set network virtual-router <name> admin-dists ospf-ext <10-240>
set network virtual-router <name> admin-dists ospfv3-int <10-240>
set network virtual-router <name> admin-dists ospfv3-ext <10-240>
set network virtual-router <name> admin-dists ibgp <10-240>
set network virtual-router <name> admin-dists ebgp <10-240>
set network virtual-router <name> admin-dists rip <10-240>
set network virtual-router <name> ecmp
set network virtual-router <name> ecmp enable <yes|no>
set network virtual-router <name> ecmp algorithm
set network virtual-router <name> ecmp algorithm

set network virtual-router <name> ecmp algorithm ip-modulo
set network virtual-router <name> ecmp algorithm ip-hash
set network virtual-router <name> ecmp algorithm ip-hash src-only <yes|no>
set network virtual-router <name> ecmp algorithm ip-hash use-port <yes|no>
set network virtual-router <name> ecmp algorithm ip-hash hash-seed <0-4294967295
>
set network virtual-router <name> ecmp algorithm weighted-round-robin
set network virtual-router <name> ecmp algorithm weighted-round-robin interface
<name>
<name> weight <1-255>
set network virtual-router <name> ecmp algorithm balanced-round-robin
set network virtual-router <name> ecmp max-path <2-4>
set network virtual-router <name> ecmp symmetric-return <yes|no>
set network virtual-router <name> ecmp strict-source-path <yes|no>
set network dns-proxy
set network dns-proxy <name>
set network dns-proxy <name> enabled <yes|no>
set network dns-proxy <name> interface [ <interface1> <interface2>... ]
set network dns-proxy <name> default
set network dns-proxy <name> default inheritance
set network dns-proxy <name> default inheritance source <value>
set network dns-proxy <name> default primary <validate>|<ip/netmask>|<inherited>
set network dns-proxy <name> default secondary <validate>|<ip/netmask>|<inherite
d>
set network dns-proxy <name> domain-servers
set network dns-proxy <name> domain-servers <name>
set network dns-proxy <name> domain-servers <name> cacheable <yes|no>
set network dns-proxy <name> domain-servers <name> domain-name [ <domain-name1>
<domain-name2>... ]
set network dns-proxy <name> domain-servers <name> primary <ip/netmask>

set network dns-proxy <name> domain-servers <name> secondary <ip/netmask>
set network dns-proxy <name> cache
set network dns-proxy <name> cache enabled <yes|no>
set network dns-proxy <name> cache cache-edns <yes|no>
set network dns-proxy <name> cache max-ttl
set network dns-proxy <name> cache max-ttl enabled <yes|no>
set network dns-proxy <name> cache max-ttl time-to-live <60-86400>
set network dns-proxy <name> static-entries
set network dns-proxy <name> static-entries <name>
set network dns-proxy <name> static-entries <name> domain <value>
set network dns-proxy <name> static-entries <name> address [ <address1> <addres
s2>... ]
set network dns-proxy <name> tcp-queries
set network dns-proxy <name> tcp-queries enabled <yes|no>
set network dns-proxy <name> tcp-queries max-pending-requests <64-256>
set network dns-proxy <name> udp-queries
set network dns-proxy <name> udp-queries retries
set network dns-proxy <name> udp-queries retries interval <1-30>
set network dns-proxy <name> udp-queries retries attempts <1-30>
set network dhcp
set network dhcp interface
set network dhcp interface <name>
set network dhcp interface <name>
set network dhcp interface <name> server
set network dhcp interface <name> server mode <enabled|disabled|auto>
set network dhcp interface <name> server probe-ip <yes|no>
set network dhcp interface <name> server option
set network dhcp interface <name> server option lease
set network dhcp interface <name> server option lease unlimited
set network dhcp interface <name> server option lease timeout <0-1000000>
set network dhcp interface <name> server option inheritance
set network dhcp interface <name> server option inheritance source <value>
set network dhcp interface <name> server option gateway <ip/netmask>
set network dhcp interface <name> server option subnet-mask <value>
set network dhcp interface <name> server option dns
set network dhcp interface <name> server option dns primary <ip/netmask>|<inheri
ted>
set network dhcp interface <name> server option dns secondary <ip/netmask>|<inhe
rited>
set network dhcp interface <name> server option wins
set network dhcp interface <name> server option wins primary <ip/netmask>|<inher
ited>
set network dhcp interface <name> server option wins secondary <ip/netmask>|<inh
erited>
set network dhcp interface <name> server option nis
set network dhcp interface <name> server option nis primary <ip/netmask>|<inheri
ted>
set network dhcp interface <name> server option nis secondary <ip/netmask>|<inhe
rited>
set network dhcp interface <name> server option ntp
set network dhcp interface <name> server option ntp primary <ip/netmask>|<inheri
ted>
set network dhcp interface <name> server option ntp secondary <ip/netmask>|<inhe
rited>
set network dhcp interface <name> server option pop3-server <ip/netmask>|<inheri
ted>
set network dhcp interface <name> server option smtp-server <ip/netmask>|<inheri
ted>
set network dhcp interface <name> server option dns-suffix <value>|<inherited>
set network dhcp interface <name> server option user-defined
set network dhcp interface <name> server option user-defined <name>
set network dhcp interface <name> server option user-defined <name> code <1-254>
set network dhcp interface <name> server option user-defined <name> vendor-class
-identifier <value>
set network dhcp interface <name> server option user-defined <name> inherited <y
es|no>
set network dhcp interface <name> server option user-defined <name>
set network dhcp interface <name> server option user-defined <name> ip [ <ip1>
<ip2>... ]
set network dhcp interface <name> server option user-defined <name> ascii [ <as
cii1> <ascii2>... ]
set network dhcp interface <name> server option user-defined <name> hex [ <hex1
> <hex2>... ]
set network dhcp interface <name> server ip-pool [ <ip-pool1> <ip-pool2>... ]
set network dhcp interface <name> server reserved
set network dhcp interface <name> server reserved <name>
set network dhcp interface <name> server reserved <name> mac <value>
set network dhcp interface <name> relay
set network dhcp interface <name> relay ip
set network dhcp interface <name> relay ip enabled <yes|no>
set network dhcp interface <name> relay ip server [ <server1> <server2>... ]
set network dhcp interface <name> relay ipv6
set network dhcp interface <name> relay ipv6 enabled <yes|no>
set network dhcp interface <name> relay ipv6 server
set network dhcp interface <name> relay ipv6 server <name>
set network dhcp interface <name> relay ipv6 server <name> interface <value>
set network shared-gateway
set network shared-gateway <name>
set network shared-gateway <name> display-name <value>
set network shared-gateway <name> import
set network shared-gateway <name> import dns-proxy <value>
set network shared-gateway <name> import network
set network shared-gateway <name> import network interface [ <interface1> <inte
rface2>... ]
set network shared-gateway <name> zone
set network shared-gateway <name> zone <name>

set network shared-gateway <name> zone <name> network
set network shared-gateway <name> zone <name> network zone-protection-profile <v
alue>
set network shared-gateway <name> zone <name> network enable-packet-buffer-prote
ction <yes|no>
set network shared-gateway <name> zone <name> network log-setting <value>
set network shared-gateway <name> zone <name> network
set network shared-gateway <name> zone <name> network layer3 [ <layer31> <layer
32>... ]
set network shared-gateway <name> zone <name> network external [ <external1> <e
xternal2>... ]
set network shared-gateway <name> zone <name> user-acl
set network shared-gateway <name> zone <name> user-acl include-list [ <include-
list1> <include-list2>... ]
set network shared-gateway <name> zone <name> user-acl exclude-list [ <exclude-
list1> <exclude-list2>... ]
set network shared-gateway <name> address
set network shared-gateway <name> address <name>
set network shared-gateway <name> address <name> description <value>
set network shared-gateway <name> address <name>
set network shared-gateway <name> address <name> ip-netmask <ip/netmask>
set network shared-gateway <name> address <name> ip-range <ip-range>
set network shared-gateway <name> address <name> fqdn <value>
set network shared-gateway <name> address <name> tag [ <tag1> <tag2>... ]
set network shared-gateway <name> address-group
set network shared-gateway <name> address-group <name>
set network shared-gateway <name> address-group <name> description <value>
set network shared-gateway <name> address-group <name>
set network shared-gateway <name> address-group <name> static [ <static1> <stat
ic2>... ]
set network shared-gateway <name> address-group <name> dynamic
set network shared-gateway <name> address-group <name> dynamic filter <value>

set network shared-gateway <name> address-group <name> tag [ <tag1> <tag2>... ]
set network shared-gateway <name> service
set network shared-gateway <name> service <name>
set network shared-gateway <name> service <name> description <value>
set network shared-gateway <name> service <name> protocol
set network shared-gateway <name> service <name> protocol tcp
set network shared-gateway <name> service <name> protocol tcp port <0-65535,...>
set network shared-gateway <name> service <name> protocol tcp source-port <0-655
35,...>
set network shared-gateway <name> service <name> protocol tcp override
set network shared-gateway <name> service <name> protocol tcp override no
set network shared-gateway <name> service <name> protocol tcp override yes
set network shared-gateway <name> service <name> protocol tcp override yes timeo
ut <1-604800>
set network shared-gateway <name> service <name> protocol tcp override yes halfc
lose-timeout <1-604800>
set network shared-gateway <name> service <name> protocol tcp override yes timew
ait-timeout <1-600>
set network shared-gateway <name> service <name> protocol udp
set network shared-gateway <name> service <name> protocol udp port <0-65535,...>
set network shared-gateway <name> service <name> protocol udp source-port <0-655
35,...>
set network shared-gateway <name> service <name> protocol udp override
set network shared-gateway <name> service <name> protocol udp override no
set network shared-gateway <name> service <name> protocol udp override yes
set network shared-gateway <name> service <name> protocol udp override yes timeo
ut <1-604800>
set network shared-gateway <name> service <name> protocol sctp
set network shared-gateway <name> service <name> protocol sctp port <0-65535,...
>
set network shared-gateway <name> service <name> protocol sctp source-port <0-65
535,...>
set network shared-gateway <name> service <name> tag [ <tag1> <tag2>... ]
set network shared-gateway <name> service-group
set network shared-gateway <name> service-group <name>
set network shared-gateway <name> service-group <name> members [ <members1> <me
mbers2>... ]
set network shared-gateway <name> service-group <name> tag [ <tag1> <tag2>... ]
set network shared-gateway <name> tag
set network shared-gateway <name> tag <name>
set network shared-gateway <name> tag <name> color <color1|color2|color3|color4|
color5|color6|color7|color8|color9|color10|color11|color12|color13|color14|color
15|color16|color17|color19|color20|color21|color22|color23|color24|color25|color
26|color27|color28|color29|color30|color31|color32|color33|color34|color35|color
36|color37|color38|color39|color40|color41|color42>
set network shared-gateway <name> tag <name> comments <value>
set network shared-gateway <name> log-settings
set network shared-gateway <name> log-settings snmptrap
set network shared-gateway <name> log-settings snmptrap <name>
set network shared-gateway <name> log-settings snmptrap <name> version
set network shared-gateway <name> log-settings snmptrap <name> version v2c
set network shared-gateway <name> log-settings snmptrap <name> version v2c serve
r <name>
r <name> manager <ip/netmask>|<value>
r <name> community <value>
set network shared-gateway <name> log-settings snmptrap <name> version v3
set network shared-gateway <name> log-settings snmptrap <name> version v3 server
<name>
<name> manager <ip/netmask>|<value>
<name> user <value>
<name> engineid <value>
<name> authpwd <value>
<name> privpwd <value>
set network shared-gateway <name> log-settings email
set network shared-gateway <name> log-settings email <name>
set network shared-gateway <name> log-settings email <name> server
set network shared-gateway <name> log-settings email <name> server <name>
set network shared-gateway <name> log-settings email <name> server <name> displa
y-name <value>
set network shared-gateway <name> log-settings email <name> server <name> from <
value>
set network shared-gateway <name> log-settings email <name> server <name> to <va
lue>
set network shared-gateway <name> log-settings email <name> server <name> and-al
so-to <value>
set network shared-gateway <name> log-settings email <name> server <name> gatewa
y <value>
set network shared-gateway <name> log-settings email <name> format
set network shared-gateway <name> log-settings email <name> format traffic <valu
e>
set network shared-gateway <name> log-settings email <name> format threat <value
>
set network shared-gateway <name> log-settings email <name> format wildfire <val
ue>
set network shared-gateway <name> log-settings email <name> format url <value>
set network shared-gateway <name> log-settings email <name> format data <value>
set network shared-gateway <name> log-settings email <name> format tunnel <value
>
set network shared-gateway <name> log-settings email <name> format auth <value>
set network shared-gateway <name> log-settings email <name> format userid <value
>
set network shared-gateway <name> log-settings email <name> format config <value
>
set network shared-gateway <name> log-settings email <name> format system <value
>
set network shared-gateway <name> log-settings email <name> format hip-match <va
lue>
set network shared-gateway <name> log-settings email <name> format correlation <
value>
set network shared-gateway <name> log-settings email <name> format escaping
set network shared-gateway <name> log-settings email <name> format escaping esca
ped-characters <value>
set network shared-gateway <name> log-settings email <name> format escaping esca
pe-character <value>
set network shared-gateway <name> log-settings syslog
set network shared-gateway <name> log-settings syslog <name>
set network shared-gateway <name> log-settings syslog <name> server
set network shared-gateway <name> log-settings syslog <name> server <name>
set network shared-gateway <name> log-settings syslog <name> server <name> serve
r <value>
set network shared-gateway <name> log-settings syslog <name> server <name> trans
port <UDP|TCP|SSL>
set network shared-gateway <name> log-settings syslog <name> server <name> port
<1-65535>
set network shared-gateway <name> log-settings syslog <name> server <name> forma
t <BSD|IETF>
set network shared-gateway <name> log-settings syslog <name> server <name> facil
ity <LOG_USER|LOG_LOCAL0|LOG_LOCAL1|LOG_LOCAL2|LOG_LOCAL3|LOG_LOCAL4|LOG_LOCAL5|
LOG_LOCAL6|LOG_LOCAL7>
set network shared-gateway <name> log-settings syslog <name> format
set network shared-gateway <name> log-settings syslog <name> format traffic <val
ue>
set network shared-gateway <name> log-settings syslog <name> format threat <valu
e>
set network shared-gateway <name> log-settings syslog <name> format wildfire <va
lue>
set network shared-gateway <name> log-settings syslog <name> format url <value>
set network shared-gateway <name> log-settings syslog <name> format data <value>
set network shared-gateway <name> log-settings syslog <name> format tunnel <valu
e>
set network shared-gateway <name> log-settings syslog <name> format auth <value>
set network shared-gateway <name> log-settings syslog <name> format userid <valu
e>
set network shared-gateway <name> log-settings syslog <name> format config <valu
e>
set network shared-gateway <name> log-settings syslog <name> format system <valu
e>
set network shared-gateway <name> log-settings syslog <name> format hip-match <v
alue>
set network shared-gateway <name> log-settings syslog <name> format correlation
<value>
set network shared-gateway <name> log-settings syslog <name> format escaping
set network shared-gateway <name> log-settings syslog <name> format escaping esc
aped-characters <value>
set network shared-gateway <name> log-settings syslog <name> format escaping esc
ape-character <value>
set network shared-gateway <name> log-settings http
set network shared-gateway <name> log-settings http <name>
set network shared-gateway <name> log-settings http <name> tag-registration <yes

|no>
set network shared-gateway <name> log-settings http <name> server
set network shared-gateway <name> log-settings http <name> server <name>
set network shared-gateway <name> log-settings http <name> server <name> address
<value>
set network shared-gateway <name> log-settings http <name> server <name> protoco
l <HTTP|HTTPS>
set network shared-gateway <name> log-settings http <name> server <name> port <1
-65535>
set network shared-gateway <name> log-settings http <name> server <name> http-me
thod <value>
set network shared-gateway <name> log-settings http <name> server <name> usernam
e <value>
set network shared-gateway <name> log-settings http <name> server <name> passwor
d <value>
set network shared-gateway <name> log-settings http <name> format
set network shared-gateway <name> log-settings http <name> format config
set network shared-gateway <name> log-settings http <name> format config name <v
alue>
set network shared-gateway <name> log-settings http <name> format config url-for
mat <value>
set network shared-gateway <name> log-settings http <name> format config headers
<name>
<name> value <value>
set network shared-gateway <name> log-settings http <name> format config params
<name>

set network shared-gateway <name> log-settings http <name> format config payload
<value>
set network shared-gateway <name> log-settings http <name> format system
set network shared-gateway <name> log-settings http <name> format system name <v
alue>
set network shared-gateway <name> log-settings http <name> format system url-for
mat <value>
set network shared-gateway <name> log-settings http <name> format system headers
<name>
set network shared-gateway <name> log-settings http <name> format system params
<name>
set network shared-gateway <name> log-settings http <name> format system payload
<value>
set network shared-gateway <name> log-settings http <name> format traffic
set network shared-gateway <name> log-settings http <name> format traffic name <
value>
set network shared-gateway <name> log-settings http <name> format traffic url-fo
rmat <value>
set network shared-gateway <name> log-settings http <name> format traffic header
s <name>
s <name> value <value>
set network shared-gateway <name> log-settings http <name> format traffic params
<name>
set network shared-gateway <name> log-settings http <name> format traffic payloa
d <value>
set network shared-gateway <name> log-settings http <name> format threat
set network shared-gateway <name> log-settings http <name> format threat name <v
alue>
set network shared-gateway <name> log-settings http <name> format threat url-for
mat <value>
set network shared-gateway <name> log-settings http <name> format threat headers
<name>
set network shared-gateway <name> log-settings http <name> format threat params
<name>
set network shared-gateway <name> log-settings http <name> format threat payload
<value>
set network shared-gateway <name> log-settings http <name> format wildfire
set network shared-gateway <name> log-settings http <name> format wildfire name
<value>
set network shared-gateway <name> log-settings http <name> format wildfire url-f
ormat <value>
set network shared-gateway <name> log-settings http <name> format wildfire heade
rs
rs <name>
rs <name> value <value>
set network shared-gateway <name> log-settings http <name> format wildfire param
s <name>
s <name> value <value>
set network shared-gateway <name> log-settings http <name> format wildfire paylo
ad <value>
set network shared-gateway <name> log-settings http <name> format url
set network shared-gateway <name> log-settings http <name> format url name <valu
e>
set network shared-gateway <name> log-settings http <name> format url url-format
<value>
set network shared-gateway <name> log-settings http <name> format url headers
set network shared-gateway <name> log-settings http <name> format url headers <n
ame>
set network shared-gateway <name> log-settings http <name> format url headers <n
ame> value <value>
set network shared-gateway <name> log-settings http <name> format url params
set network shared-gateway <name> log-settings http <name> format url params <na
me>
set network shared-gateway <name> log-settings http <name> format url params <na
me> value <value>
set network shared-gateway <name> log-settings http <name> format url payload <v
alue>
set network shared-gateway <name> log-settings http <name> format data
set network shared-gateway <name> log-settings http <name> format data name <val
ue>
set network shared-gateway <name> log-settings http <name> format data url-forma
t <value>
set network shared-gateway <name> log-settings http <name> format data headers
set network shared-gateway <name> log-settings http <name> format data headers <
name>
set network shared-gateway <name> log-settings http <name> format data headers <
name> value <value>
set network shared-gateway <name> log-settings http <name> format data params
set network shared-gateway <name> log-settings http <name> format data params <n
ame>
set network shared-gateway <name> log-settings http <name> format data params <n
ame> value <value>
set network shared-gateway <name> log-settings http <name> format data payload <
value>
set network shared-gateway <name> log-settings http <name> format tunnel
set network shared-gateway <name> log-settings http <name> format tunnel name <v
alue>
set network shared-gateway <name> log-settings http <name> format tunnel url-for
mat <value>
set network shared-gateway <name> log-settings http <name> format tunnel headers
<name>
set network shared-gateway <name> log-settings http <name> format tunnel params
<name>
set network shared-gateway <name> log-settings http <name> format tunnel payload
<value>
set network shared-gateway <name> log-settings http <name> format auth
set network shared-gateway <name> log-settings http <name> format auth name <val
ue>
set network shared-gateway <name> log-settings http <name> format auth url-forma
t <value>
set network shared-gateway <name> log-settings http <name> format auth headers
set network shared-gateway <name> log-settings http <name> format auth headers <
name>
set network shared-gateway <name> log-settings http <name> format auth headers <
name> value <value>
set network shared-gateway <name> log-settings http <name> format auth params
set network shared-gateway <name> log-settings http <name> format auth params <n
ame>
set network shared-gateway <name> log-settings http <name> format auth params <n
ame> value <value>
set network shared-gateway <name> log-settings http <name> format auth payload <
value>
set network shared-gateway <name> log-settings http <name> format userid
set network shared-gateway <name> log-settings http <name> format userid name <v
alue>
set network shared-gateway <name> log-settings http <name> format userid url-for
mat <value>
set network shared-gateway <name> log-settings http <name> format userid headers
<name>
set network shared-gateway <name> log-settings http <name> format userid params
<name>
set network shared-gateway <name> log-settings http <name> format userid payload
<value>
set network shared-gateway <name> log-settings http <name> format hip-match
set network shared-gateway <name> log-settings http <name> format hip-match name
<value>
set network shared-gateway <name> log-settings http <name> format hip-match url-
format <value>
set network shared-gateway <name> log-settings http <name> format hip-match head
ers
ers <name>
ers <name> value <value>
set network shared-gateway <name> log-settings http <name> format hip-match para
ms
ms <name>
ms <name> value <value>
set network shared-gateway <name> log-settings http <name> format hip-match payl
oad <value>
set network shared-gateway <name> log-settings http <name> format correlation
set network shared-gateway <name> log-settings http <name> format correlation na
me <value>
set network shared-gateway <name> log-settings http <name> format correlation ur
l-format <value>
set network shared-gateway <name> log-settings http <name> format correlation he
aders
aders <name>

aders <name> value <value>
set network shared-gateway <name> log-settings http <name> format correlation pa
rams
rams <name>
rams <name> value <value>
yload <value>
set network shared-gateway <name> log-settings profiles
set network shared-gateway <name> log-settings profiles <name>
set network shared-gateway <name> log-settings profiles <name> description <valu
e>
set network shared-gateway <name> log-settings profiles <name> enhanced-applicat
ion-logging <yes|no>
set network shared-gateway <name> log-settings profiles <name> match-list
set network shared-gateway <name> log-settings profiles <name> match-list <name>
action-desc <value>
log-type <traffic|threat|wildfire|url|data|tunnel|auth>
filter <value>
send-to-panorama <yes|no>
send-snmptrap [ <send-snmptrap1> <send-snmptrap2>... ]
send-email [ <send-email1> <send-email2>... ]
send-syslog [ <send-syslog1> <send-syslog2>... ]

send-http [ <send-http1> <send-http2>... ]
actions
actions <name>
actions <name> type
actions <name> type tagging
actions <name> type tagging target <source-address|destination-address>
actions <name> type tagging action <add-tag|remove-tag>
actions <name> type tagging registration
actions <name> type tagging registration localhost
actions <name> type tagging registration panorama
actions <name> type tagging registration remote
actions <name> type tagging registration remote http-profile <value>
actions <name> type tagging tags [ <tags1> <tags2>... ]
set network shared-gateway <name> rulebase
set network shared-gateway <name> rulebase nat
set network shared-gateway <name> rulebase nat rules
set network shared-gateway <name> rulebase nat rules <name>
set network shared-gateway <name> rulebase nat rules <name> from [ <from1> <fro
m2>... ]
set network shared-gateway <name> rulebase nat rules <name> to [ <to1> <to2>...
set network shared-gateway <name> rulebase nat rules <name> source [ <source1>
<source2>... ]
set network shared-gateway <name> rulebase nat rules <name> destination [ <dest
ination1> <destination2>... ]
set network shared-gateway <name> rulebase nat rules <name> service <value>
set network shared-gateway <name> rulebase nat rules <name> nat-type <ipv4|nat64
|nptv6>
set network shared-gateway <name> rulebase nat rules <name> to-interface <value>
|<any>
set network shared-gateway <name> rulebase nat rules <name> source-translation
set network shared-gateway <name> rulebase nat rules <name> source-translation
set network shared-gateway <name> rulebase nat rules <name> source-translation d
ynamic-ip-and-port
ynamic-ip-and-port
ynamic-ip-and-port translated-address [ <translated-address1> <translated-addre
ss2>... ]
ynamic-ip-and-port interface-address
ynamic-ip-and-port interface-address interface <value>
ynamic-ip-and-port interface-address
ynamic-ip-and-port interface-address ip <value>
ynamic-ip-and-port interface-address floating-ip <value>
ynamic-ip
ynamic-ip translated-address [ <translated-address1> <translated-address2>... ]
ynamic-ip fallback
ynamic-ip fallback
ynamic-ip fallback translated-address [ <translated-address1> <translated-addre
ss2>... ]
ynamic-ip fallback interface-address
ynamic-ip fallback interface-address interface <value>
ynamic-ip fallback interface-address
ynamic-ip fallback interface-address ip <value>
ynamic-ip fallback interface-address floating-ip <value>
set network shared-gateway <name> rulebase nat rules <name> source-translation s
tatic-ip
tatic-ip translated-address <value>|<ip/netmask>|<ip-range>
tatic-ip bi-directional <yes|no>
set network shared-gateway <name> rulebase nat rules <name>
set network shared-gateway <name> rulebase nat rules <name> destination-translat
ion
ion translated-address <value>|<ip/netmask>|<ip-range>
ion translated-port <1-65535>

set network shared-gateway <name> rulebase nat rules <name> dynamic-destination-
translation
translation translated-address <value>|<ip/netmask>|<ip-range>
translation translated-port <1-65535>
translation distribution <round-robin>
set network shared-gateway <name> rulebase nat rules <name> active-active-device
-binding <primary|both|0|1>
set network shared-gateway <name> rulebase nat rules <name> tag [ <tag1> <tag2>
... ]
set network shared-gateway <name> rulebase nat rules <name> disabled <yes|no>
set network shared-gateway <name> rulebase nat rules <name> description <value>
set network shared-gateway <name> rulebase pbf
set network shared-gateway <name> rulebase pbf rules
set network shared-gateway <name> rulebase pbf rules <name>
set network shared-gateway <name> rulebase pbf rules <name> from
set network shared-gateway <name> rulebase pbf rules <name> from
set network shared-gateway <name> rulebase pbf rules <name> from zone [ <zone1>
<zone2>... ]
set network shared-gateway <name> rulebase pbf rules <name> from interface [ <interface2>... ]
set network shared-gateway <name> rulebase pbf rules <name> source [ <source1>
<source2>... ]
set network shared-gateway <name> rulebase pbf rules <name> source-user [ <sour
ce-user1> <source-user2>... ]
set network shared-gateway <name> rulebase pbf rules <name> destination [ <dest
ination1> <destination2>... ]
set network shared-gateway <name> rulebase pbf rules <name> service [ <service1
> <service2>... ]
set network shared-gateway <name> rulebase pbf rules <name> schedule <value>
set network shared-gateway <name> rulebase pbf rules <name> tag [ <tag1> <tag2>
... ]
set network shared-gateway <name> rulebase pbf rules <name> negate-source <yes|n
o>
set network shared-gateway <name> rulebase pbf rules <name> negate-destination <
yes|no>
set network shared-gateway <name> rulebase pbf rules <name> disabled <yes|no>
set network shared-gateway <name> rulebase pbf rules <name> description <value>
set network shared-gateway <name> rulebase pbf rules <name> application [ <appl
ication1> <application2>... ]
set network shared-gateway <name> rulebase pbf rules <name> action
set network shared-gateway <name> rulebase pbf rules <name> action
set network shared-gateway <name> rulebase pbf rules <name> action forward
set network shared-gateway <name> rulebase pbf rules <name> action forward egres
s-interface <value>
set network shared-gateway <name> rulebase pbf rules <name> action forward nexth
op
set network shared-gateway <name> rulebase pbf rules <name> action forward nexth
op ip-address <ip/netmask>
set network shared-gateway <name> rulebase pbf rules <name> action forward monit
or
or profile <value>
or disable-if-unreachable <yes|no>
or ip-address <ip/netmask>
set network shared-gateway <name> rulebase pbf rules <name> action forward-to-vs
ys <value>
set network shared-gateway <name> rulebase pbf rules <name> action discard
set network shared-gateway <name> rulebase pbf rules <name> action no-pbf
set network shared-gateway <name> rulebase pbf rules <name> enforce-symmetric-re

turn
turn enabled <yes|no>
turn nexthop-address-list
turn nexthop-address-list <name>
set network shared-gateway <name> rulebase pbf rules <name> active-active-device
-binding <both|0|1>
set network lldp
set network lldp enable <yes|no>
set network lldp transmit-interval <1-3600>
set network lldp transmit-delay <1-600>
set network lldp hold-time-multiple <1-100>
set network lldp notification-interval <1-3600>
set network lldp tx-credit-max <1-10>
set network lldp tx-fast-init <1-8>
set network lldp reinit-delay <1-10>
set network lldp msg-fast-tx <1-3600>
set network underlay-net
set network underlay-net ip-mapping
set network underlay-net ip-mapping <name>
set network underlay-net ip-mapping <name> overlay-ip <value>
set network underlay-net ip-mapping <name> underlay-ip <value>
set shared
set shared address
set shared address <name>
set shared address <name> description <value>
set shared address <name>
set shared address <name> ip-netmask <ip/netmask>
set shared address <name> ip-range <ip-range>
set shared address <name> fqdn <value>

set shared address <name> tag [ <tag1> <tag2>... ]
set shared address-group
set shared address-group <name>
set shared address-group <name> description <value>
set shared address-group <name>
set shared address-group <name> static [ <static1> <static2>... ]
set shared address-group <name> dynamic
set shared address-group <name> dynamic filter <value>
set shared address-group <name> tag [ <tag1> <tag2>... ]
set shared application
set shared application <name>
set shared application <name> default
set shared application <name> default port [ <port1> <port2>... ]
set shared application <name> default ident-by-ip-protocol <0-255,...>
set shared application <name> default ident-by-icmp-type
set shared application <name> default ident-by-icmp-type type <0-255,...>
set shared application <name> default ident-by-icmp-type code <0-255,...>
set shared application <name> default ident-by-icmp6-type
set shared application <name> default ident-by-icmp6-type type <0-255,...>
set shared application <name> default ident-by-icmp6-type code <0-255,...>
set shared application <name> category <value>
set shared application <name> subcategory <value>
set shared application <name> technology <value>
set shared application <name> description <value>
set shared application <name> timeout <0-604800>
set shared application <name> tcp-timeout <0-604800>
set shared application <name> udp-timeout <0-604800>
set shared application <name> tcp-half-closed-timeout <1-604800>
set shared application <name> tcp-time-wait-timeout <1-600>
set shared application <name> risk <1-5>
set shared application <name> evasive-behavior <yes|no>
set shared application <name> consume-big-bandwidth <yes|no>

set shared application <name> used-by-malware <yes|no>
set shared application <name> able-to-transfer-file <yes|no>
set shared application <name> has-known-vulnerability <yes|no>
set shared application <name> tunnel-other-application <yes|no>
set shared application <name> tunnel-applications <yes|no>
set shared application <name> prone-to-misuse <yes|no>
set shared application <name> pervasive-use <yes|no>
set shared application <name> file-type-ident <yes|no>
set shared application <name> virus-ident <yes|no>
set shared application <name> data-ident <yes|no>
set shared application <name> no-appid-caching <yes|no>
set shared application <name> alg-disable-capability <value>
set shared application <name> parent-app <value>
set shared application <name> signature
set shared application <name> signature <name>
set shared application <name> signature <name> comment <value>
set shared application <name> signature <name> scope <protocol-data-unit|session
>
set shared application <name> signature <name> order-free <yes|no>
set shared application <name> signature <name> and-condition
set shared application <name> signature <name> and-condition <name>
set shared application <name> signature <name> and-condition <name> or-condition
<name>
<name> operator
<name> operator pattern-match
<name> operator pattern-match context <value>

<name> operator pattern-match pattern <value>
<name> operator pattern-match qualifier
<name> operator pattern-match qualifier <name>
<name> operator pattern-match qualifier <name> value <1-127>|<value>
<name> operator greater-than
<name> operator greater-than context <value>
<name> operator greater-than value <0-4294967295>
<name> operator greater-than qualifier
<name> operator greater-than qualifier <name>
<name> operator greater-than qualifier <name> value <1-127>|<value>
<name> operator less-than
<name> operator less-than context <value>
<name> operator less-than value <0-4294967295>
<name> operator less-than qualifier
<name> operator less-than qualifier <name>
<name> operator less-than qualifier <name> value <1-127>|<value>

<name> operator equal-to
<name> operator equal-to context <value>|<unknown-req-tcp|unknown-rsp-tcp|unkno
wn-req-udp|unknown-rsp-udp>
<name> operator equal-to position <value>
<name> operator equal-to mask <value>
<name> operator equal-to value <value>
set shared application-filter
set shared application-filter <name>
set shared application-filter <name> category [ <category1> <category2>... ]
set shared application-filter <name> subcategory [ <subcategory1> <subcategory2
>... ]
set shared application-filter <name> technology [ <technology1> <technology2>..
.]
set shared application-filter <name> evasive <yes>
set shared application-filter <name> excessive-bandwidth-use <yes>
set shared application-filter <name> used-by-malware <yes>
set shared application-filter <name> transfers-files <yes>
set shared application-filter <name> has-known-vulnerabilities <yes>
set shared application-filter <name> tunnels-other-apps <yes>
set shared application-filter <name> prone-to-misuse <yes>
set shared application-filter <name> pervasive <yes>
set shared application-filter <name> is-saas <yes>
set shared application-filter <name> new-appid <yes>
set shared application-filter <name> risk [ <risk1> <risk2>... ]
set shared application-filter <name> saas-certifications [ <saas-certifications
1> <saas-certifications2>... ]
set shared application-filter <name> saas-risk [ <saas-risk1> <saas-risk2>... ]
set shared application-group

set shared application-group <name>
set shared application-group <name> members [ <members1> <members2>... ]
set shared service
set shared service <name>
set shared service <name> description <value>
set shared service <name> protocol
set shared service <name> protocol tcp
set shared service <name> protocol tcp port <0-65535,...>
set shared service <name> protocol tcp source-port <0-65535,...>
set shared service <name> protocol tcp override
set shared service <name> protocol tcp override no
set shared service <name> protocol tcp override yes
set shared service <name> protocol tcp override yes timeout <1-604800>
set shared service <name> protocol tcp override yes halfclose-timeout <1-604800>
set shared service <name> protocol tcp override yes timewait-timeout <1-600>
set shared service <name> protocol udp
set shared service <name> protocol udp port <0-65535,...>
set shared service <name> protocol udp source-port <0-65535,...>
set shared service <name> protocol udp override
set shared service <name> protocol udp override no
set shared service <name> protocol udp override yes
set shared service <name> protocol udp override yes timeout <1-604800>
set shared service <name> protocol sctp
set shared service <name> protocol sctp port <0-65535,...>
set shared service <name> protocol sctp source-port <0-65535,...>
set shared service <name> tag [ <tag1> <tag2>... ]
set shared service-group
set shared service-group <name>
set shared service-group <name> members [ <members1> <members2>... ]
set shared service-group <name> tag [ <tag1> <tag2>... ]
set shared profiles
set shared profiles hip-objects

set shared profiles hip-objects <name>
set shared profiles hip-objects <name> description <value>
set shared profiles hip-objects <name> host-info
set shared profiles hip-objects <name> host-info criteria
set shared profiles hip-objects <name> host-info criteria domain
set shared profiles hip-objects <name> host-info criteria domain
set shared profiles hip-objects <name> host-info criteria domain contains <value
>
set shared profiles hip-objects <name> host-info criteria domain is <value>
set shared profiles hip-objects <name> host-info criteria domain is-not <value>
set shared profiles hip-objects <name> host-info criteria os
set shared profiles hip-objects <name> host-info criteria os
set shared profiles hip-objects <name> host-info criteria os contains
set shared profiles hip-objects <name> host-info criteria os contains
set shared profiles hip-objects <name> host-info criteria os contains Microsoft
<value>
set shared profiles hip-objects <name> host-info criteria os contains Apple <val
ue>
set shared profiles hip-objects <name> host-info criteria os contains Google <va
lue>
set shared profiles hip-objects <name> host-info criteria os contains Linux <val
ue>
set shared profiles hip-objects <name> host-info criteria os contains Other <val
ue>
set shared profiles hip-objects <name> host-info criteria client-version
set shared profiles hip-objects <name> host-info criteria client-version
set shared profiles hip-objects <name> host-info criteria client-version contain
s <value>
set shared profiles hip-objects <name> host-info criteria client-version is <val
ue>
set shared profiles hip-objects <name> host-info criteria client-version is-not
<value>
set shared profiles hip-objects <name> host-info criteria host-name
set shared profiles hip-objects <name> host-info criteria host-name
set shared profiles hip-objects <name> host-info criteria host-name contains <va
lue>
set shared profiles hip-objects <name> host-info criteria host-name is <value>
set shared profiles hip-objects <name> host-info criteria host-name is-not <valu
e>
set shared profiles hip-objects <name> host-info criteria host-id
set shared profiles hip-objects <name> host-info criteria host-id
set shared profiles hip-objects <name> host-info criteria host-id contains <valu
e>
set shared profiles hip-objects <name> host-info criteria host-id is <value>
set shared profiles hip-objects <name> host-info criteria host-id is-not <value>
set shared profiles hip-objects <name> network-info
set shared profiles hip-objects <name> network-info criteria
set shared profiles hip-objects <name> network-info criteria network
set shared profiles hip-objects <name> network-info criteria network is
set shared profiles hip-objects <name> network-info criteria network is wifi
set shared profiles hip-objects <name> network-info criteria network is wifi ssi
d <value>
set shared profiles hip-objects <name> network-info criteria network is mobile
set shared profiles hip-objects <name> network-info criteria network is mobile c
arrier <value>
set shared profiles hip-objects <name> network-info criteria network is unknown
set shared profiles hip-objects <name> network-info criteria network is-not
set shared profiles hip-objects <name> network-info criteria network is-not wifi
set shared profiles hip-objects <name> network-info criteria network is-not wifi
ssid <value>
set shared profiles hip-objects <name> network-info criteria network is-not mobi
le
set shared profiles hip-objects <name> network-info criteria network is-not mobi
le carrier <value>
set shared profiles hip-objects <name> network-info criteria network is-not ethe
rnet
set shared profiles hip-objects <name> network-info criteria network is-not unkn
own
set shared profiles hip-objects <name> patch-management
set shared profiles hip-objects <name> patch-management criteria
set shared profiles hip-objects <name> patch-management criteria is-installed <y
es|no>
set shared profiles hip-objects <name> patch-management criteria is-enabled <no|
yes|not-available>
set shared profiles hip-objects <name> patch-management criteria missing-patches
severity
severity
severity greater-equal <0-100000>
severity greater-than <0-100000>
severity is <0-100000>
severity is-not <0-100000>
severity less-equal <0-100000>
severity less-than <0-100000>
patches [ <patches1> <patches2>... ]

check <has-any|has-none|has-all>
set shared profiles hip-objects <name> patch-management vendor
set shared profiles hip-objects <name> patch-management vendor <name>
set shared profiles hip-objects <name> patch-management vendor <name> product [
<product1> <product2>... ]
set shared profiles hip-objects <name> patch-management exclude-vendor <yes|no>
set shared profiles hip-objects <name> data-loss-prevention
set shared profiles hip-objects <name> data-loss-prevention criteria
set shared profiles hip-objects <name> data-loss-prevention criteria is-installe
d <yes|no>
set shared profiles hip-objects <name> data-loss-prevention criteria is-enabled
<no|yes|not-available>
set shared profiles hip-objects <name> data-loss-prevention vendor
set shared profiles hip-objects <name> data-loss-prevention vendor <name>
set shared profiles hip-objects <name> data-loss-prevention vendor <name> produc
t [ <product1> <product2>... ]
set shared profiles hip-objects <name> data-loss-prevention exclude-vendor <yes|
no>
set shared profiles hip-objects <name> firewall
set shared profiles hip-objects <name> firewall criteria
set shared profiles hip-objects <name> firewall criteria is-installed <yes|no>
set shared profiles hip-objects <name> firewall criteria is-enabled <no|yes|not-
available>
set shared profiles hip-objects <name> firewall vendor
set shared profiles hip-objects <name> firewall vendor <name>
set shared profiles hip-objects <name> firewall vendor <name> product [ <produc
t1> <product2>... ]
set shared profiles hip-objects <name> firewall exclude-vendor <yes|no>
set shared profiles hip-objects <name> anti-malware
set shared profiles hip-objects <name> anti-malware criteria
set shared profiles hip-objects <name> anti-malware criteria virdef-version
set shared profiles hip-objects <name> anti-malware criteria virdef-version

set shared profiles hip-objects <name> anti-malware criteria virdef-version with
in
in days <1-65535>
in versions <1-65535>
set shared profiles hip-objects <name> anti-malware criteria virdef-version not-
within
within days <1-65535>
within versions <1-65535>
set shared profiles hip-objects <name> anti-malware criteria product-version
set shared profiles hip-objects <name> anti-malware criteria product-version
set shared profiles hip-objects <name> anti-malware criteria product-version gre
ater-equal <value>
set shared profiles hip-objects <name> anti-malware criteria product-version gre
ater-than <value>
set shared profiles hip-objects <name> anti-malware criteria product-version is
<value>
set shared profiles hip-objects <name> anti-malware criteria product-version is-
not <value>
set shared profiles hip-objects <name> anti-malware criteria product-version les
s-equal <value>
set shared profiles hip-objects <name> anti-malware criteria product-version les
s-than <value>
set shared profiles hip-objects <name> anti-malware criteria product-version con
tains <value>
set shared profiles hip-objects <name> anti-malware criteria product-version wit
hin
set shared profiles hip-objects <name> anti-malware criteria product-version wit
hin versions <1-65535>

set shared profiles hip-objects <name> anti-malware criteria product-version not
-within
set shared profiles hip-objects <name> anti-malware criteria product-version not
-within versions <1-65535>
set shared profiles hip-objects <name> anti-malware criteria is-installed <yes|n
o>
set shared profiles hip-objects <name> anti-malware criteria real-time-protectio
n <no|yes|not-available>
set shared profiles hip-objects <name> anti-malware criteria last-scan-time
set shared profiles hip-objects <name> anti-malware criteria last-scan-time
set shared profiles hip-objects <name> anti-malware criteria last-scan-time not-
available
set shared profiles hip-objects <name> anti-malware criteria last-scan-time with
in
in days <1-65535>
in hours <1-65535>
within
within hours <1-65535>
set shared profiles hip-objects <name> anti-malware vendor
set shared profiles hip-objects <name> anti-malware vendor <name>
set shared profiles hip-objects <name> anti-malware vendor <name> product [ <pr
oduct1> <product2>... ]
set shared profiles hip-objects <name> anti-malware exclude-vendor <yes|no>
set shared profiles hip-objects <name> disk-backup
set shared profiles hip-objects <name> disk-backup criteria
set shared profiles hip-objects <name> disk-backup criteria is-installed <yes|no

>
set shared profiles hip-objects <name> disk-backup criteria last-backup-time
set shared profiles hip-objects <name> disk-backup criteria last-backup-time
set shared profiles hip-objects <name> disk-backup criteria last-backup-time not
-available
set shared profiles hip-objects <name> disk-backup criteria last-backup-time wit
hin
hin days <1-65535>
hin hours <1-65535>
-within
-within days <1-65535>
-within hours <1-65535>
set shared profiles hip-objects <name> disk-backup vendor
set shared profiles hip-objects <name> disk-backup vendor <name>
set shared profiles hip-objects <name> disk-backup vendor <name> product [ <pro
duct1> <product2>... ]
set shared profiles hip-objects <name> disk-backup exclude-vendor <yes|no>
set shared profiles hip-objects <name> disk-encryption
set shared profiles hip-objects <name> disk-encryption criteria
set shared profiles hip-objects <name> disk-encryption criteria is-installed <ye
s|no>
set shared profiles hip-objects <name> disk-encryption criteria encrypted-locati
ons
ons <name>
ons <name> encryption-state

ons <name> encryption-state is <full|none|partial|not-available>
ons <name> encryption-state is-not <full|none|partial|not-available>
set shared profiles hip-objects <name> disk-encryption vendor
set shared profiles hip-objects <name> disk-encryption vendor <name>
set shared profiles hip-objects <name> disk-encryption vendor <name> product [
set shared profiles hip-objects <name> disk-encryption exclude-vendor <yes|no>
set shared profiles hip-objects <name> custom-checks
set shared profiles hip-objects <name> custom-checks criteria
set shared profiles hip-objects <name> custom-checks criteria process-list
set shared profiles hip-objects <name> custom-checks criteria process-list <name
>
set shared profiles hip-objects <name> custom-checks criteria process-list <name
> running <yes|no>
set shared profiles hip-objects <name> custom-checks criteria registry-key
set shared profiles hip-objects <name> custom-checks criteria registry-key <name
>
> default-value-data <value>
> negate <yes|no>
> registry-value
> registry-value <name>
> registry-value <name> value-data <value>
> registry-value <name> negate <yes|no>
set shared profiles hip-objects <name> custom-checks criteria plist

set shared profiles hip-objects <name> custom-checks criteria plist <name>
set shared profiles hip-objects <name> custom-checks criteria plist <name> negat
e <yes|no>
set shared profiles hip-objects <name> custom-checks criteria plist <name> key
set shared profiles hip-objects <name> custom-checks criteria plist <name> key <
name>
name> value <value>
name> negate <yes|no>
set shared profiles hip-objects <name> mobile-device
set shared profiles hip-objects <name> mobile-device criteria
set shared profiles hip-objects <name> mobile-device criteria jailbroken <no|yes
>
set shared profiles hip-objects <name> mobile-device criteria disk-encrypted <no
|yes>
set shared profiles hip-objects <name> mobile-device criteria passcode-set <no|y
es>
set shared profiles hip-objects <name> mobile-device criteria managed-by-mdm <no
|yes>
set shared profiles hip-objects <name> mobile-device criteria last-checkin-time
within
within days <1-365>
not-within
not-within days <1-365>
set shared profiles hip-objects <name> mobile-device criteria imei
set shared profiles hip-objects <name> mobile-device criteria imei

set shared profiles hip-objects <name> mobile-device criteria imei contains <val
ue>
set shared profiles hip-objects <name> mobile-device criteria imei is <value>
set shared profiles hip-objects <name> mobile-device criteria imei is-not <value
>
set shared profiles hip-objects <name> mobile-device criteria model
set shared profiles hip-objects <name> mobile-device criteria model
set shared profiles hip-objects <name> mobile-device criteria model contains <va
lue>
set shared profiles hip-objects <name> mobile-device criteria model is <value>
set shared profiles hip-objects <name> mobile-device criteria model is-not <valu
e>
set shared profiles hip-objects <name> mobile-device criteria phone-number
set shared profiles hip-objects <name> mobile-device criteria phone-number
set shared profiles hip-objects <name> mobile-device criteria phone-number conta
ins <value>
set shared profiles hip-objects <name> mobile-device criteria phone-number is <v
alue>
set shared profiles hip-objects <name> mobile-device criteria phone-number is-no
t <value>
set shared profiles hip-objects <name> mobile-device criteria serial-number
set shared profiles hip-objects <name> mobile-device criteria serial-number
set shared profiles hip-objects <name> mobile-device criteria serial-number cont
ains <value>
set shared profiles hip-objects <name> mobile-device criteria serial-number is <
value>
set shared profiles hip-objects <name> mobile-device criteria serial-number is-n
ot <value>
set shared profiles hip-objects <name> mobile-device criteria tag
set shared profiles hip-objects <name> mobile-device criteria tag
set shared profiles hip-objects <name> mobile-device criteria tag contains <valu
e>
set shared profiles hip-objects <name> mobile-device criteria tag is <value>
set shared profiles hip-objects <name> mobile-device criteria tag is-not <value>
set shared profiles hip-objects <name> mobile-device criteria applications
set shared profiles hip-objects <name> mobile-device criteria applications has-m
alware
alware no
alware yes
alware yes excludes
alware yes excludes <name>
alware yes excludes <name> package <value>
alware yes excludes <name> hash <value>
set shared profiles hip-objects <name> mobile-device criteria applications has-u
nmanaged-app <no|yes>
set shared profiles hip-objects <name> mobile-device criteria applications inclu
des
des <name>
des <name> package <value>
des <name> hash <value>
set shared profiles virus
set shared profiles virus <name>
set shared profiles virus <name> description <value>
set shared profiles virus <name> packet-capture <yes|no>
set shared profiles virus <name> decoder

set shared profiles virus <name> decoder <name>
set shared profiles virus <name> decoder <name> action <default|allow|alert|drop
|reset-client|reset-server|reset-both>
set shared profiles virus <name> decoder <name> wildfire-action <default|allow|a
lert|drop|reset-client|reset-server|reset-both>
set shared profiles virus <name> application
set shared profiles virus <name> application <name>
set shared profiles virus <name> application <name> action <default|allow|alert|
drop|reset-client|reset-server|reset-both>
set shared profiles virus <name> threat-exception
set shared profiles virus <name> threat-exception <name>
set shared profiles spyware
set shared profiles spyware <name>
set shared profiles spyware <name> description <value>
set shared profiles spyware <name> botnet-domains
set shared profiles spyware <name> botnet-domains lists
set shared profiles spyware <name> botnet-domains lists <name>
set shared profiles spyware <name> botnet-domains lists <name> action
set shared profiles spyware <name> botnet-domains lists <name> action alert
set shared profiles spyware <name> botnet-domains lists <name> action allow
set shared profiles spyware <name> botnet-domains lists <name> action block
set shared profiles spyware <name> botnet-domains lists <name> action sinkhole
set shared profiles spyware <name> botnet-domains sinkhole
set shared profiles spyware <name> botnet-domains sinkhole ipv4-address <ip/netm
ask>|<127.0.0.1|pan-sinkhole-default-ip>
set shared profiles spyware <name> botnet-domains sinkhole ipv6-address <ip/netm
ask>|<::1>
set shared profiles spyware <name> botnet-domains packet-capture <disable|single
-packet|extended-capture>
set shared profiles spyware <name> botnet-domains threat-exception
set shared profiles spyware <name> botnet-domains threat-exception <name>
set shared profiles spyware <name> rules

set shared profiles spyware <name> rules <name>
set shared profiles spyware <name> rules <name> threat-name <value>|<any>
set shared profiles spyware <name> rules <name> category <value>|<any>
set shared profiles spyware <name> rules <name> severity [ <severity1> <severit
y2>... ]
set shared profiles spyware <name> rules <name> action
set shared profiles spyware <name> rules <name> action default
set shared profiles spyware <name> rules <name> action allow
set shared profiles spyware <name> rules <name> action alert
set shared profiles spyware <name> rules <name> action drop
set shared profiles spyware <name> rules <name> action reset-client
set shared profiles spyware <name> rules <name> action reset-server
set shared profiles spyware <name> rules <name> action reset-both
set shared profiles spyware <name> rules <name> action block-ip
set shared profiles spyware <name> rules <name> action block-ip track-by <source
|source-and-destination>
set shared profiles spyware <name> rules <name> action block-ip duration <1-3600
>
set shared profiles spyware <name> rules <name> packet-capture <disable|single-p
acket|extended-capture>
set shared profiles spyware <name> threat-exception
set shared profiles spyware <name> threat-exception <name>
set shared profiles spyware <name> threat-exception <name> packet-capture <disab
le|single-packet|extended-capture>
set shared profiles spyware <name> threat-exception <name> action
set shared profiles spyware <name> threat-exception <name> action default
set shared profiles spyware <name> threat-exception <name> action allow
set shared profiles spyware <name> threat-exception <name> action alert
set shared profiles spyware <name> threat-exception <name> action drop
set shared profiles spyware <name> threat-exception <name> action reset-both
set shared profiles spyware <name> threat-exception <name> action reset-client
set shared profiles spyware <name> threat-exception <name> action reset-server

set shared profiles spyware <name> threat-exception <name> action block-ip
set shared profiles spyware <name> threat-exception <name> action block-ip track
-by <source|source-and-destination>
set shared profiles spyware <name> threat-exception <name> action block-ip durat
ion <1-3600>
set shared profiles spyware <name> threat-exception <name> exempt-ip
set shared profiles spyware <name> threat-exception <name> exempt-ip <name>
set shared profiles vulnerability
set shared profiles vulnerability <name>
set shared profiles vulnerability <name> description <value>
set shared profiles vulnerability <name> rules
set shared profiles vulnerability <name> rules <name>
set shared profiles vulnerability <name> rules <name> threat-name <value>|<any>
set shared profiles vulnerability <name> rules <name> cve [ <cve1> <cve2>... ]
set shared profiles vulnerability <name> rules <name> host <any|client|server>
set shared profiles vulnerability <name> rules <name> vendor-id [ <vendor-id1>
<vendor-id2>... ]
set shared profiles vulnerability <name> rules <name> severity [ <severity1> <s
everity2>... ]
set shared profiles vulnerability <name> rules <name> category <value>|<any>
set shared profiles vulnerability <name> rules <name> action
set shared profiles vulnerability <name> rules <name> action default
set shared profiles vulnerability <name> rules <name> action allow
set shared profiles vulnerability <name> rules <name> action alert
set shared profiles vulnerability <name> rules <name> action drop
set shared profiles vulnerability <name> rules <name> action reset-client
set shared profiles vulnerability <name> rules <name> action reset-server
set shared profiles vulnerability <name> rules <name> action reset-both
set shared profiles vulnerability <name> rules <name> action block-ip
set shared profiles vulnerability <name> rules <name> action block-ip track-by <
source|source-and-destination>
set shared profiles vulnerability <name> rules <name> action block-ip duration <
1-3600>
set shared profiles vulnerability <name> rules <name> packet-capture <disable|si
ngle-packet|extended-capture>
set shared profiles vulnerability <name> threat-exception
set shared profiles vulnerability <name> threat-exception <name>
set shared profiles vulnerability <name> threat-exception <name> packet-capture
<disable|single-packet|extended-capture>
set shared profiles vulnerability <name> threat-exception <name> action
set shared profiles vulnerability <name> threat-exception <name> action default
set shared profiles vulnerability <name> threat-exception <name> action allow
set shared profiles vulnerability <name> threat-exception <name> action alert
set shared profiles vulnerability <name> threat-exception <name> action drop
set shared profiles vulnerability <name> threat-exception <name> action reset-cl
ient
set shared profiles vulnerability <name> threat-exception <name> action reset-se
rver
set shared profiles vulnerability <name> threat-exception <name> action reset-bo
th
set shared profiles vulnerability <name> threat-exception <name> action block-ip
duration <1-3600>
set shared profiles vulnerability <name> threat-exception <name> time-attribute
interval <1-3600>
threshold <1-65535>
track-by <source|destination|source-and-destination>
set shared profiles vulnerability <name> threat-exception <name> exempt-ip

set shared profiles vulnerability <name> threat-exception <name> exempt-ip <name
>
set shared profiles url-filtering
set shared profiles url-filtering <name>
set shared profiles url-filtering <name> description <value>
set shared profiles url-filtering <name> dynamic-url <yes|no>
set shared profiles url-filtering <name> license-expired <block|allow>
set shared profiles url-filtering <name> action <block|continue|override|alert>
set shared profiles url-filtering <name> block-list [ <block-list1> <block-list
2>... ]
set shared profiles url-filtering <name> allow-list [ <allow-list1> <allow-list
2>... ]
set shared profiles url-filtering <name> allow [ <allow1> <allow2>... ]
set shared profiles url-filtering <name> alert [ <alert1> <alert2>... ]
set shared profiles url-filtering <name> categorychange [ <categorychange1> <ca
tegorychange2>... ]
set shared profiles url-filtering <name> block [ <block1> <block2>... ]
set shared profiles url-filtering <name> continue [ <continue1> <continue2>...
set shared profiles url-filtering <name> override [ <override1> <override2>...
set shared profiles url-filtering <name> credential-enforcement
set shared profiles url-filtering <name> credential-enforcement mode
set shared profiles url-filtering <name> credential-enforcement mode disabled
set shared profiles url-filtering <name> credential-enforcement mode ip-user
set shared profiles url-filtering <name> credential-enforcement mode domain-cred
entials
set shared profiles url-filtering <name> credential-enforcement mode group-mappi
ng <value>
set shared profiles url-filtering <name> credential-enforcement log-severity <va
lue>
set shared profiles url-filtering <name> credential-enforcement allow [ <allow1

> <allow2>... ]
set shared profiles url-filtering <name> credential-enforcement alert [ <alert1
> <alert2>... ]
set shared profiles url-filtering <name> credential-enforcement block [ <block1
> <block2>... ]
set shared profiles url-filtering <name> credential-enforcement continue [ <con
tinue1> <continue2>... ]
set shared profiles url-filtering <name> enable-container-page <yes|no>
set shared profiles url-filtering <name> log-container-page-only <yes|no>
set shared profiles url-filtering <name> safe-search-enforcement <yes|no>
set shared profiles url-filtering <name> log-http-hdr-xff <yes|no>
set shared profiles url-filtering <name> log-http-hdr-user-agent <yes|no>
set shared profiles url-filtering <name> log-http-hdr-referer <yes|no>
set shared profiles url-filtering <name> http-header-insertion
set shared profiles url-filtering <name> http-header-insertion <name>
set shared profiles url-filtering <name> http-header-insertion <name> type
set shared profiles url-filtering <name> http-header-insertion <name> type <name
>
> headers
> headers <name>
> headers <name> header <value>
> headers <name> value <value>
> headers <name> log <yes|no>
> domains [ <domains1> <domains2>... ]
set shared profiles file-blocking
set shared profiles file-blocking <name>

set shared profiles file-blocking <name> description <value>
set shared profiles file-blocking <name> rules
set shared profiles file-blocking <name> rules <name>
set shared profiles file-blocking <name> rules <name> application [ <applicatio
n1> <application2>... ]
set shared profiles file-blocking <name> rules <name> file-type [ <file-type1>
<file-type2>... ]
set shared profiles file-blocking <name> rules <name> direction <upload|download
|both>
set shared profiles file-blocking <name> rules <name> action <alert|block|contin
ue>
set shared profiles wildfire-analysis
set shared profiles wildfire-analysis <name>
set shared profiles wildfire-analysis <name> description <value>
set shared profiles wildfire-analysis <name> rules
set shared profiles wildfire-analysis <name> rules <name>
set shared profiles wildfire-analysis <name> rules <name> application [ <applic
ation1> <application2>... ]
set shared profiles wildfire-analysis <name> rules <name> file-type [ <file-typ
e1> <file-type2>... ]
set shared profiles wildfire-analysis <name> rules <name> direction <upload|down
load|both>
set shared profiles wildfire-analysis <name> rules <name> analysis <public-cloud
|private-cloud>
set shared profiles custom-url-category
set shared profiles custom-url-category <name>
set shared profiles custom-url-category <name> description <value>
set shared profiles custom-url-category <name> list [ <list1> <list2>... ]
set shared profiles data-objects
set shared profiles data-objects <name>
set shared profiles data-objects <name> description <value>
set shared profiles data-objects <name> pattern-type

set shared profiles data-objects <name> pattern-type predefined
set shared profiles data-objects <name> pattern-type predefined pattern
set shared profiles data-objects <name> pattern-type predefined pattern <name>
set shared profiles data-objects <name> pattern-type predefined pattern <name> f
ile-type [ <file-type1> <file-type2>... ]
set shared profiles data-objects <name> pattern-type regex
set shared profiles data-objects <name> pattern-type regex pattern
set shared profiles data-objects <name> pattern-type regex pattern <name>
set shared profiles data-objects <name> pattern-type regex pattern <name> file-t
ype [ <file-type1> <file-type2>... ]
set shared profiles data-objects <name> pattern-type regex pattern <name> regex
<value>
set shared profiles data-objects <name> pattern-type file-properties
set shared profiles data-objects <name> pattern-type file-properties pattern
set shared profiles data-objects <name> pattern-type file-properties pattern <na
me>
me> file-type <value>
me> file-property <value>
me> property-value <value>
set shared profiles data-filtering
set shared profiles data-filtering <name>
set shared profiles data-filtering <name> description <value>
set shared profiles data-filtering <name> data-capture <yes|no>
set shared profiles data-filtering <name> rules
set shared profiles data-filtering <name> rules <name>
set shared profiles data-filtering <name> rules <name> data-object <value>
set shared profiles data-filtering <name> rules <name> application [ <applicati
on1> <application2>... ]
set shared profiles data-filtering <name> rules <name> file-type [ <file-type1>

<file-type2>... ]
set shared profiles data-filtering <name> rules <name> direction <upload|downloa
d|both>
set shared profiles data-filtering <name> rules <name> alert-threshold <0-65535>
set shared profiles data-filtering <name> rules <name> block-threshold <0-65535>
set shared profiles data-filtering <name> rules <name> log-severity <value>
set shared profiles hip-profiles
set shared profiles hip-profiles <name>
set shared profiles hip-profiles <name> description <value>
set shared profiles hip-profiles <name> match <value>
set shared profiles dos-protection
set shared profiles dos-protection <name>
set shared profiles dos-protection <name> type <aggregate|classified>
set shared profiles dos-protection <name> description <value>
set shared profiles dos-protection <name> flood
set shared profiles dos-protection <name> flood tcp-syn
set shared profiles dos-protection <name> flood tcp-syn enable <yes|no>
set shared profiles dos-protection <name> flood tcp-syn
set shared profiles dos-protection <name> flood tcp-syn red
set shared profiles dos-protection <name> flood tcp-syn red alarm-rate <0-200000
0>
set shared profiles dos-protection <name> flood tcp-syn red activate-rate <1-200
0000>
set shared profiles dos-protection <name> flood tcp-syn red maximal-rate <1-2000
000>
set shared profiles dos-protection <name> flood tcp-syn red block
set shared profiles dos-protection <name> flood tcp-syn red block duration <1-21
600>
set shared profiles dos-protection <name> flood tcp-syn syn-cookies
set shared profiles dos-protection <name> flood tcp-syn syn-cookies alarm-rate <
0-2000000>
set shared profiles dos-protection <name> flood tcp-syn syn-cookies activate-rat

e <0-2000000>
set shared profiles dos-protection <name> flood tcp-syn syn-cookies maximal-rate
<1-2000000>
set shared profiles dos-protection <name> flood tcp-syn syn-cookies block
set shared profiles dos-protection <name> flood tcp-syn syn-cookies block durati
on <1-21600>
set shared profiles dos-protection <name> flood udp
set shared profiles dos-protection <name> flood udp enable <yes|no>
set shared profiles dos-protection <name> flood udp red
set shared profiles dos-protection <name> flood udp red alarm-rate <0-2000000>
set shared profiles dos-protection <name> flood udp red activate-rate <1-2000000
>
set shared profiles dos-protection <name> flood udp red maximal-rate <1-2000000>
set shared profiles dos-protection <name> flood udp red block
set shared profiles dos-protection <name> flood udp red block duration <1-21600>
set shared profiles dos-protection <name> flood icmp
set shared profiles dos-protection <name> flood icmp enable <yes|no>
set shared profiles dos-protection <name> flood icmp red
set shared profiles dos-protection <name> flood icmp red alarm-rate <0-2000000>
set shared profiles dos-protection <name> flood icmp red activate-rate <1-200000
0>
set shared profiles dos-protection <name> flood icmp red maximal-rate <1-2000000
>
set shared profiles dos-protection <name> flood icmp red block
set shared profiles dos-protection <name> flood icmp red block duration <1-21600
>
set shared profiles dos-protection <name> flood icmpv6
set shared profiles dos-protection <name> flood icmpv6 enable <yes|no>
set shared profiles dos-protection <name> flood icmpv6 red
set shared profiles dos-protection <name> flood icmpv6 red alarm-rate <0-2000000
>
set shared profiles dos-protection <name> flood icmpv6 red activate-rate <1-2000
000>
set shared profiles dos-protection <name> flood icmpv6 red maximal-rate <1-20000
00>
set shared profiles dos-protection <name> flood icmpv6 red block
set shared profiles dos-protection <name> flood icmpv6 red block duration <1-216
00>
set shared profiles dos-protection <name> flood other-ip
set shared profiles dos-protection <name> flood other-ip enable <yes|no>
set shared profiles dos-protection <name> flood other-ip red
set shared profiles dos-protection <name> flood other-ip red alarm-rate <0-20000
00>
set shared profiles dos-protection <name> flood other-ip red activate-rate <1-20
00000>
set shared profiles dos-protection <name> flood other-ip red maximal-rate <1-200
0000>
set shared profiles dos-protection <name> flood other-ip red block
set shared profiles dos-protection <name> flood other-ip red block duration <1-2
1600>
set shared profiles dos-protection <name> resource
set shared profiles dos-protection <name> resource sessions
set shared profiles dos-protection <name> resource sessions enabled <yes|no>
set shared profiles dos-protection <name> resource sessions max-concurrent-limit
<1-4194304>
set shared profiles decryption
set shared profiles decryption <name>
set shared profiles decryption <name> interface <value>
set shared profiles decryption <name> forwarded-only <yes|no>
set shared profiles decryption <name> ssl-forward-proxy
set shared profiles decryption <name> ssl-forward-proxy block-expired-certificat
e <yes|no>
set shared profiles decryption <name> ssl-forward-proxy block-untrusted-issuer <
yes|no>
set shared profiles decryption <name> ssl-forward-proxy restrict-cert-exts <yes|
no>
set shared profiles decryption <name> ssl-forward-proxy block-unsupported-versio
n <yes|no>
set shared profiles decryption <name> ssl-forward-proxy block-unsupported-cipher
<yes|no>
set shared profiles decryption <name> ssl-forward-proxy block-client-cert <yes|n
o>
set shared profiles decryption <name> ssl-forward-proxy block-if-no-resource <ye
s|no>
set shared profiles decryption <name> ssl-forward-proxy block-if-hsm-unavailable
<yes|no>
set shared profiles decryption <name> ssl-forward-proxy block-unknown-cert <yes|
no>
set shared profiles decryption <name> ssl-forward-proxy block-timeout-cert <yes|
no>
set shared profiles decryption <name> ssl-forward-proxy auto-include-altname <ye
s|no>
set shared profiles decryption <name> ssl-inbound-proxy
set shared profiles decryption <name> ssl-inbound-proxy block-unsupported-versio
n <yes|no>
set shared profiles decryption <name> ssl-inbound-proxy block-unsupported-cipher
<yes|no>
set shared profiles decryption <name> ssl-inbound-proxy block-if-no-resource <ye
s|no>
set shared profiles decryption <name> ssl-inbound-proxy block-if-hsm-unavailable
<yes|no>
set shared profiles decryption <name> ssl-protocol-settings
set shared profiles decryption <name> ssl-protocol-settings min-version <sslv3|t
ls1-0|tls1-1|tls1-2>
set shared profiles decryption <name> ssl-protocol-settings max-version <sslv3|t
ls1-0|tls1-1|tls1-2|max>
set shared profiles decryption <name> ssl-protocol-settings keyxchg-algo-rsa <ye
s|no>
set shared profiles decryption <name> ssl-protocol-settings keyxchg-algo-dhe <ye
s|no>
set shared profiles decryption <name> ssl-protocol-settings keyxchg-algo-ecdhe <
yes|no>
set shared profiles decryption <name> ssl-protocol-settings enc-algo-3des <yes|n
o>
set shared profiles decryption <name> ssl-protocol-settings enc-algo-rc4 <yes|no
>
set shared profiles decryption <name> ssl-protocol-settings enc-algo-aes-128-cbc
<yes|no>
set shared profiles decryption <name> ssl-protocol-settings enc-algo-aes-256-cbc
<yes|no>
set shared profiles decryption <name> ssl-protocol-settings enc-algo-aes-128-gcm
<yes|no>
set shared profiles decryption <name> ssl-protocol-settings enc-algo-aes-256-gcm
<yes|no>
set shared profiles decryption <name> ssl-protocol-settings auth-algo-md5 <yes|n
o>
set shared profiles decryption <name> ssl-protocol-settings auth-algo-sha1 <yes|
no>
set shared profiles decryption <name> ssl-protocol-settings auth-algo-sha256 <ye
s|no>
set shared profiles decryption <name> ssl-protocol-settings auth-algo-sha384 <ye
s|no>
set shared profiles decryption <name> ssl-no-proxy
set shared profiles decryption <name> ssl-no-proxy block-expired-certificate <ye
s|no>
set shared profiles decryption <name> ssl-no-proxy block-untrusted-issuer <yes|n
o>
set shared profiles decryption <name> ssh-proxy

set shared profiles decryption <name> ssh-proxy block-unsupported-version <yes|n
o>
set shared profiles decryption <name> ssh-proxy block-unsupported-alg <yes|no>
set shared profiles decryption <name> ssh-proxy block-ssh-errors <yes|no>
set shared profiles decryption <name> ssh-proxy block-if-no-resource <yes|no>
set shared profile-group
set shared profile-group <name>
set shared profile-group <name> virus [ <virus1> <virus2>... ]
set shared profile-group <name> spyware [ <spyware1> <spyware2>... ]
set shared profile-group <name> vulnerability [ <vulnerability1> <vulnerability
2>... ]
set shared profile-group <name> url-filtering [ <url-filtering1> <url-filtering
2>... ]
set shared profile-group <name> file-blocking [ <file-blocking1> <file-blocking
2>... ]
set shared profile-group <name> wildfire-analysis [ <wildfire-analysis1> <wildf
ire-analysis2>... ]
set shared profile-group <name> data-filtering [ <data-filtering1> <data-filter
ing2>... ]
set shared schedule
set shared schedule <name>
set shared schedule <name> schedule-type
set shared schedule <name> schedule-type recurring
set shared schedule <name> schedule-type recurring weekly
set shared schedule <name> schedule-type recurring weekly sunday [ <sunday1> <s
unday2>... ]
set shared schedule <name> schedule-type recurring weekly monday [ <monday1> <m
onday2>... ]
set shared schedule <name> schedule-type recurring weekly tuesday [ <tuesday1>
<tuesday2>... ]
set shared schedule <name> schedule-type recurring weekly wednesday [ <wednesda
y1> <wednesday2>... ]
set shared schedule <name> schedule-type recurring weekly thursday [ <thursday1
> <thursday2>... ]
set shared schedule <name> schedule-type recurring weekly friday [ <friday1> <f
riday2>... ]
set shared schedule <name> schedule-type recurring weekly saturday [ <saturday1
> <saturday2>... ]
set shared schedule <name> schedule-type recurring daily [ <daily1> <daily2>...
set shared schedule <name> schedule-type non-recurring [ <non-recurring1> <non-
recurring2>... ]
set shared threats
set shared threats vulnerability
set shared threats vulnerability <name>
set shared threats vulnerability <name> threatname <value>
set shared threats vulnerability <name> affected-host
set shared threats vulnerability <name> affected-host client <yes|no>
set shared threats vulnerability <name> affected-host server <yes|no>
set shared threats vulnerability <name> comment <value>
set shared threats vulnerability <name> severity <value>
set shared threats vulnerability <name> direction <value>
set shared threats vulnerability <name> default-action
set shared threats vulnerability <name> default-action alert
set shared threats vulnerability <name> default-action drop
set shared threats vulnerability <name> default-action reset-client
set shared threats vulnerability <name> default-action reset-server
set shared threats vulnerability <name> default-action reset-both
set shared threats vulnerability <name> default-action block-ip
set shared threats vulnerability <name> default-action block-ip track-by <source
|source-and-destination>
set shared threats vulnerability <name> default-action block-ip duration <1-3600
>
set shared threats vulnerability <name> default-action allow

set shared threats vulnerability <name> cve [ <cve1> <cve2>... ]
set shared threats vulnerability <name> bugtraq [ <bugtraq1> <bugtraq2>... ]
set shared threats vulnerability <name> vendor [ <vendor1> <vendor2>... ]
set shared threats vulnerability <name> reference [ <reference1> <reference2>..
.]
set shared threats vulnerability <name> signature
set shared threats vulnerability <name> signature standard
set shared threats vulnerability <name> signature standard <name>
set shared threats vulnerability <name> signature standard <name> comment <value
>
set shared threats vulnerability <name> signature standard <name> scope <protoco
l-data-unit|session>
set shared threats vulnerability <name> signature standard <name> order-free <ye
s|no>
set shared threats vulnerability <name> signature standard <name> and-condition
<name>
<name> or-condition
<name> or-condition <name> operator less-than context <value>
<name> or-condition <name> operator less-than value <0-4294967295>

<name> or-condition <name> operator less-than qualifier <name> value <1-127>|<va
lue>
<name> or-condition <name> operator equal-to context <value>
<name> or-condition <name> operator equal-to value <0-4294967295>
<name> or-condition <name> operator equal-to qualifier <name> value <1-127>|<val
ue>
<name> or-condition <name> operator greater-than context <value>
<name> or-condition <name> operator greater-than value <0-4294967295>
<name> or-condition <name> operator greater-than qualifier <name> value <1-127>|
<value>

<name> or-condition <name> operator pattern-match context <value>
<name> or-condition <name> operator pattern-match pattern <value>
<name> or-condition <name> operator pattern-match negate <yes|no>
<name> or-condition <name> operator pattern-match qualifier <name> value <1-127>
|<value>
set shared threats vulnerability <name> signature combination
set shared threats vulnerability <name> signature combination time-attribute
set shared threats vulnerability <name> signature combination time-attribute int
erval <1-3600>
set shared threats vulnerability <name> signature combination time-attribute thr
eshold <1-255>
set shared threats vulnerability <name> signature combination time-attribute tra
ck-by <source|destination|source-and-destination>
set shared threats vulnerability <name> signature combination order-free <yes|no
>
set shared threats vulnerability <name> signature combination and-condition
set shared threats vulnerability <name> signature combination and-condition <nam
e>
e> or-condition
e> or-condition <name>
e> or-condition <name> threat-id <value>

set shared threats spyware
set shared threats spyware <name>
set shared threats spyware <name> threatname <value>
set shared threats spyware <name> comment <value>
set shared threats spyware <name> severity <value>
set shared threats spyware <name> direction <value>
set shared threats spyware <name> default-action
set shared threats spyware <name> default-action alert
set shared threats spyware <name> default-action drop
set shared threats spyware <name> default-action reset-client
set shared threats spyware <name> default-action reset-server
set shared threats spyware <name> default-action reset-both
set shared threats spyware <name> default-action block-ip
set shared threats spyware <name> default-action block-ip track-by <source|sourc
e-and-destination>
set shared threats spyware <name> default-action block-ip duration <1-3600>
set shared threats spyware <name> default-action allow
set shared threats spyware <name> cve [ <cve1> <cve2>... ]
set shared threats spyware <name> bugtraq [ <bugtraq1> <bugtraq2>... ]
set shared threats spyware <name> vendor [ <vendor1> <vendor2>... ]
set shared threats spyware <name> reference [ <reference1> <reference2>... ]
set shared threats spyware <name> signature
set shared threats spyware <name> signature standard
set shared threats spyware <name> signature standard <name>
set shared threats spyware <name> signature standard <name> comment <value>
set shared threats spyware <name> signature standard <name> scope <protocol-data
-unit|session>
set shared threats spyware <name> signature standard <name> order-free <yes|no>
set shared threats spyware <name> signature standard <name> and-condition
set shared threats spyware <name> signature standard <name> and-condition <name>
or-condition
or-condition <name>
or-condition <name> operator
or-condition <name> operator less-than
or-condition <name> operator less-than value <0-4294967295>
or-condition <name> operator less-than context <value>
or-condition <name> operator less-than qualifier
or-condition <name> operator less-than qualifier <name>
or-condition <name> operator less-than qualifier <name> value <1-127>|<value>
or-condition <name> operator equal-to
or-condition <name> operator equal-to value <0-4294967295>
or-condition <name> operator equal-to context <value>
or-condition <name> operator equal-to qualifier
or-condition <name> operator equal-to qualifier <name>
or-condition <name> operator equal-to qualifier <name> value <1-127>|<value>
or-condition <name> operator greater-than
or-condition <name> operator greater-than value <0-4294967295>
or-condition <name> operator greater-than context <value>
or-condition <name> operator greater-than qualifier
or-condition <name> operator greater-than qualifier <name>
or-condition <name> operator greater-than qualifier <name> value <1-127>|<value
>
or-condition <name> operator pattern-match
or-condition <name> operator pattern-match pattern <value>
or-condition <name> operator pattern-match context <value>
or-condition <name> operator pattern-match negate <yes|no>
or-condition <name> operator pattern-match qualifier
or-condition <name> operator pattern-match qualifier <name>
or-condition <name> operator pattern-match qualifier <name> value <1-127>|<valu
e>
set shared threats spyware <name> signature combination
set shared threats spyware <name> signature combination time-attribute
set shared threats spyware <name> signature combination time-attribute interval
<1-3600>
set shared threats spyware <name> signature combination time-attribute threshold
<1-255>
set shared threats spyware <name> signature combination time-attribute track-by

<source|destination|source-and-destination>
set shared threats spyware <name> signature combination order-free <yes|no>
set shared threats spyware <name> signature combination and-condition
set shared threats spyware <name> signature combination and-condition <name>
set shared threats spyware <name> signature combination and-condition <name> or-
condition
condition <name>
condition <name> threat-id <value>
set shared external-list
set shared external-list <name>
set shared external-list <name> type
set shared external-list <name> type predefined-ip
set shared external-list <name> type predefined-ip exception-list [ <exception-
list1> <exception-list2>... ]
set shared external-list <name> type predefined-ip description <value>
set shared external-list <name> type predefined-ip url <value>
set shared external-list <name> type ip
set shared external-list <name> type ip exception-list [ <exception-list1> <exc
eption-list2>... ]
set shared external-list <name> type ip description <value>
set shared external-list <name> type ip url <value>
set shared external-list <name> type ip certificate-profile <value>|<None>
set shared external-list <name> type ip auth
set shared external-list <name> type ip auth username <value>
set shared external-list <name> type ip auth password <value>
set shared external-list <name> type ip recurring
set shared external-list <name> type ip recurring
set shared external-list <name> type ip recurring hourly
set shared external-list <name> type ip recurring five-minute
set shared external-list <name> type ip recurring daily

set shared external-list <name> type ip recurring daily at <value>
set shared external-list <name> type ip recurring weekly
set shared external-list <name> type ip recurring weekly day-of-week <sunday|mon
day|tuesday|wednesday|thursday|friday|saturday>
set shared external-list <name> type ip recurring weekly at <value>
set shared external-list <name> type ip recurring monthly
set shared external-list <name> type ip recurring monthly day-of-month <1-31>
set shared external-list <name> type ip recurring monthly at <value>
set shared external-list <name> type domain
set shared external-list <name> type domain exception-list [ <exception-list1>
<exception-list2>... ]
set shared external-list <name> type domain description <value>
set shared external-list <name> type domain url <value>
set shared external-list <name> type domain certificate-profile <value>|<None>
set shared external-list <name> type domain auth
set shared external-list <name> type domain auth username <value>
set shared external-list <name> type domain auth password <value>
set shared external-list <name> type domain recurring
set shared external-list <name> type domain recurring
set shared external-list <name> type domain recurring hourly
set shared external-list <name> type domain recurring five-minute
set shared external-list <name> type domain recurring daily
set shared external-list <name> type domain recurring daily at <value>
set shared external-list <name> type domain recurring weekly
set shared external-list <name> type domain recurring weekly day-of-week <sunday
|monday|tuesday|wednesday|thursday|friday|saturday>
set shared external-list <name> type domain recurring weekly at <value>
set shared external-list <name> type domain recurring monthly
set shared external-list <name> type domain recurring monthly day-of-month <1-31
>
set shared external-list <name> type domain recurring monthly at <value>
set shared external-list <name> type url

set shared external-list <name> type url exception-list [ <exception-list1> <ex
ception-list2>... ]
set shared external-list <name> type url description <value>
set shared external-list <name> type url url <value>
set shared external-list <name> type url certificate-profile <value>|<None>
set shared external-list <name> type url auth
set shared external-list <name> type url auth username <value>
set shared external-list <name> type url auth password <value>
set shared external-list <name> type url recurring
set shared external-list <name> type url recurring
set shared external-list <name> type url recurring hourly
set shared external-list <name> type url recurring five-minute
set shared external-list <name> type url recurring daily
set shared external-list <name> type url recurring daily at <value>
set shared external-list <name> type url recurring weekly
set shared external-list <name> type url recurring weekly day-of-week <sunday|mo
nday|tuesday|wednesday|thursday|friday|saturday>
set shared external-list <name> type url recurring weekly at <value>
set shared external-list <name> type url recurring monthly
set shared external-list <name> type url recurring monthly day-of-month <1-31>
set shared external-list <name> type url recurring monthly at <value>
set shared tag
set shared tag <name>
set shared tag <name> color <color1|color2|color3|color4|color5|color6|color7|co
lor8|color9|color10|color11|color12|color13|color14|color15|color16|color17|colo
r19|color20|color21|color22|color23|color24|color25|color26|color27|color28|colo
r29|color30|color31|color32|color33|color34|color35|color36|color37|color38|colo
set shared tag <name> comments <value>
set shared authentication-object
set shared authentication-object <name>
set shared authentication-object <name> authentication-method <web-form|no-capti

ve-portal|browser-challenge>
set shared authentication-object <name> authentication-profile <value>
set shared authentication-object <name> message <value>
set shared global-protect
set shared global-protect clientless-app
set shared global-protect clientless-app <name>
set shared global-protect clientless-app <name> application-home-url <value>
set shared global-protect clientless-app <name> description <value>
set shared global-protect clientless-app <name> app-icon <value>
set shared global-protect clientless-app-group
set shared global-protect clientless-app-group <name>
set shared global-protect clientless-app-group <name> members [ <members1> <mem
bers2>... ]
set shared reports
set shared reports <name>
set shared reports <name> description <value>
set shared reports <name> disabled <yes|no>
set shared reports <name> query <value>
set shared reports <name> caption <value>
set shared reports <name> frequency <daily>
set shared reports <name> start-time <value>
set shared reports <name> end-time <value>
set shared reports <name> period <last-15-minutes|last-hour|last-6-hrs|last-12-h
rs|last-24-hrs|last-calendar-day|last-7-days|last-7-calendar-days|last-calendar-
week|last-30-days|last-30-calendar-days|last-calendar-month>
set shared reports <name> topn <1-10000>
set shared reports <name> topm <1-50>
set shared reports <name> type
set shared reports <name> type appstat
set shared reports <name> type appstat aggregate-by [ <aggregate-by1> <aggregat
e-by2>... ]
set shared reports <name> type appstat group-by <category-of-name|name|risk|risk

-of-name|subcategory-of-name|technology-of-name|container-of-name|vsys|quarter-h
our-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name>
set shared reports <name> type appstat values [ <values1> <values2>... ]
set shared reports <name> type appstat labels [ <labels1> <labels2>... ]
set shared reports <name> type appstat sortby <nbytes|npkts|nsess|nthreats>
set shared reports <name> type threat
set shared reports <name> type threat aggregate-by [ <aggregate-by1> <aggregate
-by2>... ]
set shared reports <name> type threat group-by <action|app|category-of-app|categ
ory-of-threatid|direction|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst
|natsport|natsrc|outbound_if|proto|risk-of-app|rule|severity|sport|src|srcuser|s
ubcategory-of-app|subtype|technology-of-app|container-of-app|threatid|to|dstloc|
srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_tim
e|vsys_name|device_name|threat-type|tunnelid|monitortag|parent_session_id|parent
_start_time|tunnel|http_method>
set shared reports <name> type threat values [ <values1> <values2>... ]
set shared reports <name> type threat labels [ <labels1> <labels2>... ]
set shared reports <name> type threat sortby <repeatcnt|nunique-of-users>
set shared reports <name> type url
set shared reports <name> type url aggregate-by [ <aggregate-by1> <aggregate-by
2>... ]
set shared reports <name> type url group-by <action|app|category|category-of-app
|direction|dport|dst|dstuser|from|inbound_if|misc|http_headers|natdport|natdst|n
atsport|natsrc|outbound_if|proto|risk-of-app|rule|severity|sport|src|srcuser|sub
category-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter
-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|contenttype|user_
agent|vsys_name|device_name|url|tunnelid|monitortag|parent_session_id|parent_sta
rt_time|tunnel|http_method>
set shared reports <name> type url values [ <values1> <values2>... ]
set shared reports <name> type url labels [ <labels1> <labels2>... ]
set shared reports <name> type url sortby <repeatcnt|nunique-of-users>
set shared reports <name> type wildfire

set shared reports <name> type wildfire aggregate-by [ <aggregate-by1> <aggrega
te-by2>... ]
set shared reports <name> type wildfire group-by <app|category|category-of-app|d
port|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_i
f|proto|risk-of-app|rule|sport|src|srcuser|subcategory-of-app|technology-of-app|
container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-rece
ive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|
tunnelid|monitortag|parent_session_id|parent_start_time|tunnel>
set shared reports <name> type wildfire values [ <values1> <values2>... ]
set shared reports <name> type wildfire labels [ <labels1> <labels2>... ]
set shared reports <name> type wildfire sortby <repeatcnt|nunique-of-users>
set shared reports <name> type data
set shared reports <name> type data aggregate-by [ <aggregate-by1> <aggregate-b
y2>... ]
set shared reports <name> type data group-by <action|app|category-of-app|directi
on|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbou
nd_if|proto|risk-of-app|rule|severity|sport|src|srcuser|subcategory-of-app|subty
pe|technology-of-app|container-of-app|threatid|to|dstloc|srcloc|vsys|quarter-hou
r-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name
|data-type|filename|tunnelid|monitortag|parent_session_id|parent_start_time|tunn
el>
set shared reports <name> type data values [ <values1> <values2>... ]
set shared reports <name> type data labels [ <labels1> <labels2>... ]
set shared reports <name> type data sortby <repeatcnt|nunique-of-users>
set shared reports <name> type thsum
set shared reports <name> type thsum aggregate-by [ <aggregate-by1> <aggregate-
by2>... ]
set shared reports <name> type thsum group-by <action|app|category-of-app|catego
ry-of-threatid|direction|dport|dst|dstuser|from|inbound_if|outbound_if|risk-of-a
pp|rule|severity|src|srcuser|subcategory-of-app|subtype|technology-of-app|contai
ner-of-app|to|threatid|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-r
eceive_time|day-of-receive_time|serial|vsys_name|device_name|threat-type|tunneli
d|monitortag|parent_session_id|parent_start_time|tunnel>
set shared reports <name> type thsum values [ <values1> <values2>... ]
set shared reports <name> type thsum labels [ <labels1> <labels2>... ]
set shared reports <name> type thsum sortby <count|nunique-of-users>
set shared reports <name> type traffic
set shared reports <name> type traffic aggregate-by [ <aggregate-by1> <aggregat
e-by2>... ]
set shared reports <name> type traffic group-by <action|app|category|category-of
-app|dport|dst|dstuser|from|inbound_if|natdport|natdst|natsport|natsrc|outbound_
if|proto|risk-of-app|rule|sessionid|sport|src|srcuser|subcategory-of-app|technol
ogy-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|h
our-of-receive_time|day-of-receive_time|session_end_reason|vsys_name|device_name
|action_source|tunnelid|monitortag|parent_session_id|parent_start_time|tunnel>
set shared reports <name> type traffic values [ <values1> <values2>... ]
set shared reports <name> type traffic labels [ <labels1> <labels2>... ]
set shared reports <name> type traffic sortby <bytes|bytes_sent|bytes_received|e
lapsed|packets|pkts_sent|pkts_received|repeatcnt|nunique-of-users>
set shared reports <name> type urlsum
set shared reports <name> type urlsum aggregate-by [ <aggregate-by1> <aggregate
-by2>... ]
set shared reports <name> type urlsum group-by <app|src|srcuser|category|dst|dst
user|rule|dstloc|srcloc|vsys_name|device_name|from|to|serial|inbound_if|outbound
_if|dport|action|url_domain|user_agent|category-of-app|subcategory-of-app|risk-o
f-app|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time
|tunnelid|monitortag|parent_session_id|parent_start_time|tunnel|http_method>
set shared reports <name> type urlsum values [ <values1> <values2>... ]
set shared reports <name> type urlsum labels [ <labels1> <labels2>... ]
set shared reports <name> type urlsum sortby <repeatcnt|nunique-of-users>
set shared reports <name> type trsum
set shared reports <name> type trsum aggregate-by [ <aggregate-by1> <aggregate-
by2>... ]
set shared reports <name> type trsum group-by <action|app|category|category-of-a

pp|dport|dst|dstuser|from|inbound_if|outbound_if|risk-of-app|rule|src|srcuser|su
bcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarte
r-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|serial|vsys_name
|device_name|tunnelid|monitortag|parent_session_id|parent_start_time|tunnel>
set shared reports <name> type trsum values [ <values1> <values2>... ]
set shared reports <name> type trsum labels [ <labels1> <labels2>... ]
set shared reports <name> type trsum sortby <bytes|sessions|bytes_sent|bytes_rec
eived|nthreats|nftrans|ndpmatches|nurlcount|ncontent|nunique-of-users|nunique-of
-apps>
set shared reports <name> type tunnel
set shared reports <name> type tunnel aggregate-by [ <aggregate-by1> <aggregate
-by2>... ]
set shared reports <name> type tunnel group-by <action|app|category-of-app|dport
|dst|dstuser|from|inbound_if|natdport|natdst|natsport|natsrc|outbound_if|proto|r
isk-of-app|rule|sessionid|sport|src|srcuser|subcategory-of-app|technology-of-app
|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-rec
eive_time|day-of-receive_time|vsys_name|device_name|tunnelid|monitortag|parent_s
ession_id|parent_start_time|session_end_reason|action_source|tunnel|tunnel_insp_
rule>
set shared reports <name> type tunnel values [ <values1> <values2>... ]
set shared reports <name> type tunnel labels [ <labels1> <labels2>... ]
set shared reports <name> type tunnel sortby <repeatcnt|bytes|bytes_sent|bytes_r
eceived|packets|pkts_sent|pkts_received|max_encap|unknown_proto|strict_check|tun
nel_fragment|sessions_created|sessions_closed|nunique-of-users>
set shared reports <name> type tunnelsum
set shared reports <name> type tunnelsum aggregate-by [ <aggregate-by1> <aggreg
ate-by2>... ]
set shared reports <name> type tunnelsum group-by <action|app|category-of-app|ds
t|risk-of-app|rule|src|subcategory-of-app|technology-of-app|container-of-app|dst
loc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive
_time|serial|vsys_name|device_name|tunnelid|monitortag|parent_session_id|parent_
start_time|tunnel|tunnel_insp_rule>
set shared reports <name> type tunnelsum values [ <values1> <values2>... ]
set shared reports <name> type tunnelsum labels [ <labels1> <labels2>... ]
set shared reports <name> type tunnelsum sortby <repeatcnt|bytes|bytes_sent|byte
s_received>
set shared reports <name> type userid
set shared reports <name> type userid aggregate-by [ <aggregate-by1> <aggregate
-by2>... ]
set shared reports <name> type userid group-by <vsys|quarter-hour-of-receive_tim
e|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|ip|user|datasou
rcename|beginport|endport|datasource|datasourcetype|factortype|factorcompletiont
ime|factorno|subtype>
set shared reports <name> type userid values [ <values1> <values2>... ]
set shared reports <name> type userid labels [ <labels1> <labels2>... ]
set shared reports <name> type userid sortby <repeatcnt|factortype|factorcomplet
iontime>
set shared reports <name> type auth
set shared reports <name> type auth aggregate-by [ <aggregate-by1> <aggregate-b
y2>... ]
set shared reports <name> type auth group-by <time_generated|vsys|quarter-hour-o
f-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|ip
|user|normalize_user|object|authpolicy|authid|vendor|clienttype|serverprofile|de
sc|event|factorno|authproto>
set shared reports <name> type auth values [ <values1> <values2>... ]
set shared reports <name> type auth labels [ <labels1> <labels2>... ]
set shared reports <name> type auth sortby <repeatcnt|vendor|time_generated>
set shared reports <name> type hipmatch
set shared reports <name> type hipmatch aggregate-by [ <aggregate-by1> <aggrega
te-by2>... ]
set shared reports <name> type hipmatch values [ <values1> <values2>... ]
set shared reports <name> type hipmatch group-by <machinename|matchname|src|srci
pv6|srcuser|matchtype|vsys|device_name|vsys_name|os|quarter-hour-of-receive_time
|hour-of-receive_time|day-of-receive_time>
set shared reports <name> type hipmatch labels [ <labels1> <labels2>... ]
set shared reports <name> type hipmatch last-match-by <time_generated>
set shared reports <name> type hipmatch sortby <repeatcnt>
set shared report-group
set shared report-group <name>
set shared report-group <name> title-page <yes|no>
set shared report-group <name> predefined <user-activity-report|saas-application
-usage-report>
set shared report-group <name> custom-widget
set shared report-group <name> custom-widget <name>
set shared report-group <name> custom-widget <name>
set shared report-group <name> custom-widget <name> predefined-report <value>
set shared report-group <name> custom-widget <name> custom-report <value>
set shared report-group <name> custom-widget <name> pdf-summary-report <value>
set shared report-group <name> custom-widget <name> log-view <value>
set shared report-group <name> custom-widget <name> csv <value>
set shared report-group <name> all
set shared report-group <name> all entry
set shared report-group <name> all entry include-user-groups-info <yes|no>
set shared report-group <name> all entry user-groups [ <user-groups1> <user-gro
ups2>... ]
set shared report-group <name> selected-zone
set shared report-group <name> selected-zone entry
set shared report-group <name> selected-zone entry include-user-groups-info <yes
|no>
set shared report-group <name> selected-zone entry user-groups [ <user-groups1>
<user-groups2>... ]
set shared report-group <name> selected-zone entry zone <value>
set shared report-group <name> selected-user-group
set shared report-group <name> selected-user-group entry

set shared report-group <name> selected-user-group entry user-group <value>
set shared report-group <name> variable
set shared report-group <name> variable <name>
set shared report-group <name> variable <name> value <value>
set shared pdf-summary-report
set shared pdf-summary-report <name>
set shared pdf-summary-report <name> header
set shared pdf-summary-report <name> header caption <value>
set shared pdf-summary-report <name> footer
set shared pdf-summary-report <name> footer note <value>
set shared pdf-summary-report <name> predefined-widget
set shared pdf-summary-report <name> predefined-widget <name>
set shared pdf-summary-report <name> predefined-widget <name> chart-type <pie|li
ne|bar|table>
set shared pdf-summary-report <name> predefined-widget <name> row <1-6>
set shared pdf-summary-report <name> predefined-widget <name> column <1-3>
set shared pdf-summary-report <name> custom-widget
set shared pdf-summary-report <name> custom-widget <name>
set shared pdf-summary-report <name> custom-widget <name> chart-type <pie|line|b
ar|table>
set shared pdf-summary-report <name> custom-widget <name> row <1-6>
set shared pdf-summary-report <name> custom-widget <name> column <1-3>
set shared email-scheduler
set shared email-scheduler <name>
set shared email-scheduler <name> report-group <value>
set shared email-scheduler <name> email-profile <value>
set shared email-scheduler <name> recipient-emails <value>
set shared email-scheduler <name> recurring
set shared email-scheduler <name> recurring disabled
set shared email-scheduler <name> recurring daily
set shared email-scheduler <name> recurring weekly <sunday|monday|tuesday|wednes
day|thursday|friday|saturday>
set shared email-scheduler <name> recurring monthly <1-31>
set shared botnet
set shared botnet configuration
set shared botnet configuration http
set shared botnet configuration http malware-sites
set shared botnet configuration http malware-sites enabled <yes|no>
set shared botnet configuration http malware-sites threshold <2-1000>
set shared botnet configuration http dynamic-dns
set shared botnet configuration http dynamic-dns enabled <yes|no>
set shared botnet configuration http dynamic-dns threshold <2-1000>
set shared botnet configuration http ip-domains
set shared botnet configuration http ip-domains enabled <yes|no>
set shared botnet configuration http ip-domains threshold <2-1000>
set shared botnet configuration http recent-domains
set shared botnet configuration http recent-domains enabled <yes|no>
set shared botnet configuration http recent-domains threshold <2-1000>
set shared botnet configuration http executables-from-unknown-sites
set shared botnet configuration http executables-from-unknown-sites enabled <yes
|no>
set shared botnet configuration http executables-from-unknown-sites threshold <2
-1000>
set shared botnet configuration unknown-applications
set shared botnet configuration unknown-applications unknown-tcp
set shared botnet configuration unknown-applications unknown-tcp sessions-per-ho
ur <1-3600>
set shared botnet configuration unknown-applications unknown-tcp destinations-pe
r-hour <1-3600>
set shared botnet configuration unknown-applications unknown-tcp session-length
minimum-bytes <1-200>
maximum-bytes <1-200>
set shared botnet configuration unknown-applications unknown-udp
set shared botnet configuration unknown-applications unknown-udp sessions-per-ho
ur <1-3600>
set shared botnet configuration unknown-applications unknown-udp destinations-pe
r-hour <1-3600>
set shared botnet configuration unknown-applications unknown-udp session-length
minimum-bytes <1-200>
maximum-bytes <1-200>
set shared botnet configuration other-applications
set shared botnet configuration other-applications irc <yes|no>
set shared botnet report
set shared botnet report scheduled <yes|no>
set shared botnet report topn <1-500>
set shared botnet report query <value>
set shared override
set shared override application
set shared override application <name>
set shared override application <name> timeout <0-604800>
set shared override application <name> tcp-timeout <0-604800>
set shared override application <name> tcp-half-closed-timeout <1-604800>
set shared override application <name> tcp-time-wait-timeout <1-600>
set shared override application <name> udp-timeout <0-604800>
set shared override application <name> risk <1-5>
set shared override application <name> no-appid-caching <yes|no>
set shared alg-override
set shared alg-override application
set shared alg-override application <name>
set shared alg-override application <name> alg-disabled <yes|no>
set shared authentication-profile
set shared authentication-profile <name>

set shared authentication-profile <name> username-modifier <value>|<validate>|<%
USERINPUT%|%USERINPUT%@%USERDOMAIN%|%USERDOMAIN%\%USERINPUT%>
set shared authentication-profile <name> user-domain <value>
set shared authentication-profile <name> single-sign-on
set shared authentication-profile <name> single-sign-on realm <value>
set shared authentication-profile <name> single-sign-on service-principal <value
>
set shared authentication-profile <name> single-sign-on kerberos-keytab <value>
set shared authentication-profile <name> single-sign-on kerberos-keytab <value>
set shared authentication-profile <name> lockout
set shared authentication-profile <name> lockout failed-attempts <1-10>
set shared authentication-profile <name> lockout failed-attempts <0-10>
set shared authentication-profile <name> lockout lockout-time <0-60>
set shared authentication-profile <name> allow-list [ <allow-list1> <allow-list
2>... ]
set shared authentication-profile <name> method
set shared authentication-profile <name> method none
set shared authentication-profile <name> method local-database
set shared authentication-profile <name> method radius
set shared authentication-profile <name> method radius server-profile <value>
set shared authentication-profile <name> method radius checkgroup <yes|no>
set shared authentication-profile <name> method ldap
set shared authentication-profile <name> method ldap server-profile <value>
set shared authentication-profile <name> method ldap login-attribute <value>
set shared authentication-profile <name> method ldap passwd-exp-days <0-255>
set shared authentication-profile <name> method kerberos
set shared authentication-profile <name> method kerberos server-profile <value>
set shared authentication-profile <name> method kerberos realm <value>
set shared authentication-profile <name> method tacplus
set shared authentication-profile <name> method tacplus server-profile <value>
set shared authentication-profile <name> method tacplus checkgroup <yes|no>
set shared authentication-profile <name> method saml-idp

set shared authentication-profile <name> method saml-idp server-profile <value>
set shared authentication-profile <name> method saml-idp enable-single-logout <y
es|no>
set shared authentication-profile <name> method saml-idp request-signing-certifi
cate <value>
set shared authentication-profile <name> method saml-idp certificate-profile <va
lue>
set shared authentication-profile <name> method saml-idp attribute-name-username
<value>
set shared authentication-profile <name> method saml-idp attribute-name-usergrou
p <value>
set shared authentication-profile <name> method saml-idp attribute-name-admin-ro
le <value>
set shared authentication-profile <name> method saml-idp attribute-name-access-d
omain <value>
set shared authentication-profile <name> multi-factor-auth
set shared authentication-profile <name> multi-factor-auth mfa-enable <yes|no>
set shared authentication-profile <name> multi-factor-auth factors [ <factors1>
<factors2>... ]
set shared authentication-sequence
set shared authentication-sequence <name>
set shared authentication-sequence <name> use-domain-find-profile <yes|no>
set shared authentication-sequence <name> authentication-profiles [ <authentica
tion-profiles1> <authentication-profiles2>... ]
set shared certificate-profile
set shared certificate-profile <name>
set shared certificate-profile <name> username-field
set shared certificate-profile <name> username-field subject <common-name>
set shared certificate-profile <name> username-field subject-alt <email|principa
l-name>
set shared certificate-profile <name> domain <value>
set shared certificate-profile <name> CA

set shared certificate-profile <name> CA <name>
set shared certificate-profile <name> CA <name> default-ocsp-url <value>
set shared certificate-profile <name> CA <name> ocsp-verify-cert <value>
set shared certificate-profile <name> use-crl <yes|no>
set shared certificate-profile <name> use-ocsp <yes|no>
set shared certificate-profile <name> crl-receive-timeout <1-60>
set shared certificate-profile <name> ocsp-receive-timeout <1-60>
set shared certificate-profile <name> cert-status-timeout <0-60>
set shared certificate-profile <name> block-unknown-cert <yes|no>
set shared certificate-profile <name> block-timeout-cert <yes|no>
set shared certificate-profile <name> block-unauthenticated-cert <yes|no>
set shared certificate-profile <name> block-expired-cert <yes|no>
set shared server-profile
set shared server-profile ldap
set shared server-profile ldap <name>
set shared server-profile ldap <name> admin-use-only <yes|no>
set shared server-profile ldap <name> ldap-type <active-directory|e-directory|su
n|other>
set shared server-profile ldap <name> server
set shared server-profile ldap <name> server <name>
set shared server-profile ldap <name> server <name> address <ip/netmask>|<value>
set shared server-profile ldap <name> server <name> port <1-65535>
set shared server-profile ldap <name> ssl <yes|no>
set shared server-profile ldap <name> ssl <yes>
set shared server-profile ldap <name> verify-server-certificate <yes|no>
set shared server-profile ldap <name> disabled <yes|no>
set shared server-profile ldap <name> base <value>
set shared server-profile ldap <name> bind-dn <value>
set shared server-profile ldap <name> bind-password <value>
set shared server-profile ldap <name> timelimit <1-30>
set shared server-profile ldap <name> bind-timelimit <1-60>
set shared server-profile ldap <name> retry-interval <60-3600>

set shared server-profile radius
set shared server-profile radius <name>
set shared server-profile radius <name> admin-use-only <yes|no>
set shared server-profile radius <name> timeout <1-120>
set shared server-profile radius <name> retries <1-5>
set shared server-profile radius <name> protocol
set shared server-profile radius <name> protocol CHAP
set shared server-profile radius <name> protocol PAP
set shared server-profile radius <name> protocol PEAP-MSCHAPv2
set shared server-profile radius <name> protocol PEAP-MSCHAPv2 anon-outer-id <ye
s|no>
set shared server-profile radius <name> protocol PEAP-MSCHAPv2 allow-pwd-change
<yes|no>
set shared server-profile radius <name> protocol PEAP-MSCHAPv2 radius-cert-profi
le <value>
set shared server-profile radius <name> protocol PEAP-with-GTC
set shared server-profile radius <name> protocol PEAP-with-GTC anon-outer-id <ye
s|no>
set shared server-profile radius <name> protocol PEAP-with-GTC radius-cert-profi
le <value>
set shared server-profile radius <name> protocol EAP-TTLS-with-PAP
set shared server-profile radius <name> protocol EAP-TTLS-with-PAP anon-outer-id
<yes|no>
set shared server-profile radius <name> protocol EAP-TTLS-with-PAP radius-cert-p
rofile <value>
set shared server-profile radius <name> server
set shared server-profile radius <name> server <name>
set shared server-profile radius <name> server <name> ip-address <ip/netmask>|<v
alue>
set shared server-profile radius <name> server <name> secret <value>
set shared server-profile radius <name> server <name> port <1-65535>
set shared server-profile kerberos

set shared server-profile kerberos <name>
set shared server-profile kerberos <name> admin-use-only <yes|no>
set shared server-profile kerberos <name> server
set shared server-profile kerberos <name> server <name>
set shared server-profile kerberos <name> server <name> host <ip/netmask>|<value
>
set shared server-profile kerberos <name> server <name> port <1-65535>
set shared server-profile tacplus
set shared server-profile tacplus <name>
set shared server-profile tacplus <name> timeout <1-30>
set shared server-profile tacplus <name> admin-use-only <yes|no>
set shared server-profile tacplus <name> use-single-connection <yes|no>
set shared server-profile tacplus <name> protocol <CHAP|PAP>
set shared server-profile tacplus <name> server
set shared server-profile tacplus <name> server <name>
set shared server-profile tacplus <name> server <name> address <ip/netmask>|<val
ue>
set shared server-profile tacplus <name> server <name> secret <value>
set shared server-profile tacplus <name> server <name> port <1-65535>
set shared server-profile saml-idp
set shared server-profile saml-idp <name>
set shared server-profile saml-idp <name> admin-use-only <yes|no>
set shared server-profile saml-idp <name> entity-id <value>
set shared server-profile saml-idp <name> certificate <value>
set shared server-profile saml-idp <name> sso-url <value>
set shared server-profile saml-idp <name> sso-bindings <post|redirect>
set shared server-profile saml-idp <name> slo-url <value>
set shared server-profile saml-idp <name> slo-bindings <post|redirect>
set shared server-profile saml-idp <name> validate-idp-certificate <yes|no>
set shared server-profile saml-idp <name> want-auth-requests-signed <yes|no>
set shared server-profile saml-idp <name> max-clock-skew <1-900>
set shared server-profile netflow

set shared server-profile netflow <name>
set shared server-profile netflow <name> template-refresh-rate
set shared server-profile netflow <name> template-refresh-rate minutes <1-3600>
set shared server-profile netflow <name> template-refresh-rate packets <1-600>
set shared server-profile netflow <name> active-timeout <1-60>
set shared server-profile netflow <name> export-enterprise-fields <yes|no>
set shared server-profile netflow <name> server
set shared server-profile netflow <name> server <name>
set shared server-profile netflow <name> server <name> host <ip/netmask>|<value>
set shared server-profile netflow <name> server <name> port <1-65535>
set shared server-profile mfa-server-profile
set shared server-profile mfa-server-profile <name>
set shared server-profile mfa-server-profile <name> mfa-vendor-type <value>
set shared server-profile mfa-server-profile <name> mfa-cert-profile <value>
set shared server-profile mfa-server-profile <name> mfa-config
set shared server-profile mfa-server-profile <name> mfa-config <name>
set shared server-profile mfa-server-profile <name> mfa-config <name> value <val
ue>
set shared log-settings
set shared log-settings system
set shared log-settings system match-list
set shared log-settings system match-list <name>
set shared log-settings system match-list <name> description <value>
set shared log-settings system match-list <name> filter <value>
set shared log-settings system match-list <name> send-to-panorama <yes|no>
set shared log-settings system match-list <name> send-snmptrap [ <send-snmptrap
1> <send-snmptrap2>... ]
set shared log-settings system match-list <name> send-email [ <send-email1> <se
nd-email2>... ]
set shared log-settings system match-list <name> send-syslog [ <send-syslog1> <
send-syslog2>... ]
set shared log-settings system match-list <name> send-http [ <send-http1> <send

-http2>... ]
set shared log-settings system match-list <name> actions
set shared log-settings system match-list <name> actions <name>
set shared log-settings system match-list <name> actions <name> type
set shared log-settings config
set shared log-settings config match-list
set shared log-settings config match-list <name>
set shared log-settings config match-list <name> description <value>
set shared log-settings config match-list <name> filter <value>
set shared log-settings config match-list <name> send-to-panorama <yes|no>
set shared log-settings config match-list <name> send-snmptrap [ <send-snmptrap
set shared log-settings config match-list <name> send-email [ <send-email1> <se
nd-email2>... ]
set shared log-settings config match-list <name> send-syslog [ <send-syslog1> <
send-syslog2>... ]
set shared log-settings config match-list <name> send-http [ <send-http1> <send
-http2>... ]
set shared log-settings userid
set shared log-settings userid match-list
set shared log-settings userid match-list <name>
set shared log-settings userid match-list <name> description <value>
set shared log-settings userid match-list <name> filter <value>
set shared log-settings userid match-list <name> send-to-panorama <yes|no>
set shared log-settings userid match-list <name> send-snmptrap [ <send-snmptrap
set shared log-settings userid match-list <name> send-email [ <send-email1> <se
nd-email2>... ]
set shared log-settings userid match-list <name> send-syslog [ <send-syslog1> <
send-syslog2>... ]
set shared log-settings userid match-list <name> send-http [ <send-http1> <send
-http2>... ]
set shared log-settings userid match-list <name> actions
set shared log-settings userid match-list <name> actions <name>
set shared log-settings userid match-list <name> actions <name> type
set shared log-settings userid match-list <name> actions <name> type tagging
set shared log-settings userid match-list <name> actions <name> type tagging tar
get <source-address|destination-address>
set shared log-settings userid match-list <name> actions <name> type tagging act
ion <add-tag|remove-tag>
set shared log-settings userid match-list <name> actions <name> type tagging reg
istration
istration localhost
istration panorama
istration remote
istration remote http-profile <value>
set shared log-settings userid match-list <name> actions <name> type tagging tag
s [ <tags1> <tags2>... ]
set shared log-settings hipmatch
set shared log-settings hipmatch match-list
set shared log-settings hipmatch match-list <name>
set shared log-settings hipmatch match-list <name> description <value>
set shared log-settings hipmatch match-list <name> filter <value>
set shared log-settings hipmatch match-list <name> send-to-panorama <yes|no>
set shared log-settings hipmatch match-list <name> send-snmptrap [ <send-snmptr
ap1> <send-snmptrap2>... ]
set shared log-settings hipmatch match-list <name> send-email [ <send-email1> <
send-email2>... ]
set shared log-settings hipmatch match-list <name> send-syslog [ <send-syslog1>
<send-syslog2>... ]
set shared log-settings hipmatch match-list <name> send-http [ <send-http1> <se
nd-http2>... ]
set shared log-settings hipmatch match-list <name> actions
set shared log-settings hipmatch match-list <name> actions <name>
set shared log-settings hipmatch match-list <name> actions <name> type
set shared log-settings hipmatch match-list <name> actions <name> type tagging
set shared log-settings hipmatch match-list <name> actions <name> type tagging t
arget <source-address|destination-address>
set shared log-settings hipmatch match-list <name> actions <name> type tagging a
ction <add-tag|remove-tag>
set shared log-settings hipmatch match-list <name> actions <name> type tagging r
egistration
egistration localhost
egistration panorama
egistration remote
egistration remote http-profile <value>
set shared log-settings hipmatch match-list <name> actions <name> type tagging t
ags [ <tags1> <tags2>... ]
set shared log-settings correlation
set shared log-settings correlation match-list
set shared log-settings correlation match-list <name>
set shared log-settings correlation match-list <name> description <value>
set shared log-settings correlation match-list <name> filter <value>
set shared log-settings correlation match-list <name> send-snmptrap [ <send-snm
ptrap1> <send-snmptrap2>... ]
set shared log-settings correlation match-list <name> send-email [ <send-email1
> <send-email2>... ]
set shared log-settings correlation match-list <name> send-syslog [ <send-syslo

g1> <send-syslog2>... ]
set shared log-settings correlation match-list <name> send-http [ <send-http1>
<send-http2>... ]
set shared log-settings correlation match-list <name> actions
set shared log-settings correlation match-list <name> actions <name>
set shared log-settings correlation match-list <name> actions <name> type
set shared log-settings correlation match-list <name> actions <name> type taggin
g target <source-address|destination-address>
g action <add-tag|remove-tag>
g registration
g registration localhost
g registration panorama
g registration remote
g registration remote http-profile <value>
g tags [ <tags1> <tags2>... ]
set shared log-settings snmptrap
set shared log-settings snmptrap <name>
set shared log-settings snmptrap <name> version
set shared log-settings snmptrap <name> version v2c
set shared log-settings snmptrap <name> version v2c server
set shared log-settings snmptrap <name> version v2c server <name>
set shared log-settings snmptrap <name> version v2c server <name> manager <ip/ne
tmask>|<value>
set shared log-settings snmptrap <name> version v2c server <name> community <val
ue>
set shared log-settings snmptrap <name> version v3
set shared log-settings snmptrap <name> version v3 server
set shared log-settings snmptrap <name> version v3 server <name>
set shared log-settings snmptrap <name> version v3 server <name> manager <ip/net
mask>|<value>
set shared log-settings snmptrap <name> version v3 server <name> user <value>
set shared log-settings snmptrap <name> version v3 server <name> engineid <value
>
set shared log-settings snmptrap <name> version v3 server <name> authpwd <value>
set shared log-settings snmptrap <name> version v3 server <name> privpwd <value>
set shared log-settings email
set shared log-settings email <name>
set shared log-settings email <name> server
set shared log-settings email <name> server <name>
set shared log-settings email <name> server <name> display-name <value>
set shared log-settings email <name> server <name> from <value>
set shared log-settings email <name> server <name> to <value>
set shared log-settings email <name> server <name> and-also-to <value>
set shared log-settings email <name> server <name> gateway <value>
set shared log-settings email <name> format
set shared log-settings email <name> format traffic <value>
set shared log-settings email <name> format threat <value>
set shared log-settings email <name> format wildfire <value>
set shared log-settings email <name> format url <value>
set shared log-settings email <name> format data <value>
set shared log-settings email <name> format tunnel <value>
set shared log-settings email <name> format auth <value>
set shared log-settings email <name> format userid <value>
set shared log-settings email <name> format config <value>
set shared log-settings email <name> format system <value>

set shared log-settings email <name> format hip-match <value>
set shared log-settings email <name> format correlation <value>
set shared log-settings email <name> format escaping
set shared log-settings email <name> format escaping escaped-characters <value>
set shared log-settings email <name> format escaping escape-character <value>
set shared log-settings syslog
set shared log-settings syslog <name>
set shared log-settings syslog <name> server
set shared log-settings syslog <name> server <name>
set shared log-settings syslog <name> server <name> server <value>
set shared log-settings syslog <name> server <name> transport <UDP|TCP|SSL>
set shared log-settings syslog <name> server <name> port <1-65535>
set shared log-settings syslog <name> server <name> format <BSD|IETF>
set shared log-settings syslog <name> server <name> facility <LOG_USER|LOG_LOCAL
0|LOG_LOCAL1|LOG_LOCAL2|LOG_LOCAL3|LOG_LOCAL4|LOG_LOCAL5|LOG_LOCAL6|LOG_LOCAL7>
set shared log-settings syslog <name> format
set shared log-settings syslog <name> format traffic <value>
set shared log-settings syslog <name> format threat <value>
set shared log-settings syslog <name> format wildfire <value>
set shared log-settings syslog <name> format url <value>
set shared log-settings syslog <name> format data <value>
set shared log-settings syslog <name> format tunnel <value>
set shared log-settings syslog <name> format auth <value>
set shared log-settings syslog <name> format userid <value>
set shared log-settings syslog <name> format config <value>
set shared log-settings syslog <name> format system <value>
set shared log-settings syslog <name> format hip-match <value>
set shared log-settings syslog <name> format correlation <value>
set shared log-settings syslog <name> format escaping
set shared log-settings syslog <name> format escaping escaped-characters <value>
set shared log-settings syslog <name> format escaping escape-character <value>
set shared log-settings http

set shared log-settings http <name>
set shared log-settings http <name> tag-registration <yes|no>
set shared log-settings http <name> server
set shared log-settings http <name> server <name>
set shared log-settings http <name> server <name> address <value>
set shared log-settings http <name> server <name> protocol <HTTP|HTTPS>
set shared log-settings http <name> server <name> port <1-65535>
set shared log-settings http <name> server <name> http-method <value>
set shared log-settings http <name> server <name> username <value>
set shared log-settings http <name> server <name> password <value>
set shared log-settings http <name> format
set shared log-settings http <name> format config
set shared log-settings http <name> format config name <value>
set shared log-settings http <name> format config url-format <value>
set shared log-settings http <name> format config headers
set shared log-settings http <name> format config headers <name>
set shared log-settings http <name> format config headers <name> value <value>
set shared log-settings http <name> format config params
set shared log-settings http <name> format config params <name>
set shared log-settings http <name> format config params <name> value <value>
set shared log-settings http <name> format config payload <value>
set shared log-settings http <name> format system
set shared log-settings http <name> format system name <value>
set shared log-settings http <name> format system url-format <value>
set shared log-settings http <name> format system headers
set shared log-settings http <name> format system headers <name>
set shared log-settings http <name> format system headers <name> value <value>
set shared log-settings http <name> format system params
set shared log-settings http <name> format system params <name>
set shared log-settings http <name> format system params <name> value <value>
set shared log-settings http <name> format system payload <value>
set shared log-settings http <name> format traffic

set shared log-settings http <name> format traffic name <value>
set shared log-settings http <name> format traffic url-format <value>
set shared log-settings http <name> format traffic headers
set shared log-settings http <name> format traffic headers <name>
set shared log-settings http <name> format traffic headers <name> value <value>
set shared log-settings http <name> format traffic params
set shared log-settings http <name> format traffic params <name>
set shared log-settings http <name> format traffic params <name> value <value>
set shared log-settings http <name> format traffic payload <value>
set shared log-settings http <name> format threat
set shared log-settings http <name> format threat name <value>
set shared log-settings http <name> format threat url-format <value>
set shared log-settings http <name> format threat headers
set shared log-settings http <name> format threat headers <name>
set shared log-settings http <name> format threat headers <name> value <value>
set shared log-settings http <name> format threat params
set shared log-settings http <name> format threat params <name>
set shared log-settings http <name> format threat params <name> value <value>
set shared log-settings http <name> format threat payload <value>
set shared log-settings http <name> format wildfire
set shared log-settings http <name> format wildfire name <value>
set shared log-settings http <name> format wildfire url-format <value>
set shared log-settings http <name> format wildfire headers
set shared log-settings http <name> format wildfire headers <name>
set shared log-settings http <name> format wildfire headers <name> value <value>
set shared log-settings http <name> format wildfire params
set shared log-settings http <name> format wildfire params <name>
set shared log-settings http <name> format wildfire params <name> value <value>
set shared log-settings http <name> format wildfire payload <value>
set shared log-settings http <name> format url
set shared log-settings http <name> format url name <value>
set shared log-settings http <name> format url url-format <value>

set shared log-settings http <name> format url headers
set shared log-settings http <name> format url headers <name>
set shared log-settings http <name> format url headers <name> value <value>
set shared log-settings http <name> format url params
set shared log-settings http <name> format url params <name>
set shared log-settings http <name> format url params <name> value <value>
set shared log-settings http <name> format url payload <value>
set shared log-settings http <name> format data
set shared log-settings http <name> format data name <value>
set shared log-settings http <name> format data url-format <value>
set shared log-settings http <name> format data headers
set shared log-settings http <name> format data headers <name>
set shared log-settings http <name> format data headers <name> value <value>
set shared log-settings http <name> format data params
set shared log-settings http <name> format data params <name>
set shared log-settings http <name> format data params <name> value <value>
set shared log-settings http <name> format data payload <value>
set shared log-settings http <name> format tunnel
set shared log-settings http <name> format tunnel name <value>
set shared log-settings http <name> format tunnel url-format <value>
set shared log-settings http <name> format tunnel headers
set shared log-settings http <name> format tunnel headers <name>
set shared log-settings http <name> format tunnel headers <name> value <value>
set shared log-settings http <name> format tunnel params
set shared log-settings http <name> format tunnel params <name>
set shared log-settings http <name> format tunnel params <name> value <value>
set shared log-settings http <name> format tunnel payload <value>
set shared log-settings http <name> format auth
set shared log-settings http <name> format auth name <value>
set shared log-settings http <name> format auth url-format <value>
set shared log-settings http <name> format auth headers
set shared log-settings http <name> format auth headers <name>

set shared log-settings http <name> format auth headers <name> value <value>
set shared log-settings http <name> format auth params
set shared log-settings http <name> format auth params <name>
set shared log-settings http <name> format auth params <name> value <value>
set shared log-settings http <name> format auth payload <value>
set shared log-settings http <name> format userid
set shared log-settings http <name> format userid name <value>
set shared log-settings http <name> format userid url-format <value>
set shared log-settings http <name> format userid headers
set shared log-settings http <name> format userid headers <name>
set shared log-settings http <name> format userid headers <name> value <value>
set shared log-settings http <name> format userid params
set shared log-settings http <name> format userid params <name>
set shared log-settings http <name> format userid params <name> value <value>
set shared log-settings http <name> format userid payload <value>
set shared log-settings http <name> format hip-match
set shared log-settings http <name> format hip-match name <value>
set shared log-settings http <name> format hip-match url-format <value>
set shared log-settings http <name> format hip-match headers
set shared log-settings http <name> format hip-match headers <name>
set shared log-settings http <name> format hip-match headers <name> value <value
>
set shared log-settings http <name> format hip-match params
set shared log-settings http <name> format hip-match params <name>
set shared log-settings http <name> format hip-match params <name> value <value>
set shared log-settings http <name> format hip-match payload <value>
set shared log-settings http <name> format correlation
set shared log-settings http <name> format correlation name <value>
set shared log-settings http <name> format correlation url-format <value>
set shared log-settings http <name> format correlation headers
set shared log-settings http <name> format correlation headers <name>
set shared log-settings http <name> format correlation headers <name> value <val
ue>
set shared log-settings http <name> format correlation params
set shared log-settings http <name> format correlation params <name>
set shared log-settings http <name> format correlation params <name> value <valu
e>
set shared log-settings http <name> format correlation payload <value>
set shared log-settings profiles
set shared log-settings profiles <name>
set shared log-settings profiles <name> description <value>
set shared log-settings profiles <name> enhanced-application-logging <yes|no>
set shared log-settings profiles <name> match-list
set shared log-settings profiles <name> match-list <name>
set shared log-settings profiles <name> match-list <name> action-desc <value>
set shared log-settings profiles <name> match-list <name> log-type <traffic|thre
at|wildfire|url|data|tunnel|auth>
set shared log-settings profiles <name> match-list <name> filter <value>
set shared log-settings profiles <name> match-list <name> send-to-panorama <yes|
no>
set shared log-settings profiles <name> match-list <name> send-snmptrap [ <send
-snmptrap1> <send-snmptrap2>... ]
set shared log-settings profiles <name> match-list <name> send-email [ <send-em
ail1> <send-email2>... ]
set shared log-settings profiles <name> match-list <name> send-syslog [ <send-s
yslog1> <send-syslog2>... ]
set shared log-settings profiles <name> match-list <name> send-http [ <send-htt
p1> <send-http2>... ]
set shared log-settings profiles <name> match-list <name> actions
set shared log-settings profiles <name> match-list <name> actions <name>
set shared log-settings profiles <name> match-list <name> actions <name> type
set shared log-settings profiles <name> match-list <name> actions <name> type ta
gging
gging target <source-address|destination-address>
gging action <add-tag|remove-tag>
gging registration
gging registration localhost
gging registration panorama
gging registration remote
gging registration remote http-profile <value>
gging tags [ <tags1> <tags2>... ]
set shared certificate
set shared certificate <name>
set shared certificate <name> common-name <value>
set shared certificate <name> algorithm <value>
set shared certificate <name> not-valid-after <value>
set shared certificate <name> not-valid-before <value>
set shared certificate <name> expiry-epoch <value>
set shared certificate <name> subject <value>
set shared certificate <name> subject-hash <value>
set shared certificate <name> issuer <value>
set shared certificate <name> issuer-hash <value>
set shared certificate <name> csr <value>
set shared certificate <name> public-key <value>
set shared certificate <name> private-key <value>
set shared certificate <name> private-key-on-hsm <yes|no>

set shared certificate <name> status <valid|revoked>
set shared certificate <name> revoke-date-epoch <value>
set shared ssl-tls-service-profile
set shared ssl-tls-service-profile <name>
set shared ssl-tls-service-profile <name> certificate <value>
set shared ssl-tls-service-profile <name> protocol-settings
set shared ssl-tls-service-profile <name> protocol-settings min-version <tls1-0|
tls1-1|tls1-2>
set shared ssl-tls-service-profile <name> protocol-settings max-version <tls1-0|
tls1-1|tls1-2|max>
set shared ssl-tls-service-profile <name> protocol-settings keyxchg-algo-rsa <ye
s|no>
set shared ssl-tls-service-profile <name> protocol-settings keyxchg-algo-dhe <ye
s|no>
set shared ssl-tls-service-profile <name> protocol-settings keyxchg-algo-ecdhe <
yes|no>
set shared ssl-tls-service-profile <name> protocol-settings enc-algo-3des <yes|n
o>
set shared ssl-tls-service-profile <name> protocol-settings enc-algo-rc4 <yes|no
>
set shared ssl-tls-service-profile <name> protocol-settings enc-algo-aes-128-cbc
<yes|no>
set shared ssl-tls-service-profile <name> protocol-settings enc-algo-aes-256-cbc
<yes|no>
set shared ssl-tls-service-profile <name> protocol-settings enc-algo-aes-128-gcm
<yes|no>
set shared ssl-tls-service-profile <name> protocol-settings enc-algo-aes-256-gcm
<yes|no>
set shared ssl-tls-service-profile <name> protocol-settings auth-algo-sha1 <yes|
no>
set shared ssl-tls-service-profile <name> protocol-settings auth-algo-sha256 <ye
s|no>
set shared ssl-tls-service-profile <name> protocol-settings auth-algo-sha384 <ye
s|no>
set shared response-page
set shared response-page application-block-page <value>
set shared response-page captive-portal-text <value>
set shared response-page file-block-continue-page <value>
set shared response-page file-block-page <value>
set shared response-page ssl-cert-status-page <value>
set shared response-page ssl-optout-text <value>
set shared response-page url-block-page <value>
set shared response-page url-coach-text <value>
set shared response-page credential-block-page <value>
set shared response-page credential-coach-text <value>
set shared response-page virus-block-page <value>
set shared response-page data-filter-block-page <value>
set shared response-page safe-search-block-page <value>
set shared response-page saml-auth-internal-error-page <value>
set shared response-page mfa-login-page <value>
set shared response-page global-protect-portal-custom-login-page
set shared response-page global-protect-portal-custom-login-page <name>
set shared response-page global-protect-portal-custom-login-page <name> page <va
lue>
set shared response-page global-protect-portal-custom-home-page
set shared response-page global-protect-portal-custom-home-page <name>
set shared response-page global-protect-portal-custom-home-page <name> page <val
ue>
set shared response-page global-protect-portal-custom-help-page
set shared response-page global-protect-portal-custom-help-page <name>
set shared response-page global-protect-portal-custom-help-page <name> page <val
ue>
set shared response-page global-protect-portal-custom-welcome-page
set shared response-page global-protect-portal-custom-welcome-page <name>

set shared response-page global-protect-portal-custom-welcome-page <name> page <
value>
set shared local-user-database
set shared local-user-database user
set shared local-user-database user <name>
set shared local-user-database user <name> phash <value>
set shared local-user-database user <name> disabled <yes|no>
set shared local-user-database user-group
set shared local-user-database user-group <name>
set shared local-user-database user-group <name> user [ <user1> <user2>... ]
set shared ocsp-responder
set shared ocsp-responder <name>
set shared ocsp-responder <name> host-name <value>
set shared ssl-decrypt
set shared ssl-decrypt forward-trust-certificate
set shared ssl-decrypt forward-trust-certificate rsa <value>
set shared ssl-decrypt forward-trust-certificate ecdsa <value>
set shared ssl-decrypt forward-untrust-certificate
set shared ssl-decrypt forward-untrust-certificate rsa <value>
set shared ssl-decrypt forward-untrust-certificate ecdsa <value>
set shared ssl-decrypt ssl-exclude-cert
set shared ssl-decrypt ssl-exclude-cert <name>
set shared ssl-decrypt ssl-exclude-cert <name> description <value>
set shared ssl-decrypt ssl-exclude-cert <name> exclude <yes|no>
set shared ssl-decrypt root-ca-exclude-list [ <root-ca-exclude-list1> <root-ca-
exclude-list2>... ]
set shared ssl-decrypt trusted-root-CA [ <trusted-root-CA1> <trusted-root-CA2>.
.. ]
set shared ssl-decrypt disabled-ssl-exclude-cert-from-predefined [ <disabled-ss
l-exclude-cert-from-predefined1> <disabled-ssl-exclude-cert-from-predefined2>...
set shared url-content-types [ <url-content-types1> <url-content-types2>... ]

set shared admin-role
set shared admin-role <name>
set shared admin-role <name> description <value>
set shared admin-role <name> role
set shared admin-role <name> role device
set shared admin-role <name> role device webui
set shared admin-role <name> role device webui dashboard <enable|disable>
set shared admin-role <name> role device webui acc <enable|disable>
set shared admin-role <name> role device webui monitor
set shared admin-role <name> role device webui monitor logs
set shared admin-role <name> role device webui monitor logs traffic <enable|disa
ble>
set shared admin-role <name> role device webui monitor logs threat <enable|disab
le>
set shared admin-role <name> role device webui monitor logs url <enable|disable>
set shared admin-role <name> role device webui monitor logs wildfire <enable|dis
able>
set shared admin-role <name> role device webui monitor logs data-filtering <enab
le|disable>
set shared admin-role <name> role device webui monitor logs hipmatch <enable|dis
able>
set shared admin-role <name> role device webui monitor logs userid <enable|disab
le>
set shared admin-role <name> role device webui monitor logs gtp <enable|disable>
set shared admin-role <name> role device webui monitor logs tunnel <enable|disab
le>
set shared admin-role <name> role device webui monitor logs sctp <enable|disable
>
set shared admin-role <name> role device webui monitor logs configuration <enabl
e|disable>
set shared admin-role <name> role device webui monitor logs system <enable|disab
le>
set shared admin-role <name> role device webui monitor logs alarm <enable|disabl
e>
set shared admin-role <name> role device webui monitor logs authentication <enab
le|disable>
set shared admin-role <name> role device webui monitor external-logs <enable|dis
able>
set shared admin-role <name> role device webui monitor automated-correlation-eng
ine
ine correlation-objects <enable|disable>
ine correlated-events <enable|disable>
set shared admin-role <name> role device webui monitor packet-capture <enable|re
ad-only|disable>
set shared admin-role <name> role device webui monitor app-scope <enable|disable
>
set shared admin-role <name> role device webui monitor session-browser <enable|r
ead-only|disable>
set shared admin-role <name> role device webui monitor block-ip-list <enable|rea
d-only|disable>
set shared admin-role <name> role device webui monitor botnet <enable|read-only|
disable>
set shared admin-role <name> role device webui monitor pdf-reports
set shared admin-role <name> role device webui monitor pdf-reports manage-pdf-su
mmary <enable|read-only|disable>
set shared admin-role <name> role device webui monitor pdf-reports pdf-summary-r
eports <enable|disable>
set shared admin-role <name> role device webui monitor pdf-reports user-activity
-report <enable|read-only|disable>
set shared admin-role <name> role device webui monitor pdf-reports saas-applicat
ion-usage-report <enable|read-only|disable>
set shared admin-role <name> role device webui monitor pdf-reports report-groups
<enable|read-only|disable>
set shared admin-role <name> role device webui monitor pdf-reports email-schedul
er <enable|read-only|disable>
set shared admin-role <name> role device webui monitor custom-reports
set shared admin-role <name> role device webui monitor custom-reports applicatio
n-statistics <enable|disable>
set shared admin-role <name> role device webui monitor custom-reports data-filte
ring-log <enable|disable>
set shared admin-role <name> role device webui monitor custom-reports threat-log
<enable|disable>
set shared admin-role <name> role device webui monitor custom-reports threat-sum
mary <enable|disable>
set shared admin-role <name> role device webui monitor custom-reports traffic-lo
g <enable|disable>
set shared admin-role <name> role device webui monitor custom-reports traffic-su
mmary <enable|disable>
set shared admin-role <name> role device webui monitor custom-reports url-log <e
nable|disable>
set shared admin-role <name> role device webui monitor custom-reports url-summar
y <enable|disable>
set shared admin-role <name> role device webui monitor custom-reports hipmatch <
enable|disable>
set shared admin-role <name> role device webui monitor custom-reports wildfire-l
og <enable|disable>
set shared admin-role <name> role device webui monitor custom-reports gtp-log <e
nable|disable>
set shared admin-role <name> role device webui monitor custom-reports gtp-summar
y <enable|disable>
set shared admin-role <name> role device webui monitor custom-reports tunnel-log
<enable|disable>
set shared admin-role <name> role device webui monitor custom-reports tunnel-sum
mary <enable|disable>
set shared admin-role <name> role device webui monitor custom-reports sctp-log <
enable|disable>
set shared admin-role <name> role device webui monitor custom-reports sctp-summa
ry <enable|disable>
set shared admin-role <name> role device webui monitor custom-reports userid <en
able|disable>
set shared admin-role <name> role device webui monitor custom-reports auth <enab
le|disable>
set shared admin-role <name> role device webui monitor view-custom-reports <enab
le|disable>
set shared admin-role <name> role device webui monitor application-reports <enab
le|disable>
set shared admin-role <name> role device webui monitor threat-reports <enable|di
sable>
set shared admin-role <name> role device webui monitor url-filtering-reports <en
able|disable>
set shared admin-role <name> role device webui monitor traffic-reports <enable|d
isable>
set shared admin-role <name> role device webui monitor gtp-reports <enable|disab
le>
set shared admin-role <name> role device webui monitor sctp-reports <enable|disa
ble>
set shared admin-role <name> role device webui policies
set shared admin-role <name> role device webui policies security-rulebase <enabl
e|read-only|disable>
set shared admin-role <name> role device webui policies nat-rulebase <enable|rea
d-only|disable>
set shared admin-role <name> role device webui policies qos-rulebase <enable|rea
d-only|disable>
set shared admin-role <name> role device webui policies pbf-rulebase <enable|rea
d-only|disable>
set shared admin-role <name> role device webui policies ssl-decryption-rulebase

set shared admin-role <name> role device webui policies tunnel-inspect-rulebase
set shared admin-role <name> role device webui policies application-override-rul
ebase <enable|read-only|disable>
set shared admin-role <name> role device webui policies authentication-rulebase
set shared admin-role <name> role device webui policies dos-rulebase <enable|rea
d-only|disable>
set shared admin-role <name> role device webui policies rule-hit-count-reset <en
able|disable>
set shared admin-role <name> role device webui objects
set shared admin-role <name> role device webui objects addresses <enable|read-on
ly|disable>
set shared admin-role <name> role device webui objects address-groups <enable|re
ad-only|disable>
set shared admin-role <name> role device webui objects regions <enable|read-only
|disable>
set shared admin-role <name> role device webui objects applications <enable|read
-only|disable>
set shared admin-role <name> role device webui objects application-groups <enabl
set shared admin-role <name> role device webui objects application-filters <enab
le|read-only|disable>
set shared admin-role <name> role device webui objects services <enable|read-onl
y|disable>
set shared admin-role <name> role device webui objects service-groups <enable|re
ad-only|disable>
set shared admin-role <name> role device webui objects tags <enable|read-only|di
sable>
set shared admin-role <name> role device webui objects global-protect
set shared admin-role <name> role device webui objects global-protect hip-object
s <enable|read-only|disable>
set shared admin-role <name> role device webui objects global-protect hip-profil
es <enable|read-only|disable>
set shared admin-role <name> role device webui objects dynamic-block-lists <enab
set shared admin-role <name> role device webui objects custom-objects
set shared admin-role <name> role device webui objects custom-objects data-patte
rns <enable|read-only|disable>
set shared admin-role <name> role device webui objects custom-objects spyware <e
nable|read-only|disable>
set shared admin-role <name> role device webui objects custom-objects vulnerabil
ity <enable|read-only|disable>
set shared admin-role <name> role device webui objects custom-objects url-catego
ry <enable|read-only|disable>
set shared admin-role <name> role device webui objects security-profiles
set shared admin-role <name> role device webui objects security-profiles antivir
us <enable|read-only|disable>
set shared admin-role <name> role device webui objects security-profiles anti-sp
yware <enable|read-only|disable>
set shared admin-role <name> role device webui objects security-profiles vulnera
bility-protection <enable|read-only|disable>
set shared admin-role <name> role device webui objects security-profiles url-fil
tering <enable|read-only|disable>
set shared admin-role <name> role device webui objects security-profiles file-bl
ocking <enable|read-only|disable>
set shared admin-role <name> role device webui objects security-profiles wildfir
e-analysis <enable|read-only|disable>
set shared admin-role <name> role device webui objects security-profiles data-fi
ltering <enable|read-only|disable>
set shared admin-role <name> role device webui objects security-profiles dos-pro
tection <enable|read-only|disable>
set shared admin-role <name> role device webui objects security-profile-groups <
enable|read-only|disable>
set shared admin-role <name> role device webui objects log-forwarding <enable|re
ad-only|disable>
set shared admin-role <name> role device webui objects authentication <enable|re
ad-only|disable>
set shared admin-role <name> role device webui objects decryption
set shared admin-role <name> role device webui objects decryption decryption-pro
file <enable|read-only|disable>
set shared admin-role <name> role device webui objects decryption decryption-for
warding-profile <enable|read-only|disable>
set shared admin-role <name> role device webui objects schedules <enable|read-on
ly|disable>
set shared admin-role <name> role device webui network
set shared admin-role <name> role device webui network interfaces <enable|read-o
nly|disable>
set shared admin-role <name> role device webui network zones <enable|read-only|d
isable>
set shared admin-role <name> role device webui network vlans <enable|read-only|d
isable>
set shared admin-role <name> role device webui network virtual-wires <enable|rea
d-only|disable>
set shared admin-role <name> role device webui network virtual-routers <enable|r
ead-only|disable>
set shared admin-role <name> role device webui network ipsec-tunnels <enable|rea
d-only|disable>
set shared admin-role <name> role device webui network dhcp <enable|read-only|di
sable>
set shared admin-role <name> role device webui network dns-proxy <enable|read-on
ly|disable>
set shared admin-role <name> role device webui network global-protect
set shared admin-role <name> role device webui network global-protect portals <e
set shared admin-role <name> role device webui network global-protect gateways <
set shared admin-role <name> role device webui network global-protect mdm <enabl
set shared admin-role <name> role device webui network global-protect device-blo
ck-list <enable|read-only|disable>
set shared admin-role <name> role device webui network global-protect clientless
-apps <enable|read-only|disable>
set shared admin-role <name> role device webui network global-protect clientless
-app-groups <enable|read-only|disable>
set shared admin-role <name> role device webui network qos <enable|read-only|dis
able>
set shared admin-role <name> role device webui network lldp <enable|read-only|di
sable>
set shared admin-role <name> role device webui network network-profiles
set shared admin-role <name> role device webui network network-profiles gp-app-i
psec-crypto <enable|read-only|disable>
set shared admin-role <name> role device webui network network-profiles ike-gate
ways <enable|read-only|disable>
set shared admin-role <name> role device webui network network-profiles ipsec-cr
ypto <enable|read-only|disable>
set shared admin-role <name> role device webui network network-profiles ike-cryp
to <enable|read-only|disable>
set shared admin-role <name> role device webui network network-profiles tunnel-m
onitor <enable|read-only|disable>
set shared admin-role <name> role device webui network network-profiles interfac
e-mgmt <enable|read-only|disable>
set shared admin-role <name> role device webui network network-profiles zone-pro
tection <enable|read-only|disable>
set shared admin-role <name> role device webui network network-profiles qos-prof
ile <enable|read-only|disable>
set shared admin-role <name> role device webui network network-profiles lldp-pro
file <enable|read-only|disable>
set shared admin-role <name> role device webui network network-profiles bfd-prof
ile <enable|read-only|disable>
set shared admin-role <name> role device webui device
set shared admin-role <name> role device webui device setup
set shared admin-role <name> role device webui device setup management <enable|r
ead-only|disable>
set shared admin-role <name> role device webui device setup operations <enable|r
ead-only|disable>
set shared admin-role <name> role device webui device setup services <enable|rea
d-only|disable>
set shared admin-role <name> role device webui device setup interfaces <enable|r
ead-only|disable>
set shared admin-role <name> role device webui device setup telemetry <enable|re
ad-only|disable>
set shared admin-role <name> role device webui device setup content-id <enable|r
ead-only|disable>
set shared admin-role <name> role device webui device setup wildfire <enable|rea
d-only|disable>
set shared admin-role <name> role device webui device setup session <enable|read
-only|disable>
set shared admin-role <name> role device webui device setup hsm <enable|read-onl
y|disable>
set shared admin-role <name> role device webui device high-availability <enable|
read-only|disable>
set shared admin-role <name> role device webui device config-audit <enable|disab
le>
set shared admin-role <name> role device webui device administrators <read-only|
disable>
set shared admin-role <name> role device webui device admin-roles <read-only|dis
able>
set shared admin-role <name> role device webui device access-domain <enable|read
-only|disable>
set shared admin-role <name> role device webui device authentication-profile <en
able|read-only|disable>
set shared admin-role <name> role device webui device authentication-sequence <e
set shared admin-role <name> role device webui device user-identification <enabl
set shared admin-role <name> role device webui device vm-info-source <enable|rea
d-only|disable>
set shared admin-role <name> role device webui device virtual-systems <enable|re
ad-only|disable>
set shared admin-role <name> role device webui device shared-gateways <enable|re
ad-only|disable>
set shared admin-role <name> role device webui device certificate-management
set shared admin-role <name> role device webui device certificate-management cer
tificates <enable|read-only|disable>
set shared admin-role <name> role device webui device certificate-management cer
tificate-profile <enable|read-only|disable>
set shared admin-role <name> role device webui device certificate-management ocs
p-responder <enable|read-only|disable>
set shared admin-role <name> role device webui device certificate-management ssl
-tls-service-profile <enable|read-only|disable>
set shared admin-role <name> role device webui device certificate-management sce
p <enable|read-only|disable>
set shared admin-role <name> role device webui device certificate-management ssl
-decryption-exclusion <enable|read-only|disable>
set shared admin-role <name> role device webui device block-pages <enable|read-o
nly|disable>
set shared admin-role <name> role device webui device log-settings
set shared admin-role <name> role device webui device log-settings system <enabl
set shared admin-role <name> role device webui device log-settings config <enabl
set shared admin-role <name> role device webui device log-settings user-id <enab
set shared admin-role <name> role device webui device log-settings hipmatch <ena
ble|read-only|disable>
set shared admin-role <name> role device webui device log-settings correlation <
set shared admin-role <name> role device webui device log-settings cc-alarm <ena
set shared admin-role <name> role device webui device log-settings manage-log <e
set shared admin-role <name> role device webui device server-profile
set shared admin-role <name> role device webui device server-profile snmp-trap <
set shared admin-role <name> role device webui device server-profile syslog <ena
set shared admin-role <name> role device webui device server-profile email <enab
set shared admin-role <name> role device webui device server-profile http <enabl
set shared admin-role <name> role device webui device server-profile netflow <en
set shared admin-role <name> role device webui device server-profile radius <ena
set shared admin-role <name> role device webui device server-profile tacplus <en
set shared admin-role <name> role device webui device server-profile ldap <enabl
set shared admin-role <name> role device webui device server-profile kerberos <e
set shared admin-role <name> role device webui device server-profile saml_idp <e
set shared admin-role <name> role device webui device server-profile dns <enable
|read-only|disable>
set shared admin-role <name> role device webui device server-profile mfa <enable
|read-only|disable>
set shared admin-role <name> role device webui device local-user-database
set shared admin-role <name> role device webui device local-user-database users
set shared admin-role <name> role device webui device local-user-database user-g
roups <enable|read-only|disable>
set shared admin-role <name> role device webui device scheduled-log-export <enab
le|disable>
set shared admin-role <name> role device webui device software <enable|read-only
|disable>
set shared admin-role <name> role device webui device global-protect-client <ena
set shared admin-role <name> role device webui device dynamic-updates <enable|re
ad-only|disable>
set shared admin-role <name> role device webui device licenses <enable|read-only
|disable>
set shared admin-role <name> role device webui device support <enable|read-only|
disable>
set shared admin-role <name> role device webui device master-key <enable|read-on
ly|disable>
set shared admin-role <name> role device webui privacy
set shared admin-role <name> role device webui privacy show-full-ip-addresses <e
nable|disable>
set shared admin-role <name> role device webui privacy show-user-names-in-logs-a
nd-reports <enable|disable>
set shared admin-role <name> role device webui privacy view-pcap-files <enable|d
isable>
set shared admin-role <name> role device webui validate <enable|disable>
set shared admin-role <name> role device webui save

set shared admin-role <name> role device webui save partial-save <enable|disable
>
set shared admin-role <name> role device webui save save-for-other-admins <enabl
e|disable>
set shared admin-role <name> role device webui commit
set shared admin-role <name> role device webui commit device <enable|disable>
set shared admin-role <name> role device webui commit commit-for-other-admins <e
nable|disable>
set shared admin-role <name> role device webui tasks <enable|disable>
set shared admin-role <name> role device webui global
set shared admin-role <name> role device webui global system-alarms <enable|disa
ble>
set shared admin-role <name> role device xmlapi
set shared admin-role <name> role device xmlapi report <enable|disable>
set shared admin-role <name> role device xmlapi log <enable|disable>
set shared admin-role <name> role device xmlapi config <enable|disable>
set shared admin-role <name> role device xmlapi op <enable|disable>
set shared admin-role <name> role device xmlapi commit <enable|disable>
set shared admin-role <name> role device xmlapi user-id <enable|disable>
set shared admin-role <name> role device xmlapi export <enable|disable>
set shared admin-role <name> role device xmlapi import <enable|disable>
set shared admin-role <name> role device cli <superuser|superreader|deviceadmin|
devicereader>
set shared admin-role <name> role vsys
set shared admin-role <name> role vsys webui
set shared admin-role <name> role vsys webui dashboard <enable|disable>
set shared admin-role <name> role vsys webui acc <enable|disable>
set shared admin-role <name> role vsys webui monitor
set shared admin-role <name> role vsys webui monitor logs
set shared admin-role <name> role vsys webui monitor logs traffic <enable|disabl
e>
set shared admin-role <name> role vsys webui monitor logs threat <enable|disable
>
set shared admin-role <name> role vsys webui monitor logs url <enable|disable>
set shared admin-role <name> role vsys webui monitor logs wildfire <enable|disab
le>
set shared admin-role <name> role vsys webui monitor logs data-filtering <enable
|disable>
set shared admin-role <name> role vsys webui monitor logs hipmatch <enable|disab
le>
set shared admin-role <name> role vsys webui monitor logs userid <enable|disable
>
set shared admin-role <name> role vsys webui monitor logs gtp <enable|disable>
set shared admin-role <name> role vsys webui monitor logs tunnel <enable|disable
>
set shared admin-role <name> role vsys webui monitor logs sctp <enable|disable>
set shared admin-role <name> role vsys webui monitor logs authentication <enable
|disable>
set shared admin-role <name> role vsys webui monitor external-logs <enable|disab
le>
set shared admin-role <name> role vsys webui monitor automated-correlation-engin
e correlation-objects <enable|disable>
e correlated-events <enable|disable>
set shared admin-role <name> role vsys webui monitor app-scope <enable|disable>
set shared admin-role <name> role vsys webui monitor session-browser <enable|rea
d-only|disable>
set shared admin-role <name> role vsys webui monitor block-ip-list <enable|read-
only|disable>
set shared admin-role <name> role vsys webui monitor pdf-reports
set shared admin-role <name> role vsys webui monitor pdf-reports manage-pdf-summ
ary <enable|read-only|disable>
set shared admin-role <name> role vsys webui monitor pdf-reports pdf-summary-rep
orts <enable|disable>
set shared admin-role <name> role vsys webui monitor pdf-reports user-activity-r
eport <enable|read-only|disable>
set shared admin-role <name> role vsys webui monitor pdf-reports saas-applicatio
n-usage-report <enable|read-only|disable>
set shared admin-role <name> role vsys webui monitor pdf-reports report-groups <
set shared admin-role <name> role vsys webui monitor pdf-reports email-scheduler
set shared admin-role <name> role vsys webui monitor custom-reports
set shared admin-role <name> role vsys webui monitor custom-reports application-
statistics <enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports data-filteri
ng-log <enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports threat-log <
enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports threat-summa
ry <enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports traffic-log
<enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports traffic-summ
ary <enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports url-log <ena
ble|disable>
set shared admin-role <name> role vsys webui monitor custom-reports url-summary
<enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports hipmatch <en
able|disable>
set shared admin-role <name> role vsys webui monitor custom-reports wildfire-log
<enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports gtp-log <ena
ble|disable>
set shared admin-role <name> role vsys webui monitor custom-reports gtp-summary
<enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports tunnel-log <
enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports tunnel-summa
ry <enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports sctp-log <en
able|disable>
set shared admin-role <name> role vsys webui monitor custom-reports sctp-summary
<enable|disable>
set shared admin-role <name> role vsys webui monitor custom-reports userid <enab
le|disable>
set shared admin-role <name> role vsys webui monitor custom-reports auth <enable
|disable>
set shared admin-role <name> role vsys webui monitor view-custom-reports <enable
|disable>
set shared admin-role <name> role vsys webui policies
set shared admin-role <name> role vsys webui policies security-rulebase <enable|
read-only|disable>
set shared admin-role <name> role vsys webui policies nat-rulebase <enable|read-
only|disable>
set shared admin-role <name> role vsys webui policies qos-rulebase <enable|read-
only|disable>
set shared admin-role <name> role vsys webui policies pbf-rulebase <enable|read-
only|disable>
set shared admin-role <name> role vsys webui policies ssl-decryption-rulebase <e
set shared admin-role <name> role vsys webui policies tunnel-inspect-rulebase <e
set shared admin-role <name> role vsys webui policies application-override-ruleb
ase <enable|read-only|disable>
set shared admin-role <name> role vsys webui policies authentication-rulebase <e
set shared admin-role <name> role vsys webui policies dos-rulebase <enable|read-
only|disable>
set shared admin-role <name> role vsys webui policies rule-hit-count-reset <enab
le|disable>
set shared admin-role <name> role vsys webui objects
set shared admin-role <name> role vsys webui objects addresses <enable|read-only
|disable>
set shared admin-role <name> role vsys webui objects address-groups <enable|read
-only|disable>
set shared admin-role <name> role vsys webui objects regions <enable|read-only|d
isable>
set shared admin-role <name> role vsys webui objects applications <enable|read-o
nly|disable>
set shared admin-role <name> role vsys webui objects application-groups <enable|
read-only|disable>
set shared admin-role <name> role vsys webui objects application-filters <enable
|read-only|disable>
set shared admin-role <name> role vsys webui objects services <enable|read-only|
disable>
set shared admin-role <name> role vsys webui objects service-groups <enable|read
-only|disable>
set shared admin-role <name> role vsys webui objects tags <enable|read-only|disa
ble>
set shared admin-role <name> role vsys webui objects global-protect
set shared admin-role <name> role vsys webui objects global-protect hip-objects
set shared admin-role <name> role vsys webui objects global-protect hip-profiles
set shared admin-role <name> role vsys webui objects dynamic-block-lists <enable
|read-only|disable>
set shared admin-role <name> role vsys webui objects custom-objects
set shared admin-role <name> role vsys webui objects custom-objects data-pattern
s <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects custom-objects spyware <ena
set shared admin-role <name> role vsys webui objects custom-objects vulnerabilit
y <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects custom-objects url-category
set shared admin-role <name> role vsys webui objects security-profiles
set shared admin-role <name> role vsys webui objects security-profiles antivirus
set shared admin-role <name> role vsys webui objects security-profiles anti-spyw
are <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects security-profiles vulnerabi
lity-protection <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects security-profiles url-filte
ring <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects security-profiles file-bloc
king <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects security-profiles wildfire-
analysis <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects security-profiles data-filt
ering <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects security-profiles dos-prote
ction <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects security-profile-groups <en
set shared admin-role <name> role vsys webui objects log-forwarding <enable|read
-only|disable>
set shared admin-role <name> role vsys webui objects authentication <enable|read
-only|disable>
set shared admin-role <name> role vsys webui objects decryption
set shared admin-role <name> role vsys webui objects decryption decryption-profi
le <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects decryption decryption-forwa
rding-profile <enable|read-only|disable>
set shared admin-role <name> role vsys webui objects schedules <enable|read-only
|disable>
set shared admin-role <name> role vsys webui network
set shared admin-role <name> role vsys webui network zones <enable|read-only|dis
able>
set shared admin-role <name> role vsys webui network global-protect
set shared admin-role <name> role vsys webui network global-protect portals <ena
set shared admin-role <name> role vsys webui network global-protect gateways <en
set shared admin-role <name> role vsys webui network global-protect mdm <enable|
read-only|disable>
set shared admin-role <name> role vsys webui network global-protect device-block
-list <enable|read-only|disable>
set shared admin-role <name> role vsys webui network global-protect clientless-a
pps <enable|read-only|disable>
set shared admin-role <name> role vsys webui network global-protect clientless-a
pp-groups <enable|read-only|disable>
set shared admin-role <name> role vsys webui device
set shared admin-role <name> role vsys webui device setup
set shared admin-role <name> role vsys webui device setup management <read-only|
disable>
set shared admin-role <name> role vsys webui device setup operations <read-only|
disable>
set shared admin-role <name> role vsys webui device setup services <enable|read-
only|disable>
set shared admin-role <name> role vsys webui device setup interfaces <enable|rea
d-only|disable>
set shared admin-role <name> role vsys webui device setup telemetry <enable|read
-only|disable>
set shared admin-role <name> role vsys webui device setup content-id <read-only|
disable>
set shared admin-role <name> role vsys webui device setup wildfire <read-only|di
sable>
set shared admin-role <name> role vsys webui device setup session <read-only|dis
able>
set shared admin-role <name> role vsys webui device setup hsm <read-only|disable
>
set shared admin-role <name> role vsys webui device administrators <read-only|di
sable>
set shared admin-role <name> role vsys webui device authentication-profile <enab
set shared admin-role <name> role vsys webui device authentication-sequence <ena
set shared admin-role <name> role vsys webui device user-identification <enable|
read-only|disable>
set shared admin-role <name> role vsys webui device vm-info-source <enable|read-
only|disable>
set shared admin-role <name> role vsys webui device certificate-management
set shared admin-role <name> role vsys webui device certificate-management certi
ficates <enable|read-only|disable>
set shared admin-role <name> role vsys webui device certificate-management certi
ficate-profile <enable|read-only|disable>
set shared admin-role <name> role vsys webui device certificate-management ocsp-
responder <enable|read-only|disable>
set shared admin-role <name> role vsys webui device certificate-management ssl-t
ls-service-profile <enable|read-only|disable>
set shared admin-role <name> role vsys webui device certificate-management scep
set shared admin-role <name> role vsys webui device certificate-management ssl-d
ecryption-exclusion <enable|read-only|disable>
set shared admin-role <name> role vsys webui device block-pages <enable|read-onl
y|disable>
set shared admin-role <name> role vsys webui device log-settings
set shared admin-role <name> role vsys webui device log-settings system <read-on
ly|disable>
set shared admin-role <name> role vsys webui device log-settings config <read-on
ly|disable>
set shared admin-role <name> role vsys webui device log-settings user-id <read-o
nly|disable>
set shared admin-role <name> role vsys webui device log-settings hipmatch <read-
only|disable>
set shared admin-role <name> role vsys webui device log-settings correlation <re
ad-only|disable>
set shared admin-role <name> role vsys webui device server-profile
set shared admin-role <name> role vsys webui device server-profile snmp-trap <en
set shared admin-role <name> role vsys webui device server-profile syslog <enabl
set shared admin-role <name> role vsys webui device server-profile email <enable
|read-only|disable>
set shared admin-role <name> role vsys webui device server-profile http <enable|
read-only|disable>
set shared admin-role <name> role vsys webui device server-profile netflow <enab
set shared admin-role <name> role vsys webui device server-profile radius <enabl
set shared admin-role <name> role vsys webui device server-profile tacplus <enab
set shared admin-role <name> role vsys webui device server-profile ldap <enable|
read-only|disable>
set shared admin-role <name> role vsys webui device server-profile kerberos <ena
set shared admin-role <name> role vsys webui device server-profile saml_idp <ena
set shared admin-role <name> role vsys webui device server-profile dns <enable|r
ead-only|disable>
set shared admin-role <name> role vsys webui device server-profile mfa <enable|r
ead-only|disable>
set shared admin-role <name> role vsys webui device local-user-database
set shared admin-role <name> role vsys webui device local-user-database users <e
set shared admin-role <name> role vsys webui device local-user-database user-gro
ups <enable|read-only|disable>
set shared admin-role <name> role vsys webui privacy
set shared admin-role <name> role vsys webui privacy show-full-ip-addresses <ena
ble|disable>
set shared admin-role <name> role vsys webui privacy show-user-names-in-logs-and
-reports <enable|disable>
set shared admin-role <name> role vsys webui privacy view-pcap-files <enable|dis
able>
set shared admin-role <name> role vsys webui validate <enable|disable>
set shared admin-role <name> role vsys webui save
set shared admin-role <name> role vsys webui save partial-save <enable|disable>
set shared admin-role <name> role vsys webui save save-for-other-admins <enable|
disable>
set shared admin-role <name> role vsys webui commit
set shared admin-role <name> role vsys webui commit virtual-systems <enable|disa
ble>
set shared admin-role <name> role vsys webui commit commit-for-other-admins <ena
ble|disable>
set shared admin-role <name> role vsys webui tasks <enable|disable>
set shared admin-role <name> role vsys xmlapi

set shared admin-role <name> role vsys xmlapi report <enable|disable>
set shared admin-role <name> role vsys xmlapi log <enable|disable>
set shared admin-role <name> role vsys xmlapi config <enable|disable>
set shared admin-role <name> role vsys xmlapi op <enable|disable>
set shared admin-role <name> role vsys xmlapi commit <enable|disable>
set shared admin-role <name> role vsys xmlapi user-id <enable|disable>
set shared admin-role <name> role vsys xmlapi export <enable|disable>
set shared admin-role <name> role vsys xmlapi import <enable|disable>
set shared admin-role <name> role vsys cli <vsysadmin|vsysreader>
set shared scep
set shared scep <name>
set shared scep <name> scep-challenge
set shared scep <name> scep-challenge none
set shared scep <name> scep-challenge fixed <value>
set shared scep <name> scep-challenge dynamic
set shared scep <name> scep-challenge dynamic otp-server-url <value>
set shared scep <name> scep-challenge dynamic otp-server-url <value>
set shared scep <name> scep-challenge dynamic username <value>
set shared scep <name> scep-challenge dynamic password <value>
set shared scep <name> scep-url <value>
set shared scep <name> scep-url <value>
set shared scep <name> scep-ca-cert <value>
set shared scep <name> scep-client-cert <value>
set shared scep <name> ca-identity-name <value>
set shared scep <name> subject <value>
set shared scep <name> algorithm
set shared scep <name> algorithm rsa
set shared scep <name> algorithm rsa rsa-nbits <value>
set shared scep <name> digest <value>
set shared scep <name> fingerprint <value>
set shared scep <name> certificate-attributes
set shared scep <name> certificate-attributes rfc822name <value>

set shared scep <name> certificate-attributes dnsname <value>
set shared scep <name> certificate-attributes uniform-resource-identifier <value
>
set shared scep <name> use-as-digital-signature <yes|no>
set shared scep <name> use-for-key-encipherment <yes|no>
set vsys
set vsys <name>
set vsys <name> display-name <value>
set vsys <name> setting
set vsys <name> setting nat
set vsys <name> setting nat reserve-ip <yes|no>
set vsys <name> setting nat reserve-time <1-604800>
set vsys <name> setting ssl-decrypt
set vsys <name> setting ssl-decrypt allow-forward-decrypted-content <yes|no>
set vsys <name> setting ssl-decrypt url-wait <yes|no>
set vsys <name> setting ssl-decrypt url-proxy <yes|no>
set vsys <name> setting ssl-decrypt notify-user <yes|no>
set vsys <name> setting ssl-decrypt answer-timeout <1-86400>
set vsys <name> import
set vsys <name> import dns-proxy <value>
set vsys <name> import network
set vsys <name> import network interface [ <interface1> <interface2>... ]
set vsys <name> import network virtual-wire [ <virtual-wire1> <virtual-wire2>..
.]
set vsys <name> import network vlan [ <vlan1> <vlan2>... ]
set vsys <name> import network virtual-router [ <virtual-router1> <virtual-rout
er2>... ]
set vsys <name> import resource
set vsys <name> import resource max-sessions <1-4194290>
set vsys <name> import resource max-site-to-site-vpn-tunnels <0-10000>
set vsys <name> import resource max-concurrent-ssl-vpn-tunnels <0-65535>
set vsys <name> import resource max-security-rules <0-40000>

set vsys <name> import resource max-nat-rules <0-16000>
set vsys <name> import resource max-ssl-decryption-rules <0-5000>
set vsys <name> import resource max-qos-rules <0-8000>
set vsys <name> import resource max-application-override-rules <0-4000>
set vsys <name> import resource max-pbf-rules <0-2000>
set vsys <name> import resource max-auth-rules <0-8000>
set vsys <name> import resource max-dos-rules <0-2000>
set vsys <name> import visible-vsys [ <visible-vsys1> <visible-vsys2>... ]
set vsys <name> route
set vsys <name> route service
set vsys <name> route service <name>
set vsys <name> route service <name> source
set vsys <name> route service <name> source interface <value>
set vsys <name> route service <name> source address <value>
set vsys <name> route service <name> source-v6
set vsys <name> route service <name> source-v6 interface <value>
set vsys <name> route service <name> source-v6 address <value>
set vsys <name> authentication-profile
set vsys <name> authentication-profile <name>
set vsys <name> authentication-profile <name> username-modifier <value>|<validat
e>|<%USERINPUT%|%USERINPUT%@%USERDOMAIN%|%USERDOMAIN%\%USERINPUT%>
set vsys <name> authentication-profile <name> user-domain <value>
set vsys <name> authentication-profile <name> single-sign-on
set vsys <name> authentication-profile <name> single-sign-on realm <value>
set vsys <name> authentication-profile <name> single-sign-on service-principal <
value>
set vsys <name> authentication-profile <name> single-sign-on kerberos-keytab <va
lue>
set vsys <name> authentication-profile <name> single-sign-on kerberos-keytab <va
lue>
set vsys <name> authentication-profile <name> lockout
set vsys <name> authentication-profile <name> lockout failed-attempts <1-10>

set vsys <name> authentication-profile <name> lockout failed-attempts <0-10>
set vsys <name> authentication-profile <name> lockout lockout-time <0-60>
set vsys <name> authentication-profile <name> allow-list [ <allow-list1> <allow
-list2>... ]
set vsys <name> authentication-profile <name> method
set vsys <name> authentication-profile <name> method none
set vsys <name> authentication-profile <name> method local-database
set vsys <name> authentication-profile <name> method radius
set vsys <name> authentication-profile <name> method radius server-profile <valu
e>
set vsys <name> authentication-profile <name> method radius checkgroup <yes|no>
set vsys <name> authentication-profile <name> method ldap
set vsys <name> authentication-profile <name> method ldap server-profile <value>
set vsys <name> authentication-profile <name> method ldap login-attribute <value
>
set vsys <name> authentication-profile <name> method ldap passwd-exp-days <0-255
>
set vsys <name> authentication-profile <name> method kerberos
set vsys <name> authentication-profile <name> method kerberos server-profile <va
lue>
set vsys <name> authentication-profile <name> method kerberos realm <value>
set vsys <name> authentication-profile <name> method tacplus
set vsys <name> authentication-profile <name> method tacplus server-profile <val
ue>
set vsys <name> authentication-profile <name> method tacplus checkgroup <yes|no>
set vsys <name> authentication-profile <name> method saml-idp
set vsys <name> authentication-profile <name> method saml-idp server-profile <va
lue>
set vsys <name> authentication-profile <name> method saml-idp enable-single-logo
ut <yes|no>
set vsys <name> authentication-profile <name> method saml-idp request-signing-ce
rtificate <value>
set vsys <name> authentication-profile <name> method saml-idp certificate-profil
e <value>
set vsys <name> authentication-profile <name> method saml-idp attribute-name-use
rname <value>
set vsys <name> authentication-profile <name> method saml-idp attribute-name-use
rgroup <value>
set vsys <name> authentication-profile <name> method saml-idp attribute-name-adm
in-role <value>
set vsys <name> authentication-profile <name> method saml-idp attribute-name-acc
ess-domain <value>
set vsys <name> authentication-profile <name> multi-factor-auth
set vsys <name> authentication-profile <name> multi-factor-auth mfa-enable <yes|
no>
set vsys <name> authentication-profile <name> multi-factor-auth factors [ <fact
ors1> <factors2>... ]
set vsys <name> authentication-sequence
set vsys <name> authentication-sequence <name>
set vsys <name> authentication-sequence <name> use-domain-find-profile <yes|no>
set vsys <name> authentication-sequence <name> authentication-profiles [ <authe
ntication-profiles1> <authentication-profiles2>... ]
set vsys <name> certificate-profile
set vsys <name> certificate-profile <name>
set vsys <name> certificate-profile <name> username-field
set vsys <name> certificate-profile <name> username-field subject <common-name>
set vsys <name> certificate-profile <name> username-field subject-alt <email|pri
ncipal-name>
set vsys <name> certificate-profile <name> domain <value>
set vsys <name> certificate-profile <name> CA
set vsys <name> certificate-profile <name> CA <name>
set vsys <name> certificate-profile <name> CA <name> default-ocsp-url <value>
set vsys <name> certificate-profile <name> CA <name> ocsp-verify-cert <value>
set vsys <name> certificate-profile <name> use-crl <yes|no>

set vsys <name> certificate-profile <name> use-ocsp <yes|no>
set vsys <name> certificate-profile <name> crl-receive-timeout <1-60>
set vsys <name> certificate-profile <name> ocsp-receive-timeout <1-60>
set vsys <name> certificate-profile <name> cert-status-timeout <0-60>
set vsys <name> certificate-profile <name> block-unknown-cert <yes|no>
set vsys <name> certificate-profile <name> block-timeout-cert <yes|no>
set vsys <name> certificate-profile <name> block-unauthenticated-cert <yes|no>
set vsys <name> certificate-profile <name> block-expired-cert <yes|no>
set vsys <name> server-profile
set vsys <name> server-profile ldap
set vsys <name> server-profile ldap <name>
set vsys <name> server-profile ldap <name> ldap-type <active-directory|e-directo
ry|sun|other>
set vsys <name> server-profile ldap <name> server
set vsys <name> server-profile ldap <name> server <name>
set vsys <name> server-profile ldap <name> server <name> address <ip/netmask>|<v
alue>
set vsys <name> server-profile ldap <name> server <name> port <1-65535>
set vsys <name> server-profile ldap <name> ssl <yes|no>
set vsys <name> server-profile ldap <name> ssl <yes>
set vsys <name> server-profile ldap <name> verify-server-certificate <yes|no>
set vsys <name> server-profile ldap <name> disabled <yes|no>
set vsys <name> server-profile ldap <name> base <value>
set vsys <name> server-profile ldap <name> bind-dn <value>
set vsys <name> server-profile ldap <name> bind-password <value>
set vsys <name> server-profile ldap <name> timelimit <1-30>
set vsys <name> server-profile ldap <name> bind-timelimit <1-60>
set vsys <name> server-profile ldap <name> retry-interval <60-3600>
set vsys <name> server-profile radius
set vsys <name> server-profile radius <name>
set vsys <name> server-profile radius <name> timeout <1-120>
set vsys <name> server-profile radius <name> retries <1-5>

set vsys <name> server-profile radius <name> protocol
set vsys <name> server-profile radius <name> protocol CHAP
set vsys <name> server-profile radius <name> protocol PAP
set vsys <name> server-profile radius <name> protocol PEAP-MSCHAPv2
set vsys <name> server-profile radius <name> protocol PEAP-MSCHAPv2 anon-outer-i
d <yes|no>
set vsys <name> server-profile radius <name> protocol PEAP-MSCHAPv2 allow-pwd-ch
ange <yes|no>
set vsys <name> server-profile radius <name> protocol PEAP-MSCHAPv2 radius-cert-
profile <value>
set vsys <name> server-profile radius <name> protocol PEAP-with-GTC
set vsys <name> server-profile radius <name> protocol PEAP-with-GTC anon-outer-i
d <yes|no>
set vsys <name> server-profile radius <name> protocol PEAP-with-GTC radius-cert-
profile <value>
set vsys <name> server-profile radius <name> protocol EAP-TTLS-with-PAP
set vsys <name> server-profile radius <name> protocol EAP-TTLS-with-PAP anon-out
er-id <yes|no>
set vsys <name> server-profile radius <name> protocol EAP-TTLS-with-PAP radius-c
ert-profile <value>
set vsys <name> server-profile radius <name> server
set vsys <name> server-profile radius <name> server <name>
set vsys <name> server-profile radius <name> server <name> ip-address <ip/netmas
k>|<value>
set vsys <name> server-profile radius <name> server <name> secret <value>
set vsys <name> server-profile radius <name> server <name> port <1-65535>
set vsys <name> server-profile kerberos
set vsys <name> server-profile kerberos <name>
set vsys <name> server-profile kerberos <name> server
set vsys <name> server-profile kerberos <name> server <name>
set vsys <name> server-profile kerberos <name> server <name> host <ip/netmask>|<
value>
set vsys <name> server-profile kerberos <name> server <name> port <1-65535>
set vsys <name> server-profile tacplus
set vsys <name> server-profile tacplus <name>
set vsys <name> server-profile tacplus <name> timeout <1-30>
set vsys <name> server-profile tacplus <name> use-single-connection <yes|no>
set vsys <name> server-profile tacplus <name> protocol <CHAP|PAP>
set vsys <name> server-profile tacplus <name> server
set vsys <name> server-profile tacplus <name> server <name>
set vsys <name> server-profile tacplus <name> server <name> address <ip/netmask>
|<value>
set vsys <name> server-profile tacplus <name> server <name> secret <value>
set vsys <name> server-profile tacplus <name> server <name> port <1-65535>
set vsys <name> server-profile saml-idp
set vsys <name> server-profile saml-idp <name>
set vsys <name> server-profile saml-idp <name> entity-id <value>
set vsys <name> server-profile saml-idp <name> certificate <value>
set vsys <name> server-profile saml-idp <name> sso-url <value>
set vsys <name> server-profile saml-idp <name> sso-bindings <post|redirect>
set vsys <name> server-profile saml-idp <name> slo-url <value>
set vsys <name> server-profile saml-idp <name> slo-bindings <post|redirect>
set vsys <name> server-profile saml-idp <name> validate-idp-certificate <yes|no>
set vsys <name> server-profile saml-idp <name> want-auth-requests-signed <yes|no
>
set vsys <name> server-profile saml-idp <name> max-clock-skew <1-900>
set vsys <name> server-profile netflow
set vsys <name> server-profile netflow <name>
set vsys <name> server-profile netflow <name> template-refresh-rate
set vsys <name> server-profile netflow <name> template-refresh-rate minutes <1-3
600>
set vsys <name> server-profile netflow <name> template-refresh-rate packets <1-6
00>
set vsys <name> server-profile netflow <name> active-timeout <1-60>

set vsys <name> server-profile netflow <name> export-enterprise-fields <yes|no>
set vsys <name> server-profile netflow <name> server
set vsys <name> server-profile netflow <name> server <name>
set vsys <name> server-profile netflow <name> server <name> host <ip/netmask>|<v
alue>
set vsys <name> server-profile netflow <name> server <name> port <1-65535>
set vsys <name> server-profile dns
set vsys <name> server-profile dns <name>
set vsys <name> server-profile dns <name> inheritance
set vsys <name> server-profile dns <name> inheritance source <value>
set vsys <name> server-profile dns <name> primary <validate>|<ip/netmask>|<inher
ited>
set vsys <name> server-profile dns <name> secondary <validate>|<ip/netmask>|<inh
erited>
set vsys <name> server-profile dns <name> source
set vsys <name> server-profile dns <name> source interface <value>
set vsys <name> server-profile dns <name> source address <value>
set vsys <name> server-profile dns <name> source-v6
set vsys <name> server-profile dns <name> source-v6 interface <value>
set vsys <name> server-profile dns <name> source-v6 address <value>
set vsys <name> server-profile mfa-server-profile
set vsys <name> server-profile mfa-server-profile <name>
set vsys <name> server-profile mfa-server-profile <name> mfa-vendor-type <value>
set vsys <name> server-profile mfa-server-profile <name> mfa-cert-profile <value
>
set vsys <name> server-profile mfa-server-profile <name> mfa-config
set vsys <name> server-profile mfa-server-profile <name> mfa-config <name>
set vsys <name> server-profile mfa-server-profile <name> mfa-config <name> value
<value>
set vsys <name> dns-proxy
set vsys <name> dns-proxy <name>
set vsys <name> dns-proxy <name> enabled <yes|no>

set vsys <name> dns-proxy <name> interface [ <interface1> <interface2>... ]
set vsys <name> dns-proxy <name> server-profile <value>
set vsys <name> dns-proxy <name> domain-servers
set vsys <name> dns-proxy <name> domain-servers <name>
set vsys <name> dns-proxy <name> domain-servers <name> cacheable <yes|no>
set vsys <name> dns-proxy <name> domain-servers <name> domain-name [ <domain-na
me1> <domain-name2>... ]
set vsys <name> dns-proxy <name> domain-servers <name> server-profile <value>
set vsys <name> dns-proxy <name> cache
set vsys <name> dns-proxy <name> cache enabled <yes|no>
set vsys <name> dns-proxy <name> cache cache-edns <yes|no>
set vsys <name> dns-proxy <name> cache max-ttl
set vsys <name> dns-proxy <name> cache max-ttl enabled <yes|no>
set vsys <name> dns-proxy <name> cache max-ttl time-to-live <60-86400>
set vsys <name> dns-proxy <name> static-entries
set vsys <name> dns-proxy <name> static-entries <name>
set vsys <name> dns-proxy <name> static-entries <name> domain <value>
set vsys <name> dns-proxy <name> static-entries <name> address [ <address1> <ad
dress2>... ]
set vsys <name> dns-proxy <name> tcp-queries
set vsys <name> dns-proxy <name> tcp-queries enabled <yes|no>
set vsys <name> dns-proxy <name> tcp-queries max-pending-requests <64-256>
set vsys <name> dns-proxy <name> udp-queries
set vsys <name> dns-proxy <name> udp-queries retries
set vsys <name> dns-proxy <name> udp-queries retries interval <1-30>
set vsys <name> dns-proxy <name> udp-queries retries attempts <1-30>
set vsys <name> log-settings
set vsys <name> log-settings snmptrap
set vsys <name> log-settings snmptrap <name>
set vsys <name> log-settings snmptrap <name> version
set vsys <name> log-settings snmptrap <name> version v2c
set vsys <name> log-settings snmptrap <name> version v2c server

set vsys <name> log-settings snmptrap <name> version v2c server <name>
set vsys <name> log-settings snmptrap <name> version v2c server <name> manager <
ip/netmask>|<value>
set vsys <name> log-settings snmptrap <name> version v2c server <name> community
<value>
set vsys <name> log-settings snmptrap <name> version v3
set vsys <name> log-settings snmptrap <name> version v3 server
set vsys <name> log-settings snmptrap <name> version v3 server <name>
set vsys <name> log-settings snmptrap <name> version v3 server <name> manager |<value>
set vsys <name> log-settings snmptrap <name> version v3 server <name> user <valu
e>
set vsys <name> log-settings snmptrap <name> version v3 server <name> engineid <
value>
set vsys <name> log-settings snmptrap <name> version v3 server <name> authpwd <v
alue>
set vsys <name> log-settings snmptrap <name> version v3 server <name> privpwd <v
alue>
set vsys <name> log-settings email
set vsys <name> log-settings email <name>
set vsys <name> log-settings email <name> server
set vsys <name> log-settings email <name> server <name>
set vsys <name> log-settings email <name> server <name> display-name <value>
set vsys <name> log-settings email <name> server <name> from <value>
set vsys <name> log-settings email <name> server <name> to <value>
set vsys <name> log-settings email <name> server <name> and-also-to <value>
set vsys <name> log-settings email <name> server <name> gateway <value>
set vsys <name> log-settings email <name> format
set vsys <name> log-settings email <name> format traffic <value>
set vsys <name> log-settings email <name> format threat <value>
set vsys <name> log-settings email <name> format wildfire <value>
set vsys <name> log-settings email <name> format url <value>

set vsys <name> log-settings email <name> format data <value>
set vsys <name> log-settings email <name> format tunnel <value>
set vsys <name> log-settings email <name> format auth <value>
set vsys <name> log-settings email <name> format userid <value>
set vsys <name> log-settings email <name> format config <value>
set vsys <name> log-settings email <name> format system <value>
set vsys <name> log-settings email <name> format hip-match <value>
set vsys <name> log-settings email <name> format correlation <value>
set vsys <name> log-settings email <name> format escaping
set vsys <name> log-settings email <name> format escaping escaped-characters <va
lue>
set vsys <name> log-settings email <name> format escaping escape-character <valu
e>
set vsys <name> log-settings syslog
set vsys <name> log-settings syslog <name>
set vsys <name> log-settings syslog <name> server
set vsys <name> log-settings syslog <name> server <name>
set vsys <name> log-settings syslog <name> server <name> server <value>
set vsys <name> log-settings syslog <name> server <name> transport <UDP|TCP|SSL>
set vsys <name> log-settings syslog <name> server <name> port <1-65535>
set vsys <name> log-settings syslog <name> server <name> format <BSD|IETF>
set vsys <name> log-settings syslog <name> server <name> facility <LOG_USER|LOG_
LOCAL0|LOG_LOCAL1|LOG_LOCAL2|LOG_LOCAL3|LOG_LOCAL4|LOG_LOCAL5|LOG_LOCAL6|LOG_LOC
AL7>
set vsys <name> log-settings syslog <name> format
set vsys <name> log-settings syslog <name> format traffic <value>
set vsys <name> log-settings syslog <name> format threat <value>
set vsys <name> log-settings syslog <name> format wildfire <value>
set vsys <name> log-settings syslog <name> format url <value>
set vsys <name> log-settings syslog <name> format data <value>
set vsys <name> log-settings syslog <name> format tunnel <value>
set vsys <name> log-settings syslog <name> format auth <value>

set vsys <name> log-settings syslog <name> format userid <value>
set vsys <name> log-settings syslog <name> format config <value>
set vsys <name> log-settings syslog <name> format system <value>
set vsys <name> log-settings syslog <name> format hip-match <value>
set vsys <name> log-settings syslog <name> format correlation <value>
set vsys <name> log-settings syslog <name> format escaping
set vsys <name> log-settings syslog <name> format escaping escaped-characters <v
alue>
set vsys <name> log-settings syslog <name> format escaping escape-character <val
ue>
set vsys <name> log-settings http
set vsys <name> log-settings http <name>
set vsys <name> log-settings http <name> tag-registration <yes|no>
set vsys <name> log-settings http <name> server
set vsys <name> log-settings http <name> server <name>
set vsys <name> log-settings http <name> server <name> address <value>
set vsys <name> log-settings http <name> server <name> protocol <HTTP|HTTPS>
set vsys <name> log-settings http <name> server <name> port <1-65535>
set vsys <name> log-settings http <name> server <name> http-method <value>
set vsys <name> log-settings http <name> server <name> username <value>
set vsys <name> log-settings http <name> server <name> password <value>
set vsys <name> log-settings http <name> format
set vsys <name> log-settings http <name> format config
set vsys <name> log-settings http <name> format config name <value>
set vsys <name> log-settings http <name> format config url-format <value>
set vsys <name> log-settings http <name> format config headers
set vsys <name> log-settings http <name> format config headers <name>
set vsys <name> log-settings http <name> format config headers <name> value <val
ue>
set vsys <name> log-settings http <name> format config params
set vsys <name> log-settings http <name> format config params <name>
set vsys <name> log-settings http <name> format config params <name> value <valu
e>
set vsys <name> log-settings http <name> format config payload <value>
set vsys <name> log-settings http <name> format system
set vsys <name> log-settings http <name> format system name <value>
set vsys <name> log-settings http <name> format system url-format <value>
set vsys <name> log-settings http <name> format system headers
set vsys <name> log-settings http <name> format system headers <name>
set vsys <name> log-settings http <name> format system headers <name> value <val
ue>
set vsys <name> log-settings http <name> format system params
set vsys <name> log-settings http <name> format system params <name>
set vsys <name> log-settings http <name> format system params <name> value <valu
e>
set vsys <name> log-settings http <name> format system payload <value>
set vsys <name> log-settings http <name> format traffic
set vsys <name> log-settings http <name> format traffic name <value>
set vsys <name> log-settings http <name> format traffic url-format <value>
set vsys <name> log-settings http <name> format traffic headers
set vsys <name> log-settings http <name> format traffic headers <name>
set vsys <name> log-settings http <name> format traffic headers <name> value <va
lue>
set vsys <name> log-settings http <name> format traffic params
set vsys <name> log-settings http <name> format traffic params <name>
set vsys <name> log-settings http <name> format traffic params <name> value <val
ue>
set vsys <name> log-settings http <name> format traffic payload <value>
set vsys <name> log-settings http <name> format threat
set vsys <name> log-settings http <name> format threat name <value>
set vsys <name> log-settings http <name> format threat url-format <value>
set vsys <name> log-settings http <name> format threat headers
set vsys <name> log-settings http <name> format threat headers <name>
set vsys <name> log-settings http <name> format threat headers <name> value <val
ue>
set vsys <name> log-settings http <name> format threat params
set vsys <name> log-settings http <name> format threat params <name>
set vsys <name> log-settings http <name> format threat params <name> value <valu
e>
set vsys <name> log-settings http <name> format threat payload <value>
set vsys <name> log-settings http <name> format wildfire
set vsys <name> log-settings http <name> format wildfire name <value>
set vsys <name> log-settings http <name> format wildfire url-format <value>
set vsys <name> log-settings http <name> format wildfire headers
set vsys <name> log-settings http <name> format wildfire headers <name>
set vsys <name> log-settings http <name> format wildfire headers <name> value <v
alue>
set vsys <name> log-settings http <name> format wildfire params
set vsys <name> log-settings http <name> format wildfire params <name>
set vsys <name> log-settings http <name> format wildfire params <name> value <va
lue>
set vsys <name> log-settings http <name> format wildfire payload <value>
set vsys <name> log-settings http <name> format url
set vsys <name> log-settings http <name> format url name <value>
set vsys <name> log-settings http <name> format url url-format <value>
set vsys <name> log-settings http <name> format url headers
set vsys <name> log-settings http <name> format url headers <name>
set vsys <name> log-settings http <name> format url headers <name> value <value>
set vsys <name> log-settings http <name> format url params
set vsys <name> log-settings http <name> format url params <name>
set vsys <name> log-settings http <name> format url params <name> value <value>
set vsys <name> log-settings http <name> format url payload <value>
set vsys <name> log-settings http <name> format data
set vsys <name> log-settings http <name> format data name <value>
set vsys <name> log-settings http <name> format data url-format <value>
set vsys <name> log-settings http <name> format data headers

set vsys <name> log-settings http <name> format data headers <name>
set vsys <name> log-settings http <name> format data headers <name> value <value
>
set vsys <name> log-settings http <name> format data params
set vsys <name> log-settings http <name> format data params <name>
set vsys <name> log-settings http <name> format data params <name> value <value>
set vsys <name> log-settings http <name> format data payload <value>
set vsys <name> log-settings http <name> format tunnel
set vsys <name> log-settings http <name> format tunnel name <value>
set vsys <name> log-settings http <name> format tunnel url-format <value>
set vsys <name> log-settings http <name> format tunnel headers
set vsys <name> log-settings http <name> format tunnel headers <name>
set vsys <name> log-settings http <name> format tunnel headers <name> value <val
ue>
set vsys <name> log-settings http <name> format tunnel params
set vsys <name> log-settings http <name> format tunnel params <name>
set vsys <name> log-settings http <name> format tunnel params <name> value <valu
e>
set vsys <name> log-settings http <name> format tunnel payload <value>
set vsys <name> log-settings http <name> format auth
set vsys <name> log-settings http <name> format auth name <value>
set vsys <name> log-settings http <name> format auth url-format <value>
set vsys <name> log-settings http <name> format auth headers
set vsys <name> log-settings http <name> format auth headers <name>
set vsys <name> log-settings http <name> format auth headers <name> value <value
>
set vsys <name> log-settings http <name> format auth params
set vsys <name> log-settings http <name> format auth params <name>
set vsys <name> log-settings http <name> format auth params <name> value <value>
set vsys <name> log-settings http <name> format auth payload <value>
set vsys <name> log-settings http <name> format userid
set vsys <name> log-settings http <name> format userid name <value>
set vsys <name> log-settings http <name> format userid url-format <value>
set vsys <name> log-settings http <name> format userid headers
set vsys <name> log-settings http <name> format userid headers <name>
set vsys <name> log-settings http <name> format userid headers <name> value <val
ue>
set vsys <name> log-settings http <name> format userid params
set vsys <name> log-settings http <name> format userid params <name>
set vsys <name> log-settings http <name> format userid params <name> value <valu
e>
set vsys <name> log-settings http <name> format userid payload <value>
set vsys <name> log-settings http <name> format hip-match
set vsys <name> log-settings http <name> format hip-match name <value>
set vsys <name> log-settings http <name> format hip-match url-format <value>
set vsys <name> log-settings http <name> format hip-match headers
set vsys <name> log-settings http <name> format hip-match headers <name>
set vsys <name> log-settings http <name> format hip-match headers <name> value <
value>
set vsys <name> log-settings http <name> format hip-match params
set vsys <name> log-settings http <name> format hip-match params <name>
set vsys <name> log-settings http <name> format hip-match params <name> value <v
alue>
set vsys <name> log-settings http <name> format hip-match payload <value>
set vsys <name> log-settings http <name> format correlation
set vsys <name> log-settings http <name> format correlation name <value>
set vsys <name> log-settings http <name> format correlation url-format <value>
set vsys <name> log-settings http <name> format correlation headers
set vsys <name> log-settings http <name> format correlation headers <name>
set vsys <name> log-settings http <name> format correlation headers <name> value
<value>
set vsys <name> log-settings http <name> format correlation params
set vsys <name> log-settings http <name> format correlation params <name>
set vsys <name> log-settings http <name> format correlation params <name> value
<value>
set vsys <name> log-settings http <name> format correlation payload <value>
set vsys <name> log-settings profiles
set vsys <name> log-settings profiles <name>
set vsys <name> log-settings profiles <name> description <value>
set vsys <name> log-settings profiles <name> enhanced-application-logging <yes|n
o>
set vsys <name> log-settings profiles <name> match-list
set vsys <name> log-settings profiles <name> match-list <name>
set vsys <name> log-settings profiles <name> match-list <name> action-desc <valu
e>
set vsys <name> log-settings profiles <name> match-list <name> log-type <traffic
|threat|wildfire|url|data|tunnel|auth>
set vsys <name> log-settings profiles <name> match-list <name> filter <value>
set vsys <name> log-settings profiles <name> match-list <name> send-to-panorama
<yes|no>
set vsys <name> log-settings profiles <name> match-list <name> send-snmptrap [
<send-snmptrap1> <send-snmptrap2>... ]
set vsys <name> log-settings profiles <name> match-list <name> send-email [ <se
nd-email1> <send-email2>... ]
set vsys <name> log-settings profiles <name> match-list <name> send-syslog [ <s
end-syslog1> <send-syslog2>... ]
set vsys <name> log-settings profiles <name> match-list <name> send-http [ <sen
d-http1> <send-http2>... ]
set vsys <name> log-settings profiles <name> match-list <name> actions
set vsys <name> log-settings profiles <name> match-list <name> actions <name>
set vsys <name> log-settings profiles <name> match-list <name> actions <name> ty
pe
pe tagging
pe tagging target <source-address|destination-address>

pe tagging action <add-tag|remove-tag>
pe tagging registration
pe tagging registration localhost
pe tagging registration panorama
pe tagging registration remote
pe tagging registration remote http-profile <value>
pe tagging tags [ <tags1> <tags2>... ]
set vsys <name> certificate
set vsys <name> certificate <name>
set vsys <name> certificate <name> common-name <value>
set vsys <name> certificate <name> algorithm <value>
set vsys <name> certificate <name> not-valid-after <value>
set vsys <name> certificate <name> not-valid-before <value>
set vsys <name> certificate <name> expiry-epoch <value>
set vsys <name> certificate <name> subject <value>
set vsys <name> certificate <name> subject-hash <value>
set vsys <name> certificate <name> issuer <value>
set vsys <name> certificate <name> issuer-hash <value>
set vsys <name> certificate <name> csr <value>
set vsys <name> certificate <name> public-key <value>
set vsys <name> certificate <name> private-key <value>
set vsys <name> certificate <name> private-key-on-hsm <yes|no>
set vsys <name> certificate <name> status <valid|revoked>

set vsys <name> certificate <name> revoke-date-epoch <value>
set vsys <name> ssl-tls-service-profile
set vsys <name> ssl-tls-service-profile <name>
set vsys <name> ssl-tls-service-profile <name> certificate <value>
set vsys <name> ssl-tls-service-profile <name> protocol-settings
set vsys <name> ssl-tls-service-profile <name> protocol-settings min-version <tl
s1-0|tls1-1|tls1-2>
set vsys <name> ssl-tls-service-profile <name> protocol-settings max-version <tl
s1-0|tls1-1|tls1-2|max>
set vsys <name> ssl-tls-service-profile <name> protocol-settings keyxchg-algo-rs
a <yes|no>
set vsys <name> ssl-tls-service-profile <name> protocol-settings keyxchg-algo-dh
e <yes|no>
set vsys <name> ssl-tls-service-profile <name> protocol-settings keyxchg-algo-ec
dhe <yes|no>
set vsys <name> ssl-tls-service-profile <name> protocol-settings enc-algo-3des <
yes|no>
set vsys <name> ssl-tls-service-profile <name> protocol-settings enc-algo-rc4 <y
es|no>
set vsys <name> ssl-tls-service-profile <name> protocol-settings enc-algo-aes-12
8-cbc <yes|no>
6-cbc <yes|no>
8-gcm <yes|no>
6-gcm <yes|no>
set vsys <name> ssl-tls-service-profile <name> protocol-settings auth-algo-sha1
<yes|no>
6 <yes|no>

4 <yes|no>
set vsys <name> response-page
set vsys <name> response-page application-block-page <value>
set vsys <name> response-page captive-portal-text <value>
set vsys <name> response-page file-block-continue-page <value>
set vsys <name> response-page file-block-page <value>
set vsys <name> response-page ssl-cert-status-page <value>
set vsys <name> response-page ssl-optout-text <value>
set vsys <name> response-page url-block-page <value>
set vsys <name> response-page url-coach-text <value>
set vsys <name> response-page credential-block-page <value>
set vsys <name> response-page credential-coach-text <value>
set vsys <name> response-page virus-block-page <value>
set vsys <name> response-page data-filter-block-page <value>
set vsys <name> response-page safe-search-block-page <value>
set vsys <name> response-page saml-auth-internal-error-page <value>
set vsys <name> response-page mfa-login-page <value>
set vsys <name> response-page global-protect-portal-custom-login-page
set vsys <name> response-page global-protect-portal-custom-login-page <name>
set vsys <name> response-page global-protect-portal-custom-login-page <name> pag
e <value>
set vsys <name> response-page global-protect-portal-custom-home-page
set vsys <name> response-page global-protect-portal-custom-home-page <name>
set vsys <name> response-page global-protect-portal-custom-home-page <name> page
<value>
set vsys <name> response-page global-protect-portal-custom-help-page
set vsys <name> response-page global-protect-portal-custom-help-page <name>
set vsys <name> response-page global-protect-portal-custom-help-page <name> page
<value>
set vsys <name> response-page global-protect-portal-custom-welcome-page
set vsys <name> response-page global-protect-portal-custom-welcome-page <name>
set vsys <name> response-page global-protect-portal-custom-welcome-page <name> p

age <value>
set vsys <name> local-user-database
set vsys <name> local-user-database user
set vsys <name> local-user-database user <name>
set vsys <name> local-user-database user <name> phash <value>
set vsys <name> local-user-database user <name> disabled <yes|no>
set vsys <name> local-user-database user-group
set vsys <name> local-user-database user-group <name>
set vsys <name> local-user-database user-group <name> user [ <user1> <user2>...
set vsys <name> ssl-decrypt
set vsys <name> ssl-decrypt forward-trust-certificate
set vsys <name> ssl-decrypt forward-trust-certificate rsa <value>
set vsys <name> ssl-decrypt forward-trust-certificate ecdsa <value>
set vsys <name> ssl-decrypt forward-untrust-certificate
set vsys <name> ssl-decrypt forward-untrust-certificate rsa <value>
set vsys <name> ssl-decrypt forward-untrust-certificate ecdsa <value>
set vsys <name> ssl-decrypt ssl-exclude-cert
set vsys <name> ssl-decrypt ssl-exclude-cert <name>
set vsys <name> ssl-decrypt ssl-exclude-cert <name> description <value>
set vsys <name> ssl-decrypt ssl-exclude-cert <name> exclude <yes|no>
set vsys <name> ssl-decrypt root-ca-exclude-list [ <root-ca-exclude-list1> <roo
t-ca-exclude-list2>... ]
set vsys <name> ssl-decrypt trusted-root-CA [ <trusted-root-CA1> <trusted-root-
CA2>... ]
set vsys <name> ocsp-responder
set vsys <name> ocsp-responder <name>
set vsys <name> ocsp-responder <name> host-name <value>
set vsys <name> scep
set vsys <name> scep <name>
set vsys <name> scep <name> scep-challenge
set vsys <name> scep <name> scep-challenge none

set vsys <name> scep <name> scep-challenge fixed <value>
set vsys <name> scep <name> scep-challenge dynamic
set vsys <name> scep <name> scep-challenge dynamic otp-server-url <value>
set vsys <name> scep <name> scep-challenge dynamic otp-server-url <value>
set vsys <name> scep <name> scep-challenge dynamic username <value>
set vsys <name> scep <name> scep-challenge dynamic password <value>
set vsys <name> scep <name> scep-url <value>
set vsys <name> scep <name> scep-url <value>
set vsys <name> scep <name> scep-ca-cert <value>
set vsys <name> scep <name> scep-client-cert <value>
set vsys <name> scep <name> ca-identity-name <value>
set vsys <name> scep <name> subject <value>
set vsys <name> scep <name> algorithm
set vsys <name> scep <name> algorithm rsa
set vsys <name> scep <name> algorithm rsa rsa-nbits <value>
set vsys <name> scep <name> digest <value>
set vsys <name> scep <name> fingerprint <value>
set vsys <name> scep <name> certificate-attributes
set vsys <name> scep <name> certificate-attributes rfc822name <value>
set vsys <name> scep <name> certificate-attributes dnsname <value>
set vsys <name> scep <name> certificate-attributes uniform-resource-identifier <
value>
set vsys <name> scep <name> use-as-digital-signature <yes|no>
set vsys <name> scep <name> use-for-key-encipherment <yes|no>
set vsys <name> url-content-types [ <url-content-types1> <url-content-types2>..
.]
set vsys <name> ts-agent
set vsys <name> ts-agent <name>
set vsys <name> ts-agent <name> host <ip/netmask>|<value>
set vsys <name> ts-agent <name> port <1-65535>
set vsys <name> ts-agent <name> ip-list [ <ip-list1> <ip-list2>... ]
set vsys <name> ts-agent <name> disabled <yes|no>

set vsys <name> user-id-ssl-auth
set vsys <name> user-id-ssl-auth certificate-profile <value>
set vsys <name> user-id-agent
set vsys <name> user-id-agent <name>
set vsys <name> user-id-agent <name>
set vsys <name> user-id-agent <name> serial-number <value>
set vsys <name> user-id-agent <name> host-port
set vsys <name> user-id-agent <name> host-port host <ip/netmask>|<value>
set vsys <name> user-id-agent <name> host-port port <1-65535>
set vsys <name> user-id-agent <name> host-port ldap-proxy <yes|no>
set vsys <name> user-id-agent <name> host-port ntlm-auth <yes|no>
set vsys <name> user-id-agent <name> host-port collectorname <value>
set vsys <name> user-id-agent <name> host-port secret <value>
set vsys <name> user-id-agent <name> disabled <yes|no>
set vsys <name> vm-info-source
set vsys <name> vm-info-source <name>
set vsys <name> vm-info-source <name>
set vsys <name> vm-info-source <name> AWS-VPC
set vsys <name> vm-info-source <name> AWS-VPC description <value>
set vsys <name> vm-info-source <name> AWS-VPC disabled <yes|no>
set vsys <name> vm-info-source <name> AWS-VPC source <value>
set vsys <name> vm-info-source <name> AWS-VPC access-key-id <value>
set vsys <name> vm-info-source <name> AWS-VPC secret-access-key <value>
set vsys <name> vm-info-source <name> AWS-VPC update-interval <60-1200>
set vsys <name> vm-info-source <name> AWS-VPC vm-info-timeout-enable <yes|no>
set vsys <name> vm-info-source <name> AWS-VPC vm-info-timeout <2-10>
set vsys <name> vm-info-source <name> AWS-VPC vpc-id <value>
set vsys <name> vm-info-source <name> Google-Compute-Engine
set vsys <name> vm-info-source <name> Google-Compute-Engine description <value>
set vsys <name> vm-info-source <name> Google-Compute-Engine disabled <yes|no>
set vsys <name> vm-info-source <name> Google-Compute-Engine service-auth-type
set vsys <name> vm-info-source <name> Google-Compute-Engine service-auth-type se

rvice-in-gce
rvice-account
rvice-account service-account-cred <value>
set vsys <name> vm-info-source <name> Google-Compute-Engine project-id <value>
set vsys <name> vm-info-source <name> Google-Compute-Engine zone-name <value>
set vsys <name> vm-info-source <name> Google-Compute-Engine update-interval <60-
1200>
set vsys <name> vm-info-source <name> Google-Compute-Engine vm-info-timeout-enab
le <yes|no>
set vsys <name> vm-info-source <name> Google-Compute-Engine vm-info-timeout <2-1
0>
set vsys <name> vm-info-source <name> VMware-ESXi
set vsys <name> vm-info-source <name> VMware-ESXi description <value>
set vsys <name> vm-info-source <name> VMware-ESXi port <1-65535>
set vsys <name> vm-info-source <name> VMware-ESXi disabled <yes|no>
set vsys <name> vm-info-source <name> VMware-ESXi vm-info-timeout-enable <yes|no
>
set vsys <name> vm-info-source <name> VMware-ESXi vm-info-timeout <2-10>
set vsys <name> vm-info-source <name> VMware-ESXi source <ip/netmask>|<value>
set vsys <name> vm-info-source <name> VMware-ESXi username <value>
set vsys <name> vm-info-source <name> VMware-ESXi password <value>
set vsys <name> vm-info-source <name> VMware-ESXi update-interval <5-600>
set vsys <name> vm-info-source <name> VMware-vCenter
set vsys <name> vm-info-source <name> VMware-vCenter description <value>
set vsys <name> vm-info-source <name> VMware-vCenter port <1-65535>
set vsys <name> vm-info-source <name> VMware-vCenter disabled <yes|no>
set vsys <name> vm-info-source <name> VMware-vCenter vm-info-timeout-enable <yes
|no>
set vsys <name> vm-info-source <name> VMware-vCenter vm-info-timeout <2-10>
set vsys <name> vm-info-source <name> VMware-vCenter source <ip/netmask>|<value>

set vsys <name> vm-info-source <name> VMware-vCenter username <value>
set vsys <name> vm-info-source <name> VMware-vCenter password <value>
set vsys <name> vm-info-source <name> VMware-vCenter update-interval <5-600>
set vsys <name> user-id-agent-sequence
set vsys <name> user-id-agent-sequence user-id-agents [ <user-id-agents1> <user
-id-agents2>... ]
set vsys <name> group-mapping
set vsys <name> group-mapping <name>
set vsys <name> group-mapping <name> server-profile <value>
set vsys <name> group-mapping <name> disabled <yes|no>
set vsys <name> group-mapping <name> use-modify-timestamp <yes|no>
set vsys <name> group-mapping <name> limited-group-search <yes|no>
set vsys <name> group-mapping <name> nested-group-level <1-20>
set vsys <name> group-mapping <name> group-filter <value>
set vsys <name> group-mapping <name> user-filter <value>
set vsys <name> group-mapping <name> domain <value>
set vsys <name> group-mapping <name> update-interval <60-86400>
set vsys <name> group-mapping <name> group-object [ <group-object1> <group-obje
ct2>... ]
set vsys <name> group-mapping <name> group-member [ <group-member1> <group-memb
er2>... ]
set vsys <name> group-mapping <name> group-name [ <group-name1> <group-name2>..
.]
set vsys <name> group-mapping <name> user-object [ <user-object1> <user-object2
>... ]
set vsys <name> group-mapping <name> user-name [ <user-name1> <user-name2>... ]
set vsys <name> group-mapping <name> user-email [ <user-email1> <user-email2>..
.]
set vsys <name> group-mapping <name> group-email [ <group-email1> <group-email2
>... ]
set vsys <name> group-mapping <name> alternate-user-name-1 [ <alternate-user-na
me-11> <alternate-user-name-12>... ]
set vsys <name> group-mapping <name> container-object [ <container-object1> <co
ntainer-object2>... ]
set vsys <name> group-mapping <name> last-modify-attr [ <last-modify-attr1> <la
st-modify-attr2>... ]
set vsys <name> group-mapping <name> group-include-list [ <group-include-list1>
<group-include-list2>... ]
set vsys <name> group-mapping <name> custom-group
set vsys <name> group-mapping <name> custom-group <name>
set vsys <name> group-mapping <name> custom-group <name> ldap-filter <value>
set vsys <name> captive-portal
set vsys <name> captive-portal enable-captive-portal <yes|no>
set vsys <name> captive-portal idle-timer <1-1440>
set vsys <name> captive-portal timer <1-1440>
set vsys <name> captive-portal redirect-host <ip/netmask>|<value>
set vsys <name> captive-portal ssl-tls-service-profile <value>
set vsys <name> captive-portal gp-udp-port <1-65535>
set vsys <name> captive-portal mode
set vsys <name> captive-portal mode transparent
set vsys <name> captive-portal mode redirect
set vsys <name> captive-portal mode redirect session-cookie
set vsys <name> captive-portal mode redirect session-cookie enable <yes|no>
set vsys <name> captive-portal mode redirect session-cookie timeout <60-10080>
set vsys <name> captive-portal mode redirect session-cookie roaming <yes|no>
set vsys <name> captive-portal authentication-profile <value>
set vsys <name> captive-portal ntlm-auth
set vsys <name> captive-portal ntlm-auth attempts <1-10>
set vsys <name> captive-portal ntlm-auth timeout <1-60>
set vsys <name> captive-portal ntlm-auth reversion-time <60-3600>

set vsys <name> captive-portal certificate-profile <value>
set vsys <name> user-id-collector
set vsys <name> user-id-collector setting
set vsys <name> user-id-collector setting wmi-account <value>
set vsys <name> user-id-collector setting wmi-password <value>
set vsys <name> user-id-collector setting enable-security-log <yes|no>
set vsys <name> user-id-collector setting security-log-interval <1-3600>
set vsys <name> user-id-collector setting enable-session <yes|no>
set vsys <name> user-id-collector setting session-interval <1-3600>
set vsys <name> user-id-collector setting edirectory-query-interval <1-3600>
set vsys <name> user-id-collector setting enable-probing <yes|no>
set vsys <name> user-id-collector setting client-probing-interval <1-1440>
set vsys <name> user-id-collector setting enable-mapping-timeout <yes|no>
set vsys <name> user-id-collector setting ip-user-mapping-timeout <1-1440>
set vsys <name> user-id-collector setting enable-user-match <yes|no>
set vsys <name> user-id-collector setting enable-ntlm <yes|no>
set vsys <name> user-id-collector setting ntlm-domain <value>
set vsys <name> user-id-collector setting ntlm-username <value>
set vsys <name> user-id-collector setting ntlm-password <value>
set vsys <name> user-id-collector setting collectorname <value>
set vsys <name> user-id-collector setting secret <value>
set vsys <name> user-id-collector setting syslog-service-profile <value>
set vsys <name> user-id-collector syslog-parse-profile
set vsys <name> user-id-collector syslog-parse-profile <name>
set vsys <name> user-id-collector syslog-parse-profile <name> description <value
>
set vsys <name> user-id-collector syslog-parse-profile <name>
set vsys <name> user-id-collector syslog-parse-profile <name> regex-identifier
set vsys <name> user-id-collector syslog-parse-profile <name> regex-identifier e
vent-regex <value>
set vsys <name> user-id-collector syslog-parse-profile <name> regex-identifier u
sername-regex <value>
set vsys <name> user-id-collector syslog-parse-profile <name> regex-identifier a
ddress-regex <value>
set vsys <name> user-id-collector syslog-parse-profile <name> field-identifier
set vsys <name> user-id-collector syslog-parse-profile <name> field-identifier e
vent-string <value>
set vsys <name> user-id-collector syslog-parse-profile <name> field-identifier u
sername-prefix <value>
set vsys <name> user-id-collector syslog-parse-profile <name> field-identifier u
sername-delimiter <value>
set vsys <name> user-id-collector syslog-parse-profile <name> field-identifier a
ddress-prefix <value>
set vsys <name> user-id-collector syslog-parse-profile <name> field-identifier a
ddress-delimiter <value>
set vsys <name> user-id-collector server-monitor
set vsys <name> user-id-collector server-monitor <name>
set vsys <name> user-id-collector server-monitor <name> description <value>
set vsys <name> user-id-collector server-monitor <name> disabled <yes|no>
set vsys <name> user-id-collector server-monitor <name>
set vsys <name> user-id-collector server-monitor <name> active-directory
set vsys <name> user-id-collector server-monitor <name> active-directory host |<value>
set vsys <name> user-id-collector server-monitor <name> exchange
set vsys <name> user-id-collector server-monitor <name> exchange host <ip/netmas
k>|<value>
set vsys <name> user-id-collector server-monitor <name> e-directory
set vsys <name> user-id-collector server-monitor <name> e-directory server-profi
le <value>
set vsys <name> user-id-collector server-monitor <name> syslog
set vsys <name> user-id-collector server-monitor <name> syslog address <ip/netma
sk>
set vsys <name> user-id-collector server-monitor <name> syslog connection-type <
udp|ssl>
set vsys <name> user-id-collector server-monitor <name> syslog syslog-parse-prof
ile
ile <name>
ile <name> event-type <login|logout>
set vsys <name> user-id-collector server-monitor <name> syslog default-domain-na
me <value>
set vsys <name> user-id-collector include-exclude-network
set vsys <name> user-id-collector include-exclude-network <name>
set vsys <name> user-id-collector include-exclude-network <name> disabled <yes|n
o>
set vsys <name> user-id-collector include-exclude-network <name> discovery <incl
ude|exclude>
set vsys <name> user-id-collector include-exclude-network <name> network-address
<ip/netmask>
set vsys <name> user-id-collector include-exclude-network-sequence
set vsys <name> user-id-collector include-exclude-network-sequence include-exclu
de-network [ <include-exclude-network1> <include-exclude-network2>... ]
set vsys <name> user-id-collector ignore-user [ <ignore-user1> <ignore-user2>..
.]
set vsys <name> url-admin-override
set vsys <name> url-admin-override password <value>
set vsys <name> url-admin-override ssl-tls-service-profile <value>
set vsys <name> url-admin-override mode
set vsys <name> url-admin-override mode transparent
set vsys <name> url-admin-override mode redirect
set vsys <name> url-admin-override mode redirect address <ip/netmask>|<value>
set vsys <name> zone
set vsys <name> zone <name>
set vsys <name> zone <name> enable-user-identification <yes|no>
set vsys <name> zone <name> network

set vsys <name> zone <name> network zone-protection-profile <value>
set vsys <name> zone <name> network enable-packet-buffer-protection <yes|no>
set vsys <name> zone <name> network log-setting <value>
set vsys <name> zone <name> network
set vsys <name> zone <name> network tap [ <tap1> <tap2>... ]
set vsys <name> zone <name> network virtual-wire [ <virtual-wire1> <virtual-wir
e2>... ]
set vsys <name> zone <name> network layer2 [ <layer21> <layer22>... ]
set vsys <name> zone <name> network layer3 [ <layer31> <layer32>... ]
set vsys <name> zone <name> network external [ <external1> <external2>... ]
set vsys <name> zone <name> network tunnel
set vsys <name> zone <name> user-acl
set vsys <name> zone <name> user-acl include-list [ <include-list1> <include-li
st2>... ]
set vsys <name> zone <name> user-acl exclude-list [ <exclude-list1> <exclude-li
st2>... ]
set vsys <name> global-protect
set vsys <name> global-protect global-protect-portal
set vsys <name> global-protect global-protect-portal <name>
set vsys <name> global-protect global-protect-portal <name> portal-config
set vsys <name> global-protect global-protect-portal <name> portal-config local-
address
address ip-address-family <ipv4|ipv6|ipv4_ipv6>
address interface <value>
address
address ip
address ip ipv4 <value>

address ip ipv6 <value>
address floating-ip
address floating-ip ipv4 <value>
address floating-ip ipv6 <value>
set vsys <name> global-protect global-protect-portal <name> portal-config ssl-tl
s-service-profile <value>
set vsys <name> global-protect global-protect-portal <name> portal-config client
-auth
-auth <name>
-auth <name> os <value>|<Any|Browser|Satellite>
-auth <name> authentication-profile <value>
-auth <name> username-label <value>
-auth <name> password-label <value>
-auth <name> authentication-message <value>
set vsys <name> global-protect global-protect-portal <name> portal-config certif
icate-profile <value>
set vsys <name> global-protect global-protect-portal <name> portal-config custom
-login-page <value>
-home-page <value>
-help-page <value>
set vsys <name> global-protect global-protect-portal <name> clientless-vpn
set vsys <name> global-protect global-protect-portal <name> clientless-vpn hostn
ame <value>
set vsys <name> global-protect global-protect-portal <name> clientless-vpn secur
ity-zone <value>
set vsys <name> global-protect global-protect-portal <name> clientless-vpn login
-lifetime
-lifetime minutes <60-1440>
-lifetime hours <1-24>
set vsys <name> global-protect global-protect-portal <name> clientless-vpn inact
ivity-logout
ivity-logout minutes <5-1440>
ivity-logout hours <1-24>
set vsys <name> global-protect global-protect-portal <name> clientless-vpn max-u
ser <1-30000>
set vsys <name> global-protect global-protect-portal <name> clientless-vpn dns-p
roxy <value>
set vsys <name> global-protect global-protect-portal <name> clientless-vpn crypt
o-settings
o-settings ssl-protocol
o-settings ssl-protocol min-version <sslv3|tls1-0|tls1-1|tls1-2>
o-settings ssl-protocol max-version <sslv3|tls1-0|tls1-1|tls1-2|max>
o-settings ssl-protocol keyxchg-algo-rsa <yes|no>

o-settings ssl-protocol keyxchg-algo-dhe <yes|no>
o-settings ssl-protocol keyxchg-algo-ecdhe <yes|no>
o-settings ssl-protocol enc-algo-3des <yes|no>
o-settings ssl-protocol enc-algo-rc4 <yes|no>
o-settings ssl-protocol enc-algo-aes-128-cbc <yes|no>
o-settings ssl-protocol enc-algo-aes-256-cbc <yes|no>
o-settings ssl-protocol enc-algo-aes-128-gcm <yes|no>
o-settings ssl-protocol enc-algo-aes-256-gcm <yes|no>
o-settings ssl-protocol auth-algo-md5 <yes|no>
o-settings ssl-protocol auth-algo-sha1 <yes|no>
o-settings server-cert-verification
o-settings server-cert-verification block-expired-certificate <yes|no>
o-settings server-cert-verification block-untrusted-issuer <yes|no>
o-settings server-cert-verification block-unknown-cert <yes|no>

o-settings server-cert-verification block-timeout-cert <yes|no>
set vsys <name> global-protect global-protect-portal <name> clientless-vpn rewri
te-exclude-domain-list [ <rewrite-exclude-domain-list1> <rewrite-exclude-domain
-list2>... ]
set vsys <name> global-protect global-protect-portal <name> clientless-vpn apps-
to-user-mapping
to-user-mapping <name>
to-user-mapping <name> source-user [ <source-user1> <source-user2>... ]
to-user-mapping <name> applications [ <applications1> <applications2>... ]
to-user-mapping <name> enable-custom-app-URL-address-bar <yes|no>
to-user-mapping <name> display-global-protect-agent-download-link <yes|no>
set vsys <name> global-protect global-protect-portal <name> clientless-vpn proxy
-server-setting
-server-setting <name>
-server-setting <name> domains [ <domains1> <domains2>... ]
-server-setting <name> use-proxy <yes|no>
-server-setting <name> proxy-server
-server-setting <name> proxy-server server <value>
-server-setting <name> proxy-server port <1-65535>
-server-setting <name> proxy-server user <value>

-server-setting <name> proxy-server password <value>
set vsys <name> global-protect global-protect-portal <name> client-config
set vsys <name> global-protect global-protect-portal <name> client-config root-c
a <name>
a <name> install-in-cert-store <yes|no>
set vsys <name> global-protect global-protect-portal <name> client-config agent-
user-override-key <value>
set vsys <name> global-protect global-protect-portal <name> client-config config
s <name>
s <name> save-user-credentials <0|1|2>
s <name> portal-2fa <yes|no>
s <name> internal-gateway-2fa <yes|no>
s <name> auto-discovery-external-gateway-2fa <yes|no>
s <name> manual-only-gateway-2fa <yes|no>
s <name> source-user [ <source-user1> <source-user2>... ]
s <name> refresh-config <yes|no>
s <name> gateways

s <name> gateways internal
s <name> gateways internal list
s <name> gateways internal list <name>
s <name> gateways internal list <name>
s <name> gateways internal list <name> fqdn <value>
s <name> gateways internal list <name> ip
s <name> gateways internal list <name> ip ipv4 <value>
s <name> gateways internal list <name> ip ipv6 <value>
s <name> gateways internal list <name> source-ip [ <source-ip1> <source-ip2>...
s <name> gateways internal dhcp-option-code [ <dhcp-option-code1> <dhcp-option-
code2>... ]
s <name> gateways external
s <name> gateways external cutoff-time <0-10>
s <name> gateways external list
s <name> gateways external list <name>
s <name> gateways external list <name>

s <name> gateways external list <name> fqdn <value>
s <name> gateways external list <name> ip
s <name> gateways external list <name> ip ipv4 <value>
s <name> gateways external list <name> ip ipv6 <value>
s <name> gateways external list <name> priority-rule
s <name> gateways external list <name> priority-rule <name>
s <name> gateways external list <name> priority-rule <name> priority <0|1|2|3|4|
5|6>
s <name> gateways external list <name> manual <yes|no>
s <name> internal-host-detection
s <name> internal-host-detection ip-address <ip/netmask>
s <name> internal-host-detection hostname <value>
s <name> internal-host-detection-v6
s <name> internal-host-detection-v6 ip-address <ip/netmask>
s <name> internal-host-detection-v6 hostname <value>
s <name> agent-ui
s <name> agent-ui passcode <value>

s <name> agent-ui agent-user-override-timeout <0-65535>
s <name> agent-ui max-agent-user-overrides <0-65535>
s <name> agent-ui welcome-page
s <name> agent-ui welcome-page page <value>
s <name> hip-collection
s <name> hip-collection exclusion
s <name> hip-collection exclusion category
s <name> hip-collection exclusion category <name>
s <name> hip-collection exclusion category <name> vendor
s <name> hip-collection exclusion category <name> vendor <name>
s <name> hip-collection exclusion category <name> vendor <name> product [ <prod
uct1> <product2>... ]
s <name> hip-collection custom-checks
s <name> hip-collection custom-checks windows
s <name> hip-collection custom-checks windows registry-key
s <name> hip-collection custom-checks windows registry-key <name>

s <name> hip-collection custom-checks windows registry-key <name> registry-value
[ <registry-value1> <registry-value2>... ]
s <name> hip-collection custom-checks windows process-list [ <process-list1> ... ]
s <name> hip-collection custom-checks mac-os
s <name> hip-collection custom-checks mac-os plist
s <name> hip-collection custom-checks mac-os plist <name>
s <name> hip-collection custom-checks mac-os plist <name> key [ <key1> <key2>..
.]
s <name> hip-collection custom-checks mac-os process-list [ <process-list1> <pr
ocess-list2>... ]
s <name> hip-collection max-wait-time <10-60>
s <name> hip-collection collect-hip-data <yes|no>
s <name> third-party-vpn-clients [ <third-party-vpn-clients1> <third-party-vpn-
clients2>... ]
s <name> agent-config
s <name> gp-app-config
s <name> gp-app-config config
s <name> gp-app-config config <name>

s <name> gp-app-config config <name> value [ <value1> <value2>... ]
s <name> os [ <os1> <os2>... ]
s <name> mdm-address <value>
s <name> mdm-enrollment-port <443|7443|8443>
s <name> client-certificate
s <name> client-certificate local <value>
s <name> client-certificate scep <value>
s <name> authentication-override
s <name> authentication-override generate-cookie <yes|no>
s <name> authentication-override accept-cookie
s <name> authentication-override accept-cookie cookie-lifetime
s <name> authentication-override accept-cookie cookie-lifetime lifetime-in-days
<1-365>
s <name> authentication-override accept-cookie cookie-lifetime lifetime-in-hours
<1-72>
s <name> authentication-override accept-cookie cookie-lifetime lifetime-in-minut
es <1-59>

s <name> authentication-override cookie-encrypt-decrypt-cert <value>
set vsys <name> global-protect global-protect-portal <name> satellite-config
set vsys <name> global-protect global-protect-portal <name> satellite-config roo
t-ca [ <root-ca1> <root-ca2>... ]
set vsys <name> global-protect global-protect-portal <name> satellite-config cli
ent-certificate
ent-certificate local
ent-certificate local issuing-certificate <value>
ent-certificate local ocsp-responder <value>
ent-certificate local certificate-life-time <7-365>
ent-certificate local certificate-renewal-period <3-30>
ent-certificate scep
ent-certificate scep scep <value>
ent-certificate scep certificate-renewal-period <3-30>
set vsys <name> global-protect global-protect-portal <name> satellite-config con
figs
figs <name>
figs <name> devices [ <devices1> <devices2>... ]
figs <name> source-user [ <source-user1> <source-user2>... ]
figs <name> gateways

figs <name> gateways <name>
figs <name> gateways <name>
figs <name> gateways <name> fqdn <value>
figs <name> gateways <name> ip
figs <name> gateways <name> ip ipv4 <value>
figs <name> gateways <name> ip ipv6 <value>
figs <name> gateways <name> ipv6-preferred <yes|no>
figs <name> gateways <name> priority <1-25>
figs <name> config-refresh-interval <1-48>
set vsys <name> global-protect global-protect-gateway
set vsys <name> global-protect global-protect-gateway <name>
set vsys <name> global-protect global-protect-gateway <name> remote-user-tunnel
<value>
set vsys <name> global-protect global-protect-gateway <name> remote-user-tunnel-
configs
configs <name>
configs <name> source-user [ <source-user1> <source-user2>... ]
configs <name> authentication-override
configs <name> authentication-override generate-cookie <yes|no>

configs <name> authentication-override accept-cookie
configs <name> authentication-override accept-cookie cookie-lifetime
configs <name> authentication-override accept-cookie cookie-lifetime lifetime-in
-days <1-365>
-hours <1-72>
-minutes <1-59>
configs <name> authentication-override cookie-encrypt-decrypt-cert <value>
configs <name> os [ <os1> <os2>... ]
configs <name> ip-pool [ <ip-pool1> <ip-pool2>... ]
configs <name> split-tunneling
configs <name> split-tunneling access-route [ <access-route1> <access-route2>..
.]
configs <name> split-tunneling exclude-access-route [ <exclude-access-route1> <
exclude-access-route2>... ]
configs <name> split-tunneling include-applications [ <include-applications1> <
include-applications2>... ]
configs <name> split-tunneling include-domains

configs <name> split-tunneling include-domains list
configs <name> split-tunneling include-domains list <name>
configs <name> split-tunneling include-domains list <name> ports [ <ports1> <po
rts2>... ]
configs <name> split-tunneling exclude-applications [ <exclude-applications1> <
exclude-applications2>... ]
configs <name> split-tunneling exclude-domains
configs <name> split-tunneling exclude-domains list
configs <name> split-tunneling exclude-domains list <name>
configs <name> split-tunneling exclude-domains list <name> ports [ <ports1> <po
rts2>... ]
configs <name> no-direct-access-to-local-network <yes|no>
configs <name> retrieve-framed-ip-address <yes|no>
configs <name> authentication-server-ip-pool [ <authentication-server-ip-pool1>
<authentication-server-ip-pool2>... ]
set vsys <name> global-protect global-protect-gateway <name> ssl-tls-service-pro
file <value>
set vsys <name> global-protect global-protect-gateway <name> client-auth
set vsys <name> global-protect global-protect-gateway <name> client-auth <name>
os <value>|<Any|Satellite|X-Auth>
authentication-profile <value>
username-label <value>
password-label <value>
authentication-message <value>
set vsys <name> global-protect global-protect-gateway <name> certificate-profile
<value>
set vsys <name> global-protect global-protect-gateway <name> satellite-tunnel <v
alue>
set vsys <name> global-protect global-protect-gateway <name> tunnel-mode <yes|no
>
set vsys <name> global-protect global-protect-gateway <name> local-address
set vsys <name> global-protect global-protect-gateway <name> local-address ip-ad
dress-family <ipv4|ipv6|ipv4_ipv6>
set vsys <name> global-protect global-protect-gateway <name> local-address inter
face <value>
set vsys <name> global-protect global-protect-gateway <name> local-address
set vsys <name> global-protect global-protect-gateway <name> local-address ip
set vsys <name> global-protect global-protect-gateway <name> local-address ip ip
v4 <value>
set vsys <name> global-protect global-protect-gateway <name> local-address ip ip
v6 <value>
set vsys <name> global-protect global-protect-gateway <name> local-address float
ing-ip
ing-ip ipv4 <value>
ing-ip ipv6 <value>
set vsys <name> global-protect global-protect-gateway <name> roles

set vsys <name> global-protect global-protect-gateway <name> roles <name>
set vsys <name> global-protect global-protect-gateway <name> roles <name> login-
lifetime
lifetime minutes <120-43200>
lifetime hours <2-720>
lifetime days <1-30>
set vsys <name> global-protect global-protect-gateway <name> roles <name> inacti
vity-logout
vity-logout minutes <120-43200>
vity-logout hours <2-720>
vity-logout days <1-30>
set vsys <name> global-protect global-protect-gateway <name> roles <name> discon
nect-on-idle
set vsys <name> global-protect global-protect-gateway <name> roles <name> discon
nect-on-idle minutes <5-43200>
set vsys <name> global-protect global-protect-gateway <name> hip-notification
set vsys <name> global-protect global-protect-gateway <name> hip-notification <n
ame>
ame> match-message
ame> match-message include-app-list <yes|no>
ame> match-message show-notification-as <system-tray-balloon|pop-up-message>
ame> match-message message <value>

ame> not-match-message
ame> not-match-message show-notification-as <system-tray-balloon|pop-up-message>
ame> not-match-message message <value>
set vsys <name> global-protect global-protect-mdm
set vsys <name> global-protect global-protect-mdm <name>
set vsys <name> global-protect global-protect-mdm <name> disabled <yes|no>
set vsys <name> global-protect global-protect-mdm <name> host <value>
set vsys <name> global-protect global-protect-mdm <name> port <1-65535>
set vsys <name> global-protect global-protect-mdm <name> root-ca [ <root-ca1> <
root-ca2>... ]
set vsys <name> global-protect global-protect-mdm <name> client-certificate <val
ue>
set vsys <name> global-protect clientless-app
set vsys <name> global-protect clientless-app <name>
set vsys <name> global-protect clientless-app <name> application-home-url <value
>
set vsys <name> global-protect clientless-app <name> description <value>
set vsys <name> global-protect clientless-app <name> app-icon <value>
set vsys <name> global-protect clientless-app-group
set vsys <name> global-protect clientless-app-group <name>
set vsys <name> global-protect clientless-app-group <name> members [ <members1>
<members2>... ]
set vsys <name> profiles
set vsys <name> profiles hip-objects
set vsys <name> profiles hip-objects <name>
set vsys <name> profiles hip-objects <name> description <value>
set vsys <name> profiles hip-objects <name> host-info
set vsys <name> profiles hip-objects <name> host-info criteria
set vsys <name> profiles hip-objects <name> host-info criteria domain

set vsys <name> profiles hip-objects <name> host-info criteria domain
set vsys <name> profiles hip-objects <name> host-info criteria domain contains <
value>
set vsys <name> profiles hip-objects <name> host-info criteria domain is <value>
set vsys <name> profiles hip-objects <name> host-info criteria domain is-not <va
lue>
set vsys <name> profiles hip-objects <name> host-info criteria os
set vsys <name> profiles hip-objects <name> host-info criteria os
set vsys <name> profiles hip-objects <name> host-info criteria os contains
set vsys <name> profiles hip-objects <name> host-info criteria os contains
set vsys <name> profiles hip-objects <name> host-info criteria os contains Micro
soft <value>
set vsys <name> profiles hip-objects <name> host-info criteria os contains Apple
<value>
set vsys <name> profiles hip-objects <name> host-info criteria os contains Googl
e <value>
set vsys <name> profiles hip-objects <name> host-info criteria os contains Linux
<value>
set vsys <name> profiles hip-objects <name> host-info criteria os contains Other
<value>
set vsys <name> profiles hip-objects <name> host-info criteria client-version
set vsys <name> profiles hip-objects <name> host-info criteria client-version
set vsys <name> profiles hip-objects <name> host-info criteria client-version co
ntains <value>
set vsys <name> profiles hip-objects <name> host-info criteria client-version is
<value>
set vsys <name> profiles hip-objects <name> host-info criteria client-version is
-not <value>
set vsys <name> profiles hip-objects <name> host-info criteria host-name
set vsys <name> profiles hip-objects <name> host-info criteria host-name
set vsys <name> profiles hip-objects <name> host-info criteria host-name contain
s <value>
set vsys <name> profiles hip-objects <name> host-info criteria host-name is <val
ue>
set vsys <name> profiles hip-objects <name> host-info criteria host-name is-not
<value>
set vsys <name> profiles hip-objects <name> host-info criteria host-id
set vsys <name> profiles hip-objects <name> host-info criteria host-id
set vsys <name> profiles hip-objects <name> host-info criteria host-id contains
<value>
set vsys <name> profiles hip-objects <name> host-info criteria host-id is <value
>
set vsys <name> profiles hip-objects <name> host-info criteria host-id is-not <v
alue>
set vsys <name> profiles hip-objects <name> network-info
set vsys <name> profiles hip-objects <name> network-info criteria
set vsys <name> profiles hip-objects <name> network-info criteria network
set vsys <name> profiles hip-objects <name> network-info criteria network is
set vsys <name> profiles hip-objects <name> network-info criteria network is wif
set vsys <name> profiles hip-objects <name> network-info criteria network is wif
i ssid <value>
set vsys <name> profiles hip-objects <name> network-info criteria network is mob
ile
set vsys <name> profiles hip-objects <name> network-info criteria network is mob
ile carrier <value>
set vsys <name> profiles hip-objects <name> network-info criteria network is unk
nown
set vsys <name> profiles hip-objects <name> network-info criteria network is-not
wifi
wifi ssid <value>

mobile
mobile carrier <value>
ethernet
unknown
set vsys <name> profiles hip-objects <name> patch-management
set vsys <name> profiles hip-objects <name> patch-management criteria
set vsys <name> profiles hip-objects <name> patch-management criteria is-install
ed <yes|no>
set vsys <name> profiles hip-objects <name> patch-management criteria is-enabled
<no|yes|not-available>
set vsys <name> profiles hip-objects <name> patch-management criteria missing-pa
tches
tches severity
tches severity
tches severity greater-equal <0-100000>
tches severity greater-than <0-100000>
tches severity is <0-100000>
tches severity is-not <0-100000>
tches severity less-equal <0-100000>
tches severity less-than <0-100000>

tches patches [ <patches1> <patches2>... ]
tches check <has-any|has-none|has-all>
set vsys <name> profiles hip-objects <name> patch-management vendor
set vsys <name> profiles hip-objects <name> patch-management vendor <name>
set vsys <name> profiles hip-objects <name> patch-management vendor <name> produ
ct [ <product1> <product2>... ]
set vsys <name> profiles hip-objects <name> patch-management exclude-vendor <yes
|no>
set vsys <name> profiles hip-objects <name> data-loss-prevention
set vsys <name> profiles hip-objects <name> data-loss-prevention criteria
set vsys <name> profiles hip-objects <name> data-loss-prevention criteria is-ins
talled <yes|no>
set vsys <name> profiles hip-objects <name> data-loss-prevention criteria is-ena
bled <no|yes|not-available>
set vsys <name> profiles hip-objects <name> data-loss-prevention vendor
set vsys <name> profiles hip-objects <name> data-loss-prevention vendor <name>
set vsys <name> profiles hip-objects <name> data-loss-prevention vendor <name> p
roduct [ <product1> <product2>... ]
set vsys <name> profiles hip-objects <name> data-loss-prevention exclude-vendor
<yes|no>
set vsys <name> profiles hip-objects <name> firewall
set vsys <name> profiles hip-objects <name> firewall criteria
set vsys <name> profiles hip-objects <name> firewall criteria is-installed <yes|
no>
set vsys <name> profiles hip-objects <name> firewall criteria is-enabled <no|yes
|not-available>
set vsys <name> profiles hip-objects <name> firewall vendor
set vsys <name> profiles hip-objects <name> firewall vendor <name>
set vsys <name> profiles hip-objects <name> firewall vendor <name> product [ <product2>... ]
set vsys <name> profiles hip-objects <name> firewall exclude-vendor <yes|no>
set vsys <name> profiles hip-objects <name> anti-malware
set vsys <name> profiles hip-objects <name> anti-malware criteria
set vsys <name> profiles hip-objects <name> anti-malware criteria virdef-version
within
within versions <1-65535>
not-within
not-within versions <1-65535>
set vsys <name> profiles hip-objects <name> anti-malware criteria product-versio
n greater-equal <value>
n greater-than <value>
n is <value>
n is-not <value>

n less-equal <value>
n less-than <value>
n contains <value>
n within
n within versions <1-65535>
n not-within
n not-within versions <1-65535>
set vsys <name> profiles hip-objects <name> anti-malware criteria is-installed <
yes|no>
set vsys <name> profiles hip-objects <name> anti-malware criteria real-time-prot
ection <no|yes|not-available>
set vsys <name> profiles hip-objects <name> anti-malware criteria last-scan-time
not-available
within
within hours <1-65535>
not-within

not-within hours <1-65535>
set vsys <name> profiles hip-objects <name> anti-malware vendor
set vsys <name> profiles hip-objects <name> anti-malware vendor <name>
set vsys <name> profiles hip-objects <name> anti-malware vendor <name> product
[ <product1> <product2>... ]
set vsys <name> profiles hip-objects <name> anti-malware exclude-vendor <yes|no>
set vsys <name> profiles hip-objects <name> disk-backup
set vsys <name> profiles hip-objects <name> disk-backup criteria
set vsys <name> profiles hip-objects <name> disk-backup criteria is-installed <y
es|no>
set vsys <name> profiles hip-objects <name> disk-backup criteria last-backup-tim
e not-available
e within
e within days <1-65535>
e within hours <1-65535>
e not-within
e not-within days <1-65535>
e not-within hours <1-65535>
set vsys <name> profiles hip-objects <name> disk-backup vendor
set vsys <name> profiles hip-objects <name> disk-backup vendor <name>

set vsys <name> profiles hip-objects <name> disk-backup vendor <name> product [
set vsys <name> profiles hip-objects <name> disk-backup exclude-vendor <yes|no>
set vsys <name> profiles hip-objects <name> disk-encryption
set vsys <name> profiles hip-objects <name> disk-encryption criteria
set vsys <name> profiles hip-objects <name> disk-encryption criteria is-installe
d <yes|no>
set vsys <name> profiles hip-objects <name> disk-encryption criteria encrypted-l
ocations
ocations <name>
ocations <name> encryption-state
ocations <name> encryption-state is <full|none|partial|not-available>
ocations <name> encryption-state is-not <full|none|partial|not-available>
set vsys <name> profiles hip-objects <name> disk-encryption vendor
set vsys <name> profiles hip-objects <name> disk-encryption vendor <name>
set vsys <name> profiles hip-objects <name> disk-encryption vendor <name> produc
t [ <product1> <product2>... ]
set vsys <name> profiles hip-objects <name> disk-encryption exclude-vendor <yes|
no>
set vsys <name> profiles hip-objects <name> custom-checks
set vsys <name> profiles hip-objects <name> custom-checks criteria
set vsys <name> profiles hip-objects <name> custom-checks criteria process-list
<name>
<name> running <yes|no>
set vsys <name> profiles hip-objects <name> custom-checks criteria registry-key

<name>
<name> default-value-data <value>
<name> negate <yes|no>
<name> registry-value
<name> registry-value <name>
<name> registry-value <name> value-data <value>
<name> registry-value <name> negate <yes|no>
set vsys <name> profiles hip-objects <name> custom-checks criteria plist
set vsys <name> profiles hip-objects <name> custom-checks criteria plist <name>
negate <yes|no>
key
key <name>
key <name> value <value>
key <name> negate <yes|no>
set vsys <name> profiles hip-objects <name> mobile-device
set vsys <name> profiles hip-objects <name> mobile-device criteria
set vsys <name> profiles hip-objects <name> mobile-device criteria jailbroken <n
o|yes>
set vsys <name> profiles hip-objects <name> mobile-device criteria disk-encrypte
d <no|yes>
set vsys <name> profiles hip-objects <name> mobile-device criteria passcode-set

<no|yes>
set vsys <name> profiles hip-objects <name> mobile-device criteria managed-by-md
m <no|yes>
set vsys <name> profiles hip-objects <name> mobile-device criteria last-checkin-
time
time
time within
time within days <1-365>
time not-within
time not-within days <1-365>
set vsys <name> profiles hip-objects <name> mobile-device criteria imei
set vsys <name> profiles hip-objects <name> mobile-device criteria imei
set vsys <name> profiles hip-objects <name> mobile-device criteria imei contains
<value>
set vsys <name> profiles hip-objects <name> mobile-device criteria imei is <valu
e>
set vsys <name> profiles hip-objects <name> mobile-device criteria imei is-not <
value>
set vsys <name> profiles hip-objects <name> mobile-device criteria model
set vsys <name> profiles hip-objects <name> mobile-device criteria model
set vsys <name> profiles hip-objects <name> mobile-device criteria model contain
s <value>
set vsys <name> profiles hip-objects <name> mobile-device criteria model is <val
ue>
set vsys <name> profiles hip-objects <name> mobile-device criteria model is-not
<value>
set vsys <name> profiles hip-objects <name> mobile-device criteria phone-number

contains <value>
is <value>
is-not <value>
set vsys <name> profiles hip-objects <name> mobile-device criteria serial-number
contains <value>
is <value>
is-not <value>
set vsys <name> profiles hip-objects <name> mobile-device criteria tag
set vsys <name> profiles hip-objects <name> mobile-device criteria tag
set vsys <name> profiles hip-objects <name> mobile-device criteria tag contains
<value>
set vsys <name> profiles hip-objects <name> mobile-device criteria tag is <value
>
set vsys <name> profiles hip-objects <name> mobile-device criteria tag is-not <v
alue>
set vsys <name> profiles hip-objects <name> mobile-device criteria applications
has-malware
has-malware no
has-malware yes
has-malware yes excludes
has-malware yes excludes <name>
has-malware yes excludes <name> package <value>
has-malware yes excludes <name> hash <value>
has-unmanaged-app <no|yes>
includes
includes <name>
includes <name> package <value>
includes <name> hash <value>
set vsys <name> profiles virus
set vsys <name> profiles virus <name>
set vsys <name> profiles virus <name> description <value>
set vsys <name> profiles virus <name> packet-capture <yes|no>
set vsys <name> profiles virus <name> decoder
set vsys <name> profiles virus <name> decoder <name>
set vsys <name> profiles virus <name> decoder <name> action <default|allow|alert
|drop|reset-client|reset-server|reset-both>
set vsys <name> profiles virus <name> decoder <name> wildfire-action <default|al
low|alert|drop|reset-client|reset-server|reset-both>
set vsys <name> profiles virus <name> application
set vsys <name> profiles virus <name> application <name>
set vsys <name> profiles virus <name> application <name> action <default|allow|a
lert|drop|reset-client|reset-server|reset-both>
set vsys <name> profiles virus <name> threat-exception
set vsys <name> profiles virus <name> threat-exception <name>
set vsys <name> profiles spyware
set vsys <name> profiles spyware <name>
set vsys <name> profiles spyware <name> description <value>
set vsys <name> profiles spyware <name> botnet-domains
set vsys <name> profiles spyware <name> botnet-domains lists
set vsys <name> profiles spyware <name> botnet-domains lists <name>
set vsys <name> profiles spyware <name> botnet-domains lists <name> action
set vsys <name> profiles spyware <name> botnet-domains lists <name> action alert
set vsys <name> profiles spyware <name> botnet-domains lists <name> action allow
set vsys <name> profiles spyware <name> botnet-domains lists <name> action block
set vsys <name> profiles spyware <name> botnet-domains lists <name> action sinkh
ole
set vsys <name> profiles spyware <name> botnet-domains sinkhole
set vsys <name> profiles spyware <name> botnet-domains sinkhole ipv4-address <ip
/netmask>|<127.0.0.1|pan-sinkhole-default-ip>
set vsys <name> profiles spyware <name> botnet-domains sinkhole ipv6-address <ip
/netmask>|<::1>
set vsys <name> profiles spyware <name> botnet-domains packet-capture <disable|s
ingle-packet|extended-capture>
set vsys <name> profiles spyware <name> botnet-domains threat-exception
set vsys <name> profiles spyware <name> botnet-domains threat-exception <name>
set vsys <name> profiles spyware <name> rules
set vsys <name> profiles spyware <name> rules <name>
set vsys <name> profiles spyware <name> rules <name> threat-name <value>|<any>
set vsys <name> profiles spyware <name> rules <name> category <value>|<any>
set vsys <name> profiles spyware <name> rules <name> severity [ <severity1> <se
verity2>... ]
set vsys <name> profiles spyware <name> rules <name> action
set vsys <name> profiles spyware <name> rules <name> action default
set vsys <name> profiles spyware <name> rules <name> action allow
set vsys <name> profiles spyware <name> rules <name> action alert
set vsys <name> profiles spyware <name> rules <name> action drop
set vsys <name> profiles spyware <name> rules <name> action reset-client
set vsys <name> profiles spyware <name> rules <name> action reset-server
set vsys <name> profiles spyware <name> rules <name> action reset-both
set vsys <name> profiles spyware <name> rules <name> action block-ip
set vsys <name> profiles spyware <name> rules <name> action block-ip track-by <s
ource|source-and-destination>
set vsys <name> profiles spyware <name> rules <name> action block-ip duration <1
-3600>
set vsys <name> profiles spyware <name> rules <name> packet-capture <disable|sin
gle-packet|extended-capture>
set vsys <name> profiles spyware <name> threat-exception
set vsys <name> profiles spyware <name> threat-exception <name>
set vsys <name> profiles spyware <name> threat-exception <name> packet-capture <
disable|single-packet|extended-capture>
set vsys <name> profiles spyware <name> threat-exception <name> action
set vsys <name> profiles spyware <name> threat-exception <name> action default
set vsys <name> profiles spyware <name> threat-exception <name> action allow
set vsys <name> profiles spyware <name> threat-exception <name> action alert
set vsys <name> profiles spyware <name> threat-exception <name> action drop
set vsys <name> profiles spyware <name> threat-exception <name> action reset-bot
set vsys <name> profiles spyware <name> threat-exception <name> action reset-cli
ent
set vsys <name> profiles spyware <name> threat-exception <name> action reset-ser
ver
set vsys <name> profiles spyware <name> threat-exception <name> action block-ip
duration <1-3600>
set vsys <name> profiles spyware <name> threat-exception <name> exempt-ip
set vsys <name> profiles spyware <name> threat-exception <name> exempt-ip <name>
set vsys <name> profiles vulnerability
set vsys <name> profiles vulnerability <name>
set vsys <name> profiles vulnerability <name> description <value>
set vsys <name> profiles vulnerability <name> rules
set vsys <name> profiles vulnerability <name> rules <name>
set vsys <name> profiles vulnerability <name> rules <name> threat-name <value>|<
any>
set vsys <name> profiles vulnerability <name> rules <name> cve [ <cve1> <cve2>.
.. ]
set vsys <name> profiles vulnerability <name> rules <name> host <any|client|serv
er>
set vsys <name> profiles vulnerability <name> rules <name> vendor-id [ <vendor-
id1> <vendor-id2>... ]
set vsys <name> profiles vulnerability <name> rules <name> severity [ <severity
1> <severity2>... ]
set vsys <name> profiles vulnerability <name> rules <name> category <value>|<any
>
set vsys <name> profiles vulnerability <name> rules <name> action
set vsys <name> profiles vulnerability <name> rules <name> action default
set vsys <name> profiles vulnerability <name> rules <name> action allow
set vsys <name> profiles vulnerability <name> rules <name> action alert
set vsys <name> profiles vulnerability <name> rules <name> action drop
set vsys <name> profiles vulnerability <name> rules <name> action reset-client
set vsys <name> profiles vulnerability <name> rules <name> action reset-server
set vsys <name> profiles vulnerability <name> rules <name> action reset-both
set vsys <name> profiles vulnerability <name> rules <name> action block-ip
set vsys <name> profiles vulnerability <name> rules <name> action block-ip track
-by <source|source-and-destination>
set vsys <name> profiles vulnerability <name> rules <name> action block-ip durat
ion <1-3600>
set vsys <name> profiles vulnerability <name> rules <name> packet-capture <disab
le|single-packet|extended-capture>
set vsys <name> profiles vulnerability <name> threat-exception
set vsys <name> profiles vulnerability <name> threat-exception <name>
set vsys <name> profiles vulnerability <name> threat-exception <name> packet-cap
ture <disable|single-packet|extended-capture>
set vsys <name> profiles vulnerability <name> threat-exception <name> action
set vsys <name> profiles vulnerability <name> threat-exception <name> action def
ault
set vsys <name> profiles vulnerability <name> threat-exception <name> action all
ow
set vsys <name> profiles vulnerability <name> threat-exception <name> action ale
rt
set vsys <name> profiles vulnerability <name> threat-exception <name> action dro
set vsys <name> profiles vulnerability <name> threat-exception <name> action res
et-client
et-server
et-both
set vsys <name> profiles vulnerability <name> threat-exception <name> action blo
ck-ip
ck-ip track-by <source|source-and-destination>
ck-ip duration <1-3600>
set vsys <name> profiles vulnerability <name> threat-exception <name> time-attri

bute
bute interval <1-3600>
bute threshold <1-65535>
bute track-by <source|destination|source-and-destination>
set vsys <name> profiles vulnerability <name> threat-exception <name> exempt-ip
set vsys <name> profiles vulnerability <name> threat-exception <name> exempt-ip
<name>
set vsys <name> profiles url-filtering
set vsys <name> profiles url-filtering <name>
set vsys <name> profiles url-filtering <name> description <value>
set vsys <name> profiles url-filtering <name> dynamic-url <yes|no>
set vsys <name> profiles url-filtering <name> license-expired <block|allow>
set vsys <name> profiles url-filtering <name> action <block|continue|override|al
ert>
set vsys <name> profiles url-filtering <name> block-list [ <block-list1> <block
-list2>... ]
set vsys <name> profiles url-filtering <name> allow-list [ <allow-list1> <allow
-list2>... ]
set vsys <name> profiles url-filtering <name> allow [ <allow1> <allow2>... ]
set vsys <name> profiles url-filtering <name> alert [ <alert1> <alert2>... ]
set vsys <name> profiles url-filtering <name> block [ <block1> <block2>... ]
set vsys <name> profiles url-filtering <name> continue [ <continue1> <continue2
>... ]
set vsys <name> profiles url-filtering <name> override [ <override1> <override2
>... ]
set vsys <name> profiles url-filtering <name> credential-enforcement
set vsys <name> profiles url-filtering <name> credential-enforcement mode
set vsys <name> profiles url-filtering <name> credential-enforcement mode disabl
ed
set vsys <name> profiles url-filtering <name> credential-enforcement mode ip-use
set vsys <name> profiles url-filtering <name> credential-enforcement mode domain
-credentials
set vsys <name> profiles url-filtering <name> credential-enforcement mode group-
mapping <value>
set vsys <name> profiles url-filtering <name> credential-enforcement log-severit
y <value>
set vsys <name> profiles url-filtering <name> credential-enforcement allow [ <a
llow1> <allow2>... ]
set vsys <name> profiles url-filtering <name> credential-enforcement alert [ <a
lert1> <alert2>... ]
set vsys <name> profiles url-filtering <name> credential-enforcement block [ <block2>... ]
set vsys <name> profiles url-filtering <name> credential-enforcement continue [
<continue1> <continue2>... ]
set vsys <name> profiles url-filtering <name> enable-container-page <yes|no>
set vsys <name> profiles url-filtering <name> log-container-page-only <yes|no>
set vsys <name> profiles url-filtering <name> safe-search-enforcement <yes|no>
set vsys <name> profiles url-filtering <name> log-http-hdr-xff <yes|no>
set vsys <name> profiles url-filtering <name> log-http-hdr-user-agent <yes|no>
set vsys <name> profiles url-filtering <name> log-http-hdr-referer <yes|no>
set vsys <name> profiles url-filtering <name> http-header-insertion
set vsys <name> profiles url-filtering <name> http-header-insertion <name>
set vsys <name> profiles url-filtering <name> http-header-insertion <name> type
<name>
<name> headers
<name> headers <name>

<name> headers <name> header <value>
<name> headers <name> value <value>
<name> headers <name> log <yes|no>
<name> domains [ <domains1> <domains2>... ]
set vsys <name> profiles file-blocking
set vsys <name> profiles file-blocking <name>
set vsys <name> profiles file-blocking <name> description <value>
set vsys <name> profiles file-blocking <name> rules
set vsys <name> profiles file-blocking <name> rules <name>
set vsys <name> profiles file-blocking <name> rules <name> application [ <appli
cation1> <application2>... ]
set vsys <name> profiles file-blocking <name> rules <name> file-type [ <file-ty
pe1> <file-type2>... ]
set vsys <name> profiles file-blocking <name> rules <name> direction <upload|dow
nload|both>
set vsys <name> profiles file-blocking <name> rules <name> action <alert|block|c
ontinue>
set vsys <name> profiles wildfire-analysis
set vsys <name> profiles wildfire-analysis <name>
set vsys <name> profiles wildfire-analysis <name> description <value>
set vsys <name> profiles wildfire-analysis <name> rules
set vsys <name> profiles wildfire-analysis <name> rules <name>
set vsys <name> profiles wildfire-analysis <name> rules <name> application [ <a
pplication1> <application2>... ]
set vsys <name> profiles wildfire-analysis <name> rules <name> file-type [ <fil
e-type1> <file-type2>... ]
set vsys <name> profiles wildfire-analysis <name> rules <name> direction <upload
|download|both>
set vsys <name> profiles wildfire-analysis <name> rules <name> analysis <public-
cloud|private-cloud>
set vsys <name> profiles custom-url-category
set vsys <name> profiles custom-url-category <name>
set vsys <name> profiles custom-url-category <name> description <value>
set vsys <name> profiles custom-url-category <name> list [ <list1> <list2>... ]
set vsys <name> profiles data-objects
set vsys <name> profiles data-objects <name>
set vsys <name> profiles data-objects <name> description <value>
set vsys <name> profiles data-objects <name> pattern-type
set vsys <name> profiles data-objects <name> pattern-type predefined
set vsys <name> profiles data-objects <name> pattern-type predefined pattern
set vsys <name> profiles data-objects <name> pattern-type predefined pattern <na
me>
set vsys <name> profiles data-objects <name> pattern-type predefined pattern <na
me> file-type [ <file-type1> <file-type2>... ]
set vsys <name> profiles data-objects <name> pattern-type regex
set vsys <name> profiles data-objects <name> pattern-type regex pattern
set vsys <name> profiles data-objects <name> pattern-type regex pattern <name>
set vsys <name> profiles data-objects <name> pattern-type regex pattern <name> f
ile-type [ <file-type1> <file-type2>... ]
set vsys <name> profiles data-objects <name> pattern-type regex pattern <name> r
egex <value>
set vsys <name> profiles data-objects <name> pattern-type file-properties
set vsys <name> profiles data-objects <name> pattern-type file-properties patter
n <name>
n <name> file-type <value>
n <name> file-property <value>

n <name> property-value <value>
set vsys <name> profiles data-filtering
set vsys <name> profiles data-filtering <name>
set vsys <name> profiles data-filtering <name> description <value>
set vsys <name> profiles data-filtering <name> data-capture <yes|no>
set vsys <name> profiles data-filtering <name> rules
set vsys <name> profiles data-filtering <name> rules <name>
set vsys <name> profiles data-filtering <name> rules <name> data-object <value>
set vsys <name> profiles data-filtering <name> rules <name> application [ <appl
ication1> <application2>... ]
set vsys <name> profiles data-filtering <name> rules <name> file-type [ <file-t
ype1> <file-type2>... ]
set vsys <name> profiles data-filtering <name> rules <name> direction <upload|do
wnload|both>
set vsys <name> profiles data-filtering <name> rules <name> alert-threshold <0-6
5535>
set vsys <name> profiles data-filtering <name> rules <name> block-threshold <0-6
5535>
set vsys <name> profiles data-filtering <name> rules <name> log-severity <value>
set vsys <name> profiles hip-profiles
set vsys <name> profiles hip-profiles <name>
set vsys <name> profiles hip-profiles <name> description <value>
set vsys <name> profiles hip-profiles <name> match <value>
set vsys <name> profiles dos-protection
set vsys <name> profiles dos-protection <name>
set vsys <name> profiles dos-protection <name> type <aggregate|classified>
set vsys <name> profiles dos-protection <name> description <value>
set vsys <name> profiles dos-protection <name> flood
set vsys <name> profiles dos-protection <name> flood tcp-syn
set vsys <name> profiles dos-protection <name> flood tcp-syn enable <yes|no>
set vsys <name> profiles dos-protection <name> flood tcp-syn
set vsys <name> profiles dos-protection <name> flood tcp-syn red

set vsys <name> profiles dos-protection <name> flood tcp-syn red alarm-rate <0-2
000000>
set vsys <name> profiles dos-protection <name> flood tcp-syn red activate-rate <
1-2000000>
set vsys <name> profiles dos-protection <name> flood tcp-syn red maximal-rate <1
-2000000>
set vsys <name> profiles dos-protection <name> flood tcp-syn red block
set vsys <name> profiles dos-protection <name> flood tcp-syn red block duration
<1-21600>
set vsys <name> profiles dos-protection <name> flood tcp-syn syn-cookies
set vsys <name> profiles dos-protection <name> flood tcp-syn syn-cookies alarm-r
ate <0-2000000>
set vsys <name> profiles dos-protection <name> flood tcp-syn syn-cookies activat
e-rate <0-2000000>
set vsys <name> profiles dos-protection <name> flood tcp-syn syn-cookies maximal
-rate <1-2000000>
set vsys <name> profiles dos-protection <name> flood tcp-syn syn-cookies block
set vsys <name> profiles dos-protection <name> flood tcp-syn syn-cookies block d
uration <1-21600>
set vsys <name> profiles dos-protection <name> flood udp
set vsys <name> profiles dos-protection <name> flood udp enable <yes|no>
set vsys <name> profiles dos-protection <name> flood udp red
set vsys <name> profiles dos-protection <name> flood udp red alarm-rate <0-20000
00>
set vsys <name> profiles dos-protection <name> flood udp red activate-rate <1-20
00000>
set vsys <name> profiles dos-protection <name> flood udp red maximal-rate <1-200
0000>
set vsys <name> profiles dos-protection <name> flood udp red block
set vsys <name> profiles dos-protection <name> flood udp red block duration <1-2
1600>
set vsys <name> profiles dos-protection <name> flood icmp

set vsys <name> profiles dos-protection <name> flood icmp enable <yes|no>
set vsys <name> profiles dos-protection <name> flood icmp red
set vsys <name> profiles dos-protection <name> flood icmp red alarm-rate <0-2000
000>
set vsys <name> profiles dos-protection <name> flood icmp red activate-rate <1-2
000000>
set vsys <name> profiles dos-protection <name> flood icmp red maximal-rate <1-20
00000>
set vsys <name> profiles dos-protection <name> flood icmp red block
set vsys <name> profiles dos-protection <name> flood icmp red block duration <1-
21600>
set vsys <name> profiles dos-protection <name> flood icmpv6
set vsys <name> profiles dos-protection <name> flood icmpv6 enable <yes|no>
set vsys <name> profiles dos-protection <name> flood icmpv6 red
set vsys <name> profiles dos-protection <name> flood icmpv6 red alarm-rate <0-20
00000>
set vsys <name> profiles dos-protection <name> flood icmpv6 red activate-rate <1
-2000000>
set vsys <name> profiles dos-protection <name> flood icmpv6 red maximal-rate <1-
2000000>
set vsys <name> profiles dos-protection <name> flood icmpv6 red block
set vsys <name> profiles dos-protection <name> flood icmpv6 red block duration <
1-21600>
set vsys <name> profiles dos-protection <name> flood other-ip
set vsys <name> profiles dos-protection <name> flood other-ip enable <yes|no>
set vsys <name> profiles dos-protection <name> flood other-ip red
set vsys <name> profiles dos-protection <name> flood other-ip red alarm-rate <0-
2000000>
set vsys <name> profiles dos-protection <name> flood other-ip red activate-rate
<1-2000000>
set vsys <name> profiles dos-protection <name> flood other-ip red maximal-rate <
1-2000000>
set vsys <name> profiles dos-protection <name> flood other-ip red block
set vsys <name> profiles dos-protection <name> flood other-ip red block duration
<1-21600>
set vsys <name> profiles dos-protection <name> resource
set vsys <name> profiles dos-protection <name> resource sessions
set vsys <name> profiles dos-protection <name> resource sessions enabled <yes|no
>
set vsys <name> profiles dos-protection <name> resource sessions max-concurrent-
limit <1-4194304>
set vsys <name> profiles decryption
set vsys <name> profiles decryption <name>
set vsys <name> profiles decryption <name> interface <value>
set vsys <name> profiles decryption <name> forwarded-only <yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy
set vsys <name> profiles decryption <name> ssl-forward-proxy block-expired-certi
ficate <yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy block-untrusted-iss
uer <yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy restrict-cert-exts
<yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy block-unsupported-v
ersion <yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy block-unsupported-c
ipher <yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy block-client-cert <
yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy block-if-no-resourc
e <yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy block-if-hsm-unavai
lable <yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy block-unknown-cert
<yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy block-timeout-cert
<yes|no>
set vsys <name> profiles decryption <name> ssl-forward-proxy auto-include-altnam
e <yes|no>
set vsys <name> profiles decryption <name> ssl-inbound-proxy
set vsys <name> profiles decryption <name> ssl-inbound-proxy block-unsupported-v
ersion <yes|no>
set vsys <name> profiles decryption <name> ssl-inbound-proxy block-unsupported-c
ipher <yes|no>
set vsys <name> profiles decryption <name> ssl-inbound-proxy block-if-no-resourc
e <yes|no>
set vsys <name> profiles decryption <name> ssl-inbound-proxy block-if-hsm-unavai
lable <yes|no>
set vsys <name> profiles decryption <name> ssl-protocol-settings
set vsys <name> profiles decryption <name> ssl-protocol-settings min-version <ss
lv3|tls1-0|tls1-1|tls1-2>
set vsys <name> profiles decryption <name> ssl-protocol-settings max-version <ss
lv3|tls1-0|tls1-1|tls1-2|max>
set vsys <name> profiles decryption <name> ssl-protocol-settings keyxchg-algo-rs
a <yes|no>
set vsys <name> profiles decryption <name> ssl-protocol-settings keyxchg-algo-dh
e <yes|no>
set vsys <name> profiles decryption <name> ssl-protocol-settings keyxchg-algo-ec
dhe <yes|no>
set vsys <name> profiles decryption <name> ssl-protocol-settings enc-algo-3des <
yes|no>
set vsys <name> profiles decryption <name> ssl-protocol-settings enc-algo-rc4 <y
es|no>
set vsys <name> profiles decryption <name> ssl-protocol-settings enc-algo-aes-12
8-cbc <yes|no>
6-cbc <yes|no>
8-gcm <yes|no>
6-gcm <yes|no>
set vsys <name> profiles decryption <name> ssl-protocol-settings auth-algo-md5 <
yes|no>
set vsys <name> profiles decryption <name> ssl-protocol-settings auth-algo-sha1
<yes|no>
6 <yes|no>
4 <yes|no>
set vsys <name> profiles decryption <name> ssl-no-proxy
set vsys <name> profiles decryption <name> ssl-no-proxy block-expired-certificat
e <yes|no>
set vsys <name> profiles decryption <name> ssl-no-proxy block-untrusted-issuer <
yes|no>
set vsys <name> profiles decryption <name> ssh-proxy
set vsys <name> profiles decryption <name> ssh-proxy block-unsupported-version <
yes|no>
set vsys <name> profiles decryption <name> ssh-proxy block-unsupported-alg <yes|
no>
set vsys <name> profiles decryption <name> ssh-proxy block-ssh-errors <yes|no>
set vsys <name> profiles decryption <name> ssh-proxy block-if-no-resource <yes|n
o>
set vsys <name> profiles forwarding
set vsys <name> profiles forwarding <name>
set vsys <name> profiles forwarding <name> description <value>
set vsys <name> profiles forwarding <name> interface-primary <value>
set vsys <name> profiles forwarding <name> interface-secondary <value>
set vsys <name> profiles forwarding <name> flow <unidirectional|bidirectional>
set vsys <name> profiles forwarding <name>

set vsys <name> profiles forwarding <name> transparent
set vsys <name> profiles forwarding <name> transparent enable-ipv6 <yes|no>
set vsys <name> profiles forwarding <name> routed
set vsys <name> profiles forwarding <name> routed security-chain
set vsys <name> profiles forwarding <name> routed security-chain <name>
set vsys <name> profiles forwarding <name> routed security-chain <name> enable <
yes|no>
set vsys <name> profiles forwarding <name> routed security-chain <name> first-de
vice <ip/netmask>
set vsys <name> profiles forwarding <name> routed security-chain <name> first-de
vice-description <value>
set vsys <name> profiles forwarding <name> routed security-chain <name> last-dev
ice <ip/netmask>
set vsys <name> profiles forwarding <name> routed security-chain <name> last-dev
ice-description <value>
set vsys <name> profiles forwarding <name> routed distribution <round-robin|ip-m
odulo|ip-hash|lowest-latency>
set vsys <name> profiles forwarding <name> health-check
set vsys <name> profiles forwarding <name> health-check failure-action <bypass|b
lock>
set vsys <name> profiles forwarding <name> health-check failure-condition <any|a
ll>
set vsys <name> profiles forwarding <name> health-check path-enable <yes|no>
set vsys <name> profiles forwarding <name> health-check path-count <1-10>
set vsys <name> profiles forwarding <name> health-check path-interval-s <1-60>
set vsys <name> profiles forwarding <name> health-check path-recovery-hold-s <0-
65535>
set vsys <name> profiles forwarding <name> health-check http-enable <yes|no>
set vsys <name> profiles forwarding <name> health-check http-count <1-10>
set vsys <name> profiles forwarding <name> health-check http-interval-s <1-60>
set vsys <name> profiles forwarding <name> health-check http-latency-enable <yes
|no>
set vsys <name> profiles forwarding <name> health-check http-latency-maximum-ms
<10-65535>
set vsys <name> profiles forwarding <name> health-check http-latency-duration-s
<1-65535>
set vsys <name> profiles forwarding <name> health-check http-latency-log-exceede
d <yes|no>
set vsys <name> profile-group
set vsys <name> profile-group <name>
set vsys <name> profile-group <name> virus [ <virus1> <virus2>... ]
set vsys <name> profile-group <name> spyware [ <spyware1> <spyware2>... ]
set vsys <name> profile-group <name> vulnerability [ <vulnerability1> <vulnerab
ility2>... ]
set vsys <name> profile-group <name> url-filtering [ <url-filtering1> <url-filt
ering2>... ]
set vsys <name> profile-group <name> file-blocking [ <file-blocking1> <file-blo
cking2>... ]
set vsys <name> profile-group <name> wildfire-analysis [ <wildfire-analysis1> <
wildfire-analysis2>... ]
set vsys <name> profile-group <name> data-filtering [ <data-filtering1> <data-f
iltering2>... ]
set vsys <name> service
set vsys <name> service <name>
set vsys <name> service <name> description <value>
set vsys <name> service <name> protocol
set vsys <name> service <name> protocol tcp
set vsys <name> service <name> protocol tcp port <0-65535,...>
set vsys <name> service <name> protocol tcp source-port <0-65535,...>
set vsys <name> service <name> protocol tcp override
set vsys <name> service <name> protocol tcp override no
set vsys <name> service <name> protocol tcp override yes
set vsys <name> service <name> protocol tcp override yes timeout <1-604800>
set vsys <name> service <name> protocol tcp override yes halfclose-timeout <1-60
4800>
set vsys <name> service <name> protocol tcp override yes timewait-timeout <1-600
>
set vsys <name> service <name> protocol udp
set vsys <name> service <name> protocol udp port <0-65535,...>
set vsys <name> service <name> protocol udp source-port <0-65535,...>
set vsys <name> service <name> protocol udp override
set vsys <name> service <name> protocol udp override no
set vsys <name> service <name> protocol udp override yes
set vsys <name> service <name> protocol udp override yes timeout <1-604800>
set vsys <name> service <name> protocol sctp
set vsys <name> service <name> protocol sctp port <0-65535,...>
set vsys <name> service <name> protocol sctp source-port <0-65535,...>
set vsys <name> service <name> tag [ <tag1> <tag2>... ]
set vsys <name> service-group
set vsys <name> service-group <name>
set vsys <name> service-group <name> members [ <members1> <members2>... ]
set vsys <name> service-group <name> tag [ <tag1> <tag2>... ]
set vsys <name> reports
set vsys <name> reports <name>
set vsys <name> reports <name> description <value>
set vsys <name> reports <name> disabled <yes|no>
set vsys <name> reports <name> query <value>
set vsys <name> reports <name> caption <value>
set vsys <name> reports <name> frequency <daily>
set vsys <name> reports <name> start-time <value>
set vsys <name> reports <name> end-time <value>
set vsys <name> reports <name> period <last-15-minutes|last-hour|last-6-hrs|last
-12-hrs|last-24-hrs|last-calendar-day|last-7-days|last-7-calendar-days|last-cale
ndar-week|last-30-days|last-30-calendar-days|last-calendar-month>
set vsys <name> reports <name> topn <1-10000>
set vsys <name> reports <name> topm <1-50>

set vsys <name> reports <name> type
set vsys <name> reports <name> type appstat
set vsys <name> reports <name> type appstat aggregate-by [ <aggregate-by1> <agg
regate-by2>... ]
set vsys <name> reports <name> type appstat group-by <category-of-name|name|risk
|risk-of-name|subcategory-of-name|technology-of-name|container-of-name|vsys|quar
ter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name>
set vsys <name> reports <name> type appstat values [ <values1> <values2>... ]
set vsys <name> reports <name> type appstat labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type appstat sortby <nbytes|npkts|nsess|nthreats>
set vsys <name> reports <name> type threat
set vsys <name> reports <name> type threat aggregate-by [ <aggregate-by1> <aggr
egate-by2>... ]
set vsys <name> reports <name> type threat group-by <action|app|category-of-app|
category-of-threatid|direction|dport|dst|dstuser|from|inbound_if|misc|natdport|n
atdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|severity|sport|src|srcu
ser|subcategory-of-app|subtype|technology-of-app|container-of-app|threatid|to|ds
tloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receiv
e_time|vsys_name|device_name|threat-type|tunnelid|monitortag|parent_session_id|p
arent_start_time|tunnel|http_method>
set vsys <name> reports <name> type threat values [ <values1> <values2>... ]
set vsys <name> reports <name> type threat labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type threat sortby <repeatcnt|nunique-of-users>
set vsys <name> reports <name> type url
set vsys <name> reports <name> type url aggregate-by [ <aggregate-by1> <aggrega
te-by2>... ]
set vsys <name> reports <name> type url group-by <action|app|category|category-o
f-app|direction|dport|dst|dstuser|from|inbound_if|misc|http_headers|natdport|nat
dst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|severity|sport|src|srcuse
r|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|qu
arter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|contenttype|
user_agent|vsys_name|device_name|url|tunnelid|monitortag|parent_session_id|paren
t_start_time|tunnel|http_method>
set vsys <name> reports <name> type url values [ <values1> <values2>... ]
set vsys <name> reports <name> type url labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type url sortby <repeatcnt|nunique-of-users>
set vsys <name> reports <name> type wildfire
set vsys <name> reports <name> type wildfire aggregate-by [ <aggregate-by1> <ag
gregate-by2>... ]
set vsys <name> reports <name> type wildfire group-by <app|category|category-of-
app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbo
und_if|proto|risk-of-app|rule|sport|src|srcuser|subcategory-of-app|technology-of
-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of
-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedi
gest|tunnelid|monitortag|parent_session_id|parent_start_time|tunnel>
set vsys <name> reports <name> type wildfire values [ <values1> <values2>... ]
set vsys <name> reports <name> type wildfire labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type wildfire sortby <repeatcnt|nunique-of-users>
set vsys <name> reports <name> type data
set vsys <name> reports <name> type data aggregate-by [ <aggregate-by1> <aggreg
ate-by2>... ]
set vsys <name> reports <name> type data group-by <action|app|category-of-app|di
rection|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|o
utbound_if|proto|risk-of-app|rule|severity|sport|src|srcuser|subcategory-of-app|
subtype|technology-of-app|container-of-app|threatid|to|dstloc|srcloc|vsys|quarte
r-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device
_name|data-type|filename|tunnelid|monitortag|parent_session_id|parent_start_time
|tunnel>
set vsys <name> reports <name> type data values [ <values1> <values2>... ]
set vsys <name> reports <name> type data labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type data sortby <repeatcnt|nunique-of-users>
set vsys <name> reports <name> type thsum
set vsys <name> reports <name> type thsum aggregate-by [ <aggregate-by1> <aggre
gate-by2>... ]
set vsys <name> reports <name> type thsum group-by <action|app|category-of-app|c
ategory-of-threatid|direction|dport|dst|dstuser|from|inbound_if|outbound_if|risk
-of-app|rule|severity|src|srcuser|subcategory-of-app|subtype|technology-of-app|c
ontainer-of-app|to|threatid|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour
-of-receive_time|day-of-receive_time|serial|vsys_name|device_name|threat-type|tu
nnelid|monitortag|parent_session_id|parent_start_time|tunnel>
set vsys <name> reports <name> type thsum values [ <values1> <values2>... ]
set vsys <name> reports <name> type thsum labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type thsum sortby <count|nunique-of-users>
set vsys <name> reports <name> type traffic
set vsys <name> reports <name> type traffic aggregate-by [ <aggregate-by1> <agg
regate-by2>... ]
set vsys <name> reports <name> type traffic group-by <action|app|category|catego
ry-of-app|dport|dst|dstuser|from|inbound_if|natdport|natdst|natsport|natsrc|outb
ound_if|proto|risk-of-app|rule|sessionid|sport|src|srcuser|subcategory-of-app|te
chnology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_t
ime|hour-of-receive_time|day-of-receive_time|session_end_reason|vsys_name|device
_name|action_source|tunnelid|monitortag|parent_session_id|parent_start_time|tunn
el>
set vsys <name> reports <name> type traffic values [ <values1> <values2>... ]
set vsys <name> reports <name> type traffic labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type traffic sortby <bytes|bytes_sent|bytes_recei
ved|elapsed|packets|pkts_sent|pkts_received|repeatcnt|nunique-of-users>
set vsys <name> reports <name> type urlsum
set vsys <name> reports <name> type urlsum aggregate-by [ <aggregate-by1> <aggr
egate-by2>... ]
set vsys <name> reports <name> type urlsum group-by <app|src|srcuser|category|ds
t|dstuser|rule|dstloc|srcloc|vsys_name|device_name|from|to|serial|inbound_if|out
bound_if|dport|action|url_domain|user_agent|category-of-app|subcategory-of-app|r
isk-of-app|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive
_time|tunnelid|monitortag|parent_session_id|parent_start_time|tunnel|http_method
>
set vsys <name> reports <name> type urlsum values [ <values1> <values2>... ]
set vsys <name> reports <name> type urlsum labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type urlsum sortby <repeatcnt|nunique-of-users>
set vsys <name> reports <name> type trsum
set vsys <name> reports <name> type trsum aggregate-by [ <aggregate-by1> <aggre
gate-by2>... ]
set vsys <name> reports <name> type trsum group-by <action|app|category|category
-of-app|dport|dst|dstuser|from|inbound_if|outbound_if|risk-of-app|rule|src|srcus
er|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|q
uarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|serial|vsys
_name|device_name|tunnelid|monitortag|parent_session_id|parent_start_time|tunnel
>
set vsys <name> reports <name> type trsum values [ <values1> <values2>... ]
set vsys <name> reports <name> type trsum labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type trsum sortby <bytes|sessions|bytes_sent|byte
s_received|nthreats|nftrans|ndpmatches|nurlcount|ncontent|nunique-of-users|nuniq
ue-of-apps>
set vsys <name> reports <name> type tunnel
set vsys <name> reports <name> type tunnel aggregate-by [ <aggregate-by1> <aggr
egate-by2>... ]
set vsys <name> reports <name> type tunnel group-by <action|app|category-of-app|
dport|dst|dstuser|from|inbound_if|natdport|natdst|natsport|natsrc|outbound_if|pr
oto|risk-of-app|rule|sessionid|sport|src|srcuser|subcategory-of-app|technology-o
f-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-o
f-receive_time|day-of-receive_time|vsys_name|device_name|tunnelid|monitortag|par
ent_session_id|parent_start_time|session_end_reason|action_source|tunnel|tunnel_
insp_rule>
set vsys <name> reports <name> type tunnel values [ <values1> <values2>... ]
set vsys <name> reports <name> type tunnel labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type tunnel sortby <repeatcnt|bytes|bytes_sent|by
tes_received|packets|pkts_sent|pkts_received|max_encap|unknown_proto|strict_chec
k|tunnel_fragment|sessions_created|sessions_closed|nunique-of-users>
set vsys <name> reports <name> type tunnelsum
set vsys <name> reports <name> type tunnelsum aggregate-by [ <aggregate-by1> <a
ggregate-by2>... ]
set vsys <name> reports <name> type tunnelsum group-by <action|app|category-of-a
pp|dst|risk-of-app|rule|src|subcategory-of-app|technology-of-app|container-of-ap
p|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-re
ceive_time|serial|vsys_name|device_name|tunnelid|monitortag|parent_session_id|pa
rent_start_time|tunnel|tunnel_insp_rule>
set vsys <name> reports <name> type tunnelsum values [ <values1> <values2>... ]
set vsys <name> reports <name> type tunnelsum labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type tunnelsum sortby <repeatcnt|bytes|bytes_sent
|bytes_received>
set vsys <name> reports <name> type userid
set vsys <name> reports <name> type userid aggregate-by [ <aggregate-by1> <aggr
egate-by2>... ]
set vsys <name> reports <name> type userid group-by <vsys|quarter-hour-of-receiv
e_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|ip|user|da
tasourcename|beginport|endport|datasource|datasourcetype|factortype|factorcomple
tiontime|factorno|subtype>
set vsys <name> reports <name> type userid values [ <values1> <values2>... ]
set vsys <name> reports <name> type userid labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type userid sortby <repeatcnt|factortype|factorco
mpletiontime>
set vsys <name> reports <name> type auth
set vsys <name> reports <name> type auth aggregate-by [ <aggregate-by1> <aggreg
ate-by2>... ]
set vsys <name> reports <name> type auth group-by <time_generated|vsys|quarter-h
our-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_na
me|ip|user|normalize_user|object|authpolicy|authid|vendor|clienttype|serverprofi
le|desc|event|factorno|authproto>
set vsys <name> reports <name> type auth values [ <values1> <values2>... ]
set vsys <name> reports <name> type auth labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type auth sortby <repeatcnt|vendor|time_generated
>
set vsys <name> reports <name> type hipmatch
set vsys <name> reports <name> type hipmatch aggregate-by [ <aggregate-by1> <ag
gregate-by2>... ]
set vsys <name> reports <name> type hipmatch values [ <values1> <values2>... ]
set vsys <name> reports <name> type hipmatch group-by <machinename|matchname|src
|srcipv6|srcuser|matchtype|vsys|device_name|vsys_name|os|quarter-hour-of-receive
_time|hour-of-receive_time|day-of-receive_time>
set vsys <name> reports <name> type hipmatch labels [ <labels1> <labels2>... ]
set vsys <name> reports <name> type hipmatch last-match-by <time_generated>
set vsys <name> reports <name> type hipmatch sortby <repeatcnt>
set vsys <name> report-group
set vsys <name> report-group <name>
set vsys <name> report-group <name> title-page <yes|no>
set vsys <name> report-group <name> predefined <user-activity-report|saas-applic
ation-usage-report>
set vsys <name> report-group <name> custom-widget
set vsys <name> report-group <name> custom-widget <name>
set vsys <name> report-group <name> custom-widget <name>
set vsys <name> report-group <name> custom-widget <name> custom-report <value>
set vsys <name> report-group <name> custom-widget <name> pdf-summary-report <val
ue>
set vsys <name> report-group <name> custom-widget <name> log-view <value>
set vsys <name> report-group <name> custom-widget <name> csv <value>
set vsys <name> report-group <name> all
set vsys <name> report-group <name> all entry
set vsys <name> report-group <name> all entry include-user-groups-info <yes|no>
set vsys <name> report-group <name> all entry user-groups [ <user-groups1> <use
r-groups2>... ]
set vsys <name> report-group <name> selected-zone
set vsys <name> report-group <name> selected-zone entry
set vsys <name> report-group <name> selected-zone entry include-user-groups-info
<yes|no>
set vsys <name> report-group <name> selected-zone entry user-groups [ <user-gro
ups1> <user-groups2>... ]
set vsys <name> report-group <name> selected-zone entry zone <value>
set vsys <name> report-group <name> selected-user-group
set vsys <name> report-group <name> selected-user-group entry
set vsys <name> report-group <name> selected-user-group entry user-group <value>
set vsys <name> report-group <name> variable
set vsys <name> report-group <name> variable <name>
set vsys <name> report-group <name> variable <name> value <value>
set vsys <name> pdf-summary-report
set vsys <name> pdf-summary-report <name>
set vsys <name> pdf-summary-report <name> header
set vsys <name> pdf-summary-report <name> header caption <value>
set vsys <name> pdf-summary-report <name> footer
set vsys <name> pdf-summary-report <name> footer note <value>
set vsys <name> pdf-summary-report <name> custom-widget
set vsys <name> pdf-summary-report <name> custom-widget <name>
set vsys <name> pdf-summary-report <name> custom-widget <name> chart-type <pie|l
ine|bar|table>
set vsys <name> pdf-summary-report <name> custom-widget <name> row <1-6>
set vsys <name> pdf-summary-report <name> custom-widget <name> column <1-3>
set vsys <name> email-scheduler
set vsys <name> email-scheduler <name>
set vsys <name> email-scheduler <name> report-group <value>
set vsys <name> email-scheduler <name> email-profile <value>
set vsys <name> email-scheduler <name> recipient-emails <value>
set vsys <name> email-scheduler <name> recurring
set vsys <name> email-scheduler <name> recurring disabled

set vsys <name> email-scheduler <name> recurring daily
set vsys <name> email-scheduler <name> recurring weekly <sunday|monday|tuesday|w
ednesday|thursday|friday|saturday>
set vsys <name> email-scheduler <name> recurring monthly <1-31>
set vsys <name> external-list
set vsys <name> external-list <name>
set vsys <name> external-list <name> type
set vsys <name> external-list <name> type predefined-ip
set vsys <name> external-list <name> type predefined-ip exception-list [ <excep
tion-list1> <exception-list2>... ]
set vsys <name> external-list <name> type predefined-ip description <value>
set vsys <name> external-list <name> type predefined-ip url <value>
set vsys <name> external-list <name> type ip
set vsys <name> external-list <name> type ip exception-list [ <exception-list1>
<exception-list2>... ]
set vsys <name> external-list <name> type ip description <value>
set vsys <name> external-list <name> type ip url <value>
set vsys <name> external-list <name> type ip certificate-profile <value>|<None>
set vsys <name> external-list <name> type ip auth
set vsys <name> external-list <name> type ip auth username <value>
set vsys <name> external-list <name> type ip auth password <value>
set vsys <name> external-list <name> type ip recurring
set vsys <name> external-list <name> type ip recurring
set vsys <name> external-list <name> type ip recurring hourly
set vsys <name> external-list <name> type ip recurring five-minute
set vsys <name> external-list <name> type ip recurring daily
set vsys <name> external-list <name> type ip recurring daily at <value>
set vsys <name> external-list <name> type ip recurring weekly
set vsys <name> external-list <name> type ip recurring weekly day-of-week <sunda
y|monday|tuesday|wednesday|thursday|friday|saturday>
set vsys <name> external-list <name> type ip recurring weekly at <value>
set vsys <name> external-list <name> type ip recurring monthly

set vsys <name> external-list <name> type ip recurring monthly day-of-month <1-3
1>
set vsys <name> external-list <name> type ip recurring monthly at <value>
set vsys <name> external-list <name> type domain
set vsys <name> external-list <name> type domain exception-list [ <exception-li
st1> <exception-list2>... ]
set vsys <name> external-list <name> type domain description <value>
set vsys <name> external-list <name> type domain url <value>
set vsys <name> external-list <name> type domain certificate-profile <value>|<No
ne>
set vsys <name> external-list <name> type domain auth
set vsys <name> external-list <name> type domain auth username <value>
set vsys <name> external-list <name> type domain auth password <value>
set vsys <name> external-list <name> type domain recurring
set vsys <name> external-list <name> type domain recurring
set vsys <name> external-list <name> type domain recurring hourly
set vsys <name> external-list <name> type domain recurring five-minute
set vsys <name> external-list <name> type domain recurring daily
set vsys <name> external-list <name> type domain recurring daily at <value>
set vsys <name> external-list <name> type domain recurring weekly
set vsys <name> external-list <name> type domain recurring weekly day-of-week <s
unday|monday|tuesday|wednesday|thursday|friday|saturday>
set vsys <name> external-list <name> type domain recurring weekly at <value>
set vsys <name> external-list <name> type domain recurring monthly
set vsys <name> external-list <name> type domain recurring monthly day-of-month
<1-31>
set vsys <name> external-list <name> type domain recurring monthly at <value>
set vsys <name> external-list <name> type url
set vsys <name> external-list <name> type url exception-list [ <exception-list1
> <exception-list2>... ]
set vsys <name> external-list <name> type url description <value>
set vsys <name> external-list <name> type url url <value>

set vsys <name> external-list <name> type url certificate-profile <value>|<None>
set vsys <name> external-list <name> type url auth
set vsys <name> external-list <name> type url auth username <value>
set vsys <name> external-list <name> type url auth password <value>
set vsys <name> external-list <name> type url recurring
set vsys <name> external-list <name> type url recurring
set vsys <name> external-list <name> type url recurring hourly
set vsys <name> external-list <name> type url recurring five-minute
set vsys <name> external-list <name> type url recurring daily
set vsys <name> external-list <name> type url recurring daily at <value>
set vsys <name> external-list <name> type url recurring weekly
set vsys <name> external-list <name> type url recurring weekly day-of-week <sund
ay|monday|tuesday|wednesday|thursday|friday|saturday>
set vsys <name> external-list <name> type url recurring weekly at <value>
set vsys <name> external-list <name> type url recurring monthly
set vsys <name> external-list <name> type url recurring monthly day-of-month <1-
31>
set vsys <name> external-list <name> type url recurring monthly at <value>
set vsys <name> address
set vsys <name> address <name>
set vsys <name> address <name> description <value>
set vsys <name> address <name>
set vsys <name> address <name> ip-netmask <ip/netmask>
set vsys <name> address <name> ip-range <ip-range>
set vsys <name> address <name> fqdn <value>
set vsys <name> address <name> tag [ <tag1> <tag2>... ]
set vsys <name> address-group
set vsys <name> address-group <name>
set vsys <name> address-group <name> description <value>
set vsys <name> address-group <name>
set vsys <name> address-group <name> static [ <static1> <static2>... ]
set vsys <name> address-group <name> dynamic

set vsys <name> address-group <name> dynamic filter <value>
set vsys <name> address-group <name> tag [ <tag1> <tag2>... ]
set vsys <name> schedule
set vsys <name> schedule <name>
set vsys <name> schedule <name> schedule-type
set vsys <name> schedule <name> schedule-type recurring
set vsys <name> schedule <name> schedule-type recurring weekly
set vsys <name> schedule <name> schedule-type recurring weekly sunday [ <sunday
1> <sunday2>... ]
set vsys <name> schedule <name> schedule-type recurring weekly monday [ <monday
1> <monday2>... ]
set vsys <name> schedule <name> schedule-type recurring weekly tuesday [ <tuesd
ay1> <tuesday2>... ]
set vsys <name> schedule <name> schedule-type recurring weekly wednesday [ <wed
nesday1> <wednesday2>... ]
set vsys <name> schedule <name> schedule-type recurring weekly thursday [ <thur
sday1> <thursday2>... ]
set vsys <name> schedule <name> schedule-type recurring weekly friday [ <friday
1> <friday2>... ]
set vsys <name> schedule <name> schedule-type recurring weekly saturday [ <satu
rday1> <saturday2>... ]
set vsys <name> schedule <name> schedule-type recurring daily [ <daily1> <daily
2>... ]
set vsys <name> schedule <name> schedule-type non-recurring [ <non-recurring1>
<non-recurring2>... ]
set vsys <name> threats
set vsys <name> threats vulnerability
set vsys <name> threats vulnerability <name>
set vsys <name> threats vulnerability <name> threatname <value>
set vsys <name> threats vulnerability <name> affected-host
set vsys <name> threats vulnerability <name> affected-host client <yes|no>
set vsys <name> threats vulnerability <name> affected-host server <yes|no>

set vsys <name> threats vulnerability <name> comment <value>
set vsys <name> threats vulnerability <name> severity <value>
set vsys <name> threats vulnerability <name> direction <value>
set vsys <name> threats vulnerability <name> default-action
set vsys <name> threats vulnerability <name> default-action alert
set vsys <name> threats vulnerability <name> default-action drop
set vsys <name> threats vulnerability <name> default-action reset-client
set vsys <name> threats vulnerability <name> default-action reset-server
set vsys <name> threats vulnerability <name> default-action reset-both
set vsys <name> threats vulnerability <name> default-action block-ip
set vsys <name> threats vulnerability <name> default-action block-ip track-by <s
ource|source-and-destination>
set vsys <name> threats vulnerability <name> default-action block-ip duration <1
-3600>
set vsys <name> threats vulnerability <name> default-action allow
set vsys <name> threats vulnerability <name> cve [ <cve1> <cve2>... ]
set vsys <name> threats vulnerability <name> bugtraq [ <bugtraq1> <bugtraq2>...
set vsys <name> threats vulnerability <name> vendor [ <vendor1> <vendor2>... ]
set vsys <name> threats vulnerability <name> reference [ <reference1> <referenc
e2>... ]
set vsys <name> threats vulnerability <name> signature
set vsys <name> threats vulnerability <name> signature standard
set vsys <name> threats vulnerability <name> signature standard <name>
set vsys <name> threats vulnerability <name> signature standard <name> comment <
value>
set vsys <name> threats vulnerability <name> signature standard <name> scope <pr
otocol-data-unit|session>
set vsys <name> threats vulnerability <name> signature standard <name> order-fre
e <yes|no>
set vsys <name> threats vulnerability <name> signature standard <name> and-condi
tion
tion <name>
tion <name> or-condition
tion <name> or-condition <name>
tion <name> or-condition <name> operator
tion <name> or-condition <name> operator less-than
tion <name> or-condition <name> operator less-than context <value>
tion <name> or-condition <name> operator less-than value <0-4294967295>
tion <name> or-condition <name> operator less-than qualifier
tion <name> or-condition <name> operator less-than qualifier <name>
tion <name> or-condition <name> operator less-than qualifier <name> value <1-127
>|<value>
tion <name> or-condition <name> operator equal-to
tion <name> or-condition <name> operator equal-to context <value>
tion <name> or-condition <name> operator equal-to value <0-4294967295>
tion <name> or-condition <name> operator equal-to qualifier
tion <name> or-condition <name> operator equal-to qualifier <name>
tion <name> or-condition <name> operator equal-to qualifier <name> value <1-127>
|<value>
tion <name> or-condition <name> operator greater-than
tion <name> or-condition <name> operator greater-than context <value>
tion <name> or-condition <name> operator greater-than value <0-4294967295>
tion <name> or-condition <name> operator greater-than qualifier
tion <name> or-condition <name> operator greater-than qualifier <name>
tion <name> or-condition <name> operator greater-than qualifier <name> value <1-
127>|<value>
tion <name> or-condition <name> operator pattern-match
tion <name> or-condition <name> operator pattern-match context <value>
tion <name> or-condition <name> operator pattern-match pattern <value>
tion <name> or-condition <name> operator pattern-match negate <yes|no>
tion <name> or-condition <name> operator pattern-match qualifier
tion <name> or-condition <name> operator pattern-match qualifier <name>
tion <name> or-condition <name> operator pattern-match qualifier <name> value <1
-127>|<value>
set vsys <name> threats vulnerability <name> signature combination
set vsys <name> threats vulnerability <name> signature combination time-attribut

e
e interval <1-3600>
e threshold <1-255>
e track-by <source|destination|source-and-destination>
set vsys <name> threats vulnerability <name> signature combination order-free <y
es|no>
set vsys <name> threats vulnerability <name> signature combination and-condition
<name>
<name> or-condition
<name> or-condition <name> threat-id <value>
set vsys <name> threats spyware
set vsys <name> threats spyware <name>
set vsys <name> threats spyware <name> threatname <value>
set vsys <name> threats spyware <name> comment <value>
set vsys <name> threats spyware <name> severity <value>
set vsys <name> threats spyware <name> direction <value>
set vsys <name> threats spyware <name> default-action
set vsys <name> threats spyware <name> default-action alert
set vsys <name> threats spyware <name> default-action drop
set vsys <name> threats spyware <name> default-action reset-client
set vsys <name> threats spyware <name> default-action reset-server
set vsys <name> threats spyware <name> default-action reset-both
set vsys <name> threats spyware <name> default-action block-ip

set vsys <name> threats spyware <name> default-action block-ip track-by <source|
source-and-destination>
set vsys <name> threats spyware <name> default-action block-ip duration <1-3600>
set vsys <name> threats spyware <name> default-action allow
set vsys <name> threats spyware <name> cve [ <cve1> <cve2>... ]
set vsys <name> threats spyware <name> bugtraq [ <bugtraq1> <bugtraq2>... ]
set vsys <name> threats spyware <name> vendor [ <vendor1> <vendor2>... ]
set vsys <name> threats spyware <name> reference [ <reference1> <reference2>...
set vsys <name> threats spyware <name> signature
set vsys <name> threats spyware <name> signature standard
set vsys <name> threats spyware <name> signature standard <name>
set vsys <name> threats spyware <name> signature standard <name> comment <value>
set vsys <name> threats spyware <name> signature standard <name> scope <protocol
-data-unit|session>
set vsys <name> threats spyware <name> signature standard <name> order-free <yes
|no>
set vsys <name> threats spyware <name> signature standard <name> and-condition
set vsys <name> threats spyware <name> signature standard <name> and-condition <
name>
name> or-condition
name> or-condition <name>
name> or-condition <name> operator
name> or-condition <name> operator less-than
name> or-condition <name> operator less-than value <0-4294967295>
name> or-condition <name> operator less-than context <value>

name> or-condition <name> operator less-than qualifier
name> or-condition <name> operator less-than qualifier <name>
name> or-condition <name> operator less-than qualifier <name> value <1-127>|<val
ue>
name> or-condition <name> operator equal-to
name> or-condition <name> operator equal-to value <0-4294967295>
name> or-condition <name> operator equal-to context <value>
name> or-condition <name> operator equal-to qualifier
name> or-condition <name> operator equal-to qualifier <name>
name> or-condition <name> operator equal-to qualifier <name> value <1-127>|<valu
e>
name> or-condition <name> operator greater-than
name> or-condition <name> operator greater-than value <0-4294967295>
name> or-condition <name> operator greater-than context <value>
name> or-condition <name> operator greater-than qualifier
name> or-condition <name> operator greater-than qualifier <name>
name> or-condition <name> operator greater-than qualifier <name> value <1-127>|<

value>
name> or-condition <name> operator pattern-match
name> or-condition <name> operator pattern-match pattern <value>
name> or-condition <name> operator pattern-match context <value>
name> or-condition <name> operator pattern-match negate <yes|no>
name> or-condition <name> operator pattern-match qualifier
name> or-condition <name> operator pattern-match qualifier <name>
name> or-condition <name> operator pattern-match qualifier <name> value <1-127>|
<value>
set vsys <name> threats spyware <name> signature combination
set vsys <name> threats spyware <name> signature combination time-attribute
set vsys <name> threats spyware <name> signature combination time-attribute inte
rval <1-3600>
set vsys <name> threats spyware <name> signature combination time-attribute thre
shold <1-255>
set vsys <name> threats spyware <name> signature combination time-attribute trac
k-by <source|destination|source-and-destination>
set vsys <name> threats spyware <name> signature combination order-free <yes|no>
set vsys <name> threats spyware <name> signature combination and-condition
set vsys <name> threats spyware <name> signature combination and-condition <name
>
> or-condition
> or-condition <name>

> or-condition <name> threat-id <value>
set vsys <name> application
set vsys <name> application <name>
set vsys <name> application <name> default
set vsys <name> application <name> default port [ <port1> <port2>... ]
set vsys <name> application <name> default ident-by-ip-protocol <0-255,...>
set vsys <name> application <name> default ident-by-icmp-type
set vsys <name> application <name> default ident-by-icmp-type type <0-255,...>
set vsys <name> application <name> default ident-by-icmp-type code <0-255,...>
set vsys <name> application <name> default ident-by-icmp6-type
set vsys <name> application <name> default ident-by-icmp6-type type <0-255,...>
set vsys <name> application <name> default ident-by-icmp6-type code <0-255,...>
set vsys <name> application <name> category <value>
set vsys <name> application <name> subcategory <value>
set vsys <name> application <name> technology <value>
set vsys <name> application <name> description <value>
set vsys <name> application <name> timeout <0-604800>
set vsys <name> application <name> tcp-timeout <0-604800>
set vsys <name> application <name> udp-timeout <0-604800>
set vsys <name> application <name> tcp-half-closed-timeout <1-604800>
set vsys <name> application <name> tcp-time-wait-timeout <1-600>
set vsys <name> application <name> risk <1-5>
set vsys <name> application <name> evasive-behavior <yes|no>
set vsys <name> application <name> consume-big-bandwidth <yes|no>
set vsys <name> application <name> used-by-malware <yes|no>
set vsys <name> application <name> able-to-transfer-file <yes|no>
set vsys <name> application <name> has-known-vulnerability <yes|no>
set vsys <name> application <name> tunnel-other-application <yes|no>
set vsys <name> application <name> tunnel-applications <yes|no>
set vsys <name> application <name> prone-to-misuse <yes|no>
set vsys <name> application <name> pervasive-use <yes|no>

set vsys <name> application <name> file-type-ident <yes|no>
set vsys <name> application <name> virus-ident <yes|no>
set vsys <name> application <name> data-ident <yes|no>
set vsys <name> application <name> no-appid-caching <yes|no>
set vsys <name> application <name> alg-disable-capability <value>
set vsys <name> application <name> parent-app <value>
set vsys <name> application <name> signature
set vsys <name> application <name> signature <name>
set vsys <name> application <name> signature <name> comment <value>
set vsys <name> application <name> signature <name> scope <protocol-data-unit|se
ssion>
set vsys <name> application <name> signature <name> order-free <yes|no>
set vsys <name> application <name> signature <name> and-condition
set vsys <name> application <name> signature <name> and-condition <name>
set vsys <name> application <name> signature <name> and-condition <name> or-cond
ition
ition <name>
ition <name> operator
ition <name> operator pattern-match
ition <name> operator pattern-match context <value>
ition <name> operator pattern-match pattern <value>
ition <name> operator pattern-match qualifier
ition <name> operator pattern-match qualifier <name>
ition <name> operator pattern-match qualifier <name> value <1-127>|<value>

ition <name> operator greater-than
ition <name> operator greater-than context <value>
ition <name> operator greater-than value <0-4294967295>
ition <name> operator greater-than qualifier
ition <name> operator greater-than qualifier <name>
ition <name> operator greater-than qualifier <name> value <1-127>|<value>
ition <name> operator less-than
ition <name> operator less-than context <value>
ition <name> operator less-than value <0-4294967295>
ition <name> operator less-than qualifier
ition <name> operator less-than qualifier <name>
ition <name> operator less-than qualifier <name> value <1-127>|<value>
ition <name> operator equal-to
ition <name> operator equal-to context <value>|<unknown-req-tcp|unknown-rsp-tcp|
unknown-req-udp|unknown-rsp-udp>
ition <name> operator equal-to position <value>
ition <name> operator equal-to mask <value>
ition <name> operator equal-to value <value>
set vsys <name> application-tag
set vsys <name> application-tag <name>
set vsys <name> application-tag <name> tag [ <tag1> <tag2>... ]
set vsys <name> application-filter
set vsys <name> application-filter <name>
set vsys <name> application-filter <name> category [ <category1> <category2>...
set vsys <name> application-filter <name> subcategory [ <subcategory1> <subcate
gory2>... ]
set vsys <name> application-filter <name> technology [ <technology1> <technolog
y2>... ]
set vsys <name> application-filter <name> evasive <yes>
set vsys <name> application-filter <name> excessive-bandwidth-use <yes>
set vsys <name> application-filter <name> used-by-malware <yes>
set vsys <name> application-filter <name> transfers-files <yes>
set vsys <name> application-filter <name> has-known-vulnerabilities <yes>
set vsys <name> application-filter <name> tunnels-other-apps <yes>
set vsys <name> application-filter <name> prone-to-misuse <yes>
set vsys <name> application-filter <name> pervasive <yes>
set vsys <name> application-filter <name> is-saas <yes>
set vsys <name> application-filter <name> new-appid <yes>
set vsys <name> application-filter <name> risk [ <risk1> <risk2>... ]
set vsys <name> application-filter <name> saas-certifications [ <saas-certifica
tions1> <saas-certifications2>... ]
set vsys <name> application-filter <name> saas-risk [ <saas-risk1> <saas-risk2>
... ]
set vsys <name> application-group
set vsys <name> application-group <name>
set vsys <name> application-group <name> members [ <members1> <members2>... ]

set vsys <name> region
set vsys <name> region <name>
set vsys <name> region <name> geo-location
set vsys <name> region <name> geo-location latitude <float>
set vsys <name> region <name> geo-location longitude <float>
set vsys <name> region <name> address [ <address1> <address2>... ]
set vsys <name> tag
set vsys <name> tag <name>
set vsys <name> tag <name> color <color1|color2|color3|color4|color5|color6|colo
r7|color8|color9|color10|color11|color12|color13|color14|color15|color16|color17
|color19|color20|color21|color22|color23|color24|color25|color26|color27|color28
|color29|color30|color31|color32|color33|color34|color35|color36|color37|color38
|color39|color40|color41|color42>
set vsys <name> tag <name> comments <value>
set vsys <name> authentication-object
set vsys <name> authentication-object <name>
set vsys <name> authentication-object <name> authentication-method <web-form|no-
captive-portal|browser-challenge>
set vsys <name> authentication-object <name> authentication-profile <value>
set vsys <name> authentication-object <name> message <value>
set vsys <name> rulebase
set vsys <name> rulebase security
set vsys <name> rulebase security rules
set vsys <name> rulebase security rules <name>
set vsys <name> rulebase security rules <name> from [ <from1> <from2>... ]
set vsys <name> rulebase security rules <name> to [ <to1> <to2>... ]
set vsys <name> rulebase security rules <name> source [ <source1> <source2>...
set vsys <name> rulebase security rules <name> source-user [ <source-user1> <so
urce-user2>... ]
set vsys <name> rulebase security rules <name> destination [ <destination1> <de
stination2>... ]
set vsys <name> rulebase security rules <name> service [ <service1> <service2>.
.. ]
set vsys <name> rulebase security rules <name> category [ <category1> <category
2>... ]
set vsys <name> rulebase security rules <name> application [ <application1> <ap
plication2>... ]
set vsys <name> rulebase security rules <name> schedule <value>
set vsys <name> rulebase security rules <name> tag [ <tag1> <tag2>... ]
set vsys <name> rulebase security rules <name> negate-source <yes|no>
set vsys <name> rulebase security rules <name> negate-destination <yes|no>
set vsys <name> rulebase security rules <name> disabled <yes|no>
set vsys <name> rulebase security rules <name> description <value>
set vsys <name> rulebase security rules <name> hip-profiles [ <hip-profiles1> <
hip-profiles2>... ]
set vsys <name> rulebase security rules <name> action <deny|allow|drop|reset-cli
ent|reset-server|reset-both>
set vsys <name> rulebase security rules <name> icmp-unreachable <yes|no>
set vsys <name> rulebase security rules <name> rule-type <universal|intrazone|in
terzone>
set vsys <name> rulebase security rules <name> option
set vsys <name> rulebase security rules <name> option disable-server-response-in
spection <yes|no>
set vsys <name> rulebase security rules <name> log-setting <value>
set vsys <name> rulebase security rules <name> log-start <yes|no>
set vsys <name> rulebase security rules <name> log-end <yes|no>
set vsys <name> rulebase security rules <name> profile-setting
set vsys <name> rulebase security rules <name> profile-setting profiles
set vsys <name> rulebase security rules <name> profile-setting profiles url-filt
ering [ <url-filtering1> <url-filtering2>... ]
set vsys <name> rulebase security rules <name> profile-setting profiles data-fil
tering [ <data-filtering1> <data-filtering2>... ]
set vsys <name> rulebase security rules <name> profile-setting profiles file-blo
cking [ <file-blocking1> <file-blocking2>... ]
set vsys <name> rulebase security rules <name> profile-setting profiles wildfire
-analysis [ <wildfire-analysis1> <wildfire-analysis2>... ]
set vsys <name> rulebase security rules <name> profile-setting profiles virus [
<virus1> <virus2>... ]
set vsys <name> rulebase security rules <name> profile-setting profiles spyware
[ <spyware1> <spyware2>... ]
set vsys <name> rulebase security rules <name> profile-setting profiles vulnerab
ility [ <vulnerability1> <vulnerability2>... ]
set vsys <name> rulebase security rules <name> profile-setting group [ <group1>
<group2>... ]
set vsys <name> rulebase security rules <name> qos
set vsys <name> rulebase security rules <name> qos marking
set vsys <name> rulebase security rules <name> qos marking ip-dscp <value>|<ef|a
f11|af12|af13|af21|af22|af23|af31|af32|af33|af41|af42|af43|cs0|cs1|cs2|cs3|cs4|c
s5|cs6|cs7>
set vsys <name> rulebase security rules <name> qos marking ip-precedence <value>
|<cs0|cs1|cs2|cs3|cs4|cs5|cs6|cs7>
set vsys <name> rulebase security rules <name> qos marking follow-c2s-flow
set vsys <name> rulebase default-security-rules
set vsys <name> rulebase default-security-rules rules
set vsys <name> rulebase default-security-rules rules <name>
set vsys <name> rulebase default-security-rules rules <name> tag [ <tag1> <tag2
>... ]
set vsys <name> rulebase default-security-rules rules <name> log-setting <value>
set vsys <name> rulebase default-security-rules rules <name> log-start <yes|no>
set vsys <name> rulebase default-security-rules rules <name> log-end <yes|no>
set vsys <name> rulebase default-security-rules rules <name> profile-setting
set vsys <name> rulebase default-security-rules rules <name> profile-setting pro
files
files url-filtering [ <url-filtering1> <url-filtering2>... ]

files data-filtering [ <data-filtering1> <data-filtering2>... ]
files file-blocking [ <file-blocking1> <file-blocking2>... ]
files wildfire-analysis [ <wildfire-analysis1> <wildfire-analysis2>... ]
files virus [ <virus1> <virus2>... ]
files spyware [ <spyware1> <spyware2>... ]
files vulnerability [ <vulnerability1> <vulnerability2>... ]
set vsys <name> rulebase default-security-rules rules <name> profile-setting gro
up [ <group1> <group2>... ]
set vsys <name> rulebase default-security-rules rules <name> action <deny|allow|
drop|reset-client|reset-server|reset-both>
set vsys <name> rulebase default-security-rules rules <name> icmp-unreachable <y
es|no>
set vsys <name> rulebase application-override
set vsys <name> rulebase application-override rules
set vsys <name> rulebase application-override rules <name>
set vsys <name> rulebase application-override rules <name> from [ <from1> <from
2>... ]
set vsys <name> rulebase application-override rules <name> to [ <to1> <to2>...
set vsys <name> rulebase application-override rules <name> source [ <source1> <
source2>... ]
set vsys <name> rulebase application-override rules <name> source-user [ <sourc
e-user1> <source-user2>... ]
set vsys <name> rulebase application-override rules <name> destination [ <desti
nation1> <destination2>... ]
set vsys <name> rulebase application-override rules <name> tag [ <tag1> <tag2>.
.. ]
set vsys <name> rulebase application-override rules <name> negate-source <yes|no
>
set vsys <name> rulebase application-override rules <name> negate-destination <y
es|no>
set vsys <name> rulebase application-override rules <name> disabled <yes|no>
set vsys <name> rulebase application-override rules <name> description <value>
set vsys <name> rulebase application-override rules <name> protocol <tcp|udp>
set vsys <name> rulebase application-override rules <name> port <0-65535,...>
set vsys <name> rulebase application-override rules <name> application <value>
set vsys <name> rulebase decryption
set vsys <name> rulebase decryption rules
set vsys <name> rulebase decryption rules <name>
set vsys <name> rulebase decryption rules <name> from [ <from1> <from2>... ]
set vsys <name> rulebase decryption rules <name> to [ <to1> <to2>... ]
set vsys <name> rulebase decryption rules <name> source [ <source1> <source2>..
.]
set vsys <name> rulebase decryption rules <name> source-user [ <source-user1> <
source-user2>... ]
set vsys <name> rulebase decryption rules <name> destination [ <destination1> <
destination2>... ]
set vsys <name> rulebase decryption rules <name> tag [ <tag1> <tag2>... ]
set vsys <name> rulebase decryption rules <name> negate-source <yes|no>
set vsys <name> rulebase decryption rules <name> negate-destination <yes|no>
set vsys <name> rulebase decryption rules <name> disabled <yes|no>
set vsys <name> rulebase decryption rules <name> description <value>
set vsys <name> rulebase decryption rules <name> service [ <service1> <service2
>... ]
set vsys <name> rulebase decryption rules <name> category [ <category1> <catego
ry2>... ]
set vsys <name> rulebase decryption rules <name> action <no-decrypt|decrypt|decr
ypt-and-forward>
set vsys <name> rulebase decryption rules <name> type
set vsys <name> rulebase decryption rules <name> type ssl-forward-proxy
set vsys <name> rulebase decryption rules <name> type ssh-proxy
set vsys <name> rulebase decryption rules <name> type ssl-inbound-inspection <va
lue>
set vsys <name> rulebase decryption rules <name> profile <value>
set vsys <name> rulebase decryption rules <name> forwarding-profile <value>
set vsys <name> rulebase authentication
set vsys <name> rulebase authentication rules
set vsys <name> rulebase authentication rules <name>
set vsys <name> rulebase authentication rules <name> from [ <from1> <from2>...
set vsys <name> rulebase authentication rules <name> to [ <to1> <to2>... ]
set vsys <name> rulebase authentication rules <name> source [ <source1> <source
2>... ]
set vsys <name> rulebase authentication rules <name> source-user [ <source-user
1> <source-user2>... ]
set vsys <name> rulebase authentication rules <name> destination [ <destination
1> <destination2>... ]
set vsys <name> rulebase authentication rules <name> tag [ <tag1> <tag2>... ]
set vsys <name> rulebase authentication rules <name> negate-source <yes|no>
set vsys <name> rulebase authentication rules <name> negate-destination <yes|no>
set vsys <name> rulebase authentication rules <name> disabled <yes|no>
set vsys <name> rulebase authentication rules <name> description <value>
set vsys <name> rulebase authentication rules <name> service [ <service1> <serv
ice2>... ]
set vsys <name> rulebase authentication rules <name> category [ <category1> <ca
tegory2>... ]
set vsys <name> rulebase authentication rules <name> hip-profiles [ <hip-profil
es1> <hip-profiles2>... ]
set vsys <name> rulebase authentication rules <name> authentication-enforcement
<value>
set vsys <name> rulebase authentication rules <name> log-setting <value>
set vsys <name> rulebase authentication rules <name> timeout <1-1440>
set vsys <name> rulebase authentication rules <name> log-authentication-timeout
<yes|no>
set vsys <name> rulebase tunnel-inspect
set vsys <name> rulebase tunnel-inspect rules
set vsys <name> rulebase tunnel-inspect rules <name>
set vsys <name> rulebase tunnel-inspect rules <name> from [ <from1> <from2>...
set vsys <name> rulebase tunnel-inspect rules <name> to [ <to1> <to2>... ]
set vsys <name> rulebase tunnel-inspect rules <name> source [ <source1> <source
2>... ]
set vsys <name> rulebase tunnel-inspect rules <name> source-user [ <source-user
1> <source-user2>... ]
set vsys <name> rulebase tunnel-inspect rules <name> destination [ <destination
1> <destination2>... ]
set vsys <name> rulebase tunnel-inspect rules <name> tag [ <tag1> <tag2>... ]
set vsys <name> rulebase tunnel-inspect rules <name> negate-source <yes|no>
set vsys <name> rulebase tunnel-inspect rules <name> negate-destination <yes|no>
set vsys <name> rulebase tunnel-inspect rules <name> disabled <yes|no>
set vsys <name> rulebase tunnel-inspect rules <name> description <value>
set vsys <name> rulebase tunnel-inspect rules <name> application [ <application
1> <application2>... ]
set vsys <name> rulebase tunnel-inspect rules <name> inspect-options
set vsys <name> rulebase tunnel-inspect rules <name> inspect-options max-level-i
nspection <1|2>
set vsys <name> rulebase tunnel-inspect rules <name> inspect-options drop-over-m
ax <yes|no>
set vsys <name> rulebase tunnel-inspect rules <name> inspect-options drop-unknow
n-protocol <yes|no>
set vsys <name> rulebase tunnel-inspect rules <name> inspect-options drop-strict
-checking <yes|no>
set vsys <name> rulebase tunnel-inspect rules <name> zone-assign
set vsys <name> rulebase tunnel-inspect rules <name> zone-assign source [ <sour
ce1> <source2>... ]
set vsys <name> rulebase tunnel-inspect rules <name> zone-assign destination [
<destination1> <destination2>... ]
set vsys <name> rulebase tunnel-inspect rules <name> monitor-options
set vsys <name> rulebase tunnel-inspect rules <name> monitor-options monitor-nam
e <value>
set vsys <name> rulebase tunnel-inspect rules <name> monitor-options monitor-id
<1-16777215>
set vsys <name> rulebase tunnel-inspect rules <name> monitor-options log-setting
-override
-override enable <yes|no>
-override log-setting <value>
-override log-start <yes|no>
-override log-end <yes|no>
set vsys <name> rulebase nat
set vsys <name> rulebase nat rules
set vsys <name> rulebase nat rules <name>
set vsys <name> rulebase nat rules <name> from [ <from1> <from2>... ]
set vsys <name> rulebase nat rules <name> to [ <to1> <to2>... ]
set vsys <name> rulebase nat rules <name> source [ <source1> <source2>... ]
set vsys <name> rulebase nat rules <name> destination [ <destination1> <destina
tion2>... ]
set vsys <name> rulebase nat rules <name> service <value>
set vsys <name> rulebase nat rules <name> nat-type <ipv4|nat64|nptv6>
set vsys <name> rulebase nat rules <name> to-interface <value>|<any>
set vsys <name> rulebase nat rules <name> source-translation

set vsys <name> rulebase nat rules <name> source-translation
set vsys <name> rulebase nat rules <name> source-translation dynamic-ip-and-port
translated-address [ <translated-address1> <translated-address2>... ]
interface-address
interface-address interface <value>
interface-address
interface-address ip <value>
interface-address floating-ip <value>
set vsys <name> rulebase nat rules <name> source-translation dynamic-ip
set vsys <name> rulebase nat rules <name> source-translation dynamic-ip translat
ed-address [ <translated-address1> <translated-address2>... ]
set vsys <name> rulebase nat rules <name> source-translation dynamic-ip fallback
translated-address [ <translated-address1> <translated-address2>... ]
interface-address
interface-address interface <value>
interface-address
interface-address ip <value>
interface-address floating-ip <value>
set vsys <name> rulebase nat rules <name> source-translation static-ip
set vsys <name> rulebase nat rules <name> source-translation static-ip translate
d-address <value>|<ip/netmask>|<ip-range>
set vsys <name> rulebase nat rules <name> source-translation static-ip bi-direct
ional <yes|no>
set vsys <name> rulebase nat rules <name>
set vsys <name> rulebase nat rules <name> destination-translation
set vsys <name> rulebase nat rules <name> destination-translation translated-add
ress <value>|<ip/netmask>|<ip-range>
set vsys <name> rulebase nat rules <name> destination-translation translated-por
t <1-65535>
set vsys <name> rulebase nat rules <name> dynamic-destination-translation
set vsys <name> rulebase nat rules <name> dynamic-destination-translation transl
ated-address <value>|<ip/netmask>|<ip-range>
set vsys <name> rulebase nat rules <name> dynamic-destination-translation transl
ated-port <1-65535>
set vsys <name> rulebase nat rules <name> dynamic-destination-translation distri
bution <round-robin>
set vsys <name> rulebase nat rules <name> active-active-device-binding <primary|
both|0|1>
set vsys <name> rulebase nat rules <name> tag [ <tag1> <tag2>... ]
set vsys <name> rulebase nat rules <name> disabled <yes|no>
set vsys <name> rulebase nat rules <name> description <value>
set vsys <name> rulebase qos
set vsys <name> rulebase qos rules
set vsys <name> rulebase qos rules <name>
set vsys <name> rulebase qos rules <name> from [ <from1> <from2>... ]
set vsys <name> rulebase qos rules <name> to [ <to1> <to2>... ]

set vsys <name> rulebase qos rules <name> source [ <source1> <source2>... ]
set vsys <name> rulebase qos rules <name> source-user [ <source-user1> <source-
user2>... ]
set vsys <name> rulebase qos rules <name> destination [ <destination1> <destina
tion2>... ]
set vsys <name> rulebase qos rules <name> service [ <service1> <service2>... ]
set vsys <name> rulebase qos rules <name> category [ <category1> <category2>...
set vsys <name> rulebase qos rules <name> application [ <application1> <applica
tion2>... ]
set vsys <name> rulebase qos rules <name> schedule <value>
set vsys <name> rulebase qos rules <name> tag [ <tag1> <tag2>... ]
set vsys <name> rulebase qos rules <name> negate-source <yes|no>
set vsys <name> rulebase qos rules <name> negate-destination <yes|no>
set vsys <name> rulebase qos rules <name> disabled <yes|no>
set vsys <name> rulebase qos rules <name> description <value>
set vsys <name> rulebase qos rules <name> dscp-tos
set vsys <name> rulebase qos rules <name> dscp-tos any
set vsys <name> rulebase qos rules <name> dscp-tos codepoints
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name>
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name>
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> ef
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> ef codepoin
t <ef>
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> af
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> af codepoin
t <af11|af12|af13|af21|af22|af23|af31|af32|af33|af41|af42|af43>
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> cs
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> cs codepoin
t <cs0|cs1|cs2|cs3|cs4|cs5|cs6|cs7>
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> tos
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> tos codepoi
nt <cs0|cs1|cs2|cs3|cs4|cs5|cs6|cs7>
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> custom
set vsys <name> rulebase qos rules <name> dscp-tos codepoints <name> custom code
point
point name <value>
point value <value>
set vsys <name> rulebase qos rules <name> action
set vsys <name> rulebase qos rules <name> action class <1|2|3|4|5|6|7|8>
set vsys <name> rulebase pbf
set vsys <name> rulebase pbf rules
set vsys <name> rulebase pbf rules <name>
set vsys <name> rulebase pbf rules <name> from
set vsys <name> rulebase pbf rules <name> from
set vsys <name> rulebase pbf rules <name> from zone [ <zone1> <zone2>... ]
set vsys <name> rulebase pbf rules <name> from interface [ <interface1> <interf
ace2>... ]
set vsys <name> rulebase pbf rules <name> source [ <source1> <source2>... ]
set vsys <name> rulebase pbf rules <name> source-user [ <source-user1> <source-
user2>... ]
set vsys <name> rulebase pbf rules <name> destination [ <destination1> <destina
tion2>... ]
set vsys <name> rulebase pbf rules <name> service [ <service1> <service2>... ]
set vsys <name> rulebase pbf rules <name> schedule <value>
set vsys <name> rulebase pbf rules <name> tag [ <tag1> <tag2>... ]
set vsys <name> rulebase pbf rules <name> negate-source <yes|no>
set vsys <name> rulebase pbf rules <name> negate-destination <yes|no>
set vsys <name> rulebase pbf rules <name> disabled <yes|no>
set vsys <name> rulebase pbf rules <name> description <value>
set vsys <name> rulebase pbf rules <name> application [ <application1> <applica
tion2>... ]
set vsys <name> rulebase pbf rules <name> action
set vsys <name> rulebase pbf rules <name> action
set vsys <name> rulebase pbf rules <name> action forward
set vsys <name> rulebase pbf rules <name> action forward egress-interface <value
>
set vsys <name> rulebase pbf rules <name> action forward nexthop
set vsys <name> rulebase pbf rules <name> action forward nexthop ip-address <ip/
netmask>
set vsys <name> rulebase pbf rules <name> action forward monitor
set vsys <name> rulebase pbf rules <name> action forward monitor profile <value>
set vsys <name> rulebase pbf rules <name> action forward monitor disable-if-unre
achable <yes|no>
set vsys <name> rulebase pbf rules <name> action forward monitor ip-address <ip/
netmask>
set vsys <name> rulebase pbf rules <name> action forward-to-vsys <value>
set vsys <name> rulebase pbf rules <name> action discard
set vsys <name> rulebase pbf rules <name> action no-pbf
set vsys <name> rulebase pbf rules <name> enforce-symmetric-return
set vsys <name> rulebase pbf rules <name> enforce-symmetric-return enabled <yes|
no>
set vsys <name> rulebase pbf rules <name> enforce-symmetric-return nexthop-addre
ss-list
set vsys <name> rulebase pbf rules <name> enforce-symmetric-return nexthop-addre
ss-list <name>
set vsys <name> rulebase pbf rules <name> active-active-device-binding <both|0|1
>
set vsys <name> rulebase dos
set vsys <name> rulebase dos rules
set vsys <name> rulebase dos rules <name>
set vsys <name> rulebase dos rules <name> from
set vsys <name> rulebase dos rules <name> from
set vsys <name> rulebase dos rules <name> from zone [ <zone1> <zone2>... ]
set vsys <name> rulebase dos rules <name> from interface [ <interface1> <interf
ace2>... ]
set vsys <name> rulebase dos rules <name> to
set vsys <name> rulebase dos rules <name> to
set vsys <name> rulebase dos rules <name> to zone [ <zone1> <zone2>... ]
set vsys <name> rulebase dos rules <name> to interface [ <interface1> <interfac
e2>... ]
set vsys <name> rulebase dos rules <name> source [ <source1> <source2>... ]
set vsys <name> rulebase dos rules <name> source-user [ <source-user1> <source-
user2>... ]
set vsys <name> rulebase dos rules <name> destination [ <destination1> <destina
tion2>... ]
set vsys <name> rulebase dos rules <name> service [ <service1> <service2>... ]
set vsys <name> rulebase dos rules <name> schedule <value>
set vsys <name> rulebase dos rules <name> tag [ <tag1> <tag2>... ]
set vsys <name> rulebase dos rules <name> negate-source <yes|no>
set vsys <name> rulebase dos rules <name> negate-destination <yes|no>
set vsys <name> rulebase dos rules <name> disabled <yes|no>
set vsys <name> rulebase dos rules <name> description <value>
set vsys <name> rulebase dos rules <name> protection
set vsys <name> rulebase dos rules <name> protection aggregate
set vsys <name> rulebase dos rules <name> protection aggregate profile <value>
set vsys <name> rulebase dos rules <name> protection classified
set vsys <name> rulebase dos rules <name> protection classified profile <value>
set vsys <name> rulebase dos rules <name> protection classified classification-c
riteria
set vsys <name> rulebase dos rules <name> protection classified classification-c
riteria address <source-ip-only|destination-ip-only|src-dest-ip-both>
set vsys <name> rulebase dos rules <name> action
set vsys <name> rulebase dos rules <name> action
set vsys <name> rulebase dos rules <name> action deny
set vsys <name> rulebase dos rules <name> action allow

set vsys <name> rulebase dos rules <name> action protect
set vsys <name> rulebase dos rules <name> log-setting <value>

Pan Os 81 Cli Commands

Uploaded by

Copyright:

Available Formats

Pan Os 81 Cli Commands

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pan Os 81 Cli Commands

Uploaded by

Copyright:

Available Formats

PAN-OS 8.

check data-access-passwd system

save config to <value> partial shared-object <excluded> device-and-network <excluded> no-vsys

revert config partial shared-object <excluded> device-and-network <excluded> no-vsys

load config key <value>|<default> from <value>

load config key <value>|<default> version <value>|<1-1048576>

load config key <value>|<default> last-saved

commit description <value> partial device-and-network <excluded> shared-object <

excluded> admin [ <admin1> <admin2>... ]

commit description <value> partial device-and-network <excluded> shared-object <

commit description <value> partial device-and-network <excluded> shared-object <

excluded> vsys [ <vsys1> <vsys2>... ]

validate partial device-and-network <excluded> shared-object <excluded> admin [

validate partial device-and-network <excluded> shared-object <excluded> no-vsys

find command keyword <value>

show deviceconfig system

show deviceconfig system type

show deviceconfig system type

show deviceconfig system type static

show deviceconfig system type dhcp-client

show deviceconfig system dns-setting

show deviceconfig system dns-setting

show deviceconfig system dns-setting servers

show deviceconfig system ntp-servers

show deviceconfig system ntp-servers primary-ntp-server

show deviceconfig system ntp-servers primary-ntp-server authentication-type

show deviceconfig system ntp-servers primary-ntp-server authentication-type none

show deviceconfig system ntp-servers primary-ntp-server authentication-type symm

show deviceconfig system ntp-servers primary-ntp-server authentication-type symm

show deviceconfig system ntp-servers primary-ntp-server authentication-type symm

etric-key algorithm md5

show deviceconfig system ntp-servers primary-ntp-server authentication-type symm

etric-key algorithm sha1

show deviceconfig system ntp-servers primary-ntp-server authentication-type auto

show deviceconfig system ntp-servers secondary-ntp-server

show deviceconfig system ntp-servers secondary-ntp-server authentication-type

show deviceconfig system ntp-servers secondary-ntp-server authentication-type no

show deviceconfig system ntp-servers secondary-ntp-server authentication-type sy

show deviceconfig system ntp-servers secondary-ntp-server authentication-type sy

show deviceconfig system ntp-servers secondary-ntp-server authentication-type sy

mmetric-key algorithm md5

show deviceconfig system ntp-servers secondary-ntp-server authentication-type sy

mmetric-key algorithm sha1

show deviceconfig system ntp-servers secondary-ntp-server authentication-type au

show deviceconfig system hsm-settings

show deviceconfig system hsm-settings provider

show deviceconfig system hsm-settings provider

show deviceconfig system hsm-settings provider safenet-network

show deviceconfig system hsm-settings provider safenet-network hsm-server

show deviceconfig system hsm-settings provider safenet-network hsm-server <name>

show deviceconfig system hsm-settings provider safenet-network ha

show deviceconfig system hsm-settings provider thales-nshield-connect

show deviceconfig system hsm-settings provider thales-nshield-connect hsm-server

show deviceconfig system hsm-settings provider thales-nshield-connect hsm-server

show deviceconfig system hsm-settings provider none

show deviceconfig system ssh

show deviceconfig system ssh ciphers

show deviceconfig system ssh ciphers ha

show deviceconfig system ssh ciphers ha aes128-cbc