PIX Commands

Heres a few PIX commands that may come in useful. 

Performance / Usage

sh memShows memory used and amount free
sh cpu                                                          Shows % of CPU used
sh perfmonShow the performance of various connections
sh trafficShow the traffic stats
sh resource usage systemShows the system utilization
sh service-policyShows the amount dropped due to MFP
sh asp dropShows drops
sh asp table socketShows open sockets for PIX
sh logging | i -1-Shows severity 1 logs
sh failover | i ThisShow the failover status of node (Active/Standby)
sh resource allocation Show resource allocation
sh run allShow the running config in detail
sh run all tcp-mapShow the tcp-map settings
sh conn
Shows the connection table


ctrl+shift+6 cancels running process by user
sh run | i (icmp|ssh)                                       shows any instances of icmp and ssh in the running config
show run nat-control                                        show whether NAT control is enabled (security levels used)
sysopt connection tcp-mss [mss_size]change MSS size allowed through PIX
test [command]test a command
help [command]show additional help on a command
vpnsetupHelp configuring commands for VPN (priv mode)
show startup-config errors 
show startup errors

Protocol Inspection

sh run class-mapShow your current class-maps
sh run policy-mapShow the policy-map
sh run service policyShow your service Policy


crypto map MAP 10 set phase1-mode aggressiveConfigures VPN as aggressive mode
sh vpn-sessiondb detail index <#>Show the details for a VPN session entry
Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial