Below are few of the show commands that you need to know in order to manage or troubleshoot the firewall related issues.

1. Show version: To check the version of the code that you are running on firewall.
2. show int ip brief: To check all the firewall interfaces , their IP address and the status (up/down). Please note the command is different in Cisco switches and routers which is “show ip int brief”.
3. show nameif: To check the interfaces and their associated names
4. show arp: To check the arp table. The command in Cisco switches and routers is “show ip arp”.
5. show route: To check the routing table. The command in Cisco switches and routers is “show ip route”.
6. show logging: To check the logs in firewall.
7. show run access-list : To check all the access-lists configured in Firewall
8. show run access-group: To check interfaces where the ACLs are applied and in direction (inbound/outbound)
9. show acceess-list: To check all the access-lists with the hits for each access-list entries
10. show run nat: To check the NAT configuration of firewall
11. show xlate: To check the live NAT translation table
12. show run object-group: To check all the object-groups configured on Firewall.
13. show run object: To check all the objects configured on the firewall.
14. show connection: To check the stateful-connection table
15.  Show failover: To check the failover ststus of the HA pair.

VPN Related:

1. Show crypto ipsec sa:
2. show crypto isakmp sa:
3. show vpn session-db