Tag: Firewall

Upgrade Palo Alto HA Pair (Active/Passive) with CLI

I’m a big fan of CLI, I love to use it when I can, it always feels more complete and absolute. A while back I posted how to Upgrade Palo Alto Firewall HA Pair (Active/Passive) in that post I only covered the GUI method this post will detail how to complete everything with CLI only.…

FortiGate Policy Mode vs Profile Mode

By default all Fortinet FortiGates are in Profile-based NGFW mode. There is nothing wrong with the default mode. However, I personally prefer policy mode more. Profile mode works like most firewalls like SonicWall, pfSense and UniFi for example. All your rules are based on ports. Policy mode works like Palo Alto Networks firewalls. All your…

Palo Alto Predefined IP Commit Error Fix

In this post I will detail how to resolve the Palo Alto commit error when trying to commit a predefined IP list. Below is an example of the error Validation Error:external-list -> Palo Alto Networks Tor exit IP Addresses -> type -> predefined-ip -> url ‘panw-torexit-ip-list’ is not a valid referenceexternal-list -> Palo Alto Networks…

Upgrade Palo Alto Firewall HA Pair (Active/Passive)

Palo Alto has some great documentation about how to do basically everything. Sometimes it’s a bit buried. These are my short and long cheat sheets for upgrading a Palo Alto Networks firewall in an Active/Passive High Availability Pair. If you want to preform the upgrade using CLI only please see my post Upgrade Palo Alto…