Sometimes, you need to do a quick factory reset on a Palo Alto Networks firewall. If you aren’t decommissioning the firewall, a Private Data Reset can be a faster way to accomplish similar results as a factory reset and can be done via CLI directly and could technically be done remotely with some coordination. In…
Out of the box, you can’t just add a Security Profile to the interface that runs GlobalProtect fortunately there’s a relatively easy way to do it with minimal impact to your existing GlobalProtect setup. In this post, I will show you step-by-step how to secure GlobalProtect by adding protection with a Vulnerability Protection Profile or…
I needed to route an FQDN (Fully Qualified Domain Name) down an IPSEC VPN tunnel but couldn’t because it was an external address and the IP is dynamic so I wasn’t able to just make a static route to force it down the IPSEC VPN tunnel. To solve this I discovered something called policy based…
I’m a big fan of CLI, I love to use it when I can, it always feels more complete and absolute. A while back I posted how to Upgrade Palo Alto Firewall HA Pair (Active/Passive) in that post I only covered the GUI method this post will detail how to complete everything with CLI only.…
By default Palo Alto Networks firewalls export their configuration as an XML file which is great however, I’m more used to set commands such as the ones commonly used in switches. Fortunately, there’s a way to have the best of both worlds. In this post, I’ll show you step-by-step how to output the Palo Alto…
In this post I will detail how to resolve the Palo Alto commit error when trying to commit a predefined IP list. Below is an example of the error Validation Error:external-list -> Palo Alto Networks Tor exit IP Addresses -> type -> predefined-ip -> url ‘panw-torexit-ip-list’ is not a valid referenceexternal-list -> Palo Alto Networks…
Palo Alto has some great documentation about how to do basically everything. Sometimes it’s a bit buried. These are my short and long cheat sheets for upgrading a Palo Alto Networks firewall in an Active/Passive High Availability Pair. If you want to preform the upgrade using CLI only please see my post Upgrade Palo Alto…
