palo alto networks

6 Posts

Palo Alto Dynamic Block List and AWS

June 27, 2017 0 Comments palo alto networks

Palo Alto firewalls have a neat feature called "DBL" - Dynamic Block List. This feature allows the firewall to grab a list of ip addresses or domains from an http page. You have to format the web page cleanly (, but it allows you to update the web page dynamically, and the

Palo Alto Firewall HA CLI Commands

November 25, 2014 0 Comments palo alto networks
>show high-availability all
>show high-availability state
>show high-availability link-monitoring
>show high-availability path-monitoring

Configuring High Availability:

After enabling HA, the interfaces on the firewall will switch from using the interface MAC address to a virtual MAC address.  In my case, the Palo Alto updated the MAC address to connected devices, except

Palo Alto GlobalProtect VPN Users

October 07, 2014 0 Comments palo alto networks

Two quick cli commands to see who is currently logged in, and who logged in previously:

show global-protect-gateway current-user
show global-protect-gateway previous-user

You can also specify the username with each command to see specific results.

If want want to force a user logout (from my testing, the user will not see a notification they have been logged out):

request global-protect-gateway

Palo Alto Firewall AD Group Mapping

September 29, 2014 0 Comments palo alto networks, active-directory

These commands will help troubleshoot and resolve issues with Active Directory groups on your PAN firewall.

1. Shows every AD group added to the PAN firewall:

show user group list

2. Shows the user and IP address mapping (or specific user):

show user ip-user-mapping all

3. Gives more detailed statistics of the command above:

show user group-mapping state all