palo alto networks

6 Posts

Palo Alto Dynamic Block List and AWS

June 27, 2017 0 Comments palo alto networks

Palo Alto firewalls have a neat feature called "DBL" - Dynamic Block List. This feature allows the firewall to grab a list of ip addresses or domains from an http page. You have to format the web page cleanly (https://live.paloaltonetworks.com/t5/Learning-Articles/Working-with-External-Block-List-EBL-Formats-and-Limitations/ta-p/58795), but it allows you to update the web page dynamically, and the

Palo Alto Firewall HA CLI Commands

November 25, 2014 0 Comments palo alto networks
>show high-availability all
>show high-availability state
>show high-availability link-monitoring
>show high-availability path-monitoring

Configuring High Availability: https://live.paloaltonetworks.com/docs/DOC-2926

After enabling HA, the interfaces on the firewall will switch from using the interface MAC address to a virtual MAC address.  In my case, the Palo Alto updated the MAC address to connected devices, except

Palo Alto GlobalProtect VPN Users

October 07, 2014 0 Comments palo alto networks

Two quick cli commands to see who is currently logged in, and who logged in previously:

show global-protect-gateway current-user
show global-protect-gateway previous-user

You can also specify the username with each command to see specific results.

If want want to force a user logout (from my testing, the user will not see a notification they have been logged out):

request global-protect-gateway

Palo Alto Firewall AD Group Mapping

September 29, 2014 0 Comments palo alto networks, active-directory

These commands will help troubleshoot and resolve issues with Active Directory groups on your PAN firewall.

1. Shows every AD group added to the PAN firewall:

show user group list

2. Shows the user and IP address mapping (or specific user):

show user ip-user-mapping all

3. Gives more detailed statistics of the command above:

show user group-mapping state all

4.