Palo Alto Networks: Ping firewall interface

Suppose you want to verify if your packet actually reach the untrust interface of Palo Alto Network firewall, you can let the untrust interface of the firewall to send echo reply by using set network profiles interface-management-profile command.

admin@PA-5050> configure
Entering configuration mode
[edit]
admin@PA-5050# set network profiles interface-management-profile icmp-profile ping yes

[edit]
admin@PA-5050#

Firewall policy will not influence the firewall to send echo reply back to the originator.

[edit]
admin@PA-5050# show network profiles interface-management-profile
interface-management-profile {
  icmp-profile {
    http no;
    https no;
    ssh no;
    snmp no;
    ping yes;
    response-pages no;
    telnet no;
  }
}
[edit]
admin@PA-5050#

Note that icmp-profile is a name of the profile which you have chosen, you can choose any name you like as long as it makes sense to you.

Advertisements
This entry was posted in Firewall, Security and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s