Palo Alto Networks: Ping firewall interface

Suppose you want to verify if your packet actually reach the untrust interface of Palo Alto Network firewall, you can let the untrust interface of the firewall to send echo reply by using set network profiles interface-management-profile command.

admin@PA-5050> configure
Entering configuration mode
admin@PA-5050# set network profiles interface-management-profile icmp-profile ping yes


Firewall policy will not influence the firewall to send echo reply back to the originator.

admin@PA-5050# show network profiles interface-management-profile
interface-management-profile {
  icmp-profile {
    http no;
    https no;
    ssh no;
    snmp no;
    ping yes;
    response-pages no;
    telnet no;

Note that icmp-profile is a name of the profile which you have chosen, you can choose any name you like as long as it makes sense to you.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s