Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Palo alto example config. mgmt: 192.168.123.99/24 admin | P@ssw0rd
<config version="8.0.0" urldb="paloaltonetworks">
<mgt-config>
<users>
<entry name="admin">
<phash>$1$l2.doqhj$Vri/RkbGRnVW2yjB.xV6O0</phash>
<permissions>
<role-based>
<superuser>yes</superuser>
</role-based>
</permissions>
</entry>
</users>
</mgt-config>
<shared>
<application/>
<application-group/>
<service/>
<service-group/>
<botnet>
<configuration>
<http>
<dynamic-dns>
<enabled>yes</enabled>
<threshold>5</threshold>
</dynamic-dns>
<malware-sites>
<enabled>yes</enabled>
<threshold>5</threshold>
</malware-sites>
<recent-domains>
<enabled>yes</enabled>
<threshold>5</threshold>
</recent-domains>
<ip-domains>
<enabled>yes</enabled>
<threshold>10</threshold>
</ip-domains>
<executables-from-unknown-sites>
<enabled>yes</enabled>
<threshold>5</threshold>
</executables-from-unknown-sites>
</http>
<other-applications>
<irc>yes</irc>
</other-applications>
<unknown-applications>
<unknown-tcp>
<destinations-per-hour>10</destinations-per-hour>
<sessions-per-hour>10</sessions-per-hour>
<session-length>
<maximum-bytes>100</maximum-bytes>
<minimum-bytes>50</minimum-bytes>
</session-length>
</unknown-tcp>
<unknown-udp>
<destinations-per-hour>10</destinations-per-hour>
<sessions-per-hour>10</sessions-per-hour>
<session-length>
<maximum-bytes>100</maximum-bytes>
<minimum-bytes>50</minimum-bytes>
</session-length>
</unknown-udp>
</unknown-applications>
</configuration>
<report>
<topn>100</topn>
<scheduled>yes</scheduled>
</report>
</botnet>
</shared>
<devices>
<entry name="localhost.localdomain">
<network>
<interface>
<ethernet>
<entry name="ethernet1/1">
<virtual-wire/>
</entry>
<entry name="ethernet1/2">
<virtual-wire/>
</entry>
</ethernet>
<loopback>
<units/>
</loopback>
<vlan>
<units/>
</vlan>
<tunnel>
<units/>
</tunnel>
</interface>
<vlan/>
<virtual-wire>
<entry name="default-vwire">
<interface1>ethernet1/1</interface1>
<interface2>ethernet1/2</interface2>
</entry>
</virtual-wire>
<profiles>
<monitor-profile>
<entry name="default">
<interval>3</interval>
<threshold>5</threshold>
<action>wait-recover</action>
</entry>
</monitor-profile>
</profiles>
<ike>
<crypto-profiles>
<ike-crypto-profiles>
<entry name="default">
<encryption>
<member>aes-128-cbc</member>
<member>3des</member>
</encryption>
<hash>
<member>sha1</member>
</hash>
<dh-group>
<member>group2</member>
</dh-group>
<lifetime>
<hours>8</hours>
</lifetime>
</entry>
<entry name="Suite-B-GCM-128">
<encryption>
<member>aes-128-cbc</member>
</encryption>
<hash>
<member>sha256</member>
</hash>
<dh-group>
<member>group19</member>
</dh-group>
<lifetime>
<hours>8</hours>
</lifetime>
</entry>
<entry name="Suite-B-GCM-256">
<encryption>
<member>aes-256-cbc</member>
</encryption>
<hash>
<member>sha384</member>
</hash>
<dh-group>
<member>group20</member>
</dh-group>
<lifetime>
<hours>8</hours>
</lifetime>
</entry>
</ike-crypto-profiles>
<ipsec-crypto-profiles>
<entry name="default">
<esp>
<encryption>
<member>aes-128-cbc</member>
<member>3des</member>
</encryption>
<authentication>
<member>sha1</member>
</authentication>
</esp>
<dh-group>group2</dh-group>
<lifetime>
<hours>1</hours>
</lifetime>
</entry>
<entry name="Suite-B-GCM-128">
<esp>
<encryption>
<member>aes-128-gcm</member>
</encryption>
<authentication>
<member>none</member>
</authentication>
</esp>
<dh-group>group19</dh-group>
<lifetime>
<hours>1</hours>
</lifetime>
</entry>
<entry name="Suite-B-GCM-256">
<esp>
<encryption>
<member>aes-256-gcm</member>
</encryption>
<authentication>
<member>none</member>
</authentication>
</esp>
<dh-group>group20</dh-group>
<lifetime>
<hours>1</hours>
</lifetime>
</entry>
</ipsec-crypto-profiles>
<global-protect-app-crypto-profiles>
<entry name="default">
<encryption>
<member>aes-128-cbc</member>
</encryption>
<authentication>
<member>sha1</member>
</authentication>
</entry>
</global-protect-app-crypto-profiles>
</crypto-profiles>
</ike>
<qos>
<profile>
<entry name="default">
<class>
<entry name="class1">
<priority>real-time</priority>
</entry>
<entry name="class2">
<priority>high</priority>
</entry>
<entry name="class3">
<priority>high</priority>
</entry>
<entry name="class4">
<priority>medium</priority>
</entry>
<entry name="class5">
<priority>medium</priority>
</entry>
<entry name="class6">
<priority>low</priority>
</entry>
<entry name="class7">
<priority>low</priority>
</entry>
<entry name="class8">
<priority>low</priority>
</entry>
</class>
</entry>
</profile>
</qos>
<virtual-router>
<entry name="default">
<protocol>
<bgp>
<enable>no</enable>
<dampening-profile>
<entry name="default">
<cutoff>1.25</cutoff>
<reuse>0.5</reuse>
<max-hold-time>900</max-hold-time>
<decay-half-life-reachable>300</decay-half-life-reachable>
<decay-half-life-unreachable>900</decay-half-life-unreachable>
<enable>yes</enable>
</entry>
</dampening-profile>
</bgp>
</protocol>
</entry>
</virtual-router>
</network>
<deviceconfig>
<system>
<ip-address>192.168.123.99</ip-address>
<netmask>255.255.255.0</netmask>
<update-server>updates.paloaltonetworks.com</update-server>
<update-schedule>
<threats>
<recurring>
<weekly>
<day-of-week>wednesday</day-of-week>
<at>3:37</at>
<action>download-only</action>
</weekly>
</recurring>
</threats>
</update-schedule>
<timezone>US/Pacific</timezone>
<service>
<disable-telnet>yes</disable-telnet>
<disable-http>yes</disable-http>
</service>
<hostname>panos-01</hostname>
<type>
<static/>
</type>
<default-gateway>192.168.123.1</default-gateway>
</system>
<setting>
<config>
<rematch>yes</rematch>
</config>
<management>
<hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
</management>
</setting>
</deviceconfig>
<vsys>
<entry name="vsys1">
<application/>
<application-group/>
<zone>
<entry name="trust">
<network>
<virtual-wire>
<member>ethernet1/2</member>
</virtual-wire>
</network>
</entry>
<entry name="untrust">
<network>
<virtual-wire>
<member>ethernet1/1</member>
</virtual-wire>
</network>
</entry>
</zone>
<service/>
<service-group/>
<schedule/>
<rulebase>
<security>
<rules>
<entry name="rule1">
<from>
<member>trust</member>
</from>
<to>
<member>untrust</member>
</to>
<source>
<member>any</member>
</source>
<destination>
<member>any</member>
</destination>
<service>
<member>any</member>
</service>
<application>
<member>any</member>
</application>
<action>allow</action>
<log-end>yes</log-end>
</entry>
</rules>
</security>
</rulebase>
</entry>
</vsys>
</entry>
</devices>
</config>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.