├── chapter 14 - cfg-init.txt example
├── chapter 14 - cfg-init.txt DHCP example
├── LICENSE
├── chapter 13 - flow basic commands
├── Policy filter cheat sheet
├── override example
├── README.md
├── chapter 13 - CLI cheat sheet
├── chapter 13 - flow basic transcript
├── Chapter 7: Panorama example configuration
└── SharedGatewayExample


/chapter 14 - cfg-init.txt example:
--------------------------------------------------------------------------------
 1 | type=static
 2 | ip-address=10.0.0.5
 3 | default-gateway=10.0.0.1
 4 | netmask=255.255.255.0
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=FirewallPG1
 8 | vm-auth-key=
 9 | panorama-server=10.0.0.20
10 | panorama-server-2=
11 | tplname=Template-PG
12 | dgname=Devgrp-PG
13 | dns-primary=1.1.1.1
14 | dns-secondary=1.0.0.1
15 | op-command-modes=jumbo-frame
16 | op-cmd-dpdk-pkt-io=
17 | plugin-op-commands=
18 | dhcp-send-hostname=no
19 | dhcp-send-client-id=no
20 | dhcp-accept-server-hostname=no
21 | dhcp-accept-server-domain=no
22 | vm-series-auto-registration-pin-id=
23 | vm-series-auto-registration-pin-value=
24 | 


--------------------------------------------------------------------------------
/chapter 14 - cfg-init.txt DHCP example:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=firewallPG
 8 | vm-auth-key=<panorama-auth-key>
 9 | panorama-server=10.0.0.20
10 | panorama-server-2=
11 | tplname=Ftemplate-PG
12 | dgname=devgrp-PG
13 | dns-primary=1.1.1.1
14 | dns-secondary=1.0.0.1
15 | op-command-modes=jumbo-frame
16 | op-cmd-dpdk-pkt-io=
17 | plugin-op-commands=
18 | dhcp-send-hostname=yes
19 | dhcp-send-client-id=yes
20 | dhcp-accept-server-hostname=yes
21 | dhcp-accept-server-domain=yes
22 | vm-series-auto-registration-pin-id=
23 | vm-series-auto-registration-pin-value=
24 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 Packt
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/chapter 13 - flow basic commands:
--------------------------------------------------------------------------------
 1 | ###preparation###
 2 | debug dataplane packet-diag clear all
 3 | debug dataplane packet-diag clear log log
 4 | debug dataplane packet-diag clear filter-marked-session all
 5 | debug dataplane packet-diag set filter match source 10.0.0.10 destination 198.51.100.2
 6 | debug dataplane packet-diag set filter match source 10.0.0.10 destination 198.51.100.1
 7 | debug dataplane packet-diag set filter match source 198.51.100.1 destination 198.51.100.2
 8 | debug dataplane packet-diag set filter match destination 198.51.100.2
 9 | debug dataplane packet-diag set filter on
10 | ###optionally enable packet capture###
11 | ###debug dataplane packet-diag set capture stage receive file rx.pcap
12 | ###debug dataplane packet-diag set capture stage transmit file tx.pcap
13 | ###debug dataplane packet-diag set capture stage firewall file fw.pcap
14 | ###debug dataplane packet-diag set capture stage drop file drp.pcap
15 | debug dataplane packet-diag show setting
16 | 
17 | ###prelaunch###
18 | show session all filter source 10.0.0.10
19 | set session offload no
20 | debug dataplane packet-diag set log feature flow basic
21 | debug dataplane packet-diag set log on
22 | #debug dataplane packet-diag set capture on
23 | 
24 | ###launch###
25 | show counter global filter delta yes packet-filter yes
26 | show clock
27 | show counter global filter delta yes packet-filter yes
28 | show session all filter source 10.0.0.10
29 | show counter global filter delta yes packet-filter yes
30 | show session all filter source 10.0.0.10
31 | show session all filter source 10.0.0.10
32 | show session id 270
33 | show session all filter source 10.0.0.10
34 | show session all filter source 10.0.0.10
35 | show counter global filter delta yes packet-filter yes
36 | show clock
37 | 
38 | ###end###
39 | debug dataplane packet-diag set log off
40 | debug dataplane packet-diag set capture off
41 | set session offload yes
42 | 
43 | ###reading and collecting the output###
44 | debug dataplane packet-diag aggregate-logs
45 | less mp-log pan_packet_diag.log 
46 | scp export log-file management-plane to user@host:/path/
47 | view-pcap filter-pcap rx.pcap 
48 | scp export filter-pcap from *.pcap to user@host:/path
49 | 
50 | 


--------------------------------------------------------------------------------
/Policy filter cheat sheet:
--------------------------------------------------------------------------------
 1 | ##    searched terms are case sensitive! (Untrust or untrust)
 2 | ##    operands include 'eq', 'neq' , 'contains'
 3 | 
 4 | Tags: (tag/member eq 'tagname')
 5 | Name: (name contains 'unlocate-block')
 6 | Type: (rule-type eq 'intrazone|interzone')
 7 | Source Zone: (from/member eq 'zonename')
 8 | Source Address: (source/member eq 'any|ip|object')
 9 | Source User: (source-user/member eq 'any|username|groupname')
10 | Hip profile:  (hip-profiles/member eq 'any|profilename')
11 | Destination Zone: (to/member eq 'zonename')
12 | Destination Address: (destination/member eq 'any|ip|object')
13 | Destination User: (destination-user/member eq 'any|username|groupname')
14 | Application: (application/member eq 'any|applicationname|applicationgroup|applicationfilter')
15 | Service: (service/member eq 'any|servicename|application-default')
16 | URL Category: (category/member eq 'any|categoryname') 
17 | ##          This is a destination category, not a URL filtering security profile
18 | 
19 | Action: (action eq 'allow|drop|deny|reset-client|reset-server|reset-both')
20 | Action send ICMP unreachable: (icmp-unreachable eq 'yes')
21 | Security Profiles:
22 |       (profile-setting/profiles/virus/member eq 'profilename')
23 |       (profile-setting/profiles/spyware/member eq 'profilename')
24 |       (profile-setting/profiles/vulnerability/member eq 'profilename')
25 |       (profile-setting/profiles/url-filtering/member eq 'profilename')
26 |       (profile-setting/profiles/file-blocking/member eq 'profilename')
27 |       (profile-setting/profiles/wildfire-analysis/member eq 'profilegroupname')
28 |       (profile-setting/group/member eq 'profilename')
29 | Disable server response inspection: (option/disable-server-response-inspection eq 'yes')
30 | Log at session start: (log-start eq 'yes|no')
31 | Log at session end: (log-end eq 'yes|no')
32 | Schedule: (schedule eq 'schedulename')
33 | Log Forwarding:  (log-setting eq "forwardingprofilename')
34 | Qos Marking:    (qos/marking/ip-dscp eq 'codepoint')
35 |                             (qos/marking/ip-precedence eq 'codepoint')
36 |                             (qos/marking/follow-c2s-flow eq '')
37 | Description: (description contains '<keyword>')
38 | Disabled policy: (disabled eq yes|no)  
39 | ##           policies will only respond to 'no' if they have been disabled before
40 | 
41 | 


--------------------------------------------------------------------------------
/override example:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | 
  3 | <html lang="en">
  4 | <head>
  5 |     <base href="/login/">
  6 |     <meta charset="utf-8">
  7 |     <meta http-equiv="X-UA-Compatible" content="IE=edge">
  8 |     <meta name="viewport" content="width=device-width, initial-scale=.85">
  9 |     <meta http-equiv="pragma" content="no-cache">
 10 |     <title>Your Device has been Quarantined</title>
 11 |     <link rel="stylesheet" href="css/latofonts.css">
 12 |     <style>
 13 |         body {
 14 |             background-color: #d00000;
 15 |             font-family: Lato, 'Helvetica Neue', Helvetica, Arial, sans-serif;
 16 |             font-size: 16px;
 17 |             margin: 0;
 18 |             color: #070808;
 19 |         }
 20 | 
 21 |         a:link {
 22 |             color: #0993d1;
 23 |         }
 24 | 
 25 |         b,
 26 |         strong {
 27 |             font-weight: 500;
 28 |         }
 29 | 
 30 |         p {
 31 |             line-height: 1.2em;
 32 |         }
 33 | 
 34 |         button {
 35 |             overflow: visible;
 36 |         }
 37 | 
 38 |         button, input, optgroup, select, textarea {
 39 |             color: inherit;
 40 |             font: inherit;
 41 |             margin: 0;
 42 |         }
 43 | 
 44 |         .center {
 45 |             text-align: center;
 46 |             margin-left: auto;
 47 |             margin-right: auto;
 48 |         }
 49 | 
 50 |         #dError,
 51 |         .msg {
 52 |             color: #d94949;
 53 |             margin: 20px 0;
 54 |         }
 55 | 
 56 |         fieldset .msg {
 57 |             margin: 0;
 58 |         }
 59 | 
 60 |         #content {
 61 |             padding-top: 100px;
 62 |         }
 63 | 
 64 |         #content img {
 65 |             display: block;
 66 |             margin: auto;
 67 |         }
 68 | 
 69 |         #content h1 {
 70 |             font-style: normal;
 71 |             font-weight: normal;
 72 |             font-size: 36px;
 73 |             line-height: 43px;
 74 |             text-align: center;
 75 |             letter-spacing: 0.1px;
 76 |             color: #070808;
 77 |             margin: 10px auto 8px;
 78 |         }
 79 | 
 80 |         #content > p {
 81 |             text-align: center;
 82 |             margin-left: auto;
 83 |             margin-right: auto;
 84 |             width: 640px;
 85 |             font-size: 14px;
 86 |             line-height: 20px;
 87 |         }
 88 | 
 89 |         .response {
 90 |             background-color: #fff;
 91 |             color: #5a636b;
 92 |             margin: 24px auto 0;
 93 |             padding: 20px;
 94 |             font-size: 16px;
 95 |             width: 800px;
 96 |             border: 1px solid #c8cbce;
 97 |             box-sizing: border-box;
 98 |             border-radius: 8px;
 99 |         }
100 | 
101 |         .response p {
102 |             margin: 0 0 1em;
103 |         }
104 | 
105 |         .response p:last-child {
106 |             margin: 0;
107 |         }
108 | 
109 |         .response b {
110 |             color: #070808;
111 |         }
112 | 
113 |         .response .msg b {
114 |             color: #d94949;
115 |         }
116 | 
117 |         .response form td,
118 |         .response form input {
119 |             font-size: 1.1em;
120 |             font-weight: bold;
121 |         }
122 | 
123 |         .loading {
124 |             margin: 2em auto 1em;
125 |         }
126 |     </style>
127 |     <script>
128 |         function pwdCheck() {
129 |             if (document.getElementById("pwd")) {
130 |                 document.getElementById("continueText").innerHTML = "If you require access to this page, have an administrator enter the override password here:";
131 |             }
132 |         }
133 |     </script>
134 | </head>
135 | 
136 | <body>
137 | <div id="content" class="container">
138 |     <h1>Your Device has been Quarantined</h1>
139 |     <p>The web page you are trying to visit has been blocked because your device has been placed in quarantine. Please contact your system administrator to seek remediation immediately.</p>
140 |     <div class="response">
141 |         <p><b>User:</b> <user/></p>
142 | 
143 |         <hr>
144 |         <span id="continueText"></span>
145 |         <div id="formdiv">
146 |             <pan_form/>
147 |         </div>
148 |     </div>
149 | </div>
150 | </body>
151 | </html>
152 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | # Mastering Palo Alto Networks
 5 | 
 6 | <a href="https://www.packtpub.com/cloud-networking/mastering-palo-alto-networks?utm_source=github&utm_medium=repository&utm_campaign=9781789956375"><img src="https://www.packtpub.com/media/catalog/product/cache/4cdce5a811acc0d2926d7f857dceb83b/9/7/9781789956375-original_47.png" alt="Mastering Palo Alto Networks" height="256px" align="right"></a>
 7 | 
 8 | This is the code repository for [Mastering Palo Alto Networks](https://www.packtpub.com/cloud-networking/mastering-palo-alto-networks?utm_source=github&utm_medium=repository&utm_campaign=9781789956375), published by Packt.
 9 | 
10 | **Deploy and manage industry-leading PAN-OS 10.x solutions to secure your users and infrastructure**
11 | 
12 | ## What is this book about?
13 | To safeguard against security threats, it is crucial to ensure that your organization is effectively secured across networks, mobile devices, and the cloud. Palo Alto Networks’ integrated platform makes it easy to manage network and cloud security along with endpoint protection and a wide range of security services. With this book, you'll understand Palo Alto Networks and learn how to implement essential techniques, right from deploying firewalls through to advanced troubleshooting.ription
14 | 
15 | This book covers the following exciting features: 
16 | * Perform administrative tasks using the web interface and command-line interface (CLI)
17 | * Explore the core technologies that will help you boost your network security
18 | * Discover best practices and considerations for configuring security policies
19 | * Run and interpret troubleshooting and debugging commands
20 | * Manage firewalls through Panorama to reduce administrative workloads
21 | 
22 | If you feel this book is for you, get your [copy](https://www.amazon.com/dp/1789956374) today!
23 | 
24 | <a href="https://www.packtpub.com/?utm_source=github&utm_medium=banner&utm_campaign=GitHubBanner"><img src="https://raw.githubusercontent.com/PacktPublishing/GitHub/master/GitHub.png" alt="https://www.packtpub.com/" border="5" /></a>
25 | 
26 | ## Instructions and Navigations
27 | All of the code is organized into folders. For example, Chapter02.
28 | 
29 | The code will look like the following:
30 | ```
31 | if (test expression)
32 | {
33 |   Statement upon condition is true
34 | }
35 | ```
36 | 
37 | **Following is what you need for this book:**
38 | This book is for network engineers, network security analysts, and security professionals who want to understand and deploy Palo Alto Networks in their infrastructure. Anyone looking for in-depth knowledge of Palo Alto Network technologies, including those who currently use Palo Alto Network products, will find this book useful. Intermediate-level network administration knowledge is necessary to get started with this cybersecurity book.
39 | 
40 | With the following software and hardware list you can run all code files present in the book (Chapter 1-13).
41 | 
42 | ### Software and Hardware List
43 | 
44 | | Chapter  | Software required                   | OS required                                              |
45 | | -------- | ------------------------------------| ---------------------------------------------------------|
46 | | 1-13     | PAN-OS, all chassis and VM versions | Any OS capable of supporting a web browser and SSH client|
47 | 
48 | 
49 | 
50 | We also provide a PDF file that has color images of the screenshots/diagrams used in this book. [Click here to download it](http://www.packtpub.com/sites/default/files/downloads/9781789956375_ColorImages.pdf).
51 | 
52 | ## Code in Action
53 | 
54 | Click on the following link to see the Code in Action:
55 | 
56 | [YouTube](https://www.youtube.com/playlist?list=PLeLcvrwLe185oVaR7utR4mKlqow4VImk_)
57 | 
58 | ### Related products 
59 | * Cybersecurity Attacks – Red Team Strategies [[Packt]](https://www.packtpub.com/security/cybersecurity-attacks-red-team-strategies?utm_source=github&utm_medium=repository&utm_campaign=9781838828868) [[Amazon]](https://www.amazon.com/dp/1838828869)
60 | 
61 | * Mastering Windows Security and Hardening [[Packt]](https://www.packtpub.com/security/mastering-windows-security-and-hardening?utm_source=github&utm_medium=repository&utm_campaign=9781839216411) [[Amazon]](https://www.amazon.com/dp/1839216417)
62 | 
63 | ## Get to Know the Author
64 | 
65 | **Tom Piens**, PCNSE, CISSP, and founder of PANgurus, has nearly 10 years of experience working with Palo Alto Networks customers. Tom has been at the forefront of engaging with customers, responding to questions, and analyzing unique needs to apply the best possible solutions or workarounds. He has authored a great many articles on the Palo Alto Networks knowledge base and discussion forum solutions, including the popular Getting Started series. Also known as “reaper” on the PANgurus and LIVEcommunity forums, and @PANWreaper on Twitter, Tom has been recognized by Palo Alto Networks user groups and community members, and by countless thankful customers.
66 | 
67 | 
68 | ### Suggestions and Feedback
69 | [Click here](https://docs.google.com/forms/d/e/1FAIpQLSdy7dATC6QmEL81FIUuymZ0Wy9vH1jHkvpY57OiMeKGqib_Ow/viewform) if you have any feedback or suggestions.
70 | ### Download a free PDF
71 | 
72 |  <i>If you have already purchased a print or Kindle version of this book, you can get a DRM-free PDF version at no cost.<br>Simply click on the link to claim your free PDF.</i>
73 | <p align="center"> <a href="https://packt.link/free-ebook/9781789956375">https://packt.link/free-ebook/9781789956375 </a> </p>


--------------------------------------------------------------------------------
/chapter 13 - CLI cheat sheet:
--------------------------------------------------------------------------------
  1 | Command								Function
  2 | find command keyword <keyword>					Lets you find any command as long as you know what you're looking for.
  3 | | match <value>							Filters the output of a command and only return the line that has a positive match.
  4 | | except <value>						Filters the output of a command and return everything except the lines that match the value.
  5 | tcpdump snaplen 0 filter "not port 22"				Captures all sessions on the management interface except sessions on port 22.
  6 | view-pcap debug-pcap|filter-pcap|mgmt-pcap no-dns-lookup	Shows packet captures taken on daemons, via packet-diag or tcpdump.
  7 | show admins							Shows currently logged-in admins.
  8 | delete admin-sessions username <user>				Terminates an admin's session.
  9 | set system setting target-vsys <vsys>				Change operational commends to a vsys perspective.
 10 | show authentication allowlist					Shows the allow list for all authentication profiles.
 11 | show system environmentals					Shows system core temperatures and power levels.
 12 | scp|tftp export <thing> to user@destination:/path/		Many things can be exported from the system, including log files, packet captures, or core files.
 13 | 	
 14 | Basic system information	
 15 | show system info						Returns basic device information like serial, IP, installed content and software versions.
 16 | show system software status					Shows if all processes are running properly.
 17 | show system logdb-quota						Returns the log db usage.
 18 | show system disk-space						Returns disk volume information.
 19 | show jobs all/id						Returns status of all commit, download, install and qfdn jobs, and additional details on specific IDs.
 20 | show system files						Shows if any core dump files have been created due to a process crash.
 21 | request license fetch/info					Retrieves and shows currently active licenses.
 22 | show netstat all yes						Shows all listening and established connections on the management plane, per process.
 23 | show chassis-ready						Shows if the dataplane is ready to process sessions.
 24 | show panorama-status						Verify connectivity with panorama.
 25 | 	
 26 | High Availability	
 27 | show high-availability state					Shows a quick rundown of the local peer's HA condition.
 28 | show high-availability  all					Summary of all HA runtime.
 29 | show high-availability state-synchronization			Displays statistics about sent and received sync messages.
 30 | request high-availability sessions-reestablish force		Reestablishes HA1 link if link was lost, use 'force' if HA1 backup is not configured.
 31 | show high-availability session-reestablish-status		Shows when HA1 and HA1-backup links were last reestablished.
 32 | request high-availability sync-to-remote running-config	manually Syncs running configuration to peer, in case automatic sync failed or if status is out-of-sync.
 33 | request high-availability state functional|suspend		Suspend or activate local device.
 34 | request high-availability state peer functional|suspend		Suspend or activate peer device.
 35 | show high-availability transitions				Indicates how many times a device has transitioned between HA states.
 36 | show high-availability flap statistics				Details about preemptions 'flaps' (preemption activates device, error encountered again, device non-funct, recovers, preempt activates, error encountered again, etc.).
 37 | show high-availability control-link statistics			Detailed information about HA1 messages.
 38 | 	
 39 | performance information	
 40 | show system resources						Shows management plane resource usage like 'top' in linux.
 41 | show running resource-monitor					Shows dataplane CPU core utilization and buffer usage.
 42 | debug dataplane pool statistics					Shows software buffer pool usage.
 43 | show session info						Shows number of active sessions, packets per second, thoughput and other session related paramerters.
 44 | debug log-receiver statistics					Information on log volume per second and any errors while writing or forwarding log.
 45 | show system statistics application|session			Shows live statistics about top applications, or system throughput.
 46 | show report jobs						Indicate if reports are currently being generated (this could have an impact on management plane CPU usage).
 47 | 	
 48 | dns operations	
 49 | show system setting ssl-decrypt dns-cache 			Shows ssl decryption dns cache.
 50 | show dns-proxy cache all 					Shows the dns proxy cache.
 51 | show system setting ssl-decrypt memory 				Shows ssl decryption memory usage.
 52 | show dns-proxy fqdn all						Show all FQDN objects with their resolved IP addresses.
 53 | request system fqdn refresh					Refresh all FQDN objects.
 54 | debug dataplane internal vif link 				Returns statistics on the internal hardwre interfaces.
 55 | 	
 56 | packet flow	
 57 | show counter global filter delta yes				Shows global counters.
 58 | show session all filter <filters>				Shows active, discard and predict sessions matching the filer (or 'all' sessions).
 59 | set session offload yes|no					Enables and disables session offloading to hardware.
 60 | set session  tcp-reject-non-syn yes|no				Disable dropping TCP ACK packets coming in without a proper handshake.
 61 | # set deviceconfig setting tcp asymmetric-path bypass|drop	Disable dropping packets that arrive out of window or out of sync.
 62 | 	
 63 | Layer 2 and 3	
 64 | show routing route						Output the routing table (Routing Informtion Base, or rib).
 65 | show routing fib						Shows the forwarding table (Forwarding Information Base).
 66 | show arp all							Shows the content of the ARP table (layer 3).
 67 | show mac all							Shows the content of the MAC table (layer 2).
 68 | show routing protocol ospf|bgp|rip summary 			Returns a summary of the ospf, bgp or rip status.
 69 | show routing resource						Verify the number of routes is not reaching the system limits.
 70 | debug routing pcap ospf|bgp|rip on|off				eEnables/disables packetcaptures on the routing engine for the routing protocol. Use for troubleshooting only.
 71 | 	
 72 | policies	
 73 | show running nat-policy						Show all active NAT rules.
 74 | show running nat-rule-ippool rule <rulename>			Show memory usage, over subscription ratio and allocations per rule.
 75 | show running global-ippool					Show runtime statistics for  global dynamic source nat.
 76 | show running ippool						Show overall source nat statistics.
 77 | show session all filter qos-class [1-8]				Displays all sessions that match a specific QoS class.
 78 | show qos interface <interface> counter				Shows general counter on QoS configured on an interface.
 79 | show qos interface <interface> throughput <Qid as seen in counters>	Returns actual throughput for a Qid on an interface.
 80 | show zone-protection zone <zone>				Show zone protection statistics for the zone.
 81 | show dos-protection rule <rulename> statistics			Show statistics for a dos-protection rule.
 82 | show dos-protection zone <zone> blocked source			Show swhich IP addresses are currently being blocked due to DoS protection.
 83 | 	
 84 | URL filtering	
 85 | test url-info-cloud <url> 					Show the category for a URL via cloud lookup.
 86 | test url-info-host <url>					Show the category for a URL in the Management plane cache.
 87 | show running url						Show the category for a URL in the dataplane cache.
 88 | request url-iltering update url <url>				Refreshes the management plane cache entry for a url with a cloud lookup.
 89 | show running url-cache all					Outputs the URL cache to mp-log dp_url_DB.log.
 90 | show running url-cache statistics				Shows memory usage of the URL cache.
 91 | show url-cloud status						Returns connectivity information for URL lookup cloud connection.
 92 | clear url-cache all|url <url>					Clears a single url from cache, or the entire cache from dataplane.
 93 | delete url-database all|url					Clears a single url from cache, or the entire cache from management plane.
 94 | 
 95 | Panorama	
 96 | show logging-status device <serial>				Returns log forwarding information for a device logging to panorama.
 97 | debug log-collector log-collection-stats show incoming-logs 	Shows incoming log statistics including current log rate.
 98 | show system raid detail 					Shows information of RAID array on M- appliance.
 99 | show system disk details 					Shows information of disk status on VM- appliance.
100 | replace old <serial> new <serial				Replaces a managed device's serial with a new one after an RMA. This lods all the configuration previously associated with one device with a new one without needing to go in and assign configuration to the new serial (it removes the old serial).
101 | request log-fwd-ctrl action latest|start-from-lastack device <serial>	Start log forwrding from device from the last log|last acked log.
102 | request log-fwd-ctrl start|stop latest device <serial>		Start or stop log forwarding from a device to panorama wit buffering.
103 | request log-fwd-ctrl action live device <serial>		Start log forwarding without buffering (this could cause a large flood of inbound logs).
104 | 
105 | IPSec	
106 | show running tunnel flow info 					Shows basic statistics about all vpn tunnels.
107 | test vpn ike-sa gateway <gateway>				Initiates an IKE negotiation with the designated gateway.
108 | test vpn ipsec-sa tunnel <tunnel>				Initiates an ipsec negotiation for the designated tunnel.
109 | clear vpn ike-sa gateway <gateway>				Clears the IKE SA for a given gateway.
110 | clear vpn ipsec-sa tunnel <tunnel>				Clears the IPSec SA for a given tunnel.
111 | show vpn ike-sa gateway <gateway>				Shows the IKE SA for a given gateway.
112 | show vpn ipsec-sa tunnel <tunnel>				Shows the IPSec SA for a given tunnel.
113 | show global-protect-gateway current-satellite			Show currently connected satellites to GlobalProtect.
114 | show global-protect-gateway current-user			Show currently connected users to GlobalProtect.
115 | 	
116 | User-ID	
117 | show user ip-user-mapping all|ip				Show all mapped users or the mapped user(s) for a specific IP on the dataplane.
118 | show user ip-user-mapping-mp all|ip				Show all mapped users or the mapped user(s) for a specific IP on the management plane.
119 | debug user-id refresh group-mapping all				Refresh group-mapping memberships.
120 | show user group list						Show all groups used in group-mapping.
121 | show user group name <group>					Shows all members of a group.
122 | show user group-mapping state all				Show the state of all group mapping profiles.
123 | show user group-mapping statistics				Show last/next refresh of group mapping.
124 | show user user-id-agent statistics | state all			Show user-ID agent state and statistics.
125 | show user ts-agent statistics |state all			Show terminal server agent state and statistics.
126 | show user server-monitor statistics|state all 			Shows the state of the agentless User-ID agent.
127 | show user ip-port-user-mapping all				Show user to port mapping for terminal server agents or a specific server IP.
128 | 	
129 | WildFire	
130 | show wildfire status						Show connection status to wildfire cloud.
131 | show sildfire statistics					Show file transfer statistics.
132 | test wildfire registration 					Test connectivity to wildfire cloud.
133 | 	
134 | services	
135 | show dhcp server lease all					Show all dhcp leases.
136 | clear dhcp lease interface <interface> ip|mac|expiredonly <value>	Clears a lease for an IP or MAC address, or all the expired ones.
137 | debug dhcpd pcap on|off						Enables packetcapture of dhcp transactions on the daemon.
138 | show dhcp client state <interface>				Show dhcp information for an interface that is DHCP client.
139 | request dhcp client release|renew <interface>			Release or renew dhcp client lease for a dhcp client interface.
140 | 	
141 | super command	
142 | show system state						This command returns the stte of the entire device.
143 | show system state filter env.*					Show system core temperatures and power levels.
144 | show system state | match fan					Search the system state for any line containing 'fan' to find fan speeds.
145 | show system state | match cfg.general.max			Returns the maximum number of configurable objects the system  supports.
146 | show system state filter-pretty sys.s1.*			Show information about all the interfaces in slot 1.
147 | 	
148 | 


--------------------------------------------------------------------------------
/chapter 13 - flow basic transcript:
--------------------------------------------------------------------------------
  1 | reaper@PA-VM> debug dataplane packet-diag clear all
  2 | 
  3 | Packet diagnosis setting set to default.
  4 | reaper@PA-VM> debug dataplane packet-diag clear filter-marked-session all
  5 | 
  6 | Unmark All sessions in packet debug
  7 | reaper@PA-VM> debug dataplane packet-diag set filter match source 10.0.0.10 destination 198.51.100.2
  8 | 
  9 | reaper@PA-VM> debug dataplane packet-diag set filter match source 10.0.0.10 destination 198.51.100.1
 10 | 
 11 | reaper@PA-VM> debug dataplane packet-diag set filter match source 198.51.100.1 destination 198.51.100.2
 12 | 
 13 | reaper@PA-VM> debug dataplane packet-diag set filter match destination 198.51.100.2
 14 | 
 15 | reaper@PA-VM> debug dataplane packet-diag set filter on
 16 | 
 17 | debug packet filter: on
 18 | reaper@PA-VM> show session all filter source 10.0.0.10
 19 | 
 20 | No Active Sessions
 21 | reaper@PA-VM> set session offload no
 22 | 
 23 | reaper@PA-VM> debug dataplane packet-diag set log feature flow basic
 24 | 
 25 | reaper@PA-VM> debug dataplane packet-diag set log on
 26 | 
 27 | Packet log is enabled
 28 | reaper@PA-VM> show counter global filter delta yes packet-filter yes
 29 | 
 30 | Global counters:
 31 | Elapsed time since last sampling: 159.191 seconds
 32 | 
 33 | name                                   value     rate severity  category  aspect    description
 34 | --------------------------------------------------------------------------------
 35 | pkt_recv                                   2        0 info      packet    pktproc   Packets received
 36 | pkt_sent                                  14        0 info      packet    pktproc   Packets transmitted
 37 | pkt_stp_rcv                                2        0 info      packet    pktproc   STP BPDU packets received
 38 | flow_arp_pkt_rcv                           2        0 info      flow      arp       ARP packets received
 39 | flow_arp_rcv_gratuitous                    2        0 info      flow      arp       Gratuitous ARP packets received
 40 | flow_ip_cksm_sw_validation                 9        0 info      flow      pktproc   Packets for which IP checksum validation was done in software
 41 | log_pkt_diag_us                           82        0 info      log       system    Time (us) spent on writing packet-diag logs
 42 | --------------------------------------------------------------------------------
 43 | Total counters shown: 7
 44 | --------------------------------------------------------------------------------
 45 | 
 46 | reaper@PA-VM> show counter global filter delta yes packet-filter yes
 47 | 
 48 | Global counters:
 49 | Elapsed time since last sampling: 5.588 seconds
 50 | 
 51 | --------------------------------------------------------------------------------
 52 | Total counters shown: 0
 53 | --------------------------------------------------------------------------------
 54 | 
 55 | reaper@PA-VM> show se
 56 | > service-chain   Show service chain information
 57 | > session         Show session information
 58 | 
 59 | reaper@PA-VM> show session all filter source 10.0.0.10
 60 | 
 61 | No Active Sessions
 62 | reaper@PA-VM> show counter global filter delta yes packet-filter yes
 63 | 
 64 | Global counters:
 65 | Elapsed time since last sampling: 24.931 seconds
 66 | 
 67 | --------------------------------------------------------------------------------
 68 | Total counters shown: 0
 69 | --------------------------------------------------------------------------------
 70 | 
 71 | reaper@PA-VM> show session all filter source 10.0.0.10
 72 | 
 73 | No Active Sessions
 74 | reaper@PA-VM> show counter global filter delta yes packet-filter yes
 75 | 
 76 | Global counters:
 77 | Elapsed time since last sampling: 13.132 seconds
 78 | 
 79 | name                                   value     rate severity  category  aspect    description
 80 | --------------------------------------------------------------------------------
 81 | session_allocated                          4        0 info      session   resource  Sessions allocated
 82 | session_freed                              4        0 info      session   resource  Sessions freed
 83 | flow_policy_nat_land                       4        0 drop      flow      session   Session setup: source NAT IP allocation result in LAND attack
 84 | nat_dynamic_port_xlat                      4        0 info      nat       resource  The total number of dynamic_ip_port NAT translate called
 85 | nat_dynamic_port_release                   8        0 info      nat       resource  The total number of dynamic_ip_port NAT release called
 86 | log_pkt_diag_us                          262       19 info      log       system    Time (us) spent on writing packet-diag logs
 87 | session_freed                              1        0 info      session   resource  Sessions freed
 88 | flow_policy_nat_land                       1        0 drop      flow      session   Session setup: source NAT IP allocation result in LAND attack
 89 | ctd_fwd_err_tcp_state                      1        0 info      ctd       pktproc   Forward to varrcvr error: TCP in establishment when session went away
 90 | --------------------------------------------------------------------------------
 91 | Total counters shown: 9
 92 | --------------------------------------------------------------------------------
 93 | 
 94 | reaper@PA-VM> show session all filter source 10.0.0.10
 95 | 
 96 | No Active Sessions
 97 | reaper@PA-VM> show session all filter source 10.0.0.10
 98 | 
 99 | --------------------------------------------------------------------------------
100 | ID          Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port])
101 | Vsys                                          Dst[Dport]/Zone (translated IP[Port])
102 | --------------------------------------------------------------------------------
103 | 270          ssh            ACTIVE  FLOW  NS   10.0.0.10[49402]/trust/6  (198.51.100.2[12607])
104 | vsys1                                          198.51.100.1[22]/untrust  (198.51.100.1[22])
105 | reaper@PA-VM> show se
106 | > service-chain   Show service chain information
107 | > session         Show session information
108 | 
109 | reaper@PA-VM> show session id 270
110 | 
111 | Session             270
112 | 
113 |         c2s flow:
114 |                 source:      10.0.0.10 [trust]
115 |                 dst:         198.51.100.1
116 |                 proto:       6
117 |                 sport:       49402           dport:      22
118 |                 state:       ACTIVE          type:       FLOW
119 |                 src user:    unknown
120 |                 dst user:    unknown
121 | 
122 |         s2c flow:
123 |                 source:      198.51.100.1 [untrust]
124 |                 dst:         198.51.100.2
125 |                 proto:       6
126 |                 sport:       22              dport:      12607
127 |                 state:       ACTIVE          type:       FLOW
128 |                 src user:    unknown
129 |                 dst user:    unknown
130 | 
131 |         start time                           : Thu Jun  4 00:46:11 2020
132 |         timeout                              : 3600 sec
133 |         time to live                         : 3589 sec 
134 |         total byte count(c2s)                : 3961
135 |         total byte count(s2c)                : 6143
136 |         layer7 packet count(c2s)             : 22
137 |         layer7 packet count(s2c)             : 27
138 |         vsys                                 : vsys1
139 |         application                          : ssh  
140 |         rule                                 : outbound
141 |         service timeout override(index)      : False
142 |         session to be logged at end          : True
143 |         session in session ager              : True
144 |         session updated by HA peer           : False
145 |         address/port translation             : source
146 |         nat-rule                             : outbound hide(vsys1)
147 |         layer7 processing                    : completed
148 |         URL filtering enabled                : True
149 |         URL category                         : any
150 |         session via syn-cookies              : False
151 |         session terminated on host           : False
152 |         session traverses tunnel             : False
153 |         session terminate tunnel             : False
154 |         captive portal session               : False
155 |         ingress interface                    : ethernet1/2
156 |         egress interface                     : ethernet1/1
157 |         session QoS rule                     : N/A (class 4)
158 |         tracker stage l7proc                 : ctd decoder done
159 |         end-reason                           : unknown
160 | reaper@PA-VM> 
161 | reaper@PA-VM> show counter global filter delta yes packet-filter yes
162 | 
163 | Global counters:
164 | Elapsed time since last sampling: 55.235 seconds
165 | 
166 | name                                   value     rate severity  category  aspect    description
167 | --------------------------------------------------------------------------------
168 | pkt_recv                                   5        0 info      packet    pktproc   Packets received
169 | pkt_sent                                  20        0 info      packet    pktproc   Packets transmitted
170 | session_allocated                          1        0 info      session   resource  Sessions allocated
171 | flow_ip_cksm_sw_validation                27        0 info      flow      pktproc   Packets for which IP checksum validation was done in software
172 | nat_dynamic_port_xlat                      1        0 info      nat       resource  The total number of dynamic_ip_port NAT translate called
173 | nat_dynamic_port_release                   2        0 info      nat       resource  The total number of dynamic_ip_port NAT release called
174 | dfa_sw                                     4        0 info      dfa       pktproc   The total number of dfa match using software
175 | ctd_sml_exit_detector_i                    1        0 info      ctd       pktproc   The number of sessions with sml exit in detector i 
176 | ctd_run_detector_i                         1        0 info      ctd       pktproc   run detector_i
177 | ctd_sml_vm_run_impl_opcodeexit             1        0 info      ctd       pktproc   SML VM opcode exit
178 | ctd_pscan_sw                               4        0 info      ctd       pktproc   The total usage of software for pscan
179 | ctd_pkt_slowpath                           4        0 info      ctd       pktproc   Packets processed by slowpath
180 | log_pkt_diag_us                          303        5 info      log       system    Time (us) spent on writing packet-diag logs
181 | --------------------------------------------------------------------------------
182 | Total counters shown: 13
183 | --------------------------------------------------------------------------------
184 | 
185 | reaper@PA-VM> show session all filter source 10.0.0.10
186 | 
187 | --------------------------------------------------------------------------------
188 | ID          Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port])
189 | Vsys                                          Dst[Dport]/Zone (translated IP[Port])
190 | --------------------------------------------------------------------------------
191 | 270          ssh            ACTIVE  FLOW  NS   10.0.0.10[49402]/trust/6  (198.51.100.2[12607])
192 | vsys1                                          198.51.100.1[22]/untrust  (198.51.100.1[22])
193 | reaper@PA-VM> show session all filter source 10.0.0.10
194 | 
195 | No Active Sessions
196 | reaper@PA-VM> show counter global filter delta yes packet-filter yes
197 | 
198 | Global counters:
199 | Elapsed time since last sampling: 54.857 seconds
200 | 
201 | name                                   value     rate severity  category  aspect    description
202 | --------------------------------------------------------------------------------
203 | pkt_recv                                   3        0 info      packet    pktproc   Packets received
204 | pkt_sent                                  14        0 info      packet    pktproc   Packets transmitted
205 | flow_ip_cksm_sw_validation                 9        0 info      flow      pktproc   Packets for which IP checksum validation was done in software
206 | log_pkt_diag_us                          100        1 info      log       system    Time (us) spent on writing packet-diag logs
207 | --------------------------------------------------------------------------------
208 | Total counters shown: 4
209 | --------------------------------------------------------------------------------
210 | 
211 | reaper@PA-VM> debug dataplane packet-diag set log off
212 | 
213 | Packet log is disabled
214 | reaper@PA-VM> debug dataplane packet-diag aggregate-logs 
215 | 
216 | 
217 | 
218 | pan_packet_diag.log is aggregated
219 | 
220 | 
221 | reaper@PA-VM> set session offload yes
222 | 
223 | reaper@PA-VM> less mp-log pan_packet_diag.log
224 | 


--------------------------------------------------------------------------------
/Chapter 7: Panorama example configuration:
--------------------------------------------------------------------------------
   1 | <?xml version="1.0"?>
   2 | <config version="9.0.0" urldb="paloaltonetworks">
   3 |   <mgt-config>
   4 |     <devices>
   5 |       <entry name="1111111"/>
   6 |       <entry name="2222222"/>
   7 |       <entry name="3333333"/>
   8 |       <entry name="4444444"/>
   9 |       <entry name="5555555"/>
  10 |     </devices>
  11 |     <users>
  12 |       <entry name="admin">
  13 |         <phash>fnRL/G5lXVMug</phash>
  14 |         <permissions>
  15 |           <role-based>
  16 |             <superuser>yes</superuser>
  17 |           </role-based>
  18 |         </permissions>
  19 |       </entry>
  20 |     </users>
  21 |   </mgt-config>
  22 |   <shared>
  23 |     <address>
  24 |       <entry name="HQ-TerminalServers">
  25 |         <ip-netmask>203.0.113.0/24</ip-netmask>
  26 |         <disable-override>no</disable-override>
  27 |       </entry>
  28 |       <entry name="HQ-admins">
  29 |         <ip-netmask>10.0.0.0/24</ip-netmask>
  30 |       </entry>
  31 |       <entry name="PRTG">
  32 |         <ip-netmask>10.0.0.25</ip-netmask>
  33 |       </entry>
  34 |       <entry name="sinkhole.paloaltonetworks.com">
  35 |         <fqdn>sinkhole.paloaltonetworks.com</fqdn>
  36 |       </entry>
  37 |     </address>
  38 |     <profile-group>
  39 |       <entry name="default">
  40 |         <virus>
  41 |           <member>AVforall</member>
  42 |         </virus>
  43 |         <spyware>
  44 |           <member>AS</member>
  45 |         </spyware>
  46 |         <vulnerability>
  47 |           <member>strict</member>
  48 |         </vulnerability>
  49 |         <url-filtering>
  50 |           <member>default</member>
  51 |         </url-filtering>
  52 |         <wildfire-analysis>
  53 |           <member>default</member>
  54 |         </wildfire-analysis>
  55 |       </entry>
  56 |     </profile-group>
  57 |     <pre-rulebase>
  58 |       <security>
  59 |         <rules>
  60 |           <entry name="block sinkhole">
  61 |             <profile-setting>
  62 |               <group>
  63 |                 <member>default</member>
  64 |               </group>
  65 |             </profile-setting>
  66 |             <target>
  67 |               <negate>no</negate>
  68 |             </target>
  69 |             <to>
  70 |               <member>ISP</member>
  71 |             </to>
  72 |             <from>
  73 |               <member>any</member>
  74 |             </from>
  75 |             <source>
  76 |               <member>any</member>
  77 |             </source>
  78 |             <destination>
  79 |               <member>sinkhole.paloaltonetworks.com</member>
  80 |             </destination>
  81 |             <source-user>
  82 |               <member>any</member>
  83 |             </source-user>
  84 |             <category>
  85 |               <member>any</member>
  86 |             </category>
  87 |             <application>
  88 |               <member>any</member>
  89 |             </application>
  90 |             <service>
  91 |               <member>application-default</member>
  92 |             </service>
  93 |             <hip-profiles>
  94 |               <member>any</member>
  95 |             </hip-profiles>
  96 |             <action>drop</action>
  97 |             <log-setting>default</log-setting>
  98 |           </entry>
  99 |           <entry name="shared pre - admin access">
 100 |             <profile-setting>
 101 |               <group>
 102 |                 <member>default</member>
 103 |               </group>
 104 |             </profile-setting>
 105 |             <target>
 106 |               <negate>no</negate>
 107 |             </target>
 108 |             <to>
 109 |               <member>LAN</member>
 110 |             </to>
 111 |             <from>
 112 |               <member>HQVPN</member>
 113 |             </from>
 114 |             <source>
 115 |               <member>HQ-admins</member>
 116 |             </source>
 117 |             <destination>
 118 |               <member>any</member>
 119 |             </destination>
 120 |             <source-user>
 121 |               <member>any</member>
 122 |             </source-user>
 123 |             <category>
 124 |               <member>any</member>
 125 |             </category>
 126 |             <application>
 127 |               <member>ssh</member>
 128 |             </application>
 129 |             <service>
 130 |               <member>application-default</member>
 131 |             </service>
 132 |             <hip-profiles>
 133 |               <member>any</member>
 134 |             </hip-profiles>
 135 |             <action>allow</action>
 136 |             <tag>
 137 |               <member>SHARED</member>
 138 |             </tag>
 139 |           </entry>
 140 |         </rules>
 141 |       </security>
 142 |     </pre-rulebase>
 143 |     <tag>
 144 |       <entry name="SHARED"/>
 145 |     </tag>
 146 |     <content-preview>
 147 |       <application/>
 148 |       <application-type>
 149 |         <category/>
 150 |         <technology/>
 151 |       </application-type>
 152 |     </content-preview>
 153 |     <log-settings>
 154 |       <profiles>
 155 |         <entry name="default">
 156 |           <match-list>
 157 |             <entry name="traffic log">
 158 |               <log-type>traffic</log-type>
 159 |               <filter>All Logs</filter>
 160 |               <send-to-panorama>yes</send-to-panorama>
 161 |             </entry>
 162 |             <entry name="threat log">
 163 |               <log-type>threat</log-type>
 164 |               <filter>All Logs</filter>
 165 |               <send-to-panorama>yes</send-to-panorama>
 166 |             </entry>
 167 |             <entry name="url log">
 168 |               <log-type>url</log-type>
 169 |               <filter>All Logs</filter>
 170 |               <send-to-panorama>yes</send-to-panorama>
 171 |             </entry>
 172 |           </match-list>
 173 |         </entry>
 174 |       </profiles>
 175 |     </log-settings>
 176 |     <profiles>
 177 |       <virus>
 178 |         <entry name="AVforall">
 179 |           <decoder>
 180 |             <entry name="ftp">
 181 |               <action>default</action>
 182 |               <wildfire-action>default</wildfire-action>
 183 |             </entry>
 184 |             <entry name="http">
 185 |               <action>default</action>
 186 |               <wildfire-action>default</wildfire-action>
 187 |             </entry>
 188 |             <entry name="http2">
 189 |               <action>default</action>
 190 |               <wildfire-action>default</wildfire-action>
 191 |             </entry>
 192 |             <entry name="imap">
 193 |               <action>default</action>
 194 |               <wildfire-action>default</wildfire-action>
 195 |             </entry>
 196 |             <entry name="pop3">
 197 |               <action>default</action>
 198 |               <wildfire-action>default</wildfire-action>
 199 |             </entry>
 200 |             <entry name="smb">
 201 |               <action>default</action>
 202 |               <wildfire-action>default</wildfire-action>
 203 |             </entry>
 204 |             <entry name="smtp">
 205 |               <action>default</action>
 206 |               <wildfire-action>default</wildfire-action>
 207 |             </entry>
 208 |           </decoder>
 209 |         </entry>
 210 |       </virus>
 211 |       <spyware>
 212 |         <entry name="AS">
 213 |           <botnet-domains>
 214 |             <lists>
 215 |               <entry name="default-paloalto-dns">
 216 |                 <packet-capture>disable</packet-capture>
 217 |                 <action>
 218 |                   <sinkhole/>
 219 |                 </action>
 220 |               </entry>
 221 |               <entry name="default-paloalto-cloud">
 222 |                 <packet-capture>disable</packet-capture>
 223 |                 <action>
 224 |                   <sinkhole/>
 225 |                 </action>
 226 |               </entry>
 227 |             </lists>
 228 |             <sinkhole>
 229 |               <ipv4-address>pan-sinkhole-default-ip</ipv4-address>
 230 |               <ipv6-address>::1</ipv6-address>
 231 |             </sinkhole>
 232 |           </botnet-domains>
 233 |           <rules>
 234 |             <entry name="hi-med">
 235 |               <action>
 236 |                 <reset-both/>
 237 |               </action>
 238 |               <severity>
 239 |                 <member>critical</member>
 240 |                 <member>high</member>
 241 |                 <member>medium</member>
 242 |               </severity>
 243 |               <threat-name>any</threat-name>
 244 |               <category>any</category>
 245 |               <packet-capture>extended-capture</packet-capture>
 246 |             </entry>
 247 |             <entry name="lo-inf">
 248 |               <action>
 249 |                 <default/>
 250 |               </action>
 251 |               <severity>
 252 |                 <member>low</member>
 253 |                 <member>informational</member>
 254 |               </severity>
 255 |               <threat-name>any</threat-name>
 256 |               <category>any</category>
 257 |               <packet-capture>disable</packet-capture>
 258 |             </entry>
 259 |           </rules>
 260 |         </entry>
 261 |       </spyware>
 262 |     </profiles>
 263 |   </shared>
 264 |   <devices>
 265 |     <entry name="localhost.localdomain">
 266 |       <deviceconfig>
 267 |         <system>
 268 |           <ip-address>10.0.0.150</ip-address>
 269 |           <netmask>255.255.255.0</netmask>
 270 |           <update-server>updates.paloaltonetworks.com</update-server>
 271 |           <update-schedule>
 272 |             <threats>
 273 |               <recurring>
 274 |                 <every-30-mins>
 275 |                   <at>7</at>
 276 |                   <action>download-and-install</action>
 277 |                 </every-30-mins>
 278 |               </recurring>
 279 |             </threats>
 280 |             <anti-virus>
 281 |               <recurring>
 282 |                 <hourly>
 283 |                   <at>4</at>
 284 |                   <action>download-and-install</action>
 285 |                 </hourly>
 286 |               </recurring>
 287 |             </anti-virus>
 288 |             <wildfire>
 289 |               <recurring>
 290 |                 <every-15-mins>
 291 |                   <at>11</at>
 292 |                   <action>download-and-install</action>
 293 |                 </every-15-mins>
 294 |               </recurring>
 295 |             </wildfire>
 296 |           </update-schedule>
 297 |           <timezone>US/Pacific</timezone>
 298 |           <service>
 299 |             <disable-telnet>yes</disable-telnet>
 300 |             <disable-http>yes</disable-http>
 301 |             <disable-userid-service>no</disable-userid-service>
 302 |           </service>
 303 |           <hostname>Panorama</hostname>
 304 |           <default-gateway>10.0.0.254</default-gateway>
 305 |           <dns-setting>
 306 |             <servers>
 307 |               <primary>1.1.1.1</primary>
 308 |               <secondary>1.0.0.1</secondary>
 309 |             </servers>
 310 |           </dns-setting>
 311 |           <ntp-servers>
 312 |             <primary-ntp-server>
 313 |               <ntp-server-address>time.nist.gov</ntp-server-address>
 314 |               <authentication-type>
 315 |                 <none/>
 316 |               </authentication-type>
 317 |             </primary-ntp-server>
 318 |             <secondary-ntp-server>
 319 |               <ntp-server-address>time.belnet.be</ntp-server-address>
 320 |               <authentication-type>
 321 |                 <none/>
 322 |               </authentication-type>
 323 |             </secondary-ntp-server>
 324 |           </ntp-servers>
 325 |           <dlsrvr>
 326 |             <interface>mgmt</interface>
 327 |           </dlsrvr>
 328 |           <deployment-update-schedule>
 329 |             <entry name="apps-threats">
 330 |               <app-and-threat>
 331 |                 <recurring>
 332 |                   <threshold>6</threshold>
 333 |                   <every-30-mins>
 334 |                     <at>24</at>
 335 |                     <action>
 336 |                       <download-only/>
 337 |                     </action>
 338 |                   </every-30-mins>
 339 |                 </recurring>
 340 |               </app-and-threat>
 341 |             </entry>
 342 |             <entry name="apps-only">
 343 |               <app>
 344 |                 <recurring>
 345 |                   <threshold>6</threshold>
 346 |                   <daily>
 347 |                     <action>
 348 |                       <download-only/>
 349 |                     </action>
 350 |                     <disable-new-content>no</disable-new-content>
 351 |                     <at>22:00</at>
 352 |                   </daily>
 353 |                 </recurring>
 354 |               </app>
 355 |               <disabled>yes</disabled>
 356 |             </entry>
 357 |             <entry name="AntiVirus">
 358 |               <anti-virus>
 359 |                 <recurring>
 360 |                   <hourly>
 361 |                     <action>
 362 |                       <download-only/>
 363 |                     </action>
 364 |                     <at>12</at>
 365 |                   </hourly>
 366 |                   <threshold>3</threshold>
 367 |                 </recurring>
 368 |               </anti-virus>
 369 |             </entry>
 370 |             <entry name="WildFire">
 371 |               <wildfire>
 372 |                 <recurring>
 373 |                   <every-min>
 374 |                     <action>
 375 |                       <download-only/>
 376 |                     </action>
 377 |                   </every-min>
 378 |                 </recurring>
 379 |               </wildfire>
 380 |             </entry>
 381 |           </deployment-update-schedule>
 382 |           <config-bundle-export-schedule>
 383 |             <entry name="configbackup">
 384 |               <protocol>
 385 |                 <scp>
 386 |                   <hostname>10.0.0.21</hostname>
 387 |                   <port>22</port>
 388 |                   <path>/backup</path>
 389 |                   <username>backupadmin</username>
 390 |                   <password>-AQ==fEqNCco3Yq9h5ZUglD3CZJT4lBs=TPKw8W+5h+VtffslpLSTkQ==</password>
 391 |                 </scp>
 392 |               </protocol>
 393 |               <start-time>22:30</start-time>
 394 |               <enable>yes</enable>
 395 |             </entry>
 396 |           </config-bundle-export-schedule>
 397 |           <public-ip-address>198.51.100.150</public-ip-address>
 398 |         </system>
 399 |         <setting>
 400 |           <management>
 401 |             <storage-partition>
 402 |               <internal/>
 403 |             </storage-partition>
 404 |             <hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
 405 |           </management>
 406 |         </setting>
 407 |       </deviceconfig>
 408 |       <log-collector>
 409 |         <entry name="ExampleSerial">
 410 |           <deviceconfig>
 411 |             <system>
 412 |               <service>
 413 |                 <disable-device-log-collection>no</disable-device-log-collection>
 414 |                 <disable-collector-group-communication>no</disable-collector-group-communication>
 415 |                 <disable-ssh>no</disable-ssh>
 416 |                 <disable-icmp>no</disable-icmp>
 417 |                 <disable-snmp>yes</disable-snmp>
 418 |                 <disable-userid-service>yes</disable-userid-service>
 419 |               </service>
 420 |               <speed-duplex>auto-negotiate</speed-duplex>
 421 |               <mtu>1500</mtu>
 422 |             </system>
 423 |           </deviceconfig>
 424 |           <authentication-setting>
 425 |             <users>
 426 |               <entry name="admin"/>
 427 |             </users>
 428 |           </authentication-setting>
 429 |           <secure-conn-client>
 430 |             <certificate-type>
 431 |               <none/>
 432 |             </certificate-type>
 433 |           </secure-conn-client>
 434 |           <disk-settings>
 435 |             <disk-pair>
 436 |               <entry name="A"/>
 437 |             </disk-pair>
 438 |           </disk-settings>
 439 |         </entry>
 440 |       </log-collector>
 441 |       <device-group>
 442 |         <entry name="HQ firewalls">
 443 |           <devices>
 444 |             <entry name="4444444"/>
 445 |             <entry name="5555555"/>
 446 |           </devices>
 447 |         </entry>
 448 |         <entry name="Field firewalls">
 449 |           <devices/>
 450 |           <description>All remote offices</description>
 451 |           <pre-rulebase>
 452 |             <security>
 453 |               <rules>
 454 |                 <entry name="field pre- monitoring">
 455 |                   <profile-setting>
 456 |                     <group>
 457 |                       <member>default</member>
 458 |                     </group>
 459 |                   </profile-setting>
 460 |                   <target>
 461 |                     <negate>no</negate>
 462 |                   </target>
 463 |                   <to>
 464 |                     <member>LAN</member>
 465 |                   </to>
 466 |                   <from>
 467 |                     <member>WAN</member>
 468 |                   </from>
 469 |                   <source>
 470 |                     <member>PRTG</member>
 471 |                   </source>
 472 |                   <destination>
 473 |                     <member>any</member>
 474 |                   </destination>
 475 |                   <source-user>
 476 |                     <member>any</member>
 477 |                   </source-user>
 478 |                   <category>
 479 |                     <member>any</member>
 480 |                   </category>
 481 |                   <application>
 482 |                     <member>ping</member>
 483 |                     <member>snmp</member>
 484 |                   </application>
 485 |                   <service>
 486 |                     <member>application-default</member>
 487 |                   </service>
 488 |                   <hip-profiles>
 489 |                     <member>any</member>
 490 |                   </hip-profiles>
 491 |                   <action>allow</action>
 492 |                   <tag>
 493 |                     <member>FIELD</member>
 494 |                   </tag>
 495 |                 </entry>
 496 |               </rules>
 497 |             </security>
 498 |           </pre-rulebase>
 499 |           <tag>
 500 |             <entry name="FIELD"/>
 501 |           </tag>
 502 |         </entry>
 503 |         <entry name="EMEA">
 504 |           <devices>
 505 |             <entry name="2222222"/>
 506 |           </devices>
 507 |           <description>EMEA remote offices</description>
 508 |           <address>
 509 |             <entry name="CloudNet">
 510 |               <ip-netmask>198.51.100.0/24</ip-netmask>
 511 |             </entry>
 512 |           </address>
 513 |           <pre-rulebase>
 514 |             <security>
 515 |               <rules>
 516 |                 <entry name="EMEA pre - regional cloud apps">
 517 |                   <profile-setting>
 518 |                     <group>
 519 |                       <member>default</member>
 520 |                     </group>
 521 |                   </profile-setting>
 522 |                   <target>
 523 |                     <negate>no</negate>
 524 |                   </target>
 525 |                   <to>
 526 |                     <member>Untrust</member>
 527 |                   </to>
 528 |                   <from>
 529 |                     <member>LAN</member>
 530 |                   </from>
 531 |                   <source>
 532 |                     <member>any</member>
 533 |                   </source>
 534 |                   <destination>
 535 |                     <member>CloudNet</member>
 536 |                   </destination>
 537 |                   <source-user>
 538 |                     <member>any</member>
 539 |                   </source-user>
 540 |                   <category>
 541 |                     <member>any</member>
 542 |                   </category>
 543 |                   <application>
 544 |                     <member>ssl</member>
 545 |                   </application>
 546 |                   <service>
 547 |                     <member>application-default</member>
 548 |                   </service>
 549 |                   <hip-profiles>
 550 |                     <member>any</member>
 551 |                   </hip-profiles>
 552 |                   <action>allow</action>
 553 |                   <tag>
 554 |                     <member>EMEA</member>
 555 |                   </tag>
 556 |                 </entry>
 557 |               </rules>
 558 |             </security>
 559 |           </pre-rulebase>
 560 |           <tag>
 561 |             <entry name="EMEA"/>
 562 |           </tag>
 563 |         </entry>
 564 |         <entry name="NAM">
 565 |           <devices>
 566 |             <entry name="3333333"/>
 567 |           </devices>
 568 |           <description>North America remote offices</description>
 569 |         </entry>
 570 |         <entry name="APAC">
 571 |           <devices>
 572 |             <entry name="1111111"/>
 573 |           </devices>
 574 |           <description>Asia Pacific Remote offices</description>
 575 |         </entry>
 576 |       </device-group>
 577 |       <template-stack>
 578 |         <entry name="EMEAStack">
 579 |           <description>one stack to rule them all</description>
 580 |           <devices>
 581 |             <entry name="2222222"/>
 582 |           </devices>
 583 |           <settings/>
 584 |           <templates>
 585 |             <member>AdminTemplate</member>
 586 |             <member>Management Template</member>
 587 |             <member>Network Template</member>
 588 |           </templates>
 589 |           <config>
 590 |             <devices>
 591 |               <entry name="localhost.localdomain">
 592 |                 <network>
 593 |                   <ike>
 594 |                     <gateway>
 595 |                       <entry name="VPNtoHQ">
 596 |                         <authentication>
 597 |                           <pre-shared-key>
 598 |                             <key>-AQ==AbMHrLpPVPVar8M7sGu79sqAPpo=5Xsy3kFncZ/gYMLGP1hwUg==</key>
 599 |                           </pre-shared-key>
 600 |                         </authentication>
 601 |                         <protocol>
 602 |                           <ikev1>
 603 |                             <dpd>
 604 |                               <enable>yes</enable>
 605 |                             </dpd>
 606 |                           </ikev1>
 607 |                           <ikev2>
 608 |                             <dpd>
 609 |                               <enable>yes</enable>
 610 |                             </dpd>
 611 |                           </ikev2>
 612 |                         </protocol>
 613 |                         <local-address>
 614 |                           <ip>$test</ip>
 615 |                           <interface>ethernet1/1</interface>
 616 |                         </local-address>
 617 |                         <protocol-common>
 618 |                           <nat-traversal>
 619 |                             <enable>no</enable>
 620 |                           </nat-traversal>
 621 |                         </protocol-common>
 622 |                         <peer-address>
 623 |                           <ip>$test</ip>
 624 |                         </peer-address>
 625 |                       </entry>
 626 |                     </gateway>
 627 |                   </ike>
 628 |                 </network>
 629 |               </entry>
 630 |             </devices>
 631 |           </config>
 632 |         </entry>
 633 |         <entry name="APACStack">
 634 |           <devices>
 635 |             <entry name="1111111"/>
 636 |           </devices>
 637 |           <settings/>
 638 |           <templates>
 639 |             <member>AdminTemplate</member>
 640 |             <member>Management Template</member>
 641 |             <member>Network Template</member>
 642 |           </templates>
 643 |           <variable>
 644 |             <entry name="$HQFW">
 645 |               <type>
 646 |                 <ip-netmask>198.51.100.20/32</ip-netmask>
 647 |               </type>
 648 |             </entry>
 649 |             <entry name="$FirewallISP">
 650 |               <type>
 651 |                 <ip-netmask>198.51.100.1/32</ip-netmask>
 652 |               </type>
 653 |             </entry>
 654 |           </variable>
 655 |           <config>
 656 |             <devices>
 657 |               <entry name="localhost.localdomain">
 658 |                 <network>
 659 |                   <ike>
 660 |                     <gateway>
 661 |                       <entry name="VPNtoHQ">
 662 |                         <authentication>
 663 |                           <pre-shared-key>
 664 |                             <key>-AQ==AbMHrLpPVPVar8M7sGu79sqAPpo=5Xsy3kFncZ/gYMLGP1hwUg==</key>
 665 |                           </pre-shared-key>
 666 |                         </authentication>
 667 |                         <protocol>
 668 |                           <ikev1>
 669 |                             <dpd>
 670 |                               <enable>yes</enable>
 671 |                             </dpd>
 672 |                           </ikev1>
 673 |                           <ikev2>
 674 |                             <dpd>
 675 |                               <enable>yes</enable>
 676 |                             </dpd>
 677 |                           </ikev2>
 678 |                           <version>ikev2-preferred</version>
 679 |                         </protocol>
 680 |                         <local-address>
 681 |                           <ip>$test</ip>
 682 |                           <interface>ethernet1/1</interface>
 683 |                         </local-address>
 684 |                         <protocol-common>
 685 |                           <nat-traversal>
 686 |                             <enable>no</enable>
 687 |                           </nat-traversal>
 688 |                         </protocol-common>
 689 |                         <peer-address>
 690 |                           <ip>$HQFW</ip>
 691 |                         </peer-address>
 692 |                       </entry>
 693 |                     </gateway>
 694 |                   </ike>
 695 |                 </network>
 696 |               </entry>
 697 |             </devices>
 698 |           </config>
 699 |         </entry>
 700 |         <entry name="HQStack">
 701 |           <settings/>
 702 |           <devices>
 703 |             <entry name="4444444"/>
 704 |             <entry name="5555555"/>
 705 |           </devices>
 706 |           <templates>
 707 |             <member>AdminTemplate</member>
 708 |             <member>Management Template</member>
 709 |             <member>Network Template</member>
 710 |           </templates>
 711 |         </entry>
 712 |         <entry name="NAMStack">
 713 |           <settings/>
 714 |           <devices>
 715 |             <entry name="3333333"/>
 716 |           </devices>
 717 |           <templates>
 718 |             <member>AdminTemplate</member>
 719 |             <member>Management Template</member>
 720 |             <member>Network Template</member>
 721 |           </templates>
 722 |         </entry>
 723 |       </template-stack>
 724 |       <template>
 725 |         <entry name="AdminTemplate">
 726 |           <settings>
 727 |             <default-vsys>vsys1</default-vsys>
 728 |           </settings>
 729 |           <config>
 730 |             <devices>
 731 |               <entry name="localhost.localdomain">
 732 |                 <vsys>
 733 |                   <entry name="vsys1">
 734 |                     <zone/>
 735 |                     <import>
 736 |                       <network>
 737 |                         <interface>
 738 |                           <member>ethernet1/1</member>
 739 |                         </interface>
 740 |                       </network>
 741 |                     </import>
 742 |                   </entry>
 743 |                 </vsys>
 744 |                 <network>
 745 |                   <virtual-router>
 746 |                     <entry name="VR1">
 747 |                       <ecmp>
 748 |                         <algorithm>
 749 |                           <ip-modulo/>
 750 |                         </algorithm>
 751 |                       </ecmp>
 752 |                       <protocol>
 753 |                         <bgp>
 754 |                           <routing-options>
 755 |                             <graceful-restart>
 756 |                               <enable>yes</enable>
 757 |                             </graceful-restart>
 758 |                           </routing-options>
 759 |                           <enable>no</enable>
 760 |                         </bgp>
 761 |                         <rip>
 762 |                           <enable>no</enable>
 763 |                         </rip>
 764 |                         <ospf>
 765 |                           <enable>no</enable>
 766 |                         </ospf>
 767 |                         <ospfv3>
 768 |                           <enable>no</enable>
 769 |                         </ospfv3>
 770 |                       </protocol>
 771 |                       <interface>
 772 |                         <member>ethernet1/1</member>
 773 |                       </interface>
 774 |                     </entry>
 775 |                   </virtual-router>
 776 |                   <interface>
 777 |                     <ethernet>
 778 |                       <entry name="ethernet1/1">
 779 |                         <layer3>
 780 |                           <ipv6>
 781 |                             <neighbor-discovery>
 782 |                               <router-advertisement>
 783 |                                 <enable>no</enable>
 784 |                               </router-advertisement>
 785 |                             </neighbor-discovery>
 786 |                           </ipv6>
 787 |                           <ndp-proxy>
 788 |                             <enabled>no</enabled>
 789 |                           </ndp-proxy>
 790 |                           <lldp>
 791 |                             <enable>no</enable>
 792 |                           </lldp>
 793 |                         </layer3>
 794 |                       </entry>
 795 |                     </ethernet>
 796 |                   </interface>
 797 |                 </network>
 798 |               </entry>
 799 |             </devices>
 800 |           </config>
 801 |           <variable>
 802 |             <entry name="$test">
 803 |               <type>
 804 |                 <ip-netmask>1.1.1.1</ip-netmask>
 805 |               </type>
 806 |             </entry>
 807 |           </variable>
 808 |         </entry>
 809 |         <entry name="Network Template">
 810 |           <settings>
 811 |             <default-vsys>vsys1</default-vsys>
 812 |           </settings>
 813 |           <config>
 814 |             <devices>
 815 |               <entry name="localhost.localdomain">
 816 |                 <vsys>
 817 |                   <entry name="vsys1">
 818 |                     <zone>
 819 |                       <entry name="ISP">
 820 |                         <network>
 821 |                           <log-setting>default</log-setting>
 822 |                           <layer3>
 823 |                             <member>ethernet1/1</member>
 824 |                           </layer3>
 825 |                         </network>
 826 |                       </entry>
 827 |                       <entry name="LAN">
 828 |                         <network>
 829 |                           <layer3>
 830 |                             <member>ethernet1/2</member>
 831 |                           </layer3>
 832 |                           <log-setting>default</log-setting>
 833 |                         </network>
 834 |                       </entry>
 835 |                       <entry name="HQVPN">
 836 |                         <network>
 837 |                           <layer3>
 838 |                             <member>tunnel.1</member>
 839 |                           </layer3>
 840 |                           <log-setting>default</log-setting>
 841 |                         </network>
 842 |                       </entry>
 843 |                       <entry name="WIFI-employee">
 844 |                         <network>
 845 |                           <log-setting>default</log-setting>
 846 |                           <layer3>
 847 |                             <member>ethernet1/3</member>
 848 |                           </layer3>
 849 |                         </network>
 850 |                       </entry>
 851 |                       <entry name="WIFI-guest">
 852 |                         <network>
 853 |                           <layer3>
 854 |                             <member>ethernet1/4</member>
 855 |                           </layer3>
 856 |                           <log-setting>default</log-setting>
 857 |                         </network>
 858 |                       </entry>
 859 |                     </zone>
 860 |                     <import>
 861 |                       <network>
 862 |                         <interface>
 863 |                           <member>ethernet1/1</member>
 864 |                           <member>ethernet1/2</member>
 865 |                           <member>ethernet1/3</member>
 866 |                           <member>ethernet1/4</member>
 867 |                           <member>tunnel.1</member>
 868 |                         </interface>
 869 |                       </network>
 870 |                     </import>
 871 |                   </entry>
 872 |                 </vsys>
 873 |                 <network>
 874 |                   <virtual-router>
 875 |                     <entry name="VR1">
 876 |                       <ecmp>
 877 |                         <algorithm>
 878 |                           <ip-modulo/>
 879 |                         </algorithm>
 880 |                       </ecmp>
 881 |                       <protocol>
 882 |                         <bgp>
 883 |                           <routing-options>
 884 |                             <graceful-restart>
 885 |                               <enable>yes</enable>
 886 |                             </graceful-restart>
 887 |                           </routing-options>
 888 |                           <enable>no</enable>
 889 |                         </bgp>
 890 |                         <rip>
 891 |                           <enable>no</enable>
 892 |                         </rip>
 893 |                         <ospf>
 894 |                           <enable>no</enable>
 895 |                         </ospf>
 896 |                         <ospfv3>
 897 |                           <enable>no</enable>
 898 |                         </ospfv3>
 899 |                       </protocol>
 900 |                       <interface>
 901 |                         <member>ethernet1/1</member>
 902 |                         <member>ethernet1/2</member>
 903 |                         <member>ethernet1/3</member>
 904 |                         <member>ethernet1/4</member>
 905 |                         <member>tunnel.1</member>
 906 |                       </interface>
 907 |                     </entry>
 908 |                   </virtual-router>
 909 |                   <interface>
 910 |                     <ethernet>
 911 |                       <entry name="ethernet1/1">
 912 |                         <layer3>
 913 |                           <ipv6>
 914 |                             <neighbor-discovery>
 915 |                               <router-advertisement>
 916 |                                 <enable>no</enable>
 917 |                               </router-advertisement>
 918 |                             </neighbor-discovery>
 919 |                           </ipv6>
 920 |                           <ndp-proxy>
 921 |                             <enabled>no</enabled>
 922 |                           </ndp-proxy>
 923 |                           <lldp>
 924 |                             <enable>no</enable>
 925 |                           </lldp>
 926 |                         </layer3>
 927 |                       </entry>
 928 |                       <entry name="ethernet1/2">
 929 |                         <layer3>
 930 |                           <ipv6>
 931 |                             <neighbor-discovery>
 932 |                               <router-advertisement>
 933 |                                 <enable>no</enable>
 934 |                               </router-advertisement>
 935 |                             </neighbor-discovery>
 936 |                           </ipv6>
 937 |                           <ndp-proxy>
 938 |                             <enabled>no</enabled>
 939 |                           </ndp-proxy>
 940 |                           <lldp>
 941 |                             <enable>no</enable>
 942 |                           </lldp>
 943 |                           <interface-management-profile>ping-resp</interface-management-profile>
 944 |                         </layer3>
 945 |                       </entry>
 946 |                       <entry name="ethernet1/3">
 947 |                         <layer3>
 948 |                           <ipv6>
 949 |                             <neighbor-discovery>
 950 |                               <router-advertisement>
 951 |                                 <enable>no</enable>
 952 |                               </router-advertisement>
 953 |                             </neighbor-discovery>
 954 |                           </ipv6>
 955 |                           <ndp-proxy>
 956 |                             <enabled>no</enabled>
 957 |                           </ndp-proxy>
 958 |                           <lldp>
 959 |                             <enable>no</enable>
 960 |                           </lldp>
 961 |                           <interface-management-profile>ping-resp</interface-management-profile>
 962 |                         </layer3>
 963 |                       </entry>
 964 |                       <entry name="ethernet1/4">
 965 |                         <layer3>
 966 |                           <ipv6>
 967 |                             <neighbor-discovery>
 968 |                               <router-advertisement>
 969 |                                 <enable>no</enable>
 970 |                               </router-advertisement>
 971 |                             </neighbor-discovery>
 972 |                           </ipv6>
 973 |                           <ndp-proxy>
 974 |                             <enabled>no</enabled>
 975 |                           </ndp-proxy>
 976 |                           <lldp>
 977 |                             <enable>no</enable>
 978 |                           </lldp>
 979 |                         </layer3>
 980 |                       </entry>
 981 |                     </ethernet>
 982 |                     <tunnel>
 983 |                       <units>
 984 |                         <entry name="tunnel.1"/>
 985 |                       </units>
 986 |                     </tunnel>
 987 |                   </interface>
 988 |                   <profiles>
 989 |                     <interface-management-profile>
 990 |                       <entry name="ping-resp">
 991 |                         <userid-service>yes</userid-service>
 992 |                         <ping>yes</ping>
 993 |                         <response-pages>yes</response-pages>
 994 |                       </entry>
 995 |                     </interface-management-profile>
 996 |                   </profiles>
 997 |                 </network>
 998 |               </entry>
 999 |             </devices>
1000 |           </config>
1001 |         </entry>
1002 |         <entry name="Management Template">
1003 |           <settings>
1004 |             <default-vsys>vsys1</default-vsys>
1005 |           </settings>
1006 |           <config>
1007 |             <devices>
1008 |               <entry name="localhost.localdomain">
1009 |                 <vsys>
1010 |                   <entry name="vsys1"/>
1011 |                 </vsys>
1012 |               </entry>
1013 |             </devices>
1014 |           </config>
1015 |         </entry>
1016 |       </template>
1017 |       <log-collector-group>
1018 |         <entry name="log collectors">
1019 |           <monitoring-setting>
1020 |             <snmp-setting>
1021 |               <access-setting>
1022 |                 <version>
1023 |                   <v2c/>
1024 |                 </version>
1025 |               </access-setting>
1026 |             </snmp-setting>
1027 |           </monitoring-setting>
1028 |           <logfwd-setting>
1029 |             <collectors>
1030 |               <member>ExampleSerial</member>
1031 |             </collectors>
1032 |           </logfwd-setting>
1033 |         </entry>
1034 |       </log-collector-group>
1035 |     </entry>
1036 |   </devices>
1037 |   <readonly>
1038 |     <devices>
1039 |       <entry name="localhost.localdomain">
1040 |         <device-group>
1041 |           <entry name="HQ firewalls">
1042 |             <id>11</id>
1043 |           </entry>
1044 |           <entry name="Field firewalls">
1045 |             <id>12</id>
1046 |           </entry>
1047 |           <entry name="EMEA">
1048 |             <parent-dg>Field firewalls</parent-dg>
1049 |             <id>13</id>
1050 |           </entry>
1051 |           <entry name="NAM">
1052 |             <parent-dg>Field firewalls</parent-dg>
1053 |             <id>14</id>
1054 |           </entry>
1055 |           <entry name="APAC">
1056 |             <parent-dg>Field firewalls</parent-dg>
1057 |             <id>15</id>
1058 |           </entry>
1059 |         </device-group>
1060 |         <template-stack>
1061 |           <entry name="EMEAStack">
1062 |             <id>16</id>
1063 |           </entry>
1064 |           <entry name="APACStack">
1065 |             <id>17</id>
1066 |           </entry>
1067 |           <entry name="HQStack">
1068 |             <id>18</id>
1069 |           </entry>
1070 |           <entry name="NAMStack">
1071 |             <id>19</id>
1072 |           </entry>
1073 |         </template-stack>
1074 |         <template>
1075 |           <entry name="AdminTemplate">
1076 |             <id>20</id>
1077 |             <config>
1078 |               <devices>
1079 |                 <entry name="localhost.localdomain">
1080 |                   <vsys>
1081 |                     <entry name="vsys1">
1082 |                       <zone/>
1083 |                     </entry>
1084 |                   </vsys>
1085 |                 </entry>
1086 |               </devices>
1087 |             </config>
1088 |           </entry>
1089 |           <entry name="Network Template">
1090 |             <id>22</id>
1091 |             <config>
1092 |               <devices>
1093 |                 <entry name="localhost.localdomain">
1094 |                   <vsys>
1095 |                     <entry name="vsys1">
1096 |                       <zone>
1097 |                         <entry name="ISP">
1098 |                           <id>24</id>
1099 |                         </entry>
1100 |                         <entry name="LAN">
1101 |                           <id>25</id>
1102 |                         </entry>
1103 |                         <entry name="HQVPN">
1104 |                           <id>26</id>
1105 |                         </entry>
1106 |                         <entry name="WIFI-employee">
1107 |                           <id>27</id>
1108 |                         </entry>
1109 |                         <entry name="WIFI-guest">
1110 |                           <id>28</id>
1111 |                         </entry>
1112 |                       </zone>
1113 |                     </entry>
1114 |                   </vsys>
1115 |                 </entry>
1116 |               </devices>
1117 |             </config>
1118 |           </entry>
1119 |           <entry name="Management Template">
1120 |             <id>23</id>
1121 |           </entry>
1122 |         </template>
1123 |       </entry>
1124 |     </devices>
1125 |     <max-internal-id>28</max-internal-id>
1126 |   </readonly>
1127 | </config>
1128 | 


--------------------------------------------------------------------------------
/SharedGatewayExample:
--------------------------------------------------------------------------------
   1 | <?xml version="1.0"?>
   2 | <config version="9.1.0" urldb="paloaltonetworks">
   3 |   <shared>
   4 |     <admin-role>
   5 |       <entry name="vsysadminrole">
   6 |         <role>
   7 |           <vsys>
   8 |             <webui>
   9 |               <monitor>
  10 |                 <logs>
  11 |                   <traffic>enable</traffic>
  12 |                   <threat>enable</threat>
  13 |                   <url>enable</url>
  14 |                   <wildfire>enable</wildfire>
  15 |                   <data-filtering>enable</data-filtering>
  16 |                   <hipmatch>enable</hipmatch>
  17 |                   <globalprotect>enable</globalprotect>
  18 |                   <iptag>enable</iptag>
  19 |                   <userid>enable</userid>
  20 |                   <tunnel>enable</tunnel>
  21 |                   <authentication>enable</authentication>
  22 |                 </logs>
  23 |                 <automated-correlation-engine>
  24 |                   <correlation-objects>enable</correlation-objects>
  25 |                   <correlated-events>enable</correlated-events>
  26 |                 </automated-correlation-engine>
  27 |                 <app-scope>enable</app-scope>
  28 |                 <session-browser>enable</session-browser>
  29 |                 <block-ip-list>enable</block-ip-list>
  30 |                 <pdf-reports>
  31 |                   <manage-pdf-summary>enable</manage-pdf-summary>
  32 |                   <pdf-summary-reports>enable</pdf-summary-reports>
  33 |                   <user-activity-report>enable</user-activity-report>
  34 |                   <saas-application-usage-report>enable</saas-application-usage-report>
  35 |                   <report-groups>enable</report-groups>
  36 |                   <email-scheduler>enable</email-scheduler>
  37 |                 </pdf-reports>
  38 |                 <custom-reports>
  39 |                   <application-statistics>enable</application-statistics>
  40 |                   <data-filtering-log>enable</data-filtering-log>
  41 |                   <threat-log>enable</threat-log>
  42 |                   <threat-summary>enable</threat-summary>
  43 |                   <traffic-log>enable</traffic-log>
  44 |                   <traffic-summary>enable</traffic-summary>
  45 |                   <url-log>enable</url-log>
  46 |                   <url-summary>enable</url-summary>
  47 |                   <hipmatch>enable</hipmatch>
  48 |                   <globalprotect>enable</globalprotect>
  49 |                   <wildfire-log>enable</wildfire-log>
  50 |                   <tunnel-log>enable</tunnel-log>
  51 |                   <tunnel-summary>enable</tunnel-summary>
  52 |                   <iptag>enable</iptag>
  53 |                   <userid>enable</userid>
  54 |                   <auth>enable</auth>
  55 |                 </custom-reports>
  56 |                 <view-custom-reports>enable</view-custom-reports>
  57 |               </monitor>
  58 |               <policies>
  59 |                 <security-rulebase>enable</security-rulebase>
  60 |                 <nat-rulebase>enable</nat-rulebase>
  61 |                 <qos-rulebase>enable</qos-rulebase>
  62 |                 <pbf-rulebase>enable</pbf-rulebase>
  63 |                 <ssl-decryption-rulebase>enable</ssl-decryption-rulebase>
  64 |                 <tunnel-inspect-rulebase>enable</tunnel-inspect-rulebase>
  65 |                 <application-override-rulebase>enable</application-override-rulebase>
  66 |                 <authentication-rulebase>enable</authentication-rulebase>
  67 |                 <dos-rulebase>enable</dos-rulebase>
  68 |                 <sdwan-rulebase>enable</sdwan-rulebase>
  69 |                 <rule-hit-count-reset>enable</rule-hit-count-reset>
  70 |               </policies>
  71 |               <objects>
  72 |                 <addresses>enable</addresses>
  73 |                 <address-groups>enable</address-groups>
  74 |                 <regions>enable</regions>
  75 |                 <dynamic-user-groups>enable</dynamic-user-groups>
  76 |                 <applications>enable</applications>
  77 |                 <application-groups>enable</application-groups>
  78 |                 <application-filters>enable</application-filters>
  79 |                 <services>enable</services>
  80 |                 <service-groups>enable</service-groups>
  81 |                 <tags>enable</tags>
  82 |                 <global-protect>
  83 |                   <hip-objects>enable</hip-objects>
  84 |                   <hip-profiles>enable</hip-profiles>
  85 |                 </global-protect>
  86 |                 <dynamic-block-lists>enable</dynamic-block-lists>
  87 |                 <custom-objects>
  88 |                   <data-patterns>enable</data-patterns>
  89 |                   <spyware>enable</spyware>
  90 |                   <vulnerability>enable</vulnerability>
  91 |                   <url-category>enable</url-category>
  92 |                 </custom-objects>
  93 |                 <security-profiles>
  94 |                   <antivirus>enable</antivirus>
  95 |                   <anti-spyware>enable</anti-spyware>
  96 |                   <vulnerability-protection>enable</vulnerability-protection>
  97 |                   <url-filtering>enable</url-filtering>
  98 |                   <file-blocking>enable</file-blocking>
  99 |                   <wildfire-analysis>enable</wildfire-analysis>
 100 |                   <data-filtering>enable</data-filtering>
 101 |                   <dos-protection>enable</dos-protection>
 102 |                 </security-profiles>
 103 |                 <security-profile-groups>enable</security-profile-groups>
 104 |                 <log-forwarding>enable</log-forwarding>
 105 |                 <authentication>enable</authentication>
 106 |                 <decryption>
 107 |                   <decryption-profile>enable</decryption-profile>
 108 |                 </decryption>
 109 |                 <sdwan>
 110 |                   <sdwan-profile>enable</sdwan-profile>
 111 |                   <sdwan-dist-profile>enable</sdwan-dist-profile>
 112 |                 </sdwan>
 113 |                 <schedules>enable</schedules>
 114 |               </objects>
 115 |               <network>
 116 |                 <zones>enable</zones>
 117 |                 <global-protect>
 118 |                   <portals>enable</portals>
 119 |                   <gateways>enable</gateways>
 120 |                   <mdm>enable</mdm>
 121 |                   <device-block-list>enable</device-block-list>
 122 |                   <clientless-apps>enable</clientless-apps>
 123 |                   <clientless-app-groups>enable</clientless-app-groups>
 124 |                 </global-protect>
 125 |                 <sdwan-interface-profile>enable</sdwan-interface-profile>
 126 |               </network>
 127 |               <privacy>
 128 |                 <show-full-ip-addresses>enable</show-full-ip-addresses>
 129 |                 <show-user-names-in-logs-and-reports>enable</show-user-names-in-logs-and-reports>
 130 |                 <view-pcap-files>enable</view-pcap-files>
 131 |               </privacy>
 132 |               <validate>enable</validate>
 133 |               <save>
 134 |                 <partial-save>enable</partial-save>
 135 |                 <save-for-other-admins>enable</save-for-other-admins>
 136 |               </save>
 137 |               <commit>
 138 |                 <virtual-systems>enable</virtual-systems>
 139 |                 <commit-for-other-admins>enable</commit-for-other-admins>
 140 |               </commit>
 141 |               <tasks>enable</tasks>
 142 |             </webui>
 143 |             <xmlapi/>
 144 |           </vsys>
 145 |         </role>
 146 |       </entry>
 147 |     </admin-role>
 148 |     <authentication-profile>
 149 |       <entry name="auth">
 150 |         <multi-factor-auth>
 151 |           <mfa-enable>no</mfa-enable>
 152 |         </multi-factor-auth>
 153 |         <method>
 154 |           <none/>
 155 |         </method>
 156 |         <allow-list>
 157 |           <member>all</member>
 158 |         </allow-list>
 159 |       </entry>
 160 |     </authentication-profile>
 161 |     <application-filter>
 162 |       <entry name="allowed">
 163 |         <category>
 164 |           <member>business-systems</member>
 165 |           <member>collaboration</member>
 166 |           <member>general-internet</member>
 167 |         </category>
 168 |         <subcategory>
 169 |           <member>general-business</member>
 170 |           <member>internet-conferencing</member>
 171 |           <member>management</member>
 172 |           <member>office-programs</member>
 173 |           <member>social-business</member>
 174 |           <member>software-update</member>
 175 |           <member>voip-video</member>
 176 |         </subcategory>
 177 |         <risk>
 178 |           <member>1</member>
 179 |           <member>2</member>
 180 |           <member>3</member>
 181 |         </risk>
 182 |       </entry>
 183 |     </application-filter>
 184 |     <profile-group>
 185 |       <entry name="default">
 186 |         <virus>
 187 |           <member>default</member>
 188 |         </virus>
 189 |         <spyware>
 190 |           <member>strict</member>
 191 |         </spyware>
 192 |         <vulnerability>
 193 |           <member>strict</member>
 194 |         </vulnerability>
 195 |         <wildfire-analysis>
 196 |           <member>default</member>
 197 |         </wildfire-analysis>
 198 |       </entry>
 199 |     </profile-group>
 200 |   </shared>
 201 |   <devices>
 202 |     <entry name="localhost.localdomain">
 203 |       <network>
 204 |         <interface>
 205 |           <ethernet>
 206 |                        <entry name="ethernet1/1">
 207 |               <layer3>
 208 |                 <ndp-proxy>
 209 |                   <enabled>no</enabled>
 210 |                 </ndp-proxy>
 211 |                 <ip>
 212 |                   <entry name="10.0.0.0/24"/>
 213 |                 </ip>
 214 |                 <lldp>
 215 |                   <enable>no</enable>
 216 |                 </lldp>
 217 |               </layer3>
 218 |             </entry>
 219 |             <entry name="ethernet1/2">
 220 |               <layer3>
 221 |                 <ndp-proxy>
 222 |                   <enabled>no</enabled>
 223 |                 </ndp-proxy>
 224 |                 <lldp>
 225 |                   <enable>no</enable>
 226 |                 </lldp>
 227 |                 <ip>
 228 |                   <entry name="10.1.0.0/24"/>
 229 |                 </ip>
 230 |               </layer3>
 231 |             </entry>
 232 |             <entry name="ethernet1/3">
 233 |               <layer3>
 234 |                 <ndp-proxy>
 235 |                   <enabled>no</enabled>
 236 |                 </ndp-proxy>
 237 |                 <lldp>
 238 |                   <enable>no</enable>
 239 |                 </lldp>
 240 |                 <ip>
 241 |                   <entry name="198.51.100.2/24"/>
 242 |                 </ip>
 243 |               </layer3>
 244 |             </entry>
 245 |           </ethernet>
 246 |           <loopback>
 247 |             <units/>
 248 |           </loopback>
 249 |           <vlan>
 250 |             <units/>
 251 |           </vlan>
 252 |           <tunnel>
 253 |             <units/>
 254 |           </tunnel>
 255 |         </interface>
 256 |         <vlan/>
 257 |         <virtual-wire/>
 258 |         <profiles>
 259 |           <monitor-profile>
 260 |             <entry name="default">
 261 |               <interval>3</interval>
 262 |               <threshold>5</threshold>
 263 |               <action>wait-recover</action>
 264 |             </entry>
 265 |           </monitor-profile>
 266 |         </profiles>
 267 |         <ike>
 268 |           <crypto-profiles>
 269 |             <ike-crypto-profiles>
 270 |               <entry name="default">
 271 |                 <encryption>
 272 |                   <member>aes-128-cbc</member>
 273 |                   <member>3des</member>
 274 |                 </encryption>
 275 |                 <hash>
 276 |                   <member>sha1</member>
 277 |                 </hash>
 278 |                 <dh-group>
 279 |                   <member>group2</member>
 280 |                 </dh-group>
 281 |                 <lifetime>
 282 |                   <hours>8</hours>
 283 |                 </lifetime>
 284 |               </entry>
 285 |               <entry name="Suite-B-GCM-128">
 286 |                 <encryption>
 287 |                   <member>aes-128-cbc</member>
 288 |                 </encryption>
 289 |                 <hash>
 290 |                   <member>sha256</member>
 291 |                 </hash>
 292 |                 <dh-group>
 293 |                   <member>group19</member>
 294 |                 </dh-group>
 295 |                 <lifetime>
 296 |                   <hours>8</hours>
 297 |                 </lifetime>
 298 |               </entry>
 299 |               <entry name="Suite-B-GCM-256">
 300 |                 <encryption>
 301 |                   <member>aes-256-cbc</member>
 302 |                 </encryption>
 303 |                 <hash>
 304 |                   <member>sha384</member>
 305 |                 </hash>
 306 |                 <dh-group>
 307 |                   <member>group20</member>
 308 |                 </dh-group>
 309 |                 <lifetime>
 310 |                   <hours>8</hours>
 311 |                 </lifetime>
 312 |               </entry>
 313 |             </ike-crypto-profiles>
 314 |             <ipsec-crypto-profiles>
 315 |               <entry name="default">
 316 |                 <esp>
 317 |                   <encryption>
 318 |                     <member>aes-128-cbc</member>
 319 |                     <member>3des</member>
 320 |                   </encryption>
 321 |                   <authentication>
 322 |                     <member>sha1</member>
 323 |                   </authentication>
 324 |                 </esp>
 325 |                 <dh-group>group2</dh-group>
 326 |                 <lifetime>
 327 |                   <hours>1</hours>
 328 |                 </lifetime>
 329 |               </entry>
 330 |               <entry name="Suite-B-GCM-128">
 331 |                 <esp>
 332 |                   <encryption>
 333 |                     <member>aes-128-gcm</member>
 334 |                   </encryption>
 335 |                   <authentication>
 336 |                     <member>none</member>
 337 |                   </authentication>
 338 |                 </esp>
 339 |                 <dh-group>group19</dh-group>
 340 |                 <lifetime>
 341 |                   <hours>1</hours>
 342 |                 </lifetime>
 343 |               </entry>
 344 |               <entry name="Suite-B-GCM-256">
 345 |                 <esp>
 346 |                   <encryption>
 347 |                     <member>aes-256-gcm</member>
 348 |                   </encryption>
 349 |                   <authentication>
 350 |                     <member>none</member>
 351 |                   </authentication>
 352 |                 </esp>
 353 |                 <dh-group>group20</dh-group>
 354 |                 <lifetime>
 355 |                   <hours>1</hours>
 356 |                 </lifetime>
 357 |               </entry>
 358 |             </ipsec-crypto-profiles>
 359 |             <global-protect-app-crypto-profiles>
 360 |               <entry name="default">
 361 |                 <encryption>
 362 |                   <member>aes-128-cbc</member>
 363 |                 </encryption>
 364 |                 <authentication>
 365 |                   <member>sha1</member>
 366 |                 </authentication>
 367 |               </entry>
 368 |             </global-protect-app-crypto-profiles>
 369 |           </crypto-profiles>
 370 |         </ike>
 371 |         <qos>
 372 |           <profile>
 373 |             <entry name="default">
 374 |               <class-bandwidth-type>
 375 |                 <mbps>
 376 |                   <class>
 377 |                     <entry name="class1">
 378 |                       <priority>real-time</priority>
 379 |                     </entry>
 380 |                     <entry name="class2">
 381 |                       <priority>high</priority>
 382 |                     </entry>
 383 |                     <entry name="class3">
 384 |                       <priority>high</priority>
 385 |                     </entry>
 386 |                     <entry name="class4">
 387 |                       <priority>medium</priority>
 388 |                     </entry>
 389 |                     <entry name="class5">
 390 |                       <priority>medium</priority>
 391 |                     </entry>
 392 |                     <entry name="class6">
 393 |                       <priority>low</priority>
 394 |                     </entry>
 395 |                     <entry name="class7">
 396 |                       <priority>low</priority>
 397 |                     </entry>
 398 |                     <entry name="class8">
 399 |                       <priority>low</priority>
 400 |                     </entry>
 401 |                   </class>
 402 |                 </mbps>
 403 |               </class-bandwidth-type>
 404 |             </entry>
 405 |           </profile>
 406 |         </qos>
 407 |         <virtual-router>
 408 |           <entry name="v1-default">
 409 |             <protocol>
 410 |               <bgp>
 411 |                 <enable>no</enable>
 412 |                 <dampening-profile>
 413 |                   <entry name="default">
 414 |                     <cutoff>1.25</cutoff>
 415 |                     <reuse>0.5</reuse>
 416 |                     <max-hold-time>900</max-hold-time>
 417 |                     <decay-half-life-reachable>300</decay-half-life-reachable>
 418 |                     <decay-half-life-unreachable>900</decay-half-life-unreachable>
 419 |                     <enable>yes</enable>
 420 |                   </entry>
 421 |                 </dampening-profile>
 422 |                 <routing-options>
 423 |                   <graceful-restart>
 424 |                     <enable>yes</enable>
 425 |                   </graceful-restart>
 426 |                 </routing-options>
 427 |               </bgp>
 428 |               <rip>
 429 |                 <enable>no</enable>
 430 |               </rip>
 431 |               <ospf>
 432 |                 <enable>no</enable>
 433 |               </ospf>
 434 |               <ospfv3>
 435 |                 <enable>no</enable>
 436 |               </ospfv3>
 437 |             </protocol>
 438 |             <interface>
 439 |               <member>ethernet1/1</member>
 440 |             </interface>
 441 |             <ecmp>
 442 |               <algorithm>
 443 |                 <ip-modulo/>
 444 |               </algorithm>
 445 |             </ecmp>
 446 |             <routing-table>
 447 |               <ip>
 448 |                 <static-route>
 449 |                   <entry name="vsys2-subnet">
 450 |                     <nexthop>
 451 |                       <next-vr>v2-default</next-vr>
 452 |                     </nexthop>
 453 |                     <bfd>
 454 |                       <profile>None</profile>
 455 |                     </bfd>
 456 |                     <path-monitor>
 457 |                       <enable>no</enable>
 458 |                       <failure-condition>any</failure-condition>
 459 |                       <hold-time>2</hold-time>
 460 |                     </path-monitor>
 461 |                     <metric>10</metric>
 462 |                     <destination>10.1.0.0/24</destination>
 463 |                     <route-table>
 464 |                       <unicast/>
 465 |                     </route-table>
 466 |                   </entry>
 467 |                   <entry name="dg">
 468 |                     <path-monitor>
 469 |                       <enable>no</enable>
 470 |                       <failure-condition>any</failure-condition>
 471 |                       <hold-time>2</hold-time>
 472 |                     </path-monitor>
 473 |                     <nexthop>
 474 |                       <next-vr>sharedVR</next-vr>
 475 |                     </nexthop>
 476 |                     <bfd>
 477 |                       <profile>None</profile>
 478 |                     </bfd>
 479 |                     <metric>10</metric>
 480 |                     <destination>0.0.0.0/0</destination>
 481 |                     <route-table>
 482 |                       <unicast/>
 483 |                     </route-table>
 484 |                   </entry>
 485 |                 </static-route>
 486 |               </ip>
 487 |             </routing-table>
 488 |           </entry>
 489 |           <entry name="v2-default">
 490 |             <ecmp>
 491 |               <algorithm>
 492 |                 <ip-modulo/>
 493 |               </algorithm>
 494 |             </ecmp>
 495 |             <protocol>
 496 |               <bgp>
 497 |                 <routing-options>
 498 |                   <graceful-restart>
 499 |                     <enable>yes</enable>
 500 |                   </graceful-restart>
 501 |                 </routing-options>
 502 |                 <enable>no</enable>
 503 |               </bgp>
 504 |               <rip>
 505 |                 <enable>no</enable>
 506 |               </rip>
 507 |               <ospf>
 508 |                 <enable>no</enable>
 509 |               </ospf>
 510 |               <ospfv3>
 511 |                 <enable>no</enable>
 512 |               </ospfv3>
 513 |             </protocol>
 514 |             <interface>
 515 |               <member>ethernet1/2</member>
 516 |             </interface>
 517 |             <routing-table>
 518 |               <ip>
 519 |                 <static-route>
 520 |                   <entry name="vsys1-subnet">
 521 |                     <nexthop>
 522 |                       <next-vr>v1-default</next-vr>
 523 |                     </nexthop>
 524 |                     <bfd>
 525 |                       <profile>None</profile>
 526 |                     </bfd>
 527 |                     <path-monitor>
 528 |                       <enable>no</enable>
 529 |                       <failure-condition>any</failure-condition>
 530 |                       <hold-time>2</hold-time>
 531 |                     </path-monitor>
 532 |                     <metric>10</metric>
 533 |                     <destination>10.0.0.0/24</destination>
 534 |                     <route-table>
 535 |                       <unicast/>
 536 |                     </route-table>
 537 |                   </entry>
 538 |                   <entry name="dg">
 539 |                     <path-monitor>
 540 |                       <enable>no</enable>
 541 |                       <failure-condition>any</failure-condition>
 542 |                       <hold-time>2</hold-time>
 543 |                     </path-monitor>
 544 |                     <nexthop>
 545 |                       <next-vr>sharedVR</next-vr>
 546 |                     </nexthop>
 547 |                     <bfd>
 548 |                       <profile>None</profile>
 549 |                     </bfd>
 550 |                     <metric>10</metric>
 551 |                     <destination>0.0.0.0/0</destination>
 552 |                     <route-table>
 553 |                       <unicast/>
 554 |                     </route-table>
 555 |                   </entry>
 556 |                 </static-route>
 557 |               </ip>
 558 |             </routing-table>
 559 |           </entry>
 560 |           <entry name="sharedVR">
 561 |             <ecmp>
 562 |               <algorithm>
 563 |                 <ip-modulo/>
 564 |               </algorithm>
 565 |             </ecmp>
 566 |             <protocol>
 567 |               <bgp>
 568 |                 <routing-options>
 569 |                   <graceful-restart>
 570 |                     <enable>yes</enable>
 571 |                   </graceful-restart>
 572 |                 </routing-options>
 573 |                 <enable>no</enable>
 574 |               </bgp>
 575 |               <rip>
 576 |                 <enable>no</enable>
 577 |               </rip>
 578 |               <ospf>
 579 |                 <enable>no</enable>
 580 |               </ospf>
 581 |               <ospfv3>
 582 |                 <enable>no</enable>
 583 |               </ospfv3>
 584 |             </protocol>
 585 |             <routing-table>
 586 |               <ip>
 587 |                 <static-route>
 588 |                   <entry name="dg">
 589 |                     <nexthop>
 590 |                       <ip-address>198.51.100.1</ip-address>
 591 |                     </nexthop>
 592 |                     <bfd>
 593 |                       <profile>None</profile>
 594 |                     </bfd>
 595 |                     <path-monitor>
 596 |                       <enable>no</enable>
 597 |                       <failure-condition>any</failure-condition>
 598 |                       <hold-time>2</hold-time>
 599 |                     </path-monitor>
 600 |                     <interface>ethernet1/3</interface>
 601 |                     <metric>10</metric>
 602 |                     <destination>0.0.0.0/0</destination>
 603 |                     <route-table>
 604 |                       <unicast/>
 605 |                     </route-table>
 606 |                   </entry>
 607 |                   <entry name="vsys1">
 608 |                     <path-monitor>
 609 |                       <enable>no</enable>
 610 |                       <failure-condition>any</failure-condition>
 611 |                       <hold-time>2</hold-time>
 612 |                     </path-monitor>
 613 |                     <nexthop>
 614 |                       <next-vr>v1-default</next-vr>
 615 |                     </nexthop>
 616 |                     <bfd>
 617 |                       <profile>None</profile>
 618 |                     </bfd>
 619 |                     <metric>10</metric>
 620 |                     <destination>10.0.0.0/24</destination>
 621 |                     <route-table>
 622 |                       <unicast/>
 623 |                     </route-table>
 624 |                   </entry>
 625 |                   <entry name="vsys2">
 626 |                     <path-monitor>
 627 |                       <enable>no</enable>
 628 |                       <failure-condition>any</failure-condition>
 629 |                       <hold-time>2</hold-time>
 630 |                     </path-monitor>
 631 |                     <nexthop>
 632 |                       <next-vr>v2-default</next-vr>
 633 |                     </nexthop>
 634 |                     <bfd>
 635 |                       <profile>None</profile>
 636 |                     </bfd>
 637 |                     <metric>10</metric>
 638 |                     <destination>10.1.0.0/24</destination>
 639 |                     <route-table>
 640 |                       <unicast/>
 641 |                     </route-table>
 642 |                   </entry>
 643 |                 </static-route>
 644 |               </ip>
 645 |             </routing-table>
 646 |             <interface>
 647 |               <member>ethernet1/3</member>
 648 |             </interface>
 649 |           </entry>
 650 |         </virtual-router>
 651 |         <shared-gateway>
 652 |           <entry name="sg1">
 653 |             <display-name>SharedGW</display-name>
 654 |             <zone>
 655 |               <entry name="SGuntrust">
 656 |                 <network>
 657 |                   <layer3>
 658 |                     <member>ethernet1/3</member>
 659 |                   </layer3>
 660 |                 </network>
 661 |               </entry>
 662 |               <entry name="to-vsys1">
 663 |                 <network>
 664 |                   <external>
 665 |                     <member>vsys1</member>
 666 |                   </external>
 667 |                 </network>
 668 |               </entry>
 669 |               <entry name="to-vsys2">
 670 |                 <network>
 671 |                   <external>
 672 |                     <member>vsys2</member>
 673 |                   </external>
 674 |                 </network>
 675 |               </entry>
 676 |             </zone>
 677 |             <import>
 678 |               <network>
 679 |                 <interface>
 680 |                   <member>ethernet1/3</member>
 681 |                 </interface>
 682 |               </network>
 683 |             </import>
 684 |             <rulebase>
 685 |               <nat>
 686 |                 <rules>
 687 |                   <entry name="vsys1-nat" uuid="4f3371b2-baff-4383-9781-6363911b9737">
 688 |                     <source-translation>
 689 |                       <dynamic-ip-and-port>
 690 |                         <interface-address>
 691 |                           <interface>ethernet1/3</interface>
 692 |                           <ip>198.51.100.2/24</ip>
 693 |                         </interface-address>
 694 |                       </dynamic-ip-and-port>
 695 |                     </source-translation>
 696 |                     <to>
 697 |                       <member>SGuntrust</member>
 698 |                     </to>
 699 |                     <from>
 700 |                       <member>to-vsys1</member>
 701 |                     </from>
 702 |                     <source>
 703 |                       <member>any</member>
 704 |                     </source>
 705 |                     <destination>
 706 |                       <member>any</member>
 707 |                     </destination>
 708 |                     <service>any</service>
 709 |                   </entry>
 710 |                   <entry name="vsys2-nat" uuid="a5ad7ee8-0a0a-4856-95b1-b2d4524d6673">
 711 |                     <source-translation>
 712 |                       <dynamic-ip-and-port>
 713 |                         <interface-address>
 714 |                           <interface>ethernet1/3</interface>
 715 |                           <ip>198.51.100.2/24</ip>
 716 |                         </interface-address>
 717 |                       </dynamic-ip-and-port>
 718 |                     </source-translation>
 719 |                     <to>
 720 |                       <member>SGuntrust</member>
 721 |                     </to>
 722 |                     <from>
 723 |                       <member>to-vsys2</member>
 724 |                     </from>
 725 |                     <source>
 726 |                       <member>any</member>
 727 |                     </source>
 728 |                     <destination>
 729 |                       <member>any</member>
 730 |                     </destination>
 731 |                     <service>any</service>
 732 |                   </entry>
 733 |                   <entry name="inbound-vsys1" uuid="51f4bbee-a421-4ce6-b5f8-1bfc55c3841c">
 734 |                     <destination-translation>
 735 |                       <translated-address>10.0.0.4</translated-address>
 736 |                     </destination-translation>
 737 |                     <to>
 738 |                       <member>SGuntrust</member>
 739 |                     </to>
 740 |                     <from>
 741 |                       <member>SGuntrust</member>
 742 |                     </from>
 743 |                     <source>
 744 |                       <member>any</member>
 745 |                     </source>
 746 |                     <destination>
 747 |                       <member>198.51.100.4</member>
 748 |                     </destination>
 749 |                     <service>service-https</service>
 750 |                   </entry>
 751 |                   <entry name="inbound-vsys2" uuid="fafe4ec8-c38c-484c-9ebb-3d085c70dbdd">
 752 |                     <destination-translation>
 753 |                       <translated-address>10.1.0.5</translated-address>
 754 |                     </destination-translation>
 755 |                     <to>
 756 |                       <member>SGuntrust</member>
 757 |                     </to>
 758 |                     <from>
 759 |                       <member>SGuntrust</member>
 760 |                     </from>
 761 |                     <source>
 762 |                       <member>any</member>
 763 |                     </source>
 764 |                     <destination>
 765 |                       <member>198.51.100.5</member>
 766 |                     </destination>
 767 |                     <service>service-https</service>
 768 |                   </entry>
 769 |                 </rules>
 770 |               </nat>
 771 |             </rulebase>
 772 |           </entry>
 773 |         </shared-gateway>
 774 |       </network>
 775 |       <deviceconfig>
 776 |         <system>
 777 |           <ip-address>192.168.27.240</ip-address>
 778 |           <netmask>255.255.255.0</netmask>
 779 |           <update-server>updates.paloaltonetworks.com</update-server>
 780 |           <update-schedule>
 781 |             <threats>
 782 |               <recurring>
 783 |                 <hourly>
 784 |                   <action>download-and-install</action>
 785 |                 </hourly>
 786 |                 <threshold>25</threshold>
 787 |               </recurring>
 788 |             </threats>
 789 |             <anti-virus>
 790 |               <recurring>
 791 |                 <hourly>
 792 |                   <action>download-and-install</action>
 793 |                 </hourly>
 794 |                 <threshold>5</threshold>
 795 |               </recurring>
 796 |             </anti-virus>
 797 |             <wildfire>
 798 |               <recurring>
 799 |                 <every-hour>
 800 |                   <at>45</at>
 801 |                   <action>download-and-install</action>
 802 |                 </every-hour>
 803 |               </recurring>
 804 |             </wildfire>
 805 |           </update-schedule>
 806 |           <timezone>US/Pacific</timezone>
 807 |           <service>
 808 |             <disable-telnet>yes</disable-telnet>
 809 |             <disable-http>yes</disable-http>
 810 |           </service>
 811 |           <hostname>PA-3020</hostname>
 812 |           <default-gateway>192.168.27.1</default-gateway>
 813 |           <dns-setting>
 814 |             <servers>
 815 |               <primary>1.1.1.1</primary>
 816 |               <secondary>1.0.0.1</secondary>
 817 |             </servers>
 818 |           </dns-setting>
 819 |           <type>
 820 |             <dhcp-client>
 821 |               <accept-dhcp-domain>yes</accept-dhcp-domain>
 822 |               <accept-dhcp-hostname>yes</accept-dhcp-hostname>
 823 |               <send-client-id>yes</send-client-id>
 824 |               <send-hostname>yes</send-hostname>
 825 |             </dhcp-client>
 826 |           </type>
 827 |         </system>
 828 |         <setting>
 829 |           <config>
 830 |             <rematch>yes</rematch>
 831 |           </config>
 832 |           <management>
 833 |             <hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
 834 |           </management>
 835 |         </setting>
 836 |       </deviceconfig>
 837 |       <vsys>
 838 |         <entry name="vsys1">
 839 |           <import>
 840 |             <network>
 841 |               <interface>
 842 |                 <member>ethernet1/1</member>
 843 |                 <member>ethernet1/1</member>
 844 |                 <member>loopback</member>
 845 |                 <member>tunnel</member>
 846 |                 <member>vlan</member>
 847 |               </interface>
 848 |               <virtual-router>
 849 |                 <member>v1-default</member>
 850 |               </virtual-router>
 851 |             </network>
 852 |             <visible-vsys>
 853 |               <member>vsys2</member>
 854 |             </visible-vsys>
 855 |           </import>
 856 |           <application/>
 857 |           <application-group/>
 858 |           <zone>
 859 |             <entry name="trust">
 860 |               <network>
 861 |                 <virtual-wire/>
 862 |               </network>
 863 |             </entry>
 864 |             <entry name="untrust">
 865 |               <network>
 866 |                 <virtual-wire/>
 867 |               </network>
 868 |             </entry>
 869 |             <entry name="L3-untrust-V1">
 870 |               <network>
 871 |                 <layer3/>
 872 |               </network>
 873 |             </entry>
 874 |             <entry name="L3-trust-V1">
 875 |               <network>
 876 |                 <layer3>
 877 |                   <member>ethernet1/1</member>
 878 |                 </layer3>
 879 |               </network>
 880 |             </entry>
 881 |             <entry name="out-to-vsys2">
 882 |               <network>
 883 |                 <external>
 884 |                   <member>vsys2</member>
 885 |                 </external>
 886 |               </network>
 887 |             </entry>
 888 |             <entry name="to-SG-untrust">
 889 |               <network>
 890 |                 <external>
 891 |                   <member>sg1</member>
 892 |                 </external>
 893 |               </network>
 894 |             </entry>
 895 |           </zone>
 896 |           <service/>
 897 |           <service-group/>
 898 |           <schedule/>
 899 |           <rulebase>
 900 |             <security>
 901 |               <rules>
 902 |                 <entry name="to-vsys2">
 903 |                   <to>
 904 |                     <member>out-to-vsys2</member>
 905 |                   </to>
 906 |                   <from>
 907 |                     <member>L3-trust-V1</member>
 908 |                   </from>
 909 |                   <source>
 910 |                     <member>any</member>
 911 |                   </source>
 912 |                   <destination>
 913 |                     <member>any</member>
 914 |                   </destination>
 915 |                   <source-user>
 916 |                     <member>any</member>
 917 |                   </source-user>
 918 |                   <category>
 919 |                     <member>any</member>
 920 |                   </category>
 921 |                   <application>
 922 |                     <member>allowed</member>
 923 |                   </application>
 924 |                   <service>
 925 |                     <member>application-default</member>
 926 |                   </service>
 927 |                   <hip-profiles>
 928 |                     <member>any</member>
 929 |                   </hip-profiles>
 930 |                   <action>allow</action>
 931 |                   <profile-setting>
 932 |                     <group>
 933 |                       <member>default</member>
 934 |                     </group>
 935 |                   </profile-setting>
 936 |                 </entry>
 937 |                 <entry name="internet access">
 938 |                   <profile-setting>
 939 |                     <group>
 940 |                       <member>default</member>
 941 |                     </group>
 942 |                   </profile-setting>
 943 |                   <to>
 944 |                     <member>to-SG-untrust</member>
 945 |                   </to>
 946 |                   <from>
 947 |                     <member>L3-trust-V1</member>
 948 |                   </from>
 949 |                   <source>
 950 |                     <member>any</member>
 951 |                   </source>
 952 |                   <destination>
 953 |                     <member>any</member>
 954 |                   </destination>
 955 |                   <source-user>
 956 |                     <member>any</member>
 957 |                   </source-user>
 958 |                   <category>
 959 |                     <member>any</member>
 960 |                   </category>
 961 |                   <application>
 962 |                     <member>allowed</member>
 963 |                   </application>
 964 |                   <service>
 965 |                     <member>application-default</member>
 966 |                   </service>
 967 |                   <hip-profiles>
 968 |                     <member>any</member>
 969 |                   </hip-profiles>
 970 |                   <action>allow</action>
 971 |                 </entry>
 972 |                 <entry name="inbound">
 973 |                   <profile-setting>
 974 |                     <group>
 975 |                       <member>default</member>
 976 |                     </group>
 977 |                   </profile-setting>
 978 |                   <to>
 979 |                     <member>L3-trust-V1</member>
 980 |                   </to>
 981 |                   <from>
 982 |                     <member>to-SG-untrust</member>
 983 |                   </from>
 984 |                   <source>
 985 |                     <member>any</member>
 986 |                   </source>
 987 |                   <destination>
 988 |                     <member>198.51.100.4</member>
 989 |                   </destination>
 990 |                   <source-user>
 991 |                     <member>any</member>
 992 |                   </source-user>
 993 |                   <category>
 994 |                     <member>any</member>
 995 |                   </category>
 996 |                   <application>
 997 |                     <member>ssl</member>
 998 |                   </application>
 999 |                   <service>
1000 |                     <member>application-default</member>
1001 |                   </service>
1002 |                   <hip-profiles>
1003 |                     <member>any</member>
1004 |                   </hip-profiles>
1005 |                   <action>allow</action>
1006 |                 </entry>
1007 |               </rules>
1008 |             </security>
1009 |           </rulebase>
1010 |           <authentication-profile>
1011 |             <entry name="authprofile">
1012 |               <multi-factor-auth>
1013 |                 <mfa-enable>no</mfa-enable>
1014 |               </multi-factor-auth>
1015 |               <method>
1016 |                 <none/>
1017 |               </method>
1018 |               <allow-list>
1019 |                 <member>all</member>
1020 |               </allow-list>
1021 |             </entry>
1022 |             <entry name="auth">
1023 |               <multi-factor-auth>
1024 |                 <mfa-enable>no</mfa-enable>
1025 |               </multi-factor-auth>
1026 |               <method>
1027 |                 <none/>
1028 |               </method>
1029 |               <allow-list>
1030 |                 <member>all</member>
1031 |               </allow-list>
1032 |             </entry>
1033 |           </authentication-profile>
1034 |         </entry>
1035 |         <entry name="vsys2">
1036 |           <display-name>Beta environment</display-name>
1037 |           <zone>
1038 |             <entry name="L3-untrust-V2">
1039 |               <network>
1040 |                 <layer3/>
1041 |               </network>
1042 |             </entry>
1043 |             <entry name="L3-trust-V2">
1044 |               <network>
1045 |                 <layer3>
1046 |                   <member>ethernet1/2</member>
1047 |                 </layer3>
1048 |               </network>
1049 |             </entry>
1050 |             <entry name="out-to-vsys1">
1051 |               <network>
1052 |                 <external>
1053 |                   <member>vsys1</member>
1054 |                 </external>
1055 |               </network>
1056 |             </entry>
1057 |             <entry name="to-SG-untrust">
1058 |               <network>
1059 |                 <external>
1060 |                   <member>sg1</member>
1061 |                 </external>
1062 |               </network>
1063 |             </entry>
1064 |           </zone>
1065 |           <import>
1066 |             <network>
1067 |               <interface>
1068 |                 <member>ethernet1/7</member>
1069 |                 <member>ethernet1/2</member>
1070 |               </interface>
1071 |               <virtual-router>
1072 |                 <member>v2-default</member>
1073 |               </virtual-router>
1074 |             </network>
1075 |             <visible-vsys>
1076 |               <member>vsys1</member>
1077 |             </visible-vsys>
1078 |           </import>
1079 |           <profile-group/>
1080 |           <application-filter/>
1081 |           <rulebase>
1082 |             <security>
1083 |               <rules>
1084 |                 <entry name="to-vsys1">
1085 |                   <profile-setting>
1086 |                     <group>
1087 |                       <member>default</member>
1088 |                     </group>
1089 |                   </profile-setting>
1090 |                   <to>
1091 |                     <member>out-to-vsys1</member>
1092 |                   </to>
1093 |                   <from>
1094 |                     <member>L3-trust-V2</member>
1095 |                   </from>
1096 |                   <source>
1097 |                     <member>any</member>
1098 |                   </source>
1099 |                   <destination>
1100 |                     <member>any</member>
1101 |                   </destination>
1102 |                   <source-user>
1103 |                     <member>any</member>
1104 |                   </source-user>
1105 |                   <category>
1106 |                     <member>any</member>
1107 |                   </category>
1108 |                   <application>
1109 |                     <member>allowed</member>
1110 |                   </application>
1111 |                   <service>
1112 |                     <member>application-default</member>
1113 |                   </service>
1114 |                   <hip-profiles>
1115 |                     <member>any</member>
1116 |                   </hip-profiles>
1117 |                   <action>allow</action>
1118 |                 </entry>
1119 |                 <entry name="internet access">
1120 |                   <profile-setting>
1121 |                     <group>
1122 |                       <member>default</member>
1123 |                     </group>
1124 |                   </profile-setting>
1125 |                   <to>
1126 |                     <member>to-SG-untrust</member>
1127 |                   </to>
1128 |                   <from>
1129 |                     <member>L3-trust-V2</member>
1130 |                   </from>
1131 |                   <source>
1132 |                     <member>any</member>
1133 |                   </source>
1134 |                   <destination>
1135 |                     <member>any</member>
1136 |                   </destination>
1137 |                   <source-user>
1138 |                     <member>any</member>
1139 |                   </source-user>
1140 |                   <category>
1141 |                     <member>any</member>
1142 |                   </category>
1143 |                   <application>
1144 |                     <member>allowed</member>
1145 |                   </application>
1146 |                   <service>
1147 |                     <member>application-default</member>
1148 |                   </service>
1149 |                   <hip-profiles>
1150 |                     <member>any</member>
1151 |                   </hip-profiles>
1152 |                   <action>allow</action>
1153 |                 </entry>
1154 |                 <entry name="inbound">
1155 |                   <profile-setting>
1156 |                     <group>
1157 |                       <member>default</member>
1158 |                     </group>
1159 |                   </profile-setting>
1160 |                   <to>
1161 |                     <member>L3-trust-V2</member>
1162 |                   </to>
1163 |                   <from>
1164 |                     <member>to-SG-untrust</member>
1165 |                   </from>
1166 |                   <source>
1167 |                     <member>any</member>
1168 |                   </source>
1169 |                   <destination>
1170 |                     <member>198.51.100.5</member>
1171 |                   </destination>
1172 |                   <source-user>
1173 |                     <member>any</member>
1174 |                   </source-user>
1175 |                   <category>
1176 |                     <member>any</member>
1177 |                   </category>
1178 |                   <application>
1179 |                     <member>ssl</member>
1180 |                   </application>
1181 |                   <service>
1182 |                     <member>application-default</member>
1183 |                   </service>
1184 |                   <hip-profiles>
1185 |                     <member>any</member>
1186 |                   </hip-profiles>
1187 |                   <action>allow</action>
1188 |                 </entry>
1189 |               </rules>
1190 |             </security>
1191 |           </rulebase>
1192 |         </entry>
1193 |       </vsys>
1194 |     </entry>
1195 |   </devices>
1196 | </config>
1197 | 


--------------------------------------------------------------------------------