Palo Alto – Source Ping

Something to keep in mind is when you ping from a Palo Alto firewall via the CLI, it’s going to source the ping from the MGMT interface by default. So a ping might respond back but the app/service/user/etc… still won’t work. You need to use the “source” option in the ping command:

ping source {LOCAL_IP_ADDRESS} host {REMOTE_IP_ADDRESS}

For example, if I want to ping an internal server from the INSIDE interface, would do this:

ping source 10.1.1.1 host 10.100.10.101
More Stories
Windows AD GPP cpassword Exposure