Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

905 Excellent

1 Follower

About MrSquirrel

  • Rank
    Junior Member

Recent Profile Visitors

147 profile views
  1. Unfortunatley v10 will not be available for the PA-3000 series. It is only supported up to v9.x.x
  2. Afraid i only have up to 8.0.9 for the PA-200, also looking for the latest.
  3. Edited the link, seems to work now.
  4. Your wish is granted! You will need some dynamic updates along the way to complete the full upgrade. Post back with what you need. [Hidden Content]
  5. Latest Dynamic Updates [hide]Dynamic Updates 09-07-2020 [Hidden Content]]
  6. Thanks for the info, that's a good trick to know. For some upgrades you need the dynamic content to be at a particular level before it will let you continue. If you get stuck further on in the upgrade path let us know.
  7. Unfortunately they patched this a while back, they tightened up the sanity checking on v7/8/9 for this command.
  8. Please can you add isr4200-universalk9_ias.16.11.01a.SPA.bin ? Thanks,
  9. Hi there, Can anyone share the latest IOS for the 4200 series? Looking for isr4200-universalk9_ias.16.11.01a.SPA.bin or the latest you have for this series of router. I've discovered the 4221 is riddled with bugs! Found some earlier ones here, but still looking for the latest: [Hidden Content] Thanks,
  10. Nice work, thanks! You should be bored more often There was an interesting vulnerability found a few years ago, which allowed you to get root access: Brilliantly simple, IIRC the bug was fixed in v7.x.x though, works on earlier releases. Interesting files to look at are: /usr/local/bin eeprom_probe panupdater.sh newpanupdater.sh licensecheck.sh /var/log/pan cryptod.log /etc/cryptod/ tac-login.xml /etc/cfgdb eeprom.xml /etc/cfgdb/dp/200 cfgdb.xml /etc/cfgdb/mp/common root.cfgdb.xml /etc/security su-access.config The "sdb" command allows you to view/modify the database, example: [[email protected] ~]$ sdb -r cfg.hostname cfg.hostname: 'Test3020' [[email protected] ~]$ Much of the hardware information is gathered and pushed into the database on the first boot after a factory reset or when a license check is initiated from the GUI. Root access is achieved in the field using the tac-login debug command, which uses a challenge/response method. I have plenty of Palo hardware in the lab to play with, the 3000 series use some dedicated hardware with an off the shelf COMExpress format Intel SBC (single board computer). I added a VGA port to mine, there is also a hidden Ethernet interface and other ports direct to the SBC which i keep meaning to look into. I dumped the BIOS ROM, however from memory i think the BIOS is slightly customised for Palo by Portwell. I have limited Linux knowledge though, perhaps it's worth looking into the boot process with reference to your GRUB hack, i'll have to read up on how GRUB works! On the real tin the BIOS boots into onboard flash from which you set some environment variables from which to boot (partition etc) I have some notes somewhere. 200 uses a Cavium SoC with 2.5" SATA SSD, hidden PCI-E connector is worth a mention. 220 uses a SoC with no external disk, just one chip that does the lot. Very slow boxes to commit, slower than an old PA-500. 500 & 2000 use Cavium Octeon processors, 2000 is dreadfully slow but 500 is still quite good for the lab and runs 8.1.x 3000 is the best to play with as it has a standard CPU, anything else is too expensive!
  • Create New...