Security Policy for devices impacted by PAN-SA-2019-0011
Described below is the policy to block ports 28869/28870 as described in Security Advisory PAN-SA-2019-0011.
Once installed the device will block inbound connections to ports 28869 and 28870.
The policy provided is intended for use on impacted software versions:
PAN-OS 8.0.8 - 8.0.13
PAN-OS 8.1.0 - 8.1.3
Please note this is an interim solution intended for use until a more recent software version with applicable updates can be deployed to your devices.
- Create Service Objects: (Objects > Services > Add)
- Optional - Create IP address Objects for desired interface(s) (Objects > Addresses > Add)
Alternatively, the IP address can be entered to the security rule covered below as the Destination Address without creating an Address Object.
- Create Security Policy Rule to block Traffic
- Commit the policy to the device.