I've had to do this many times recently as I build/destroy labs containing the Palo Alto VM series but not always with the integration with NSX which does all the work for me. Keeping this to hand saves me time as I can copy and paste into the console in order to get to a point in setup when I can continue in the GUI / hook up Panorama.
Initial login admin admin
initial IP on appliances 192.168.1.1
configure
set deviceconfig system type static
set deviceconfig system ip-address 192.168.1.9 netmask 255.255.255.0 default-gateway 192.168.1.1 dns-setting servers primary 10.23.1.10 secondary 10.23.1.11
commit
save config
Change MAC address to assigned by hypervisor - additional NICs didn't come up until I did this and rebooted.
Monitor filtering
(src eq 192.168.1.11)
(action eq deny)
(zone.src eq DMZ)
(src eq 192.168.1.11) and (dst eq 172.16.1.11)
Change MAC address to assigned by hypervisor - additional NICs didn't come up until I did this and rebooted.
Monitor filtering
(src eq 192.168.1.11)
(action eq deny)
(zone.src eq DMZ)
(src eq 192.168.1.11) and (dst eq 172.16.1.11)
show counter global filter value non-zero delta yes | match arpshow config diff
https://live.paloaltonetworks.com/t5/Management-Articles/Packet-Capture-Debug-Flow-basic-and-Counter-Commands/ta-p/66224
show counter global filter severity drop packet-filter yes delta yes
https://live.paloaltonetworks.com/t5/Management-Articles/Packet-Capture-Debug-Flow-basic-and-Counter-Commands/ta-p/66224
show counter global filter severity drop packet-filter yes delta yes
