How to block NAT Slipstreaming on Palo Alto Firewalls

Update 2022: Nat Slipstreaming should be blocked by default now. However this video will demonstrate how to configure the firewall to make sure it is blocking this threat.

This is what Palo set the vulnerability to now:

Before 2022

"NAT Slipstreaming allows an attacker to remotely access ANY TCP/UDP service bound to ANY system behind a victim's NAT, bypassing the victim's NAT/firewall (remote arbitrary firewall pinhole control), all it takes is the victim's computer to visit the attacker's website". Once the victim's computer visits the website, the attacker's servers start to scan your network to identify the network connected devices. If your devices have not been patched to mitigate vulnerabilities, the attackers will exploit these to take control over them and cause havoc. - Sammy Kamkar (discovered the attack method).

The devices can be anything with an IP address even IoT devices, eg. UPS units, HVACs, power strips, etc. find more detailed information here https://securityboulevard.com/2021/01/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/