In this lesson, we will learn how to configure Palo Alto Networks Firewall Management. Hope, you already know, we have two methods to configure Palo Alto firewall, GUI and CLI. We will use GUI to do Palo Alto Networks Firewall Management Configuration. Here we will configure-
- Management IP and gateway
- We will allow management services like SNMP
- We will restics management access
- DNS and NTP configuration
- Hostname, Timezone configuration
By default, Palo Alto firewall uses Management port to retrieve all the licenses and, update application signature and threats. Because of that, we need internet access on MGT port with proper DNS settings.
By default, Palo Alto has following –
Management IP, Gateway, Services and Restriction
First of all, you need to connect your LAPTOP on MGT interface. Use any IP between 192.168.1.2 – 192.168.1.254. However, if you want to change default MGT IP, then we have to use console cable and change the MGT IP address. Default credential is admin/admin as shown above.
To change/set management IP, we need to do the following.
admin@PA-VM# set deviceconfig system ip-address 192.168.43.100 netmask 255.255.255.0
Another important thing, always make sure to put commit to apply configuration changes.
 admin@PA-VM# commit ...75%99%.....100% Configuration committed successfully  admin@PA-VM#
Currently device is using self sign certificate. Due to that, it will show a warning in our browser. We need to move forward by allowing it and use default credential to login to the web interface.
Here, we are using default username and password, hence it will show following warning message.
Warning: Your device is still configured with the default admin account credentials. Please change your password prior to deployment.
We need to change the password later. Press OK and continue.
In the dashboard, you will find lot’s of information; like, general information, resource information and different logs. To configure the gateway and dns for the Management interface, you need to go Device >> Setup >> Management >> Management Interface Settings.
We are already using IPv4 address (192.168.43.100) for the device management. So, will put gateway address 192.168.43.1 which is management gateway for all of our devices. By default, SSH, PING and HTTPS is allowed; however additionally we will allow SNMP. In the third section, we have limited device management access from only management IP block (192.168.43.0/24). You need to do this according your network topology.
DNS and NTP
Now, lets add the DNS. To add it, we need to go Device >> Setup >> Services and press gear button.
We are using Google free dns 188.8.131.52 and 184.108.40.206 here. After changing DNS, we will change our NTP. We will use free Google NTP servers. It’s always best if we can use our own DNS and NTP servers (if have any).
Hostname, Timezone and Banner
Furthermore, you also can change Hostname, Timezone, and Banner for your Palo Alto Networks Firewall. To do that, you need to go Device >> Setup >> Management >> General Settings. After putting all the information, click commit which is available on upper right corner. Confirm the commit by pressing OK.
If our configuration is OK, then we will see commit confirmation just like bellow.
Seems like, we successfully completed management configuration according our plan.