In this lesson, we will learn how to configure Palo Alto Networks Firewall Management. Hope, you already know, we have two methods to configure Palo Alto firewall, GUI and CLI. We will use GUI to do Palo Alto Networks Firewall Management Configuration. Here we will configure-

  • Management IP and gateway
  • We will allow management services like SNMP
  • We will restics management access
  • DNS and NTP configuration
  • Hostname, Timezone configuration

Palo Alto Networks Firewall Management configuration

By default, Palo Alto firewall uses Management port to retrieve all the licenses and, update application signature and threats. Because of that, we need internet access on MGT port with proper DNS settings.

By default, Palo Alto has following –

Management IP Username Password
192.168.1.1/24 admin admin

Management IP, Gateway, Services and Restriction

First of all, you need to connect your LAPTOP on MGT interface. Use any IP between 192.168.1.2 – 192.168.1.254. However, if you want to change default MGT IP, then we have to use console cable and change the MGT IP address. Default credential is admin/admin as shown above.

To change/set management IP, we need to do the following.

admin@PA-VM# set deviceconfig system ip-address 192.168.43.100 netmask 255.255.255.0

Another important thing, always make sure to put commit to apply configuration changes.

[edit]
admin@PA-VM# commit

...75%99%.....100%
Configuration committed successfully

[edit]
admin@PA-VM#

Currently device is using self sign certificate. Due to that, it will show a warning in our browser. We need to move forward by allowing it and use default credential to login to the web interface.

Here, we are using default username and password, hence it will show following warning message.

Warning: Your device is still configured with the default admin account credentials. Please change your password prior to deployment.

We need to change the password later. Press OK and continue.

In the dashboard, you will find lot’s of information; like, general information, resource information and different logs. To configure the gateway and dns for the Management interface, you need to go Device >> Setup >> Management >> Management Interface Settings.

Management IP configuration path

We are already using IPv4 address (192.168.43.100) for the device management. So, will put gateway address 192.168.43.1 which is management gateway for all of our devices. By default, SSH, PING and HTTPS is allowed; however additionally we will allow SNMP. In the third section, we have limited device management access from only management IP block (192.168.43.0/24). You need to do this according your network topology.

Management IP configuration details

DNS and NTP

Now, lets add the DNS. To add it, we need to go Device >> Setup >> Services and press gear button.

Change DNS for Palo Alto

We are using Google free dns 8.8.8.8 and 8.8.4.4 here. After changing DNS, we will change our NTP. We will use free Google NTP servers. It’s always best if we can use our own DNS and NTP servers (if have any).

Set DNS config

Set NTP Config

Hostname, Timezone and Banner

Furthermore, you also can change Hostname, Timezone, and Banner for your Palo Alto Networks Firewall. To do that, you need to go Device >> Setup >> Management >> General Settings. After putting all the information, click commit which is available on upper right corner. Confirm the commit by pressing OK.

Our Hostname _ Timezone setup

If our configuration is OK, then we will see commit confirmation just like bellow.

Commit Confirmation

Seems like, we successfully completed management configuration according our plan.

Written by Rajib Kumer Das

I am Rajib Kumer Das, a network engineer with 7+ years of experience in multi-vendor environment. In my current company, I am responsible to take care critical projects and it's support cases. I do have several vendor certificates and have plans to go further.

Leave a Comment

Your email address will not be published. Required fields are marked *