Palo Alto NGFW Training Course

In this lesson, we will learn how to configure Palo Alto Networks Firewall Management. Hope, you already know, we have two methods to configure Palo Alto firewall, GUI and CLI. We will use GUI to do Palo Alto Networks Firewall Management Configuration. Here we will configure-

  • Management IP and gateway
  • We will allow management services like SNMP
  • We will restics management access
  • DNS and NTP configuration
  • Hostname, Timezone configuration

Palo Alto Networks Firewall Management configuration

By default, Palo Alto firewall uses Management port to retrieve all the licenses and, update application signature and threats. Because of that, we need internet access on MGT port with proper DNS settings.

By default, Palo Alto has following –

Management IP Username Password admin admin

Management IP, Gateway, Services and Restriction

First of all, you need to connect your LAPTOP on MGT interface. Use any IP between – However, if you want to change default MGT IP, then we have to use console cable and change the MGT IP address. Default credential is admin/admin as shown above.

To change/set management IP, we need to do the following.

admin@PA-VM# set deviceconfig system ip-address netmask

Another important thing, always make sure to put commit to apply configuration changes.

admin@PA-VM# commit

Configuration committed successfully


Currently device is using self sign certificate. Due to that, it will show a warning in our browser. We need to move forward by allowing it and use default credential to login to the web interface.

Here, we are using default username and password, hence it will show following warning message.

Warning: Your device is still configured with the default admin account credentials. Please change your password prior to deployment.

We need to change the password later. Press OK and continue.

In the dashboard, you will find lot’s of information; like, general information, resource information and different logs. To configure the gateway and dns for the Management interface, you need to go Device >> Setup >> Management >> Management Interface Settings.

Management IP configuration path

We are already using IPv4 address ( for the device management. So, will put gateway address which is management gateway for all of our devices. By default, SSH, PING and HTTPS is allowed; however additionally we will allow SNMP. In the third section, we have limited device management access from only management IP block ( You need to do this according your network topology.

Management IP configuration details


Now, lets add the DNS. To add it, we need to go Device >> Setup >> Services and press gear button.

Change DNS for Palo Alto

We are using Google free dns and here. After changing DNS, we will change our NTP. We will use free Google NTP servers. It’s always best if we can use our own DNS and NTP servers (if have any).

Set DNS config

Set NTP Config

Hostname, Timezone and Banner

Furthermore, you also can change Hostname, Timezone, and Banner for your Palo Alto Networks Firewall. To do that, you need to go Device >> Setup >> Management >> General Settings. After putting all the information, click commit which is available on upper right corner. Confirm the commit by pressing OK.

Our Hostname _ Timezone setup

If our configuration is OK, then we will see commit confirmation just like bellow.

Commit Confirmation

Seems like, we successfully completed management configuration according our plan.

I have a video version of this article. Please have a look –

If you find this article and video useful, share this content. If you have any questions, please feel free to ask.

Written by Rajib Kumer Das

I am Rajib Kumer Das, a network engineer with 8+ years of experience in multi-vendor environment. In my current position, I am responsible to take care critical projects and it's support cases. I do have several vendor certificates and have plans to go further.

Leave a Comment

Your email address will not be published. Required fields are marked *