Scribd Logo
Upload

Welcome to Scribd!

  • 498 views

    Paloalto Lab Part 1 2019

    Uploaded by

    Quang Anh
    This document provides instructions for configuring a Palo Alto Networks firewall using both the CLI and GUI. It covers basic setup steps like initial configuration of the management interface and enabling services. It also reviews role-based access control, running vs candidate configurations, system settings like DNS and licensing. Backup and restore functionality is demonstrated for recovering from configuration changes. The document is an lab guide that walks through many common Palo Alto firewall configuration and management tasks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Paloalto Lab Part 1 2019

    Uploaded by

    Quang Anh
    498 views39 pages
    This document provides instructions for configuring a Palo Alto Networks firewall using both the CLI and GUI. It covers basic setup steps like initial configuration of the management interface and enabling services. It also reviews role-based access control, running vs candidate configurations, system settings like DNS and licensing. Backup and restore functionality is demonstrated for recovering from configuration changes. The document is an lab guide that walks through many common Palo Alto firewall configuration and management tasks.

    Original Description:

    Paloalto Lab Part 1 2019

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides instructions for configuring a Palo Alto Networks firewall using both the CLI and GUI. It covers basic setup steps like initial configuration of the management interface and enabling services. It also reviews role-based access control, running vs candidate configurations, system settings like DNS and licensing. Backup and restore functionality is demonstrated for recovering from configuration changes. The document is an lab guide that walks through many common Palo Alto firewall configuration and management tasks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    498 views39 pages

    Paloalto Lab Part 1 2019

    Uploaded by

    Quang Anh
    This document provides instructions for configuring a Palo Alto Networks firewall using both the CLI and GUI. It covers basic setup steps like initial configuration of the management interface and enabling services. It also reviews role-based access control, running vs candidate configurations, system settings like DNS and licensing. Backup and restore functionality is demonstrated for recovering from configuration changes. The document is an lab guide that walks through many common Palo Alto firewall configuration and management tasks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 39

    Palo Alto Lab Guide

    Version 8.0
    Part-1

    1
    1) Instructions
    2) Basic Lab setup
    3) Management Interface configuration through CLI
    4) GUI login & Dashboard view Details
    5) View Default services enabled on Management Interface via GUI
    6) Enable HTTP service on Management Interface through CLI
    7) Role based access (Admin Profiles & Admin Accounts)
    8) Running Config & Candidate config
    9) Commit Lock and Test the Lock
    10)Host name & Time setting configuration
    11) Banner & Message of the day configuration
    12) DNS configuration
    13) Dynamic Update
    14) License Management
    15)Device Operations
    16) Backup & Restore

    3
    1. Instructions
    GUI ACCESS INSTRUCTION

    This field is required

    Invalid

    commit Save changes to Running Config

    CLI ACCESS MODE INSTRUCTION


    Operational—Use operational mode to view information about
    admin@PA-VM>
    the firewall
    Configuration—Use configuration mode to view and modify the
    admin@PA-VM#
    configuration.

    4
    2. Basic lab Setup
    DEVICES
    1. PALO ALTO (2 DEVICES)
    2. ADMIN PC
    3. LAN PC
    4. DMZ SERVER

    FIREWALL VLAN/VMNET ZONE IP ADDRESS SUBNET


    INTERFACES

    Ethernet 1/0 VLAN 10 / VMNET 10 MGMT 103.0.0.254/24 103.0.0.0/24


    Ethernet 1/1 VLAN 11 / VMNET 11 LAN 10.11.11.10/24 10.11.11.0/24
    Ethernet 1/2 VLAN 12 / VMNET 12 DMZ 172.16.10.10/24 172.16.10.0/24

    Ethernet 1/3 BRIDGED WAN 192.168.3.125/24 192.168.3.0/24

    Ethernet 1/4 VLAN 13 / VMNET 13 HA1 41.0.0.10/24 41.0.0.0/24

    Ethernet 1/5 VLAN 14 / VMNET 14 HA2 42.0.0.10/24 42.0.0.0/24


    ADMIN PC VLAN 10 / VMNET 10 MGMT 103.0.0.10/24

    4
    LAN PC VLAN 11 / VMNET 11 LAN 10.11.11.5/24
    3. Management Interface configuration through CLI

    Default login credentials through GUI & CLI


    username = admin
    Password = admin
    Note:
    ▪ Login credentials are case sensitive
    ▪ By default IP address on PA Hardware is 192.168.1.1/24
    ▪ PA VM is by default configured to receive IP address from DHCP for management
    Interface.
    ▪ To delete auto DHCP use CLI command
    admin@PA-VM> configure
    Entering configuration mode
    [edit]
    admin@PA-VM# delete deviceconfig system type dhcp-client
    • Commit to save changes

    4
    Exiting configuration
    admin@PA-VM> show interface management
    admin@PA-VM> show System info

    Management Interface configuration


    admin@PA-VM> configure
    Entering configuration mode
    [edit]
    admin@PA-VM# set deviceconfig system ip-address 103.0.0.254 netmask 255.255.255.0
    default-gateway x.x.x.x dns-setting servers primary x.x.x.x secondary
    admin@PA-VM# commit
    admin@PA-VM# exit

    Default Factory reset command


    admin@PA-VM>request system private-data-reset
    System reload command
    admin@PA-VM>request restart system

    System shutdown command


    admin@PA-VM>request shutdown system

    5
    4. GUI login & Dashboard view Details
    • Use browser https://103.0.0.254

    6
    View of Dashboard after login

    7
    View more information's on Dashboard

    8
    View active admin session through CLI

    admin@PALO_ALTO> show admins


    Admin From Client Session-start Idle-for
    --------------------------------------------------------------------------
    admin 103.0.0.5 CLI 06/06 15:06:09 00:00:00s

    To Delete admin sessions:


    admin@PALO_ALTO> delete admin-sessions

    8
    5. View Default services enabled on Management Interface via GUI

    8
    6. Enable http service on Management Interface through CLI
    admin@PA-VM> configure
    admin@PA-VM# set deviceconfig system service disable-http no
    admin@PA-VM# commit

    Note : Here (disable-http no) means to enable http service

    Show Commands

    admin@PA-VM# set deviceconfig system service ?


    admin@PA-VM# show deviceconfig system service

    10
    8. Running Config & Candidate config

    Palo Alto Firewall comes with following config types:

    Candidate Configuration Running Configuration

    When we make any changes to the when Commit tab at the top right corner of
    configuration of an existing parameters like Web UI of the Palo Alto Firewall is clicked the
    Security Policy, zone, Virtual router etc. in the Candidate Configuration is applied to the
    Palo Alto firewall and click OK , the Candidate running configuration of the Palo Alto firewall.
    Configuration is either created or updated. And the applied configuration is called running
    This type of configuration is known as configuration.
    Candidate Configuration.

    13
    Change Host-Name & time-zone on the Firewall to check difference between candidate config &
    Running Config

    13
    7. Role based access (Admin Profiles & Admin Accounts)
    a. Create Admin Role Profile with name of Firewall Administrator with following Parameters

    10
    a. Create Admin Role Profile

    11
    a) Create User (user1) with password (Ab12345) & apply Admin role profile
    b) Commit to changes
    c) Test by logging to user1

    12
    9. Commit Lock and Test the Lock

    The web interface supports multiple concurrent administrator sessions by enabling an


    administrator. Lock the candidate or running configuration so that other administrators cannot
    change the configuration until the lock is removed.
    1. From the GUI get logged in with user1 & click the transaction lock icon to the right of the
    commit link.

    2. Click Take Lock. A Take lock window opens


    3. Set the type to Commit, and click ok. The user1 lock is listed in the Locks window.

    13
    4. Click Close & logout on the bottom-left corner of the WebUI:
    5. Return to the WebUI where you are logged in as a admin
    6. Notice the lock icon Click on the icon to check locked users.
    7. Now try to commit the changes it will give you an information “Other administrators are
    holding device wide commit locks”.

    13
    10. Host name & Time setting configuration

    13
    11. Banner & Message of the day configuration

    NOTE: Logout & re-login to see the effect.

    15
    12. DNS Configuration
    The DNS server configuration settings are used for all DNS queries that the firewall initiates in
    support of FQDN address abjects, logging & firewall managenent,.

    Note: DNS configuration can be done in two ways


    a) CLI
    b) GUI

    a) CLI
    admin@PALO_ALTO> configure
    admin@PALO_ALTO# set deviceconfig system dns-setting servers primary 4.2.2.2 secondary
    8.8.8.8

    16
    DNS configuration through GUI
    • Verify that 4.2.2.2 is the primary DNS Server & 8.8.8.8 is the secondary DNS Server
    • Verify that updates.paloaltonetworks.com is the Update Server

    16
    13. DYNAMIC UPDATES

    18
    SOFTWARE UPDATES

    19
    14. License Management
    Note: Internet connectivity is mandatory for licensing.

    16
    LICENSING

    17
    15. Device Operations

    20
    16. Backup & Restore

    20
    Backup has been saved locally on the Palo Alto now we need to Export on our PC.

    20
    Now you can see Backup file exported/Downloaded to your PC

    20
    Condition: After exporting Backup we did few changes on the firewall which went wrong & we
    need to bring firewall to the Backup taken state.
    Step 1: Import backup file

    20
    Step 2: Now load it back to Firewall

    20
    QUIZ

    21
    QUIZ

    22
    QUIZ

    23
    QUIZ

    24
    END OF MODULE THANK YOU !

    25

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy