By default, the firewall has an IP address of 192.168.1.1 and a username/password of admin/admin. For security reasons, you must change these settings before continuing with other firewall configuration tasks. You must perform these initial configuration tasks either from the MGT interface, even if you do not plan to use this interface for your firewall management, or by using a direct serial connection to the console port on the device. Refer to this link for the steps in performing initial configuration on a PAN firewall.
Note: Virtual firewalls must be licensed after initial configuration is performed.
The changes wouldn’t take effect immediately unless you click on Commit on the upper right-hand corner.
Click Commit to apply the changes.
Note: Virtual firewalls must be licensed after initial configuration is performed.
To change the PAN firewall initial management IP address, go
to Device > Setup > Management
Interface Settings > Edit (gear icon).
Type the new management IP address and leave the default
Services enabled: HTTPS, SSH, and Ping.
The changes wouldn’t take effect immediately unless you click on Commit on the upper right-hand corner.
The change took a minute to complete and the loading bar will only
show 99% since the new management IP already took effect. Change the PC
LAN IP address (10.67.78.3/24) and HTTPS using the new PAN firewall management IP
address.
A pop-up message will be displayed asking you to change the
default admin password.
To change the admin default password go to Device > Administrators > click admin.
Type the old password (admin) and new password. The best
practice for a secure password is using at least 8-10 characters in length with
a combination of alphanumeric characters and symbols.
Change the hostname, domain and login banner under Device > Setup > General Settings and
click Edit (gear icon).
Below is how the login banner looks like.
To modify DNS and NTP settings, go to Device > Setup >
Services > click Edit (gear icon). I’ve used Google’s public DNS server
(8.8.8.8) and Level 3 (4.2.2.2) and also used public NTP servers from this website. I wasn’t able to ping 0.sg.pool.ntp.org
so I’ve used 1.sg.pool.ntp.org and 2.sg.pool.ntp.org instead. The DNS is used to resolve Palo Alto Update
Server FQDN (updates.paloaltonetworks.com) in order to get the latest software and
license updates.
To change the source interface (other than the default MGT
interface) to communicate for a particular service (such as DNS, NTP and Palo
Alto Updates), go to Device > Setup
> Services > Services Features > click Service Route Configuration.
Click Commit to apply the changes.
No comments:
Post a Comment