Palo Alto Initial Configuration | 1.11 Palo Alto Intro _ Deployment Options

By default, the firewall has an IP address of 192.168.1.1 and a username/password of admin/admin. For security reasons, you must change these settings before continuing with other firewall configuration tasks. You must perform these initial configuration tasks either from the MGT interface, even if you do not plan to use this interface for your firewall management, or using a direct serial connection to the console port on the firewall.

Install your firewall and connect power to it.
If your firewall model has dual power supplies, connect the second power supply for redundancy. Refer to the hardware reference guide for your model for details.
Gather the required information from your network administrator.
IP address for MGT port
Netmask
Default gateway
DNS server address
Connect your computer to the firewall.
You can connect to the firewall in one of the following ways:
Connect a serial cable from your computer to the Console port and connect to the firewall using terminal emulation software (9600-8-N-1). Wait a few minutes for the boot-up sequence to complete; when the firewall is ready, the prompt changes to the name of the firewall, for example PA-220 login
.
.
You may need to change the IP address on your computer to an address in the 192.168.1.0/24 network, such as 192.168.1.2, to access this URL.
When prompted, log in to the firewall.
You must log in using the default username and password (admin/admin). The firewall will begin to initialize.
Set a secure password for the admin account.
Starting with PAN-OS 9.0.4, the predefined, default administrator password (admin/admin) must be changed on the first login on a device. The new password must be a minimum of eight characters and include a minimum of one lowercase and one uppercase character, as well as one number or special character.
Be sure to use the best practices for password strength to ensure a strict password and review the password complexity settings.
Select Device
Administrators
.
Select the admin
role.
Enter the current default password and the new password.
Click OK
to save your settings.
Configure the MGT interface.
Select Device
Setup
Interfaces
and edit the Management
interface.
Configure the address settings for the MGT interface using one of the following methods:
To configure static IP address settings for the MGT interface, set the IP Type
to Static
and enter the IP Address
, Netmask
, and Default Gateway
.
To dynamically configure the MGT interface address settings, set the IP Type
to DHCP Client
. To use this method, you must Configure the Management Interface as a DHCP Client.
To prevent unauthorized access to the management interface, it is a best practice to Add
the Permitted IP Addresses
from which an administrator can access the MGT interface.
Set the Speed
to auto-negotiate
.
Select which management services to allow on the interface.
Make sure Telnet
and HTTP
are not selected because these services use plaintext and are not as secure as the other services and could compromise administrator credentials.
Click OK
.
Configure DNS, update server, and proxy server settings.
You must manually configure at least one DNS server on the firewall or it will not be able to resolve hostnames; it will not use DNS server settings from another source, such as an ISP.
Select Device
Setup
Services
.
For multi-virtual system platforms, select Global
and edit the Services section.
For single virtual system platforms, edit the Services section.
On the Services
tab, for DNS
, click one of the following:
Servers
—Enter the Primary DNS Server
address and Secondary DNS Server
address.
DNS Proxy Object
—From the drop-down, select the DNS Proxy
that you want to use to configure global DNS services, or click DNS Proxy
to configure a new DNS proxy object.
Click OK
.
Configure date and time (NTP) settings.
Select Device
Setup
Services
#paloalto #firewalls #nextgenerationfirewall