Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0...
Transcript of Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0...
![Page 1: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/1.jpg)
1
Palo Alto Lab Guide Version 8.0
Part-1
![Page 2: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/2.jpg)
Agenda
3
1) Instructions2) Basic Lab setup 3) Management Interface configuration through CLI4) GUI login & Dashboard view Details5) View Default services enabled on Management Interface via GUI6) Enable HTTP service on Management Interface through CLI7) Role based access (Admin Profiles & Admin Accounts)8) Running Config & Candidate config9) Commit Lock and Test the Lock10)Host name & Time setting configuration 11) Banner & Message of the day configuration12) DNS configuration13) Dynamic Update 14) License Management15)Device Operations16) Backup & Restore
![Page 3: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/3.jpg)
4
This field is required
Invalid
1. Instructions
commit Save changes to Running Config
GUI ACCESS INSTRUCTION
CLI ACCESS MODE INSTRUCTION
admin@PA-VM> Operational—Use operational mode to view information about
the firewall
admin@PA-VM# Configuration—Use configuration mode to view and modify the
configuration.
![Page 4: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/4.jpg)
2. Basic lab Setup
4
FIREWALL INTERFACES
VLAN/VMNET ZONE IP ADDRESS SUBNET
Ethernet 1/0 VLAN 10 / VMNET 10 MGMT 103.0.0.254/24 103.0.0.0/24
Ethernet 1/1 VLAN 11 / VMNET 11 LAN 10.11.11.10/24 10.11.11.0/24
Ethernet 1/2 VLAN 12 / VMNET 12 DMZ 172.16.10.10/24 172.16.10.0/24
Ethernet 1/3 BRIDGED WAN 192.168.3.125/24 192.168.3.0/24
Ethernet 1/4 VLAN 13 / VMNET 13 HA1 41.0.0.10/24 41.0.0.0/24
Ethernet 1/5 VLAN 14 / VMNET 14 HA2 42.0.0.10/24 42.0.0.0/24
ADMIN PC VLAN 10 / VMNET 10 MGMT 103.0.0.10/24
LAN PC VLAN 11 / VMNET 11 LAN 10.11.11.5/24
DEVICES
1. PALO ALTO (2 DEVICES)2. ADMIN PC3. LAN PC4. DMZ SERVER
![Page 5: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/5.jpg)
3. Management Interface configuration through CLI
4
Default login credentials through GUI & CLIusername = adminPassword = adminNote: ▪ Login credentials are case sensitive ▪ By default IP address on PA Hardware is 192.168.1.1/24▪ PA VM is by default configured to receive IP address from DHCP for management
Interface.▪ To delete auto DHCP use CLI command admin@PA-VM> configureEntering configuration mode[edit]admin@PA-VM# delete deviceconfig system type dhcp-client• Commit to save changes
![Page 6: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/6.jpg)
5
Exiting configuration admin@PA-VM> show interface managementadmin@PA-VM> show System info
Management Interface configurationadmin@PA-VM> configure Entering configuration mode[edit] admin@PA-VM# set deviceconfig system ip-address 103.0.0.254 netmask 255.255.255.0 default-gateway x.x.x.x dns-setting servers primary x.x.x.x secondary admin@PA-VM# commitadmin@PA-VM# exit
Default Factory reset command admin@PA-VM>request system private-data-resetSystem reload command admin@PA-VM>request restart system
System shutdown command admin@PA-VM>request shutdown system
![Page 8: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/8.jpg)
7
View of Dashboard after login
![Page 9: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/9.jpg)
8
View more information's on Dashboard
![Page 10: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/10.jpg)
8
View active admin session through CLI
admin@PALO_ALTO> show adminsAdmin From Client Session-start Idle-for--------------------------------------------------------------------------admin 103.0.0.5 CLI 06/06 15:06:09 00:00:00s
To Delete admin sessions:admin@PALO_ALTO> delete admin-sessions
![Page 11: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/11.jpg)
8
5. View Default services enabled on Management Interface via GUI
![Page 12: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/12.jpg)
10
6. Enable http service on Management Interface through CLI
admin@PA-VM> configureadmin@PA-VM# set deviceconfig system service disable-http noadmin@PA-VM# commit
Show Commands
admin@PA-VM# set deviceconfig system service ?admin@PA-VM# show deviceconfig system service
Note : Here (disable-http no) means to enable http service
![Page 13: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/13.jpg)
13
8. Running Config & Candidate config
Palo Alto Firewall comes with following config types:
Candidate Configuration Running Configuration
When we make any changes to the configuration of an existing parameters like Security Policy, zone, Virtual router etc. in the Palo Alto firewall and click OK , the Candidate Configuration is either created or updated.This type of configuration is known as Candidate Configuration.
when Commit tab at the top right corner of Web UI of the Palo Alto Firewall is clicked the Candidate Configuration is applied to the running configuration of the Palo Alto firewall. And the applied configuration is called running configuration.
![Page 14: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/14.jpg)
13
Change Host-Name & time-zone on the Firewall to check difference between candidate config &Running Config
![Page 15: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/15.jpg)
10
7. Role based access (Admin Profiles & Admin Accounts)
a. Create Admin Role Profile with name of Firewall Administrator with following Parameters
![Page 16: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/16.jpg)
11
a. Create Admin Role Profile
![Page 17: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/17.jpg)
12
a) Create User (user1) with password (Ab12345) & apply Admin role profileb) Commit to changes c) Test by logging to user1
![Page 18: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/18.jpg)
13
9. Commit Lock and Test the Lock
The web interface supports multiple concurrent administrator sessions by enabling an administrator. Lock the candidate or running configuration so that other administrators cannot change the configuration until the lock is removed.
1. From the GUI get logged in with user1 & click the transaction lock icon to the right of the commit link.
2. Click Take Lock. A Take lock window opens3. Set the type to Commit, and click ok. The user1 lock is listed in the Locks window.
![Page 19: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/19.jpg)
13
4. Click Close & logout on the bottom-left corner of the WebUI:5. Return to the WebUI where you are logged in as a admin6. Notice the lock icon Click on the icon to check locked users.7. Now try to commit the changes it will give you an information “Other administrators are holding device wide commit locks”.
![Page 20: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/20.jpg)
13
10. Host name & Time setting configuration
![Page 21: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/21.jpg)
15
11. Banner & Message of the day configuration
NOTE: Logout & re-login to see the effect.
![Page 22: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/22.jpg)
16
12. DNS Configuration
Note: DNS configuration can be done in two ways a) CLI b) GUI
a) CLI admin@PALO_ALTO> configureadmin@PALO_ALTO# set deviceconfig system dns-setting servers primary 4.2.2.2 secondary 8.8.8.8
The DNS server configuration settings are used for all DNS queries that the firewall initiates in support of FQDN address abjects, logging & firewall managenent,.
![Page 23: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/23.jpg)
16
DNS configuration through GUI
• Verify that 4.2.2.2 is the primary DNS Server & 8.8.8.8 is the secondary DNS Server• Verify that updates.paloaltonetworks.com is the Update Server
![Page 24: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/24.jpg)
DYNAMIC UPDATES
18
13.
![Page 25: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/25.jpg)
SOFTWARE UPDATES
19
![Page 26: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/26.jpg)
16
14. License Management
Note: Internet connectivity is mandatory for licensing.
![Page 27: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/27.jpg)
LICENSING
17
![Page 28: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/28.jpg)
20
15. Device Operations
![Page 29: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/29.jpg)
20
16. Backup & Restore
![Page 30: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/30.jpg)
20
Backup has been saved locally on the Palo Alto now we need to Export on our PC.
![Page 31: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/31.jpg)
20
Now you can see Backup file exported/Downloaded to your PC
![Page 32: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/32.jpg)
20
Condition: After exporting Backup we did few changes on the firewall which went wrong & we need to bring firewall to the Backup taken state.
Step 1: Import backup file
![Page 33: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/33.jpg)
20
Step 2: Now load it back to Firewall
![Page 34: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/34.jpg)
QUIZ
21
![Page 35: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/35.jpg)
QUIZ
22
![Page 36: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/36.jpg)
QUIZ
23
![Page 37: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/37.jpg)
QUIZ
24
![Page 38: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/38.jpg)
END OF MODULE THANK YOU !
25
![Page 39: Palo Alto Lab Guide Version 8.0 Part-1 - WordPress.com€¦ · Palo Alto Lab Guide Version 8.0 Part-1. Agenda 3 1) Instructions 2) Basic Lab setup 3) Management Interface configuration](https://reader030.fdocuments.net/reader030/viewer/2022033118/5eb70e72d5b0d73ba5316f44/html5/thumbnails/39.jpg)