In this blog post, we will set up palo alto management IP via cli and get its GUI access for advance firewall configurations and policies. In the above scenario, there are two palo alto firewalls, one cisco switch and a windows workstation.
1. Create VLAN 10 in Switch SW01 and assign Interfaces Eth1/0, Eth3/1 and Eth4/0 in access VLAN 10 for establishing management connectivity for PaloAlto01 and PaloAlto02
2. Assign Management IP address 10.0.0.10/24 to eth1 on Workstation PC
3. Login to PaloAlto01 firewall using default username and password and assign IP address 10.0.0.1/24 on Management Interface and default gateway as 10.0.0.10
4. Login to PaloAlto02 firewall using default username and password and assign IP address 10.0.0.2/24 on Management Interface and default gateway as 10.0.0.10
Here we will use windows workstation to manage firewall, interface that we will use for management of firewall. In the basic connectivity diagram, we will configure the interfaces on switch for management of firewall. Make sure to power on the devices and take console, there are no initial configurations in this lab.
Please note that this lab scenario is from uninets palo alto virtual lab with lab guide. Else you can create your own virtual lab with similar devices connectivity on your laptop or server.
Task 1: Create VLANs on Switch
Here we will use Workstation to manage palo alto firewall, interface that we will use for management of firewall. In the basic connectivity Diagram, we will configure the interfaces on switch for management of firewall. Put interfaces Eth1/0 , Eth3/1 and Eth4/0 in VLAN 50 i.e. Management VLAN. Below diagram shows the configuration on switch for this.
Task 2: Assign IP address on Workstation
Now configure network adapter on PC for taking management access. Configure below Orange marked adapter with the management address of the firewall.
Note: Please disable Red marked adapter as this interface is for internet access and you may encounter issues during lab-practice.
Now assign the IP address from the management subnet, in this case it is 10.0.0.10/24, we will not assign Default gateway for this lab-practice.
Task 3: Assign Palo Alto Management IP via CLI (PaloAlto01)
Now assign the IP address on Palo-Alto01 firewall from Command Line Interface. Just click on the icon on the lab screen and you will get the console access to the firewall.
Now follow below command to initialize the firewall and assign gateway and management IP address.
Here is the Palo Alto default username and password.
Username: admin Password: admin
Now assign the IP address on Palo-Alto02 firewall from Command Line Interface. Just click on the icon on the lab screen and you will get the console access to the firewall.
Task 4: Assign Palo Alto Management IP via CLI (PaloAlto02)
Initialize PaloAlto02 with management IP address 10.0.0.2/24, please refer below snapshot.
The command for assigning the IP address and gateway on Palo Alto is set deviceconfig system ip-address 10.0.0.2 netmask 255.255.255.0 default-gateway 10.0.0.10 (Note: This is how to assign the IP address and gateway on Palo Alto).
Username: admin Password: admin
Check the reachability of both firewalls PaloAlto01 and PaloAlto02 from Workstation PC, Now Go to your PC and try to ping firewall from Command Prompt:
Check the reachability of both firewalls PaloAlto01 and PaloAlto02 from Workstation PC, Now Go to your PC and try to ping firewall from Command Prompt:
Now as the devices are configured with the management IP address. Take GUI of the palo alto firewalls with the management IP address and proceed with following steps. On the Workstation PC, take GUI of firewall PaloAlto01 and follow below snapshots:
As this is the error of local signed cert, so you can ignore that and proceed with the connection.
Here the username and password will be same as we used in CLI i.e.
Username: admin Password: admin
There will be pop-up asking to reset the password to new one as you logged in with default password. Need not to worry and click on OK.
your GUI window for PaloAlto01
On the Workstation PC, take GUI of firewall PaloAlto02 and follow below snapshots:
Username: admin Password: admin
your GUI window for PaloAlto02
Ajotri Singh is working as a security architect in a service provider company in India. He has also been associated with many organizations in the past such as HCL, Accenture, BT and PWC etc. In his organization he is taking care of large scale complex network security projects which requires special multiple technical skills and right ... more...