Scribd
Upload
48 views25 pages

MOD-2-Administration & Management

Uploaded by

Thanh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
48 views25 pages

MOD-2-Administration & Management

Uploaded by

Thanh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

Administration & Management

PAN-OS 8.0
Instructor: Trinh Anh Luan

Palo Alto Networks Certified Network Security Engineer

1 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Agenda
 Initial Access to the System

 Administrative Controls (GUI, CLI)

 Configuration Management

 Licensing & Software Updates

 Account Administration

2 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Initial Access to the System
 Initial configurations must be performed over either:
 Dedicated out-of-band management Ethernet interface (MGT)
 Serial console connection

 Default values:
 User name: admin
 Password: admin
 MGT IP address: 192.168.1.1/24

3 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Configuring the MGT Interface Using the CLI
> configure

Entering configuration mode

[edit]

#set deviceconfig system ip-address 10.30.11.1 netmask 255.255.255.0 default-gateway 10.30.11.254


dns-setting servers primary 172.16.20.230

# commit

....10%....20%....30%....40%....50%....60%....70%....80%....90%....100%
Internet
Configuration committed successfully

10.30.11.254

10.30.11.1 DNS: 172.16.20.230

4 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Configuring the MGT Interface Using the WebUI
Device > Setup > Management > Management Interface Settings

5 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Configure the Hostname and Domain
Device > Setup > Management > General Settings

6 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Service Route
Device > Setup > Services > Service Route Configuration

7 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Administrative Controls

8 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Administrative Controls

WebUI

CLI over SSH, Telnet, or


console session

9 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Navigating the WebUI
Functional
Category Tabs

Display Tasks List

10 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Language Preference Setting

11 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Configuration Management

12 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Config Types
Candidate Configuration Running Configuration
 What is shown in the UI becomes  Active on the firewall
Running Config upon successful
Commit

# commit

13 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Backup & Restore File Config
Device > Setup > Operations > Save named configuration snapshot

Device > Setup > Operations > Export named configuartion snapshot

14 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Commit Operation
 Granular commit is possible

 Tasks button at bottom right of


the WebUI shows the job
in progress

15 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Reset to Factory Configuration
 With Admin User password
 Erases all logs
 Resets all settings—including IP addressing, which causes loss of connectivity
 Saves a default configuration after the MGT IP address is changed

> request system private-data-reset

 Without Admin User password


 From the console port
 Type maint during bootup
 Choose Reset to Factory Default
 Or load another configuration into running memory

16 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Power Operations
Device > Setup > Operations

17 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Licensing and Software Updates

18 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Activate Firewall
1. Register with Palo Alto Networks
a. Obtain the serial number from the WebUI dashboard
b. Log in to https://support.paloaltonetworks.com
(If you haven’t already, register for a Support account with your serial number)
c. Click Assets
d. Enter the assigned serial number and click Register Device

2. Activate Licenses

3. Manage Content Updates


 Updates include the latest application and threat signatures and URL
filtering database

4. Install Software Updates

19 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Licensing
Device > Licenses

Device > Support

20 | © 2018, Palo Alto Networks. Confidential and Proprietary.


PAN-OS
Device > Software

21 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Dynamic Updates
Device > Dynamic Updates
Schedule and check
for new content

To install from a file,


upload content first

22 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Account Administration
Device > Administrators

23 | © 2018, Palo Alto Networks. Confidential and Proprietary.


Questions?

24 | © 2018, Palo Alto Networks. Confidential and Proprietary.


25 | © 2018, Palo Alto Networks. Confidential and Proprietary.

You might also like