This post aims to give an introduction to configuring Palo Alto Networks firewall for initial deployment as it is for beginners, I would like to cover the following topics;
- Configure management interface settings (i.e IP Address, default gateway) via console
- Assign IP addresses to ethernet interfaces and default gateway
- Configure NAT and Security Policies to allow Internet access to internal clients
For this purpose, we will be using the following simple topology;
Once you are familiar with one firewall, sometimes it is difficult to be comfortable on another firewall. Here I will list 2 things that you do differently on these firewalls. At least these were the first things I noticed.
On an SRX firewall, if you ping a remote address, command will be accepted.
root@J200> ping 220.127.116.11
PING 18.104.22.168 (22.214.171.124): 56 data bytes
64 bytes from 126.96.36.199: icmp_seq=0 ttl=46 time=12.637 ms
64 bytes from 188.8.131.52: icmp_seq=1 ttl=46 time=7.674 ms
However if you run the same command on a Palo Alto firewall, you get an invalid syntax.
admin@PA10> ping 184.108.40.206
However this isn’t really the difference I would like to tell. The correct syntax on Palo Alto is like this
admin@PA10> ping host 220.127.116.11
PING 18.104.22.168 (22.214.171.124) 56(84) bytes of data.
64 bytes from 126.96.36.199: icmp_seq=1 ttl=45 time=10.9 ms
64 bytes from 188.8.131.52: icmp_seq=2 ttl=45 time=9.69 ms