M-200 AND M-600 APPLIANCE QUICK START GUIDE
Overview
The Palo Alto Networks
®
M-200 and M-600 appliances are multifunction appliances you can configure in one of three modes:
•
Panorama™ mode
(default)—Performs both central management and log collection for Palo Alto Networks firewalls and M-Series
appliances running in Log Collector mode.
•
Management-only mode
—Performs central management for Palo Alto Networks firewalls and Log Collectors but the Panorama
server does not collect or store logs; all managed firewall logs are stored on Log Collectors.
•
Log Collector mode
—Functions as a Dedicated Log Collector, which you can manage using a virtual Panorama appliance or an
M-Series appliance running in Panorama mode.
•
PAN-DB Private Cloud mode
(
M-600 only
)—Functions as a private URL filtering solution that Palo Alto Networks firewalls use
for URL filtering lookups. This solution is suitable for organizations that prohibit or restrict the use of the PAN-DB public cloud
service. For more information, refer to the PAN-OS Administrator’s guide specific to your release (guides are located on the
Technical Documentation portal:
https://www.paloaltonetworks.com/documentation
).
Before You Begin
•
Register your new appliance at
http://support.paloaltonetworks.com
(
Assets
tab) so that you can access the latest software updates
and activate support for your appliance.
•
Obtain the IP addresses for your DNS servers and an IP address for the management (MGT) interface. Optionally, obtain IP
addresses for additional Ethernet ports, as well. The M-200 and M-600 appliances have four 10/100/1000Mbps interfaces (MGT,
Eth1, Eth2, and Eth3). The M-600 appliance has two additional 10Gbps interfaces (Eth4 and Eth5).
By default, all communication between an M-200 or an M-600 appliance and managed firewalls occurs over the management
interface. In an environment with heavy log traffic, you can configure Panorama to distribute traffic for various functions to
other Ethernet interfaces. In PAN-DB mode, this applies only to the MGT and Eth1 interfaces. For more information, refer to
the Panorama 8.1 Administrator’s Guide:
https://www.paloaltonetworks.com/documentation/81/panorama_adminguide.html
.
•
Rack-mount and power on the appliance as described in the M-200 and M-600 Appliance Hardware Reference:
https://www.paloaltonetworks.com/documentation/platforms
.
Perform the Initial Configuration
Use the following procedure to connect a management computer to the appliance and to configure basic management access.
Step 1
Connect your computer to the appliance.
1. Take note of the existing IP address on your computer in case you need it in Step 6.
2. Change the IP address on your computer to an address in the 192.168.1.0/24 network, such as 192.168.1.2.
3. Connect an RJ-45 Ethernet cable from your computer to the MGT port on the appliance.
4. Launch a web browser on your computer and enter
https://192.168.1.1
. At the login prompt, enter the default username
and password (admin/admin).
Step 2
Change the default administrator password on the appliance.
1. Click
admin
(lower-left portion of the management console) to display the password change prompt.
2. Type the
Old Password
, type the
New Password
, and then
Confirm New Password
.
3. Click
OK
to save the new password.
Step 3
Assign a new IP address to the management interface and enable management services.
1. Select
Panorama > Setup > Interfaces
and click the
Management
interface.
2.
Enter the new management interface information (
IP Address
,
Netmask
, and
Default Gateway
) for your network.
3. Enable the following device management services if they are not already enabled:
•
Device Management and Device Log Collection
•
Collector Group Communication
•
Device Deployment
4. Enable
HTTPS
and
SSH
network connectivity services. We recommend you disable
HTTP
and
Telnet
.
Step 4
Configure the hostname, time zone, and general settings.
1. Select
Panorama > Setup > Management
and edit General Settings.
2. Configure the Panorama clock and the clock on all managed firewalls to use the same
Time Zone
(for example, GMT or UTC). The
firewall records timestamps when it generate logs and Panorama records timestamps when receiving the logs. Aligning the time
zones ensures that timestamps and the processes for querying logs and generating reports on Panorama are in sync.
3. Enter a
Hostname
for the server. Panorama uses this hostname as the display name (label) for the appliance. For example, this
hostname is the name that displays as part of the CLI prompt and also in the
Collector Name
field if you add the appliance as a
managed collector (
Panorama > Managed Collectors
).
4. Enter the
Latitude
and
Longitude
for the physical location of the server to enable accurate placement of the M-Series appliance on
the world map (used for
App Scope > Traffic Maps
and
App Scope > Threat Maps
).
5. Click
OK
to save your changes.
paloaltonetworks.com/documentation | © 2018 Palo Alto Networks, Inc. | Part Number: 810-000278-00B | Page 1