©2013 Palo Alto Networks, Inc. All rights reserved.
Palo Alto Networks and PAN-OS are registered trademarks of Palo Alto Networks, Inc.
Part Number 810-000117-00B https://paloaltonetworks.com
Performing the Final Setup
CONFIGURE THE SECURITY POLICY
The following example policy allows all traffic to flow from the trust zone to the untrust
zone while inspecting for viruses, vulnerabilities, and spyware. In addition, the policy denies
the flow of traffic from the untrust zone to the trust zone.
Select
Policies > Security
click
Add
and name the new rule
rule1.
Click the
Source
tab and in the Source Zone section click
Add
and select
trust.
Click the
Destination
tab and in the Destination Zone
section click
Add
and select
untrust.
Click the
Actions
tab and in the Action Setting section select the
Allow
radio button.
In the
Profile Setting
section select
Profiles
from the
Profile Type
drop-down list.
In the
Antivirus
,
Vulnerability Protection
, and
Anti-Spyware
drop-down lists, select
default
.
Click
OK
to save the changes and then
Commit
.
DEPLOY THE FIREWALL AND VERIFY THE NETWORK AND SECURITY CONFIGURATION
Connect port 1 to the Internet.
Connect port 2 to your local network.
From a computer on your local network other than the computer you are using to configure
the PA-3000 Series firewall, try to connect to the Internet to validate proper connectivity.
CONFIGURE THE MANAGEMENT INTERFACE
Select
Device > Setup
and in the Management Interface Settings section, click the
Edit
icon.
In the
IP Address
,
Netmask
, and
Default Gateway
fields, enter the values that you
received from your network administrator for accessing your enterprise management
network.
In the Services section, select the services that will be allowed on the MGT interface. For
example, select Ping, HTTPS, and SSH.
Click
OK
and then
Commit
.
Disconnect your computer from the firewall and then connect the MGT port on the firewall
to your enterprise management network.
VERIFY THE MANAGEMENT CONFIGURATION
Connect your computer to the enterprise management network.
Open a browser window and type
https://<MGT_port_IP_Address>
.
Log in to the web interface of the PA-3000 Series firewall.
Where to Go Next
•
Refer to
https://paloaltonetworks.com/documentation
for information on configuring the
features of the PA-3000 Series firewall.
•
Refer to the
PA-3000 Series Hardware Reference Guide for information on rack
installation, safety warnings, and specifications.
Before You Begin
•
Register your PA-3000 Series firewall at
https://support.paloaltonetworks.com
to
obtain the latest software and App-ID updates, and to activate support or subscriptions.
•
Obtain an IP address from your network administrator for configuring the management
port on the PA-3000 Series firewall.
•
Have an RJ-45 Ethernet cable to connect your computer to the management port on the
PA-3000 Series firewall.
•
Set your computer’s IP address to
192.168.1.2
and the subnet mask to
255.255.255.0
.
NOTE:
This document assumes the firewall has been properly rack-mounted and
powered up as described in the
PA-3000 Series Hardware Reference Guide.
Perform the Initial Setup
Connect your computer to the management port (MGT) using an RJ-45 Ethernet cable.
Turn your computer on.
Launch a web browser and enter
https://192.168.1.1
.
The login page of the firewall’s web interface appears.
Type
admin
in both the
Name
and
Password
fields.
Click
Login
.
Select
Device > Administrators
and click the
admin account.
Type the old password in the
Old Password
field.
Type the new password in the
New Password
field.
Type the new password again in the
Confirm New Password
field.
Click
OK
.
Proceed to the next section to choose a deployment option.
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3
4
5
6
7
8
9
10
11
13
14
15
16
17
18
PA-3000 Series
Quick Start
