Steps to do the Initial Configuration.

Gain access to the appliance.

  1. Assign DNS, NTP
  2. Assign IP addresses to the Interfaces.
  3. Create Zones
  4. Create a default route
  5. Create a firewall policy
  6. Create a NAT policy

NOTE – There is more than one way to gain initial access to your Palo Alto Firewall, we’re going to leverage the GUI. The default IP for PA-series firewall is 192.168.1.1 and the username/password is admin/admin.

 

Step-1

Assign DNS, NTP

Dashboard > Device > Services

Click on the gear icon to add DNS and NTP information.

 

Step-2

Assign IP addressing to the interfaces-

Network > Interfaces >Ethernet

Click on IPv4 tab and click on “Add”, make sure Static is selected.

You can also click on the “advanced” tab and select the Link State to “UP” or leave at “auto”.

Repeat the same process for WAN interface (Ethernet 1/1)

As you can see that the Link State is UP.

Step-3

Create Zone

Zones can be created at the same time as assigning IPs to the interfaces, but we will do it in a seperate step.

Go to Network > Zones

Click “Add” at the bottom of the page.

For our lab we will create two zones, Inside and Outside.

Repeat the process to create the “Outside” zone with the appropriate interface.

Step-4

Next we will create a Default Route.

Network > Virtual Routers

You’ll see the route named “Default” already present and for our lab purposes, we will use the existing “default” route and add our own.

Click on “default” and you’ll see the list of different routing protocols, we will click on “Static Routes”.

We will set a default route in the Static Routes section.

Step-6

Create a Firewall Policy

Policies > Security

You will see two policies already created.

Intrazone-default

Interzone-default

We will create an “Allow All” policy at the very top.

Click Add at the bottom of the screen, we will go through each tab and assign the appropriate attributes.

Once you’ve assigned the policy, hit OK and then Commit.

The “Allow All” policy is only for lab purposes. In a real world environment, these policies will be much more locked down.

Step-6

Configure a NAT Policy-

The last and the most important step is to create and NAT policy.

Policies > NAT

Click “Add” at the bottom of the page.

For our lab, we will create a NAT policy “inside-to-Outside”.

Make sure you hit “Commit” to save all the changes.

We have finally come to the point where we will test our traffic flow.

We have two pcs and we will ping out simulated internet and see if we get replies.

As you can see, we have successful pings from both pcs.

Happy Labbing!!!