Perform initial configuration of the M-600 Appliance.
The M-600 appliance in PAN-DB mode uses two ports-
MGT (Eth0) and Eth1; Eth2 is not used in PAN-DB mode. The management
port is used for administrative access to the appliance and for
obtaining the latest content updates from the PAN-DB public cloud.
For communication between the appliance (PAN-DB server) and the
firewalls on the network, you can use the MGT port or Eth1.
Connect to the M-600 appliance in one of
the following ways:
Attach a serial cable from a computer to the Console port
on the M-600 appliance and connect using a terminal emulation software (9600-8-N-1).
Attach an RJ-45 Ethernet cable from a computer to the MGT
port on the M-600 appliance. From a browser, go to https://192.168.1.1.
Enabling access to this URL might require changing the IP address
on the computer to an address in the 192.168.1.0 network (for example, 192.168.1.2).
When prompted, log in to the appliance. Log in using
the default username and password (admin/admin). The appliance will
begin to initialize.
Configure network access settings including the IP
address for the MGT interface:
set deviceconfig system ip-address
<server-IP>
netmask
<netmask>
default-gateway
<gateway-IP>
dns-setting servers primary
<DNS-IP>
where
<server-IP>
is
the IP address you want to assign to the management interface of
the server,
<netmask>
is the subnet mask,
<gateway-IP>
is
the IP address of the network gateway, and
<DNS-IP>
is
the IP address of the primary DNS server.
Configure network access settings including the IP
address for the Eth1 interface:
set deviceconfig system eth1 ip-address
<server-IP>
netmask
<netmask>
default-gateway
<gateway-IP>
dns-setting servers primary
<DNS-IP>
where
<server-IP>
is
the IP address you want to assign to the data interface of the server,
<netmask>
is the
subnet mask,
<gateway-IP>
is the IP address
of the network gateway, and
<DNS-IP>
is the
IP address of the DNS server.
Save your changes to the PAN-DB server.
commit
Switch to PAN-DB private cloud mode.
To switch to PAN-DB mode, use the CLI command:
request system system-mode pan-url-db
You can switch from Panorama mode to PAN-DB mode and back; and from Panorama mode to Log
Collector mode and back. Switching directly from
PAN-DB mode to Log Collector mode or vice versa is not
supported. When switching operational mode, a data reset is
triggered. With the exception of management access settings, all
existing configuration and logs will be deleted on restart.
Use the following command to verify that the mode
is changed:
Use the following command to check the version of
the cloud database on the appliance:
show pan-url-cloud-status
Cloud status: Up
URL database version: 20150417-220
Install content and database updates.
The appliance only stores the currently running version
of the content and one earlier version.
Pick one of
the following installation methods:
If the PAN-DB
server has direct Internet access use the following commands:
To check whether a new version is published use:
request pan-url-db upgrade check
To check the version that is currently installed on your server
use:
request pan-url-db upgrade info
To download and install the latest version:
request pan-url-db upgrade download latest
request pan-url-db upgrade install
<version latest
|
file>
To schedule the M-600 appliance to automatically check for updates:
set deviceconfig system update-schedule pan-url-db recurring weekly action download-and-install day-of-week
<day of week>
at
<hr:min>
If the PAN-DB server is offline, access Palo Alto Networks Customer Support
website to download and save the content updates to an SCP
server on your network. You can then import and install the updates
using the following commands:
scp import pan-url-db remote-port
<port-number>
from username@host:path
request pan-url-db upgrade install file
<filename>
Set up administrative access to the PAN-DB private cloud.
The appliance has a default
admin
account.
Any additional administrative users that you create can either be
superusers (with full access) or superusers with read-only access.
PAN-DB
private cloud does not support the use of RADIUS VSAs. If the VSAs
used on the firewall or Panorama are used for enabling access to
the PAN-DB private cloud, an authentication failure will occur.
To set up a local administrative user on the PAN-DB server: