Focus

Next-Generation Firewall

PAN-OS & Panorama

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

PAN-OS & Panorama

Plan out your business continuity strategy in preparation for any events that may prevent you from connecting to those devices over normal communication channels.

Your business continuity plan should include provisions for how to connect to critical devices, including firewalls and Panorama, during power outages and other events that prevent connecting to those devices over normal communication channels. The ability to connect to and manage devices on an out-of-band (OOB) network enables you to continue running your business when primary networks and power sources are down. Business continuity should be a core consideration of your network architecture.

An OOB network is a secure method of remotely accessing and managing devices and does not use the primary communication channels. Instead, OOB networks use separate communication channels that are always available if the primary channel fails and have a different source of power than the primary network. Depending on your network architecture, you may use both the primary network and the OOB network to access and manage devices in day-to-day operation.

The OOB network should never rely on a power source or network that could fail concurrently with the primary access network. How you architect OOB access to devices depends on your network architecture and your business considerations, so there is no “one size fits all” method of ensuring connectivity. However, there are guidelines that help you understand how to meet the goals of an OOB access network:

Power considerations—Use a different power source (a separate circuit or a protected or battery-powered source) for the OOB network than you use for the regular access network. If you lose power to the regular network, you won’t lose power to the OOB network. Use power distribution unit (PDU) controls to remotely power devices on and off.
Secure connection method—There are a number of ways to connect securely to an OOB network, for example, a terminal server device, a modem, or a serial console server. Examples of secure networks you can use for OOB access include LTE, dial-up, and broadband (completely separated from the normal broadband network) networks. The connection method you use depends on your business needs and network architecture. Regardless of the method you select, the connection must be secure, with strong encryption and authentication. See Administrative Access Best Practices for advice about how to secure management connections to the firewall and Panorama. You can connect into an OOB network remotely using SSH with strong authentication over an Ethernet LAN or you can dial in over a serial connection. The outbound connection will be serial.

Next-Generation Firewall Docs

PAN-OS & Panorama

Next-Generation Firewall Docs

PAN-OS & Panorama

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner

PAN-OS & Panorama

Next-Generation Firewall Docs

PAN-OS &amp; Panorama

PAN-OS & Panorama