Next-Generation Firewall
Configure the Firewall General Settings
Table of Contents
Configure the Firewall General Settings
Configure and specify the general firewall management settings.
Contact your account team to enable Cloud Management for NGFWs using
Strata Cloud Manager.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of these:
|
After you successfully onboard your firewall to cloud management, you have the option
to configure and specify the general firewall management settings. Configuring the
general settings for a firewall isn’t required but is recommended. You can configure
some or all of the firewall general settings as needed.
- Log in to cloud management.Select and select the Configuration Scope where you want to configure the general settings.You can select a folder or firewall from your Folders or select Snippets to configure the general settings in a snippet.Click the cog wheel to edit the General Settings and Customize.If you modified the General Settings for a nested folder or individual device, you can Revert to Inherited to revert the General Settings configuration from the Customized configuration to that inherited from the parent folder of the nester folder or that inherited from the folder the firewall is associated with.Enter the network Domain domain name for the firewall (up to 31 characters).Enter text to display in the Login Banner on the firewall web interface login page (up to 3,200 characters).(Optional) Check (enable) Force Admins to Acknowledge Login Banner to force administrators to select I Accept and Acknowledge the Statement Below when logging in to the firewall web interface. This forces local firewall admins to acknowledge the login banner before they can log into the firewall web interface.Select or create a SSL/TSL Service Profile to specify a certificate and the SSL/TSL protocol settings allowed on the management interface.The firewall uses this certificate to authenticate to administrators who access the web interface through the management (MGT) interface or through any other interface that supports HTTP/HTTPS management traffic. If you select None, the firewall uses a predefined certificate.Select the Time Zone where the firewall is located.Select the Locale where the firewall is located to specify the language for PDF reports generated locally on the firewall.Enter the Latitude (-90.0 to 90.0) and Longitude (-180.0 to 180.0) of the firewall.Check (enable) Automatically Acquire Commit Lock to automatically apply a commit lock when you change the candidate configuration.Enable this setting so that other administrators can’t make configuration changes until the first administrator commits their changes.Check (enable) Certificate Expiration Check to instruct the firewall to create a warning message when on-device certificates approach their expiration date.(VM-Series firewall only) Check (enable) Use Hypervisor Assigned MAC Addresses to have the VM-Series firewall use the MAC address that the hypervisor assigned, instead of generating a MAC address using the PAN-OS custom schema.Check (enable) Tunnel Acceleration to improve performance and throughput for traffic going through GRE tunnels, VXLAN tunnels, and GTP-U tunnels. This option is enabled by default.If you disable or reenable Tunnel Acceleration and commit, you must reboot the firewall.Save.Push Config to push your configuration changes.
