Perform initial configuration of the M-600 appliance.
The M-600 appliance in PAN-DB mode uses two ports-
MGT (Eth0) and Eth1; Eth2 is not used in PAN-DB mode. The management
port is used for administrative access to the appliance and for
obtaining the latest content updates from the PAN-DB public cloud.
For communication between the appliance (PAN-DB server) and the
firewalls on the network, you can use the MGT port or Eth1.
Connect to the M-600 appliance in one of
the following ways:
Attach a serial cable from a computer to the Console
port on the M-600 appliance and connect using a terminal emulation
software (9600-8-N-1).
Attach an RJ-45 Ethernet cable from a computer to the MGT
port on the M-600 appliance. From a browser, go to https://192.168.1.1.
Enabling access to this URL might require changing the IP address
on the computer to an address in the 192.168.1.0 network (for example,
192.168.1.2).
When prompted, log in to the appliance. Log in using
the default username and password (admin/admin). The appliance will
begin to initialize.
Configure network access settings including the IP
address for the MGT interface:
set deviceconfig system ip-address
<server-IP>
netmask
<netmask>
default-gateway
<gateway-IP>
dns-setting servers primary
<DNS-IP>
where
<server-IP>
is
the IP address you want to assign to the management interface of
the server,
<netmask>
is the subnet mask,
<gateway-IP>
is
the IP address of the network gateway, and
<DNS-IP>
is
the IP address of the primary DNS server.
Configure network access settings including the IP
address for the Eth1 interface:
set deviceconfig system eth1 ip-address
<server-IP>
netmask
<netmask>
default-gateway
<gateway-IP>
dns-setting servers primary
<DNS-IP>
where
<server-IP>
is
the IP address you want to assign to the data interface of the server,
<netmask>
is
the subnet mask,
<gateway-IP>
is the IP address
of the network gateway, and
<DNS-IP>
is the
IP address of the DNS server.
Save your changes to the PAN-DB server.
commit
Switch to PAN-DB private cloud mode.
To switch to PAN-DB mode, use the CLI command:
request system system-mode pan-url-db
You
can switch from Panorama mode to PAN-DB mode and back; and from Panorama mode to Log Collector mode and
back. Switching directly from PAN-DB mode to Log Collector mode
or vice versa is not supported. When switching operational mode,
a data reset is triggered. With the exception of management access settings,
all existing configuration and logs will be deleted on restart.
Use the following command to verify that the mode
is changed:
Use the following command to check the version of
the cloud database on the appliance:
show pan-url-cloud-status
Cloud status: Up
URL database version: 20150417-220
Install content and database updates.
The appliance only stores the currently running version
of the content and one earlier version.
Pick one of
the following methods of installing the content and database updates:
If the PAN-DB server has direct Internet access use the following
commands:
To check whether a new version is published
use:
request pan-url-db upgrade check
To check the version that is currently installed on your
server use:
request pan-url-db upgrade info
To download and install the latest version:
request pan-url-db upgrade download latest
request pan-url-db upgrade install
<version latest
|
file>
To schedule the M-600 appliance to automatically check for
updates:
set deviceconfig system update-schedule pan-url-db recurring weekly action download-and-install day-of-week
<day of week>
at
<hr:min>
If the PAN-DB server is offline, access the Palo Alto Networks Customer Support web site to
download and save the content updates to an SCP server on your network. You
can then import and install the updates using the following commands:
scp import pan-url-db remote-port
<port-number>
from username@host:path
request pan-url-db upgrade install file
<filename>
Set up administrative access to the PAN-DB private cloud.
The appliance has a default
admin
account.
Any additional administrative users that you create can either be
superusers (with full access) or superusers with read-only access.
PAN-DB
private cloud does not support the use of RADIUS VSAs. If the VSAs
used on the firewall or Panorama are used for enabling access to
the PAN-DB private cloud, an authentication failure will occur.
To set up a local administrative user on the PAN-DB server: