Whether you are deploying a VM-Series firewall (on-demand deployment) or a hardware-based Palo Alto Networks next-generation firewall (mass rollout to remote sites), the bootstrapping process provides an agile, consistent, and scalable process for setting up a firewall with or without Internet access. PAN-OS support bootstrapping capability on all hardware-based firewalls and on VM-Series firewalls in the private cloud (ESXi, KVM, and Hyper-V) and public cloud (AWS and Azure). Additionally, starting with PAN-OS 7.1.4, PAN-OS supports bootstrapping in KVM in OpenStack.
Bootstrapping speeds up the process of configuring and licensing the firewall and making it operational on the network. This process allows you to choose whether to configure the firewall with only a basic configuration (init-cfg.txt file) so that it can connect to Panorama and obtain the complete configuration or to fully configure the firewall with the basic configuration and the optional bootstrap.xml file. When you include both files in the bootstrap package, the firewall merges the configurations from both of those files and, if any configuration settings overlap between the two, the firewall uses the settings defined in the init-cfg.txt file.
To bootstrap a hardware-based firewall, you must first upgrade the firewall to PAN-OS 7.1 and perform a factory reset or private data reset on it. When firewalls ship with PAN-OS 7.1 preloaded on it, the bootstrap capability will be available out-of-the-box. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
