PAN-OS® New Features Guide
    : Next-Generation Firewalls for Zero Touch Provisioning
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS® New Features Guide
    4. Panorama Features
    5. Next-Generation Firewalls for Zero Touch Provisioning
    Download PDF

    PAN-OS® New Features Guide

    Next-Generation Firewalls for Zero Touch Provisioning

    Table of Contents

    Next-Generation Firewalls for Zero Touch Provisioning

    Leverage Zero Touch Provisioning (ZTP) to automate the on-boarding of new firewalls to the Panorama™ management server.
    Zero Touch Provisioning (ZTP) is designed to simplify and automate the on-boarding of new firewalls to the Panorama™ management server. ZTP streamlines the initial firewall deployment process by allowing network administrators to ship managed firewalls directly to their branches and automatically add the firewall to the Panorama™ management server after the ZTP firewall successfully connects to the Palo Alto Networks ZTP service. This allows businesses to save on time and resources when deploying new firewalls at branch locations by removing the need for IT administrators to manually provision the new managed firewall. After successful on-boarding, Panorama provides the means to configure and manage your ZTP configuration and firewalls.
    ZTP is supported on the following ZTP firewalls running PAN-OS 9.1.3 and later releases:
    • PA-220-ZTP and PA-220R-ZTP
    • PA-820-ZTP and PA-850-ZTP
    • PA-3220-ZTP, PA-3250-ZTP, and PA-3260-ZTP
    1. Log in to the Panorama web interface as a superuser or Panorama administrator with access to Panorama plugins (
      Panorama
      Plugins
      ).
    2. Select
      Panorama
      Plugins
       to
      Download
       and
      Install
       the most recent version of the
      ztp
       plugin.
    4. Register Panorama with the ZTP service.
      1. Select
        Panorama
        Zero Touch Provisioning
        Setup
         and edit the
        General
         ZTP settings.
      2. Enter the
        Panorama FQDN or IP Address
        .
      3. (
        HA only
        ) Enter the
        Peer FQDN or IP Address
        .
      4. Click
        OK
         to save your configuration changes.
    5. Create the default device group and template to automatically generate the required configuration to connect your ZTP firewalls to Panorama.
      1. Add Device Group and Template
        .
      2. Enter the
        Device Group
         name.
      3. Enter the
        Template
         name.
      4. Click
        OK
         to save your configuration changes.
    6. Select
      Commit
       and
      Commit to Panorama
      .
    7. Select
      Panorama
      Zero Touch Provisioning
       and
      Sync to ZTP Service
      .
    8. Configure the ZTP installer administrator account.
      1. Select
        Panorama
        Administrators
         and
        Add
         a new admin user.
      2. Enter a
        Name
         and
        Password
         for the ZTP installer admin.
      3. For the
        Administrator Type
        , select
        Custom Panorama Admin
        .
      4. For the
        Profile
        , select
        installeradmin
        .
      5. Click
        OK
         to save your configuration changes.
      6. Select
        Commit
         and
        Commit to Panorama
        .
    9. Add ZTP firewalls to Panorama.
      1. Log in to the Panorama web interface as the ZTP installer admin.
      2. Select
        Firewall Registration
         and
        Add
         a new ZTP firewall.
      3. Enter the
        Serial Number
         of the ZTP firewall.
      4. Enter the
        Claim Key
         for the ZTP firewall.
      5. Click
        OK
         to save your configuration changes.
      6. Select and
        Register
         the newly added ZTP firewall.
      7. When prompted, click
        Yes
         to confirm registering the ZTP firewall.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.