PAN-OS® New Features Guide
    : Next-Generation Firewalls for Zero Touch Provisioning
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS® New Features Guide
    4. Panorama Features
    5. Next-Generation Firewalls for Zero Touch Provisioning
    Download PDF

    PAN-OS® New Features Guide

    Next-Generation Firewalls for Zero Touch Provisioning

    Table of Contents
    End-of-Life (EoL)

    Next-Generation Firewalls for Zero Touch Provisioning

    Leverage Zero Touch Provisioning (ZTP) to automate the on-boarding of new firewalls to the Panorama™ management server.
    Zero Touch Provisioning (ZTP) is designed to simplify and automate the on-boarding of new firewalls to the Panorama™ management server. ZTP streamlines the initial firewall deployment process by allowing network administrators to ship managed firewalls directly to their branches and automatically add the firewall to the Panorama™ management server after the ZTP firewall successfully connects to the Palo Alto Networks ZTP service. This allows businesses to save on time and resources when deploying new firewalls at branch locations by removing the need for IT administrators to manually provision the new managed firewall. After successful on-boarding, Panorama provides the means to configure and manage your ZTP configuration and firewalls.
    ZTP is supported on the following ZTP firewalls running PAN-OS 9.1.3 and later releases:
    • PA-220-ZTP and PA-220R-ZTP
    • PA-820-ZTP and PA-850-ZTP
    • PA-3220-ZTP, PA-3250-ZTP, and PA-3260-ZTP
    1. Log in to the Panorama web interface as a superuser or Panorama administrator with access to Panorama plugins (PanoramaPlugins).
    2. Select PanoramaPlugins to Download and Install the most recent version of the ztp plugin.
    3. Install the Panorama device certificate.
    4. Register Panorama with the ZTP service.
      1. Select PanoramaZero Touch ProvisioningSetup and edit the General ZTP settings.
      2. Enter the Panorama FQDN or IP Address.
      3. (HA only) Enter the Peer FQDN or IP Address.
      4. Click OK to save your configuration changes.
    5. Create the default device group and template to automatically generate the required configuration to connect your ZTP firewalls to Panorama.
      1. Add Device Group and Template.
      2. Enter the Device Group name.
      3. Enter the Template name.
      4. Click OK to save your configuration changes.
    6. Select Commit and Commit to Panorama.
    7. Select PanoramaZero Touch Provisioning and Sync to ZTP Service.
    8. Configure the ZTP installer administrator account.
      1. Select PanoramaAdministrators and Add a new admin user.
      2. Enter a Name and Password for the ZTP installer admin.
      3. For the Administrator Type, select Custom Panorama Admin.
      4. For the Profile, select installeradmin.
      5. Click OK to save your configuration changes.
      6. Select Commit and Commit to Panorama.
    9. Add ZTP firewalls to Panorama.
      1. Log in to the Panorama web interface as the ZTP installer admin.
      2. Select Firewall Registration and Add a new ZTP firewall.
      3. Enter the Serial Number of the ZTP firewall.
      4. Enter the Claim Key for the ZTP firewall.
      5. Click OK to save your configuration changes.
      6. Select and Register the newly added ZTP firewall.
      7. When prompted, click Yes to confirm registering the ZTP firewall.

    © 2024 Palo Alto Networks, Inc. All rights reserved.