Strata Copilot
    Panorama Administrator's Guide
    : Perform Initial Configuration for an Air Gapped M-Series Appliance
    Focus
    Download PDF
    Focus
    1. Home
    2. Panorama
    3. Panorama Administrator's Guide
    4. Set Up Panorama
    5. Set Up the M-Series Appliance
    6. Perform Initial Configuration for an Air Gapped M-Series Appliance
    Download PDF

    Panorama Administrator's Guide

    Perform Initial Configuration for an Air Gapped M-Series Appliance

    Table of Contents
    End-of-Life (EoL)

    Perform Initial Configuration for an Air Gapped M-Series Appliance

    Initial configuration procedure for a standalone air gapped M-Series Panorama™ management server.
    Perform the initial configuration for an air gapped M-Series appliance. By default, Panorama has an IP address of 192.168.1.1 and a username/password of admin/admin. For security reasons, you must change these settings before continuing with other configuration tasks. You must perform these initial configuration tasks either from the Management (MGT) interface or using a direct serial port connection to the console port on the M-600, M-500, or M-200 appliance.
    The air gapped Panorama cannot connect to the Palo Alto Networks update server because an outbound internet connection is required. To activate licenses, upgrade the PAN-OS software version, and install dynamic content updates you must upload the relevant files to the air gapped Panorama manually.
    If you are configuring an M-Series appliance in Log Collector mode with 10GB interfaces, you must complete this entire configuration procedure for the 10GB interfaces to display as Up.
    1. Gather the required information from your network administrator.
      • Private IP address for the management (MGT) port
      • Netmask
      • Default gateway
      • DNS server address
      • NTP server address
    2. Install and power on M-Series appliance.
      Review your M-Series appliance hardware reference guide for details and best practices.
    3. Connect to the M-Series appliance.
      You must log in using the default admin username. You are immediately prompted to change the default admin password before you can continue. The new password must be a minimum of eight characters and include a minimum of one lowercase and one uppercase character, as well as one number or special character.
      You can connect to the M-Series appliance in one of the following ways:
      • Connect a serial cable from your computer to the Console port and connect to the M-Series appliance using terminal emulation software (9600-8-N-1). Wait a few minutes for the boot-up sequence to complete; when the M-Series appliance is ready, the prompt changes to the name of the M-Series, for example M-500 login.
      • Log in to the Panorama CLI by connecting an RJ-45 Ethernet cable from your computer to the MGT interface on the M-Series appliance. From a browser, go to https://192.168.1.1.
        You may need to change the IP address on your computer to an address in the 192.168.1.0/24 network, such as 192.168.1.2, to access this URL.
    4. Configure the network settings for the air gapped M-Series appliance.
      The following commands set the interface IP allocation to static, configures the IP address for the MGT interface, the Domain Name Server (DNS), and Network Time Protocol (NTP) server.
      admin> configure
      admin# set deviceconfig system type static
      admin# set deviceconfig system ip-address <IP-Address> netmask <Netmask-IP> default-gateway <Gateway-IP>
      admin# set deviceconfig system dns-settings servers primary <IP-Address> secondary <IP-Address>
      admin# set deviceconfig system ntp-servers primary-ntp-server ntp-server-address <IP-Address>
      admin# set deviceconfig system ntp-servers secondary-ntp-server ntp-server-address <IP-Address>
    5. Register the M-Series appliance with the Palo Alto Networks Customer Support Portal (CSP).
      1. Log in to the Palo Alto Networks CSP.
      2. Click Register a Device.
      3. Select Register device using Serial Number and click Next.
      4. Enter the required Device Information.
        • Enter the M-Series appliance Serial Number.
        • Check (enable) Device will be used offline.
        • Select the PAN-OS OS Release running on the M-Series appliance.
      5. Enter the required Location Information.
        • Enter the City the M-Series appliance is located in,
        • Enter the Postal Code the M-Series appliance is located in,
        • Enter the Country the M-Series appliance is located in.
      6. Agree and Submit.
      7. Skip this step when prompted to generate the optional Day 1 Configuration config file.
    6. Download the Panorama license keys.
      The license key files are required to activate your Panorama licenses when air gapped.
      1. Log in to the Palo Alto Networks CSP.
      2. Select ProductDevices and locate the M-Series appliance you added.
      3. Download all license keys files from the download links available License column.
        You must download a license key file for each license you want to active on Panorama.
    7. Active the Panorama licenses.
      1. Log in to the Panorama web interface.
      2. Select PanoramaLicenses and Manually upload license key.
        Click Choose File to select the license key file you downloaded in the previous step and click OK.
      3. Repeat this step to uploaded and activate all licenses.
    8. (Optional) Configure general Panorama settings as needed.
      1. Select PanoramaSetupManagement and edit the General Settings.
      2. Enter a Hostname for Panorama and enter your network Domain name. The domain name is just a label; it will not be used to join the domain.
      3. Enter Login Banner text that informs users who are about to log in that they require authorization to access the Panorama management functions.
        As a best practice, avoid using welcoming verbiage. Additionally, you should ask your legal department to review the banner message to ensure it adequately warns that unauthorized access is prohibited.
      4. Enter the Latitude and Longitude to enable accurate placement of the M-Series on the world map.
      5. Click OK.
      6. Commit and Commit to Panorama.
    9. Upgrade the PAN-OS and dynamic content versions on Panorama.
      Review the PAN-OS Release Notes for detailed information about your target PAN-OS upgrade version.
      1. Log in to the Palo Alto Networks CSP.
      2. Download dynamic content updates.
        1. Select UpdatesDynamic Updates.
        2. Select the dynamic Content type you want to install.
        3. Download the dynamic content update to your local device.
        4. Repeat this step to download all required dynamic content updates.
      3. Download a PAN-OS software update.
        1. Select UpdatesSoftware Updates.
        2. For the Content type, select Panorama M Base. For the Release type, select All(default) or Preferred.
        3. In the Download column, click the PAN-OS version to download the software image to your local device.
      4. Log in to the Panorama web interface.
      5. Select PanoramaDynamic Updates and Upload the dynamic content updates you downloaded.
        Repeat this step to Browse and select all the dynamic content release versions.
      6. Install the dynamic content updates.
      7. Select PanoramaSoftware and Upload the PAN-OS software image you download.
      8. Install the PAN-OS software version.
        Panorama needs to restart to finish installing the PAN-OS software upgrade.
    10. Connect Panorama to your network.
      1. Disconnect Panorama from your computer.
      2. Connect the MGT port to a switch port on your management network using an RJ-45 Ethernet cable. Make sure that the switch port you cable on Panorama is configured for autonegotiation.

    © 2025 Palo Alto Networks, Inc. All rights reserved.