Perform Initial Configuration on the VM-Series Firewall
Use these instructions to perform the initial configuration of your VM-Series firewall. By default, the VM-Series firewall uses DHCP to obtain an IP address for the management interface. However, you can assign a static IP address. After completing the initial configuration, access the web interface to complete further configurations tasks. If you have Panorama for central management, refer to the Panorama Administrator’s Guide for information on managing the device using Panorama.
- Gather the required information from your network administrator.
- Management port IP address
- Default gateway
- DNS server IP address
- Access the console of the VM-Series firewall.
- In Hyper-V Manager, select the VM-Series firewall and clickConnectfrom the Actions list.
- Log in to the firewall with the default username and password:admin/admin
- Enter configuration mode using the following command:configure
- Configure the network access settings for the management interface.Enter the following commands:set deviceconfig system type staticset deviceconfig system ip-address<Firewall-IP>netmask<netmask>default-gateway<gateway-IP>dns-setting servers primary<DNS-IP>where<Firewall-IP>is the IP address you want to assign to the management interface,<netmask>is the subnet mask,<gateway-IP>is the IP address of the network gateway, and<DNS-IP>is the IP address of the DNS server.
- Commit your changes and exit the configuration mode.
- Verify that you can view the management interface IP address from the Hyper-V Manager.
- Select the VM-Series firewall from the list ofVirtual Machines.
- SelectNetworking. The first network adapter that displays in the list is used for management access to the firewall; subsequent adapters in the list are used as the dataplane interfaces on the firewall.
- Verify network access to external services required for firewall management, such as the Palo Alto Networks Update Server.
- Use the ping utility to verify network connectivity to the Palo Alto Networks Update server as shown in the following example. Verify that DNS resolution occurs and the response includes the IP address for the Update server; the update server does not respond to a ping request.admin@PA-200 >ping host updates.paloaltonetworks.comPING updates.paloaltonetworks.com (10.101.16.13) 56(84) bytes of data. From 192.168.1.1 icmp_seq=1 Destination Host Unreachable From 192.168.1.1 icmp_seq=2 Destination Host Unreachable From 192.168.1.1 icmp_seq=3 Destination Host Unreachable From 192.168.1.1 icmp_seq=4 Destination Host UnreachableAfter verifying DNS resolution, press Ctrl+C to stop the ping request.
- Use the following CLI command to retrieve information on the support entitlement for the firewall from the Palo Alto Networks update server:request support checkIf you have connectivity, the update server will respond with the support status for your firewall.
- (Optional) Verify that your VM-Series jumbo frame configuration does not exceed the maximum MTU supported on Hyper-V.The VM-Series has a default MTU size of 9216 bytes when jumbo frames are enabled. However, the maximum MTU size supported by the physical network adapter on the Hyper-V host is 9000 or 9014 bytes depending on the network adapter capabilities. To verify the configured MTU on Hyper-V:
- In Windows Server 2012 R2, open theControl Paneland navigate to N.etwork and InternetNetwork and Sharing CenterView network status and tasks
- Click on a network adapter or virtual switch from the list.
- On the Advanced tab, selectJumbo Packetfrom the list.
- Select 9000 or 9014 bytes from the Value drop-down menu.
- Access the web interface of the VM-Series firewall and configure the interfaces and define security rules and NAT rules to safely enable the applications you want to secure.
Recommended For You
Recommended videos not found.