Palo Alto Networks: Configuration basics

Firewall, Security 2 Minutes

Configuring Layer 3 interfaces
Command line interface

admin@PA-5050> configure
Entering configuration mode
[edit]
admin@PA-5050# edit network interface
[edit network interface]
admin@PA-5050# set ethernet ethernet1/3 layer3 ip 200.1.1.1/30

[edit network interface]
admin@PA-5050# set ethernet ethernet1/4 layer3 ip 10.0.0.1/24

[edit network interface]
admin@PA-5050# commit


....55%99%.....100%
Configuration committed successfully
Interface ethernet1/3 has no zone configuration.
Interface ethernet1/3 has no virtual-router configuration.
Interface ethernet1/4 has no zone configuration.
Interface ethernet1/4 has no virtual-router configuration.

[edit network interface]
admin@PA-5050#

Web interface

Click on Network tab then select Interfaces.

Choose the interface type. Layer3 is the interface type.
Choose the interface type. Layer3 is the interface type.
Assigning IP address on L3 interface.
Assigning IP address on L3 interface.
Define the interface type for ethernet 1/4
Define the interface type for ethernet 1/4
Assigning IP address to L3 interface.
Assigning IP address to L3 interface.

Define zone for L3 interface
Command Line Interface

admin@PA-5050> configure
Entering configuration mode
[edit]
admin@PA-5050# set zone trust network layer3 ethernet1/4

[edit]
admin@PA-5050# set zone untrust network layer3 ethernet1/3

Web Interface
Click Network then select Zones, you can create your zone or use the default trust and untrust zones.

Click Add under Interfaces window and select the interface you want to assign to trust zone.
Click Add under Interfaces window and select the interface you want to assign to trust zone.

Click Add under Interfaces window and select the interface you want to assign to untrust zone.
Click Add under Interfaces window and select the interface you want to assign to untrust zone.

Create virtual router to define default route
Command Line Interface

admin@PA-5050> configure
Entering configuration mode
[edit]
admin@PA-5050# set network virtual-router static-route routing-table ip static-route default-route destination 0.0.0.0/0 nexthop ip-address 200.1.1.2
[edit]
admin@PA-5050# set network virtual-router static-route interface ethernet1/3

[edit]
admin@PA-5050#

Web Interface
Click on Network, select virtual-router.

Click Add, choose any name for the route. Under Interfaces window click Add to select the layer3 interface
Click Add, choose any name for the route. Under Interfaces window click Add to select the layer3 interface
Click on static route, Under IPv4 tab click Add, choose any name for the static route, type in the destination subnet 0.0.0.0/0, at the next hop dropdown box select IP address then type in the next hop address
Click on static route, Under IPv4 tab click Add, choose any name for the static route, type in the destination subnet 0.0.0.0/0, at the next hop dropdown box select IP address then type in the next hop address
An example configuration
An example configuration
The end result looks like this
The end result looks like this

Published by cyruslab

Published

One thought on “Palo Alto Networks: Configuration basics

  1. I have a little hint for you: When you want to display your current configuration, the output format is the xml output. This can be changed in the following way:
    – (leave the configure mode via exit)
    – set cli config-output-format set
    – configure (= entering configure mode again)
    – show
    Now your configuration is shown with all the set commands you just configured.

    Reply

Leave a comment