Create Support Account
- Create support account at support.paloaltonetworks.com This will allow you to register your device(s), open support cases, view subscription and license information.
- Register device serial numbers The serial numbers will be in the email sent by [email protected]
- Add Digital Scepter engineer(s) into the support account. Click on the “Members” tab and add the email addresses of the engineer(s) to account. This would give the assigned Digital Scepter engineer the ability to open and troubleshoot support cases on your behalf.
- Activate Licenses and Subscriptions. Click on the ‘Assets’ tab. Locate the device and click on ‘Action’. Enter authorization codes for subscriptions and support to active license. These authorization codes can also be entered into the device as an alternative. The auth codes were in the email sent by [email protected]
Configure MGT Interface
Each Palo Alto firewall has a dedicated gigabit ethernet interface labelled “MGT”. This is for out-of-band management of the appliance. This is the preferred method of access of Digital Scepter in order to stage and prepare your device for deployment.
Note: in order for registration and automatic updates to work, the management IP must have access to the internet. It also must be reachable via SSH for access and via a browser for HTTPS management.
To configure the management interface, there are two (2) options:
Option A: Configure via browser over HTTPS
The appliance can be accessed via a workstation connected to the management interface. By default, the appliance ships with the following network settings:
IP address : 192.168.1.2
Netmask : 255.255.255.0
Gateway : 192.168.1.1.
Configure your workstation with a 192.168.1.1 IP address (along with the proper netmask) and plug it directly with an ethernet cable to the management port. Open your browser and enter https://192.168.1.2 to access the appliance.
The default username is admin. The default password is admin.
Next , go to the Device tab and click on Setup -> Management. Under the ‘Management Interface Settings’, click on the gear icon to edit the settings. Configure the proper management IP, netmask, default gateway appropriate for your network.
Once done, click on the ‘Commit’ button to enable the changes.
To test, ping the IP address of the management interface from your network to confirm reachability.
Option B: Configure over CLI
Configuration via the command line interface (CLI) can be much faster than the browser.
To start, locate the console cable that came with the device. On one end, connect the console cable to the ‘CON’ port on the appliance and to the serial interface of your workstation/PC on the other end.
Open your favorite terminal emulator e.g. putty, and configure the serial settings with the following: 9600-8-none-1.
Wait for the boot-up sequence to complete and log in with the default credentials.
Once logged in, switch to configure (#) mode:
Next, run this command using the assigned management IP, netmask, default gateway and DNS server:
set deviceconfig system ip-address aaa.bbb.ccc.ddd netmask aaa.bbb.ccc.ddd default-gateway aaa.bbb.ccc.ddd dns-setting servers primary aaa.bbb.ccc.ddd
Lastly, commit the changes
Type exit to switch back to the normal mode
Verify your changes by running this command:
PA-3020# show system info
Log in to MGT interface
Now you can log in to the web interface using https or ssh.
- Visit Device->Licenses and pull down your license.
- Visit dynamic updates and download and install the latest.