PaloAlto Networks M-200 Quick Start Manual

M-200 AND M-600 APPLIANCE QUICK START GUIDE

Overview

The Palo Alto Networks M-200 and M-600 appliances are multifunction appliances you can configure in one of three modes:
®
Panorama™ mode (default)—Performs both central management and log collection for Palo Alto Networks firewalls and M-Series
•
appliances running in Log Collector mode.
Management-only mode—Performs central management for Palo Alto Networks firewalls and Log Collectors but the Panorama
•
server does not collect or store logs; all managed firewall logs are stored on Log Collectors.
• Log Collector mode—Functions as a Dedicated Log Collector, which you can manage using a virtual Panorama appliance or an
M-Series appliance running in Panorama mode.
• PAN-DB Private Cloud mode
for URL filtering lookups. This solution is suitable for organizations that prohibit or restrict the use of the PAN-DB public cloud
service. For more information, refer to the PAN-OS Administrator's guide specific to your release (guides are located on the
Technical Documentation portal: https://www.paloaltonetworks.com/documentation).

Before You Begin

• Register your new appliance at
and activate support for your appliance.
• Obtain the IP addresses for your DNS servers and an IP address for the management (MGT) interface. Optionally, obtain IP
addresses for additional Ethernet ports, as well. The M-200 and M-600 appliances have four 10/100/1000Mbps interfaces (MGT,
Eth1, Eth2, and Eth3). The M-600 appliance has two additional 10Gbps interfaces (Eth4 and Eth5).
By default, all communication between an M-200 or an M-600 appliance and managed firewalls occurs over the management
interface. In an environment with heavy log traffic, you can configure Panorama to distribute traffic for various functions to
other Ethernet interfaces. In PAN-DB mode, this applies only to the MGT and Eth1 interfaces. For more information, refer to
the Panorama 8.1 Administrator's Guide: https://www.paloaltonetworks.com/documentation/81/panorama_adminguide.html.
• Rack-mount and power on the appliance as described in the M-200 and M-600 Appliance Hardware Reference:
https:/ /www.paloaltonetworks.com/documentation/platforms.

Perform the Initial Configuration

Use the following procedure to connect a management computer to the appliance and to configure basic management access.
Step 1 Connect your computer to the appliance.
1. Take note of the existing IP address on your computer in case you need it in Step 6.
2. Change the IP address on your computer to an address in the 192.168.1.0/24 network, such as 192.168.1.2.
3. Connect an RJ-45 Ethernet cable from your computer to the MGT port on the appliance.
4. Launch a web browser on your computer and enter https://192.168.1.1. At the login prompt, enter the default username
and password (admin/admin).
Step 2 Change the default administrator password on the appliance.
1. Click admin (lower-left portion of the management console) to display the password change prompt.
2. Type the Old Password, type the New Password, and then Confirm New Password.
3. Click OK to save the new password.
Assign a new IP address to the management interface and enable management services.
Step 3
1. Select Panorama > Setup > Interfaces and click the Management interface.
2. Enter the new management interface information (IP Address, Netmask, and Default Gateway) for your network.
3. Enable the following device management services if they are not already enabled:
• Device Management and Device Log Collection
• Collector Group Communication
Device Deployment
•
4. Enable HTTPS and SSH network connectivity services. We recommend you disable HTTP and Telnet.
Step 4 Configure the hostname, time zone, and general settings.
1. Select Panorama > Setup > Management and edit General Settings.
2. Configure the Panorama clock and the clock on all managed firewalls to use the same Time Zone (for example, GMT or UTC). The
firewall records timestamps when it generate logs and Panorama records timestamps when receiving the logs. Aligning the time
zones ensures that timestamps and the processes for querying logs and generating reports on Panorama are in sync.
3. Enter a Hostname for the server. Panorama uses this hostname as the display name (label) for the appliance. For example, this
hostname is the name that displays as part of the CLI prompt and also in the Collector Name field if you add the appliance as a
managed collector (Panorama > Managed Collectors).
4. Enter the Latitude and Longitude for the physical location of the server to enable accurate placement of the M-Series appliance on
the world map (used for App Scope > Traffic Maps and App Scope > Threat Maps).
5. Click OK to save your changes.
paloaltonetworks.com/documentation | © 2018 Palo Alto Networks, Inc. | Part Number: 810-000278-00B | Page 1
(M-600 only)—Functions as a private URL filtering solution that Palo Alto Networks firewalls use
http://support.paloaltonetworks.com (Assets tab) so that you can access the latest software updates