PaloAlto Networks PA-3000 Series Quick Start

Performing the Final Setup

CONFIGURE THE SECURITY POLICY

The following example policy allows all traffic to flow from the trust zone to the untrust
zone while inspecting for viruses, vulnerabilities, and spyware. In addition, the policy denies
the flow of traffic from the untrust zone to the trust zone.
Select Policies > Security click Add and name the new rule rule1 .
1
Click the Source tab and in the Source Zone section click Add and select trust .
2
Click the Destination tab and in the Destination Zone section click Add and select untrust .
3
Click the Actions tab and in the Action Setting section select the Allow radio button.
4
In the Profile Setting section select Profiles from the Profile Type drop-down list.
5
In the Antivirus, Vulnerability Protection, and Anti-Spyware drop-down lists, select
6
default.
Click OK to save the changes and then Commit.
7

DEPLOY THE FIREWALL AND VERIFY THE NETWORK AND SECURITY CONFIGURATION

Connect port 1 to the Internet.
8
Connect port 2 to your local network.
9
From a computer on your local network other than the computer you are using to configure
10
the PA-3000 Series firewall, try to connect to the Internet to validate proper connectivity.

CONFIGURE THE MANAGEMENT INTERFACE

Select Device > Setup and in the Management Interface Settings section, click the Edit icon.
11
In the IP Address, Netmask, and Default Gateway fields, enter the values that you
12
received from your network administrator for accessing your enterprise management
network.
In the Services section, select the services that will be allowed on the MGT interface. For
13
example, select Ping, HTTPS, and SSH.
Click OK and then Commit.
14
Disconnect your computer from the firewall and then connect the MGT port on the firewall
15
to your enterprise management network.

VERIFY THE MANAGEMENT CONFIGURATION

Connect your computer to the enterprise management network.
16
Open a browser window and type https://<MGT_port_IP_Address>.
17
Log in to the web interface of the PA-3000 Series firewall.
18

Where to Go Next

•
Refer to https://paloaltonetworks.com/documentation
features of the PA-3000 Series firewall.
•
Refer to the PA-3000 Series Hardware Reference Guide for information on rack
installation, safety warnings, and specifications.
©2013 Palo Alto Networks, Inc. All rights reserved.
Palo Alto Networks and PAN-OS are registered trademarks of Palo Alto Networks, Inc.
Part Number 810-000117-00B https://paloaltonetworks.com
for information on configuring the
PA-3000 Series

Before You Begin

•
Register your PA-3000 Series firewall at https://support.paloaltonetworks.com
obtain the latest software and App-ID updates, and to activate support or subscriptions.
•
Obtain an IP address from your network administrator for configuring the management
port on the PA-3000 Series firewall.
•
Have an RJ-45 Ethernet cable to connect your computer to the management port on the
PA-3000 Series firewall.
•
Set your computer's IP address to 192.168.1.2 and the subnet mask to 255.255.255.0.
NOTE: This document assumes the firewall has been properly rack-mounted and
powered up as described in the PA-3000 Series Hardware Reference Guide .

Perform the Initial Setup

Connect your computer to the management port (MGT) using an RJ-45 Ethernet cable.
1
Turn your computer on.
2
Launch a web browser and enter https://192.168.1.1.
3
The login page of the firewall's web interface appears.
Type admin in both the Name and Password fields.
4
Click Login.
5
Select Device > Administrators and click the admin account.
6
Type the old password in the Old Password field.
7
Type the new password in the New Password field.
8
Type the new password again in the Confirm New Password field.
9
Click OK.
10
Proceed to the next section to choose a deployment option.
11
Quick Start
to