Introduction to setup Palo Alto Networks firewall for Beginners

Image Credit — RtoDto .net
  • connect to support website and register client and devices
  • register all additional licenses through auth codes in the website
  • Connect cable to MGMT port on the firewall
  • Firewall is at
  • user: admin pass:admin
  • Apply default TLS/SSL profile in the management interface (device-setup)- The Device — SETUP of the configuration is not replicated and needs to be configured manually on each firewall if HA is in use
  • Setup time and timezone
  • go to policies-security
  • select rule 1 and delete
  • select network-virtual wires
  • select default virtual wire and delete
  • select network — zones
  • select each zone and click delete
  • select network — interfaces
  • select e1/1 and e1/2 interfaces and click delete
  • commit changes
  • go to device-software
  • upload the file and perform upgrade
  • device-management,
  • edit General settings
  • IMPORTANT: the GROUP-ID in HA will determine the Virtual MAC address of the Firewall. If two pairs of Firewall are connected in the same L2 network (i.e. a WAN L2), ARP will be all wrong. Make sure to create a group ID different for the same customer.
  • Device-setup-Services
  • Enter DNS server settings
  • check “Verify Update Server Identity”
  • configure Service route configuration
  • Go to Network — Virtual Routers
  • Rename “default” to “VR1”
  • Create a user in Device-Users and set a password
  • Go to device-Authentication profile
  • Create a new authentication profile (i.e. Admins) with 3 failed attempts and 15 minutes lockout and attach the user
  • Go to Device-administrators and create a new one and set the authentication profile to Admins
  • Click on a LAN facing zone and enable User Identification
  • Enable Logging on default intra and inter zone rules (avail from PANOS 6.1 and over):
  • Click on each rule and select “override”
  • Go to Actions, Log settings enable “log at session end”
  • Go to Objects — Security Profiles — Antivirus
  • clone the default policy, change its name and change as needed (usually all Reset-both)
  • Select Anti-spyware
  • clone the strict policy and change its name
  • in DNS-Signatures, enable “Enable Passive DNS monitoring”
  • Select Vulnerability Protection
  • Clone the strict Policy and change its name
  • Select URL Filtering
  • Clone the Default and change its name
  • by defaylt Dynammic Updates will try to go through the Management Interface
  • To allow the firewall to download updates via the main internet link, change the settings on Device-setup-Services-service route Configuration
  • Also make sure DNS is specified under device-setup-services DNS
  • go to Device-Dynamic Updates
  • select check now
  • set all the schedule for all the dynamic updates (AV,Applications and Threats, GlobalProtect, Wildfire) and select download and install.
  • For HA, both of the Firewalls need to have same Master Key
  • Go to Device-Master Key
  • Set a new Master Key
  • Device-setup-Logging-Log Export-Tick Enable log on High DP Load
  • Create a rule to allow SSL from internal and public trusted ip for management
  • Create a rule to allow DNS from the firewall public interface to out
  • Create a default NAT rules to allow internet traffic
  • Create a rule before the inter/intra but at the end of all the rules to block all traffic from untrusted zones to all zones. THIS WILL BLOCK ALSO SSL MANAGEMENT Continue Reading




Endtrace an Online learning platform, it offers software courses like SEO, Digital Marketing, DotNet, java, Selenium Testing, DevOps, Network Security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} 5秒定律 Hack Free Resources Generator

{UPDATE} 信長の野望・全国版 Hack Free Resources Generator

Digital Hospitality: 4 Ways Web Hosting Affects the Quality of Your Website

Ethereum-Push-Notification-Service (EPNS)

what is identity proofing and why is it important

Is AirDrop Over-Advertising Your Apple Device?

The Weekly Threat 6–21–2022

Which Notes Do You Really Need in iCloud?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Endtrace an Online learning platform, it offers software courses like SEO, Digital Marketing, DotNet, java, Selenium Testing, DevOps, Network Security

More from Medium

Blockchain: Basic concepts from the perspective of data protection

The Ninja Sensei’s Logbook: PDPC Decisions & Undertakings in April 2022

Effective Industrial 5G Safety and Security

Gartner® Predicts Cybersecurity: 4 Insights & Recommendations for 2022 and Beyond