USD ($)
$
United States Dollar
India Rupee

Palo Alto Set Management IP Using CLI

Created by Ajotri Singh in Articles 19 Nov 2024
Share
«Who Should Pursue Palo Alto Firewall Cer

Configuring the management IP address on Palo Alto firewalls using the CLI is a critical task for network administrators, enabling secure access to the device for management purposes. This article will guide you through the steps to set the management IP address via the command line interface, ensuring that your Palo Alto device is correctly integrated into your network infrastructure.

By mastering this configuration, you can enhance your network's security and streamline management operations effectively. You can choose any Palo Alto Training Security Courses to learn more about network security.

We will set up Palo Alto management IP via CLI and get its GUI access for advanced firewall configurations and policies. In this scenario, there are two Palo Alto firewalls, one Cisco switch, and a Windows workstation. 


Palo Alto Firewall Training Starts 21st Dec 2024! 10 AMAttend Free Live Demo! Live Classes with Hands-on Lab.Register Now
custom banner static image



Steps to Set Palo Alto Management IP Using CLI

Follow these steps to set Palo Alto Management IP using CLI.

1. Create VLAN 10 in Switch SW01 and assign Interfaces Eth1/0, Eth3/1 and Eth4/0 in access VLAN 10 for establishing management connectivity for PaloAlto01 and PaloAlto02

2. Assign Management IP address 10.0.0.10/24 to eth1 on Workstation PC

3. Login to PaloAlto01 firewall using default username and password and assign IP address 10.0.0.1/24 on Management Interface and default gateway as 10.0.0.10

4. Login to PaloAlto02 firewall using default username and password and assign IP address 10.0.0.2/24 on Management Interface and default gateway as 10.0.0.10

Image description

Here we will use a Windows workstation to manage the firewall, an interface that we will use for the management of the firewall. In the basic connectivity diagram, we will configure the interfaces on the switch for the management of the firewall.  Make sure to power on the devices and take the console, there are no initial configurations in this lab.

Please note that this lab scenario is from Uninets palo alto virtual lab with lab guide. Otherwise, you can create your virtual lab with similar device connectivity on your laptop or server. 


Palo Alto CLI Set Management IP - Configuration & Verification

Task 1: Create VLANs on Switch

Here we will use Workstation to manage the Palo Alto firewall, an interface that we will use for the management of the firewall. In the basic connectivity Diagram, we will configure the interfaces on the switch for the management of the firewall. Put interfaces Eth1/0 , Eth3/1 and Eth4/0 in VLAN 50 i.e. Management VLAN.

The below diagram shows the configuration of the switch for this.

banner image

Task 2: Assign an IP address on the Workstation

Now configure the network adapter on the PC for taking management access. Configure below Orange marked adapter below with the management address of the firewall.

Note: Please disable Red red-marked adapter as this interface is for internet access and you may encounter issues during lab practice.

banner image

Now assign the IP address from the management subnet, in this case it is 10.0.0.10/24, we will not assign Default gateway for this lab-practice.

banner image

Task 3: Assign Palo Alto Management IP via CLI (PaloAlto01) 

Now assign the IP address on Palo-Alto01 firewall from the Command Line Interface. Just click on the icon on the lab screen and you will get the console access to the firewall.

Now follow the below command to initialize the firewall and assign the gateway and management IP address.

Here is the Palo Alto default username and password.

Username: admin      Password: admin

banner image

Now assign the IP address on the Palo-Alto02 firewall from the Command Line Interface. Just click on the icon on the lab screen and you will get the console access to the firewall.

Palo Alto Firewall Live TrainingEnhance your cybersecurity skills with our Palo Alto Firewall Live Training, designed to provide hands-on experience and in-depth knowledge of firewall configuration and management. Join us today to secure your network effectively!Explore course
custom banner static image


Task 4: Assign Palo Alto Management IP via CLI (PaloAlto02) 

Initialize PaloAlto02 with management IP address 10.0.0.2/24, please refer to below snapshot.

The command for assigning the IP address and gateway on Palo Alto is set deviceconfig system ip-address 10.0.0.2 netmask 255.255.255.0 default-gateway 10.0.0.10 (Note: This is how to assign the IP address and gateway on Palo Alto). 

Username: admin     Password: admin

banner image

Check the reachability of both firewalls PaloAlto01 and PaloAlto02 from Workstation PC, Now Go to your PC and try to ping firewall from Command Prompt:

Check the reachability of both firewalls PaloAlto01 and PaloAlto02 from Workstation PC, Now Go to your PC and try to ping firewall from Command Prompt:

banner image

banner image

Now as the devices are configured with the management IP address. Take the GUI of the Palo Alto firewalls with the management IP address and proceed with the following steps.

On the Workstation PC, take the GUI of firewall PaloAlto01 and follow the below snapshots:

banner image

As this is the error of the local signed cert, you can ignore that and proceed with the connection.

banner image

Here the username and password will be the same as we used in CLI i.e.

Username: admin       Password: admin

banner image

There will be a pop-up asking to reset the password to a new one as you log in with the default password. Do not worry and click on OK.

banner image

your GUI window for PaloAlto01

banner image

On the Workstation PC, take GUI of firewall PaloAlto02 and follow below snapshots:

banner image

Username: admin       Password: admin

banner image

your GUI window for PaloAlto02

banner image

Conclusion

Setting the management IP address on a Palo Alto firewall using the CLI is a straightforward yet essential process that enhances network management and security. By following the outlined steps, administrators can ensure proper connectivity and access to the firewall for monitoring and configuration purposes.

To learn more about Palo Alto security, check out our Palo Alto Training Videos.

Palo Alto vs Check Point: A Comparison»
Ajotri Singh

Ajotri Singh is working as a security architect in a service provider company in India. He has also been associated with many organizations in the past such as HCL, Accenture, BT and PWC etc. In his organization he is taking care of large scale complex network security projects which requires special multiple technical skills and right ...

More... | Author`s Bog | Book a Meeting

Related Articles

#Explore latest news and articles

Palo Alto Static NAT: LAN-DMZ App Zone 2 Nov 2024

Palo Alto Static NAT: LAN-DMZ App Zone

Learn how to configure Palo Alto static NAT with step-by-step screenshots and in-depth explanation on a scenario. Read More!
Configuring Palo Alto Lab: Setup Guide 16 Jun 2024

Configuring Palo Alto Lab: Setup Guide

Step-by-step guide for the initial configuration of Palo Alto Lab setup. Learn the essentials of configuring Palo Alto Networks for an effective lab ...
Why Palo Alto Firewall? Distinct Features and Benefits 8 Nov 2024

Why Palo Alto Firewall? Distinct Features and Benefits

Determine why Palo Alto Firewall is used. Examine reasons why it is the best next generation firewall from Palo Alto Networks.

FAQ

The command to set the management IP in a Palo Alto firewall is set deviceconfig system ip-address [IP address] netmask [netmask]. This command configures the firewall’s management interface IP address.
The default management IP address for Palo Alto firewalls is typically set to 192.168.1.1, allowing administrators to access the device for initial configuration and management tasks.
To configure an IP address in a Palo Alto firewall, access the CLI, enter configuration mode, and use the command set deviceconfig system ip-address [IP address] netmask [netmask], then commit the changes to apply the configuration.
To assign a management IP address on a Palo Alto firewall, access the CLI, enter configuration mode, and use the command set deviceconfig system ip-address [IP address] netmask [netmask], followed by committing the changes.

Comments (0)

Share

Share this post with others

Contact learning advisor

Captcha image