Configuring Palo Alto Static IPv4 Default Routes | PART 4

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] foreign Barker if you're just joining this playlist welcome welcome in this video we're going to walk through the configuration of static default routes plural on the Palo Alto firewall so in our journey we are right here also if you're just jumping into this set of videos for the first time in the description there's a link for the full playlist so you can pick up any of these sets of videos you want in any order you need so in our previous video we set up our Zone the inside and outside we configured these three interfaces as layer three interfaces associated with those zones and now we're going to train the Palo Alto firewall to use default routes so to do that we're going to create two static default routes we'll have one that says the default route should go through service provider a and let's go ahead and use an administrative distance of 10 with a metric of 10 and we'll also set up a static default route going through service provider B but for that one let's use an ad of 20 and a metric of 20. now on the Palo Alto firewall there's options to do equal cost multi-pathing however here what I want to do with these metrics and these ads is I want the firewall to primarily use the path through iSpa if it's up and available and good it'll use that all the time and in the event that that route is no longer available then it will fall back to using service provider B and that's the benefit of using a better ad and a better metric here on the primary path than on the alternate path through ispb so for iSpa the next top is going to be 23.1.2.1 and for ispb the next top is 24.1.2.1 and before we implement the default route let's do a quick show routing route and press enter and that shows us our existing routing table so currently we do not have a default route but we're about to change that so back at firewall 19 to configure the routing we're going to click on the network tab up on top and on the left we're going to click on Virtual routers so we have one Virtual Router it is name default but we can go ahead and change that if we want so I'm going to rename this to our Virtual Router and anywhere that's reference that name will automatically update as well and what we want to do for our Virtual Router here is we we want to create a couple of static routes so on the left we'll click on static routes and then we'll go down here and we'll click right here on ADD and let's call this one default route via ISP a like that and the Syntax for default route is zero zero zero zero slash zero for an ipv4 default route and the interface we want to use is our ethernet one slash four so that's the interface that's connecting up to service provider A's Network and the next hop for service provider a for that default route is 23.1.2.1 and then for the administrative distance we'll set that a 10 and the metric of 10 for this primary route and let's click on OK alright so there's one default route let's click on ADD and let's add the default route going through service provider B so we'll call this default via ispb the default route syntax is going to be the same zero zero zero zero zero and the interface we're going to be using is interface one slash Five for this route for this default route and the next top for service provider B is 24.1.2.1 and then we want to artificially raise the ad to 20 and the metric to 20 and click on OK so here are two default routes so we'll click on OK and then we'll go ahead and move those changes from the candidate configuration over to the running config by doing a commit so that is on its way I'll let that finish in the background and let's take a look at our topology so once that commit is complete we should have a single default route in the routing table that's using iSpa and we should also be able to reach the internet over the data plane interface so we should build a ping for example 8.8.8.8 or some other internet resource sourcing it from this interface one slash four with the IP address of 23.1.2.19 again just as a heads up I've got another layer of nat here in my home home network before going out to the public internet and that's what's allowing the full connectivity out because somebody on the internet really owns this address space and I'm just using it here in my lab environment so it's been about a minute let's go back to the firewall and let's test our connectivity with our default route so back at the CLI one way of verifying the commits done is by doing a show routing route again and there are our default routes so this one right here the top one it has an a next to it for the flags that means it's an active route it's actually being used as part of the forwarding information base and then we have the static route without the A and that's because it had a worse or higher administrative distance and it didn't make it into the routing table as long as this primary route through service provider a is here the other route going through service provider B won't be used so we'll do a ping and let's Source it from 23.1.2.19 going to host 888 and it says can't assign request to address that's because I failed to put a 2 there in front of it so it's 23.1.2.19 press enter and that is working great so we'll do a control see and another way of testing would be right here from the web interface we could click on device and then left we could go over to troubleshooting which is right here so we'll click on troubleshooting and then for the test configuration we can say we want to do a ping so we'll click on PING and then here we can specify the source so 23.1.2.19 and the destination is 8.8.8.8 and then we'll click on execute and that will show us the results of that ping so here are the results and it was successful so in the test configuration it gives a graphical user interface to initiate effectively that same ping request we did at the command line so let's take inventory in the playlist we've done a factory reset and assigned an IP address for the management interface as well as default gateway we configured our zones and layer 3 interfaces and in this video we configured our static default routes on the firewall now you're thinking whoa whoa whoa when did you do the first two there is a playlist that has all of these videos and the link for that playlist is in the description of this video so if you want to click on that link it'll give you easy access to this entire our playlist in all these videos right here on YouTube so we are up to this point now if we bring up a client on this network this client needs to know oh what is the IP addressing space I'm supposed to use and what's my default gateway and who's the DNS server I should use all that good stuff and in order to easily hand that information out to lots of clients we are going to want to use DHCP services and fortunately we can configure our firewall to act as a DHCP server when needed to provide that information and the configuration of a DHCP server on the firewall is exactly what you and I get to do in the next video as part of this playlist so if you have a few more minutes I'll see you there in just a moment

Info

Channel: Keith Barker - The OG of IT

Views: 16,292

Rating: undefined out of 5

Keywords: ogit, Keith Barker, configure palo alto firewall, cybersecurity, firewall, keith barker, palo alto, palo alto firewall, palo alto firewall basics, palo alto firewall course, palo alto firewall training, palo alto firewall training for beginners, palo alto firewall training videos, palo alto firewall training youtube, palo alto firewall tutorial, palo alto networks, palo alto networks firewall, palo alto training, palo alto firewall configuration step by step, default route 0.0.0.0

Id: oMtvXCipFCc

Channel Id: undefined

Length: 6min 47sec (407 seconds)

Published: Sat Apr 29 2023