- Hello everyone. In this video, I will be going over the initial configuration of a Palo Alto networks PA-220 firewall. This video will be split into four parts. The first part will be
the Factor Reset process. Second part will be the
Network Configuration. The third part will be the
Licensing and Policies. And then the fourth part
will be the Dynamic Updates. If you're new to the channel,
please consider subscribing, and clicking the bell icon to
be notified of new content. (upbeat music) Alright, welcome back everyone. So what we've done is we
powered up our Palo Alto PA-220. And I brought it to the
maintenance recovery tool. So we're gonna continue. And then we're gonna go to factory reset, and then we're just gonna
go to factory reset, and we're are going to wait. This process can take
anywhere from 15 to 20, sometimes even 30 minutes. So I'm going to speed up the video and we'll be back when when it's done. All right, so it looks
like it has completed. So we are going to reboot. So this process also takes about
10, 15, 20 minutes as well. So we'll speed up the process, and we'll be back once it's finished. All right. So, we're back and I believe our firewall is good to go. We're gonna login with
our default user name of admin and admin. Alright, and it's gonna ask
me to change the password, which we're gonna do. I'm using Bitwarden to
store our passwords. So we're gonna copy it from here, and paste it in. Alright, so now we're
going to show jobs all. And so the other commit is completed, so now we can begin. We're gonna configure, then we're gonna do set
device config system. And I believe it is the IP address. We're going to do 10.0.11.21. With a net mask of 255.255.255.0. With a default gateway of 10.0.11.1. Also gonna figure DNS servers, our server primary is gonna be, for now we're gonna use 8.8.8.8. Secondary is gonna be 8.8.4.4. So we'll set these temporarily, and then, once we build our DNS servers, we will switch these around. We're gonna commit that. Alright, and while we're
waiting for that to finish, we're going to configure the networking on our interface. I'm sorry, we're gonna
configure our IP address on the interface. So we're gonna set this to 10.0.11.10 I'll pick ten for now 255.255.255.0 We're going to use a
default gateway of 20.0.11.1 And again, we'll just use 8.8.8.8, and 8.8.4.4. Then we'll click okay. Close, and we'll do
that there for a second, as soon as we pull this back. So also, on the switch I have already configured our management interface. So let me do this. (indistinct) Switch over here. And so now "show run int gig 1/0/5." I believe it's five. So we configure our management interface for the firewall on port five. And we'll just label it a
firewall management interface, and then we made it an
access port on vlan 11. Later on, when we get into port security, I will enable port security, StickyMax for this interface, so that this is the only device. Well it's from a Mac address perspective, that would be able to plug into this port. But we'll do that later on. So we'll leave this open. So we'll minimize that. So our commit is complete. And what we'll do is we'll connect, we will connect the
firewall and the computer, to our switch. 11.21.1 continuous. So first we'll connect our
switch to our firewall. And then we'll connect our
computer to the switch. And if we did everything correctly, if I did everything correctly. We should start seeing some traffic. Okay, there it goes. Okay, so now that that's working, we'll open up a browser and
start the configuration. So we can get into it by going to https://10.0.11.21. Sorry IP. We'll fix the SSL certificates. We'll make those our PKI servers. So we'll log in with
admin and our password. And then we'll log in. So whenever you first log in, usually these cards will pop up. That gives you, overview
of our information, that Palo Alto wants you to know. I've already read these. We might look into doing
something with telemetry, telemetry sharing, but we'll see. And this just lets us know that (indistinct) will be end of
life in October of last year. So we're not on eight,
so that's not an issue. So right now this is
on, I believe 9, 0, 36. Which I believe is the
latest 9.0 product line. So, let's jump over to device tab, and we'll start going
through these settings. So first we're gonna call
this, FW1 firewall one. We'll label this, "secondnetwork.org." I actually already have
a pre-populated banner, that we can paste in here. (indistinct) We should be able to force this. Let's try that, and there we go. So we'll force admins to
acknowledge the banner when they log in. We'll set this to, (indistinct) And the rest of that is good. Click OK. We're not gonna do anything with the authentication
profiles right now. Log in, we'll come back to. Passwords will come back to. Nothing with that. We're not gonna do anything
with security, nope. So we're good with this tab. There's nothing we need to
do on this tab right now. Services, our DNS
servers are already here, but we'll also add in some NTP servers. We'll use "zero.org@ntp.org." And "one.org.@ntp.org." And again, I'll change these when we build internal NTP servers, but for now we'll set these externally. We have our management interface that we've already configured. By default HTTPS, SSH and ping
are enabled in this version. So we can leave that alone. We're not going to do anything
with telemetry right now. Content ID, we're gonna come back to. Wildfire sessions, We'll come back to it. So for now we're good with that. So let's commit those changes. And we'll close that, and let it do its thing in the background. So next up what we'll do is. We'll configure our network, so we can set up a pull down our licenses. So let's jump over to networks. So before we can reuse these interfaces, we have to do some cleanup. So we'll jump over the policies and cancel that, and delete this policy. Alright, and then we'll
jump over to networks. We'll delete these zones. Maybe. Alright, so we can delete the zones, and then we'll delete the virtual ops. Well the virtual wire, but the default wire we'll delete that. And then we should be able to
jump back over to interfaces. And then delete these interfaces, or at least delete
them, reset them back to their default configuration.
