GNS3 and PaloAlto (PANOS) Integration

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys at the sister of shabbier and welcome to tech talk with Russia so today what we gonna do is I'm gonna show you how you can integrate a and s3 with Palo Alto so for this video we are gonna use a palo all - version 8.0 point 0 so as you can see the genus we just forget I mean top-of-t industry we just mentioned that gene is free with a si is CM that was for another project that was that I was working in so over here we were gonna work with candle altar and not the a or say that a so you'll find in another video of mine so here we can see that I've just imported the cloud interface in the G industry and what we are gonna do is make sure we import the what do you call loopback interface that you're gonna do is select the special interface and select the loopback interface after that what we are gonna do is we have to go to C Drive Program Files you industry and appliance folder right we will find the ready-made appliance for pollo also which makes it much easier so after that it is found the appliance selected and now I have downloaded another version of that palo of the vm h 0 to 0 dot q PL i have to find the identical image over here and then i have to click on import and then browse to that file d so i've just populate the location of that file and paste over here and here you can see you selected the file and we have to open it what it will do is it will just be verifying the checksum values and the image and then it will upload the entire file to the gns3 vm that we have along the genus 3 so we have to wait patiently for a while and rather than you chalets are made they know now it's uploading the image to the VM and the power of already about is however real-life it will take a while to complete it and they go 99 percent and 100 percent just when we shear like this once again we have waited until it becomes green [Music] they ready to install and green so just click on that file next yes of course and then finish it I want to show you about this later on we'll just finish it up and so and all the images you can see that it has been there's been it's alright you if our convenient electric that's the my little little I'll just customize the brown I can chew a more modern-looking one firewall and I like this icons or uses over here the current and then okay okay and there you go you can just bring this up why was you well oh yeah I'm just forgot to tell it's evening I'm using fire on the genesis version 205 over here we just select the management board and to Microsoft loopback interface that we previously added in the cloud both has to be connected let you go now we have to just power up the VM and see what works he just gets a bit on now how you can add the loopback interface I will show you which into fidgeter so you have to go to network settings and change adapter settings I look back and it has to have similar IP as I mean it has to be in the same range as a loopback interface so you can see that we are using 10.0.0.0 and the loopback interface so the power of the firewall and we have to give I the IP address of the management interface which has to be identical to that same range it has to be in the 10.0.0.0 range using a subnet of 255 255 255 dot 0 so you can see that it's powering up just hold on for some time you seen power updates a little a little time give it some time to power up it just gets stuck sometimes you know 4 gigs of ram is what it takes usually give it a while you're the wire should come up mm-hmm steaks from Lyon you might get worried sometimes that don't be it will power up since it's a big file take appliance Oh [Music] okay one more thing which you can do is you might if in case the virtue this country's virtue doesn't work you can try with IDE but for me it works both in IDE and virtue so I'm just trying to be alternative just in case about your fight right doesn't work for you can try the IDE and what we've done is we have stopped the firewall change the harddrive to IDE and I'm just powering it up once again however in other tests both have worked so you might try to fit a lot a little with the IDE and virtue into phrase which over you it's good it doesn't really matter which one it's fine so again it will take time this weekend you just booted it up now so let it boot give it some time grab yourself a cup of coffee the reason why I came up with this video is there you go it's coming up but by default it's got an IP of 192 168 1.1 which we will have to change it to match our loopback interface so now the thing is we can try to log in with the default potential which is admin admin but it will not work you just have to keep going you might have to try it maybe five one might have to try it maybe 500 times or just leave it for five minutes and I just did the fast-forward and there you go after five minutes when you log into the same admin admin password and ID it will work but before that don't get disheartened because you're not doing nothing wrong it's just the firewall which takes a little more time to get itself ready get it so formed up for accepting the admin admin credentials there you go after I've logged in and it gives me a warning but it's still configured with the default account admin enable mode and sorry config mode at Cisco it's any good over here we'll go to config mode and then you have to give it the cover command the same and to set the interface but before that we'll just set up the CL eyes you know height and width because the CLI of Palo Alto such that it messes up the writing so I'm just setting up the CLI terminal height to 500 and the weight to 500 as well now we can go to the contact mode and set up VIP still even though we have set up the width and height we will still see the things to be overwritten so we'll just see it won't work over here I have to get back to this mode and ensure it interface management sorry yeah the face management and you can see everything seems to be unknown so we have to do now login to the LA firewall go to config mode go for I'll just show you an example where I will be writing the commands manually but as soon as the command there's a little too long it will start to override it and itself so first we have to tell the firewall to use a static IP and now I'll show you and then device in fact it will start to override itself IP address 1000 12th we'll make it 12 same range netmask has to be 255.255.255.0 and they will see it start shooting so what I will do I will just go back back to square one and write the entire come on in a notepad and then paste it over here which will avoid me from making any mistakes so the commander's certifies config since dummy IP backwards 10.0.0.0 netmask should be 255.255.255.0 and you fall get very mega we may not get as of now it's not needed because it's directly connected but if it's behind a firewall we may need the default gateway and after that we are gonna give the dns settings server my 4.2.2 dot - which is Google's free DNS server so we'll just copy that and command and paste it go boom there it is enter and do and yeah after that we have to commit the command because the firewall or follow all the research that without committing it will just save it in the running config but it won't actually implement the command so we have to commit the command after whatever we do and then wait for it to accept that so we'll try to actually go to time HTTP colon slash slash 10.0.0.0 therefore that we will just try to keep on continuously pinging so as soon as the commad job is completed and i'm able to think i should be able to open that same IP here or the URL on the browser itself so we will just be waiting for the thing to be successful so as of now you can see the webpage is not opening just hold on just hold on it's 99% complete it should be reachable by 99% so as soon as the commit has completed almost 99% it is reachable and we are able to ping directly from the PC through the loopback interface of in the cloud interface of the gns3 to Palo Alto so here if we do the show interface management command again we can see that the IP address has been taken as 10.0 thoughts about route and now if we reload the page we should be able to reach it okay I may have uh III just forgot to HD you know it HTTP colon slash slash by default it just took that by default it just took HTTP and it will now be loading the Paulo that might give you a smaller warning if it does that's just a certificate issue just accept the rest can go ahead and will be using the same admin admin and also username and password and login to the thing and again it will give the same warning which it give and gave in the CLI but we can start the pings now you can even close the CL Eric because now everything is there in the GUI which 99% of the time we'll be using DUI takes a while to load and it's in a virtual environment give it a little time [Music] and it's gonna come up now anytime soon there you go so it's first time loading let me take a while so if you you can see just a small notice it so come up in Japan or as a charter close this thing intend rated at the open means as of now we can see the dashboard ACC monetary policy objects Network and device here we can see the logged in devices so we have logged in from the console and the nympho the browser and on the left you can see the general information about the firewall we will just go to the widgets and bring up the interfaces which currently are all grayed out because there is nothing connected and neither of them are configured so we can go to device and the device can see all the details the firewall just works like a charm you can see the admin account such as admin currently SH that he faulted and we can create we it's recommended to create a custom account and EP admin account disabled and in the end the faces of the network we can see that all the interfaces are grayed out Sony's VLANs fires we can see all the information currently they are all playing and figured anything and once we do we'll see all the information in here and repairs policies see the security policy they all two security policies are already in place for interest own and enter zone they could go to the monitoring dab activities productivity activity channel activity is here so the back here at the dashboard I hope you liked the video and I'd like to thank you very much for viewing this when you appreciate your efforts you
Info
Channel: rootbootswap
Views: 5,145
Rating: undefined out of 5
Keywords: GNS3, PANOS, Palo Alto, Palo, Alto, download, Setup, integration, network, firewall, security, routing, switching, PCNSA, PCNSE
Id: xEw3VR9hO_Q
Channel Id: undefined
Length: 18min 14sec (1094 seconds)
Published: Thu Mar 26 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.