40G/100G Optical Transceivers
10G/25G Optical Transceivers
155M/622M/2.5G Optical Transceivers
100M/1G Optical Transceivers
FC 16G/32G Optical Transceivers
CWDM/DWDM Optical Transceivers
100M/1G/10G Coppers
Active Cable AOC
Direct Attach Cable DAC
Regular/MTP-MPO Fiber Patch Cords
MT2011
MT2010
CodingBox
PALO ALTO Switch IP Configuration Methods
Time: 2025-03-28
When Moduletek Laboratory was configuring the IP address of the PALO ALTO PA-850/PA-3060 firewall interface, it was found that the firewall was configured in a different way than other regular switches. If it is not configured in the correct way, it will cause the service not to be able to get through.
The following shares the way to configure the IP address of the PALO ALTO firewall based on a specific case.
Table 1 Parameter Description
|
Item
|
Description
|
|
Firewall Model
|
PA-3060
|
|
Connected switch interface IP address name
|
Other switch IP
|
|
Connected Switch Interface IP Address
|
192.168.3.1/24
|
|
PA-3060 Interface IP Address Name
|
PALO IP
|
|
PA-3060 interface IP address
|
192.168.3.10/24
|
|
PA-3060 management interface IP address
|
192.168.1.1/24
|
I. Configuring the IP address on the Web
1. Use a PC to log in to the WEB side of the PA-3060, and the page of the WEB side after logging in is as follows;
Figure 1 PA-3060 WEB end page
2. Click Add in the Obiects>Address column of the WEB terminal to create IP address, you need to create two IP addresses, which are the IP address of the PA-3060 interface and the IP address of the interface of the opposite switch, hereinafter referred to as the local IP address and the opposite IP address;
Figure 2 Create IP address
After successful configuration, it is shown as below.
Figure 3 Local and Peer IP Addresses
3. In the Network > Region column, click Add to create a new region. Set the name of the region and the type to Layer 3. Then click Add in the User ID column and select the IP address of the peer that you set in the previous step;
Figure 4 Create an area and configure it
4. In the Network>Network Profile>Interface Management column, click Add to create an interface management profile, set the name, check Ping in Network Service, and add the peer IP address in the Allowed IP Addresses column;
Figure 5 Create and configure an interface management profile
5. in the Network>Interface column, select the interface to use, the interface used this time is ethernet 1/18. set the interface type to Layer 3 in Ethernet Interfaces, set the virtual router to default in the Configuration column, and set the security zone to the zone created in step 3. Click Add in the IPv4 column and select the IP address of the PA-3060 interface created in step 2. In the Advanced column select Management Profile and select the interface management profile created in step 4;
Figure 6 Configuring the Virtual Router and Security Area
Figure 7 Bind the IP address of the interface
Figure 8 Configure the management profile of the interface
6. Click Submit at the top of the WEB terminal to save the configuration.
II. Verify whether the IP configuration takes effect
1. In order to verify whether the IP address configured in the above steps is effective, use the PING test to verify whether the service can run through. Use the 10G module to connect PA-3060 and another switch (the IP address is the IP address of the opposite end configured in the above steps). In Device>Troubleshooting on the Web site, select Ping in the Select Test column, fill in the IP address of the PA-3060 interface in Source and the IP address of the interface of the connected switch in Host, and then you can check the results of the PING test after executing the test. The result can be normal ping through. the PA-850 IP address configuration is the same as the PA-3060.
Moduletek Limited is at your service.
