Performing the Final Setup

CONFIGURING THE SECURITY POLICY

1
Click
Policies > Security.

2 Review the default policies, which allow all traffic to flow from the trust zone to the
untrust zone while inspecting for viruses, vulnerability, and spyware. In addition, the
default policies deny the flow of traffic from the untrust zone to the trust zone.

PA-200
Quick Start

DEPLOYING THE DEVICE AND VERIFYING THE NETWORK AND SECURITY

CONFIGURATION
3 Connect port 1 to the Internet.
4 Connect port 2 to your local network.
5 From a computer on your local network other than the computer you are using
to configure the PA-200 device, try to connect to the Internet to validate proper
connectivity.

CONFIGURING THE MANAGEMENT INTERFACE

6
Click
Device > Setup. Click the Edit button of the first table (top right).

7 Enter the new MGT interface information for accessing the enterprise management
network. Click OK. Click Commit.
8 Disconnect your computer from the PA-200 device.
9 Connect the MGT port on the device to the enterprise management network.
VERIFYING THE MANAGEMENT CONFIGURATION
10 Connect your computer to the enterprise management network.
11 Open a browser window and type https://<MGT_port_IP_Address>.

Before You Begin

Register your PA-200 device at http://support.paloaltonetworks.com to obtain the

latest software and App-ID updates, and to activate support or subscriptions.

Obtain an IP address from your network administrator for configuring the

management port on the PA-200 device.

Have an RJ-45 Ethernet cable to connect your computer to the management port on
the PA-200 device.

Set your computers IP address to 192.168.1.2 and the subnet mask to 255.255.255.0.

NOTE: This card assumes the device has been properly rack-mounted and powered up as
described in the PA-200 Hardware Reference Guide.

12 Log in to the web interface of the PA-200 device.

Performing the Initial Setup

Where to Go Next

To learn about device administration, refer to the Palo Alto Networks Administrators
Guide.

1 Connect your computer to the management port (MGT) using an RJ-45 Ethernet cable.
2 Turn your computer on.

To learn about the CLI, refer to the PAN-OS Command Line Interface Reference

3 Launch the Internet browser on your computer and enter https://192.168.1.1.

To obtain a detailed description of the LEDs on a PA-200 device, refer to the

4
Type
admin in both the Name and Password fields.

5
Click
Login.

Guide.

PA-200 Hardware Reference Guide.

The login page of the PA-200 management console appears.

6
Click
Device > Administrators > admin.

7 Type the old password in the Old Password field.

8 Type the new password in the New Password field.
9 Type the new password again in the Confirm New Password field.
Copyright 2011 Palo Alto Networks. All rights reserved.
Palo Alto Networks and PAN-OS are trademarks of Palo Alto Networks, Inc.
Part Number 810-000072-00A

www.paloaltonetworks.com

10
Click
OK.

11 Proceed to the next section to choose a deployment option.

Choosing a Deployment Option

OPTION A: Virtual Wire deployment Choose this option to transparently place the
PA-200 device between two ports where no routing, switching, or NAT is required.

OPTION

CONFIGURING THE INTERFACES

1

Obtain two IP addresses for ports 1 and 2 on the PA-200 device from your network
administrator.

Click Network > Interfaces.

OPTION B: Layer 2 deployment Choose this option to deploy the PA-200 device in
a Layer 2 environment where switching is required.

OPTION C: Layer 3 deployment Choose this option to deploy the PA-200 device in
a Layer 3 environment where routing and NAT are required.

C LAYER 3 DEPLOYMENT

3
Click
ethernet1/1 and choose L3 from the drop-down menu.

Enter the IP address and subnet mask (for example, 10.1.1.1/24) for port 1 in the IP
Address and Subnet Mask field.

5
Click
Add and then click OK.
6
Click
ethernet1/2 and choose L3 from the drop-down menu.

Type the IP address and subnet mask (for example, 10.1.2.1/24) for port 2 in the
IP Address and Subnet Mask field.

8
Click
Add and then click OK.

OPTION

A VIRTUAL WIRE DEPLOYMENT

The default configuration of the PA-200 device is a virtual wire between ports 1 and
2, which enforces security policies. No configuration is required for this basic setting.
Proceed to Performing the Final Setup.

CONFIGURING THE SECURITY ZONES

9

Click Network > Zones and then click trust.

10
Choose

11

Check the check box for ethernet1/2 and then click OK.

12 Click untrust.
13
Choose

OPTION

B LAYER 2 DEPLOYMENT

CONFIGURING THE INTERFACES

1
Click
Network > Interfaces.
2
Click
ethernet1/1, choose L2 from the drop-down menu, and then click OK.
3
Click
ethernet1/2, choose L2 from the drop-down menu, and then click OK.

Layer3 from the Type drop-down box.

Layer3 from the Type drop-down box.

14 Check the check box for ethernet1/1 and then click OK.

CONFIGURING THE VIRTUAL ROUTERS

15 Click Network > Virtual Routers and then click New.
16 Type the name of the virtual router in the Virtual Router field.
17 Check the check boxes for the ethernet1/1 and ethernet1/2 in the Interfaces list.

CONFIGURING THE SECURITY ZONES

18 Enter network definition in the IP Address/Mask field and the gateway IP in the
Next Hop IP field to configure the static route, and click Add.

4 Click Network > Zones and then click trust. Choose Layer2 from the Type drop-down box.

19 Add more static routes as necessary, and click OK when finished.

20 Click Commit and then proceed to the next section.

Check the check box for ethernet1/2 and then click OK.

6
Click
untrust. Choose Layer2 from the Type drop-down box.

7 Check the check box for ethernet1/1 and then click OK.

CONFIGURING THE VLANS

8 Click Network > VLANs and then click New. Type the name of the VLAN in the Dot1q
VLAN Name field.
9 Check the check boxes for the ethernet1/1 and ethernet1/2 in the Interfaces list, and
then click OK.
10
Click
Commit and then proceed to Performing the Final Setup.