Beruflich Dokumente
Kultur Dokumente
The following example policy allows all traffic to flow from the trust zone to the untrust
zone while inspecting for viruses, vulnerabilities, and spyware. In addition, the policy denies
the flow of traffic from the untrust zone to the trust zone.
Select Policies > Security click Add and name the new rule rule1.
Click the Source tab and in the Source Zone section click Add and select trust.
Click the Destination tab and in the Destination Zone section click Add and select untrust.
Click the Actions tab and in the Action Setting section select the Allow radio button.
In the Profile Setting section select Profiles from the Profile Type drop-down list.
DEPLOY THE FIREWALL AND VERIFY THE NETWORK AND SECURITY CONFIGURATION
10
From a computer on your local network other than the computer you are using to configure
the PA-3000 Series firewall, try to connect to the Internet to validate proper connectivity.
PA-3000 Series
Quick Start
Before You Begin
Obtain an IP address from your network administrator for configuring the management
port on the PA-3000 Series firewall.
Have an RJ-45 Ethernet cable to connect your computer to the management port on the
PA-3000 Series firewall.
Set your computers IP address to 192.168.1.2 and the subnet mask to 255.255.255.0.
11
Select Device > Setup and in the Management Interface Settings section, click the Edit icon.
12
In the IP Address, Netmask, and Default Gateway fields, enter the values that you
received from your network administrator for accessing your enterprise management
network.
13
In the Services section, select the services that will be allowed on the MGT interface. For
example, select Ping, HTTPS, and SSH.
14
Click
OK and then Commit.
15
Disconnect your computer from the firewall and then connect the MGT port on the firewall
to your enterprise management network.
NOTE: This document assumes the firewall has been properly rack-mounted and
powered up as described in the PA-3000 Series Hardware Reference Guide.
16
4
Type
admin in both the Name and Password fields.
17
5
Click
Login.
18
6
Select
Device > Administrators and click the admin account.
Where to Go Next
9 Type the new password again in the Confirm New Password field.
Refer to the PA-3000 Series Hardware Reference Guide for information on rack
10
Click
OK.
OPTION A: Virtual Wire deploymentChoose this option to transparently place the PA-3000 Series firewall
between two devices where no routing, switching, or NAT is required.
OPTION B: Layer 2 deploymentChoose this option to deploy the PA-3000 Series firewall in a Layer 2
environment where switching is required.
OPTION C: Layer 3 deploymentChoose this option to deploy the PA-3000 Series firewall in a Layer 3
environment where routing and NAT are required.
User
Network
OPTION
ethernet1/2
ethernet1/1
Internet
PA-3000 Series
The default configuration of the PA-3000 Series firewall is a virtual wire between ports 1 and 2, which enforces
security policies. No configuration is required for this basic setting. Proceed to Performing the Final Setup.
PREREQUISITE
To deploy the firewall in Layer 2 mode (option B) or Layer 3 mode (option C), you must first delete the default virtual
wire configuration in the following order:
1
To delete the default security policy, select Policies > Security, select rule1, and click Delete.
Next, delete the default virtual wire by selecting Network > Virtual Wires, selecting the virtual wire and
clicking Delete.
3 To delete the default trust and untrust zones, select Network > Zones, select each zone and click Delete.
4 Finally, delete the interface configuration by selecting Network > Interfaces and then select each
interface (ethernet1/1 and ethernet1/2) and click Delete.
5 Commit the changes and continue to Option B Layer 2 Deployment or Option C Layer 3 Deployment.
OPTION B LAYER 2 DEPLOYMENT
CONFIGURE THE INTERFACES
1
Select
Network > Interfaces and click the Ethernet tab.
Click
ethernet1/1 and select Layer 2 from the Interface Type drop-down and then click OK.
2
Click
ethernet1/2 and select Layer 2 from the Interface Type drop-down and then click OK.
3
5 In the Interfaces section, click Add and select ethernet1/2 and then click OK.
6 Add another zone named untrust and choose Layer2 from the Type drop-down.
7 In the Interfaces section, click Add and select ethernet1/1 and then click OK.
9 In the Interfaces section, click Add and add ethernet1/1 and ethernet1/2 and then click OK.
10 Commit the configuration and proceed to Performing the Final Setup.
OPTION
C LAYER 3 DEPLOYMENT
6 Click the IPv4 tab and select Static. Click Add in the IP field and enter the IP address and subnet
mask for port 2 in the IP field. For example, 10.1.2.1/24.
7
Click
OK to save the changes.
In the Interfaces section, click Add, select ethernet1/2 and then click OK.
10 Add another zone named untrust and choose Layer3 from the Type drop-down list.
11 In the Interfaces section, click Add, select ethernet1/1 and then click OK.
You must assign a virtual router to all Layer 3 interfaces (including the loopback interface) to enable
routing.
Add static routes and other routing protocols as needed and click OK when finished.
16