Scribd Logo
Upload

Welcome to Scribd!

  • Adding Firewalls To Panorama: EDU-220 Panorama 8.1 Courseware Version B

    Uploaded by

    Net Runner
    103 views30 pages
    a

    Original Title

    EDU_220_81_B_Mod03_AddingFirewalls_636736802962271029.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    a

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    103 views30 pages

    Adding Firewalls To Panorama: EDU-220 Panorama 8.1 Courseware Version B

    Uploaded by

    Net Runner
    a

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    Adding Firewalls to

    Panorama
    EDU-220

    Panorama 8.1

    Courseware Version B
    Agenda
     Adding New Firewalls to Panorama

     Transition a Firewall to Panorama Management

     Upgrade PAN-OS® Software and Perform Dynamic Updates

     Manage Panorama and Firewall Configuration Backups

    2 | © 2018 Palo Alto Networks, Inc.


    Adding New Firewalls to Panorama

    3 | © 2018 Palo Alto Networks, Inc.


    Adding New Firewalls to the Panorama Workflow

    1 2 3
    Configure the Add the
    new firewall firewall’s Commit all
    to connect serial number changes.
    to Panorama. to Panorama.

    4 | © 2018 Palo Alto Networks, Inc.


    Configure the New Firewall to Connect to Panorama
    Device > Setup > Management > Panorama Settings

    By default, Panorama
    will push configurations.

    5 | © 2018 Palo Alto Networks, Inc.


    Add Firewall Serial Numbers to Panorama
    Panorama > Managed Devices > Summary > Add
     The serial numbers of the firewalls
    that Panorama manages are
    added in the Devices dialog box.
     The Install option allows software
    or content upgrades on managed
    devices.
     The Group HA Peers option
    shows devices in HA mode.
     The PDF/CSV option creates a
    report summarizing managed
    devices.

    6 | © 2018 Palo Alto Networks, Inc.


    Device Tagging
    Panorama > Managed Devices > Summary > Tag
     Device tags make finding a
    specific firewall easier.

    7 | © 2018 Palo Alto Networks, Inc.


    Secure Communication Settings
    Panorama > Setup > Management > Secure Communication Settings
     Secure communication between
    Panorama and managed devices can be
    customized.
     Communications between Panorama
    and managed devices:
    • Uses a predefined certificate
    • Uses a local certificate
    • Employs the Simple Certificate Enrollment
    Protocol (SCEP) for a certificate

    8 | © 2018 Palo Alto Networks, Inc.


    Committing and Validating Connectivity
     Commit changes to the local firewall.
     Commit changes to Panorama.
     Verify that the Device State shows as Connected.

    9 | © 2018 Palo Alto Networks, Inc.


    Manage Device Licenses
    Panorama > Device Deployment > Licenses

     Panorama manages licenses from a central location.


     Panorama also tracks expiring licenses.
     A Refresh updates the license status on the firewalls.
     Add licenses using Activate with an authorization code.
     Deactivate a license on one device so that it can be used on another
    device.

    10 | © 2018 Palo Alto Networks, Inc.


    Transition a Firewall to Panorama Management

    11 | © 2018 Palo Alto Networks, Inc.


    Plan the Transition
     Determine the versions of PAN-OS® software on Panorama and firewall.

     Panorama must be running the same (or later) version of PAN-OS® software
    as that of the firewall.
     Plan the device group hierarchy and template deployment:
    • For reduced redundancy
    • To streamline the management of shared settings

     Identify any configuration that needs to be managed locally.

     Normalize zone names.

    12 | © 2018 Palo Alto Networks, Inc.


    Migrating Existing Firewalls to Panorama Management
     Your organization has firewalls locally configured and operating today.
    How do you migrate these firewalls to Panorama management?

    1: Add a new device.

    2: Import a configuration.

    3: Fine-tune the configuration.

    4: Push the device state (config bundle).

    5: Commit the device groups and templates.


    This process replaces some or all of the firewall’s configuration with one
    managed by Panorama.

    13 | © 2018 Palo Alto Networks, Inc.


    Migrating HA Partners to Panorama Management
     Disable the configuration sync between HA peers on both firewalls.

     Add the firewalls to Panorama management.


    Device > High Availability > General > Setup

    14 | © 2018 Palo Alto Networks, Inc.


    Import Local Firewall Configuration into Panorama
     Add the firewall to managed devices in Panorama.
     Import the existing device configuration into a new device group and template.
     The import creates a duplicate of the configuration data in Panorama.
    Panorama > Setup > Operations > Configuration Management

    15 | © 2018 Palo Alto Networks, Inc.


    Fine-Tune the Imported Configuration
     Make any needed changes to the imported configuration.
     Commit to Panorama.
     Push the firewall configuration bundle to the firewall.
    Panorama > Setup > Operations > Configuration Management

    16 | © 2018 Palo Alto Networks, Inc.


    Upgrade PAN-OS® Software and Perform Dynamic
    Updates

    17 | © 2018 Palo Alto Networks, Inc.


    Deploy PAN-OS® Software to Firewalls from Panorama
    Panorama > Device Deployment > Software

    Select the Select the


    Version. Platform type.

     Upload only to device: Select


    this option to upload only (do
    not install).
     Reboot device after install:
    Select this option to also
    reboot after install.

    18 | © 2018 Palo Alto Networks, Inc.


    Schedule Dynamic Updates to Firewalls from Panorama

    Panorama > Device Deployment > Dynamic Updates

    19 | © 2018 Palo Alto Networks, Inc.


    Deploy GlobalProtect Client Software from Panorama
     Deploy client software updates to a managed firewall.
    Panorama > Device Deployment > GlobalProtect Client

    20 | © 2018 Palo Alto Networks, Inc.


    Manage Panorama and
    Firewall Configuration Backups

    21 | © 2018 Palo Alto Networks, Inc.


    Configuration Management
    Panorama maintains configurations for Panorama > Setup > Operations
    all managed devices and Panorama:
     Export the running configuration.
     Select a committed file to export.
     Export Panorama and all managed
    devices config bundle.
     Export the recently imported
    device configuration.

    22 | © 2018 Palo Alto Networks, Inc.


    Schedule Export to Back Up Configuration Files
    Panorama > Scheduled Config Export
     Schedule daily configuration
    backups.
     XML files include Panorama
    and firewall configurations.

    23 | © 2018 Palo Alto Networks, Inc.


    Configuration Backups on the Panorama Appliance
    At commit time:
     Panorama saves its own configurations.
     Local device configurations also are stored on Panorama.
    Panorama > Managed Devices > Summary

    24 | © 2018 Palo Alto Networks, Inc.


    Revert Content Updates from Panorama
    Panorama > Device Deployment > Dynamic Updates > Revert Content
     Using Panorama, you can
    revert content versions of
    managed devices.
     Instead of reverting from
    devices one by one, you
    can revert once from
    Panorama for all devices.
     Devices can be:
    • Firewalls
    • Log Collectors
    • WildFire® appliances
     Content type can be:
    • Antivirus
    • Applications and
    Threats
    • Apps
    • WildFire
    • WildFire-Content

    25 | © 2018 Palo Alto Networks, Inc.


    Summary
    Now that you have completed the module, you should be able to:

     Add new firewalls to Panorama management

     Transition locally configured firewalls to Panorama Management

     Upgrade PAN-OS® software and perform dynamic updates

     Manage Panorama and firewall configuration backups

    26 | © 2018 Palo Alto Networks, Inc.


    Questions?

    27 | © 2018 Palo Alto Networks, Inc.


    Adding Managed Firewalls Lab (Pages 16-22 in the Lab Guide)
     Add firewall devices to the Panorama appliance

     Schedule automatic config exports

    28 | © 2018 Palo Alto Networks, Inc.


    Secures the Network
    This page was intentionally left blank.

    30 | © 2018 Palo Alto Networks, Inc.

    You might also like