Lab Paloalto - Static Route: Topology

Download PNETLab Platform
PNETLAB Store
PNETLab.com
LAB PaloAlto – Static Route

* Topology:
Download PaloAlto Device
Access into PNETLAB > Device > Click “Get Device” at PaloAlto 8.0.1
LAB Objective:
- Build the network and configuration basic firewall PaloAlto

- Configuration Policies and Static route
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration
Detail information
Guild Step-by-Step:
Step 1: Turn on Lab Device
Menu > Setup Nodes > Start all nodes
1|Page
Step 2: Verify status of devices, Device need have “Blue” color as picture
Step 3: verify configuration of “Desktop-01” & “Desktop-02”
- Double click into “Desktop-01” & “Desktop-02”, you can login to terminal session Linux Docker.
Select Menu > System tools > MATE Terminal
- at MATE Terminal, please type command “ifconfig | more”
--- and confirm Desktop-01 & Desktop-02 have IP Address as “Detail Information” Table
2|Page
>>>>> Configuration PaloAlto via CLI <<<<<
Step 4: access into Paloalto’s CLI
Username: admin
Password: admin
When you login success into firewall Paloalto via CLI, Device request you must be change admin
password as following.
You should be take note <<password>>. You need it for login with Firewalls PaloAlto via GUI.
3|Page
Step 5: set IP MGMT PaloAlto Firewall
Command Detail
admin@PA-VM> // User mode
admin@PA-VM> configure // moving to configuration mode
admin@PA-VM# set deviceconfig system type // change mode from DHCP Client to Static
static
admin@PA-VM# set device config system ip- // Set IP Address for Interface MGMT
address 192.168.xxx.xxx netmask
255.255.255.252
admin@PA-VM# commit // apply configuration to running-config.xml
>>>>> Configuration PaloAlto firewall via GUI <<<<<
Step 6:
- Double-click “Web_MGMT”
- Login into Firewall GUI via Web browser with address as following:
PaloAlto - A
https://192.168.1.1
PaloAlto - B
https://192.168.2.1
4|Page
- When you access by https into device have a issue with certification, we need bypass it. Select
“Advanced”
- Click “proceed to 192.168.1.1 (unsafe)”
5|Page
- This is login page into PaloAlto Firewalls via GUI
Step 7: Login into firewall with <<password>> you have changed at “step4”
- click “login”, and waiting here
6|Page
- and you can see Web Interface of Paloalto as picture
- check “Do not show again” > click “Close”
7|Page
>>>> PaloAlto – A <<<<
Step 8: configuration ZONE Inside_A as LAB Topology.
Truy cập vào “Network > Zones > Add”
- fill information as following:
8|Page
Click “OK”,
9|Page
Step 9: Configuration ZONE Outside as LAB Topology
Access into “Network > Zones > Add”
- Fill information as following:
- Click “OK”
10 | P a g e
Step 10: Configuration Profiles Interface
- Access into “Network > Networks Profiles > Interface Mgmt” and configuration as following:
Click “OK”
Step 11: Configuration IP for interface ethernet1/1 as LAB Topology
- Access into “Network > Interfaces > Ethernet”, select “ethernet1/1”, config tab “Config” as following:
11 | P a g e
- set IP via tab IPv4, click “Add” and config as following:
- set Profiles for Interface Ethernet1/1, access tab “Advanced > Other info > Management Profile >
Ping_All” as following:
12 | P a g e
- click “OK”
Step 12: set IP for interface ethernet1/2 as LAB Topology
- Access “Network > Interfaces > Ethernet”, select “ethernet1/2”, and config tab “Config” as following:
13 | P a g e
Ping_All”:
- Click “OK”
Step 13: verify configuration of Eth1/1 and Eth1/2 again
Access “Network > Interfaces > Ethernet”
14 | P a g e
Step 14: click “commit” do write config into “running-config.xml”
- when “commit” windows apparition, Click “commit”
>>>>> TestCase phase 1 <<<<<
Result:
- Desktop-01 can ping to interface e1/2 of firewalls success.
15 | P a g e
16 | P a g e
>>>> PaloAlto – B <<<<
Step 15: configuration ZONE Inside_B as LAB Topology.
17 | P a g e
Click “OK”
Step 16: Configuration ZONE Outside as LAB Topology
18 | P a g e
- Click “OK”
19 | P a g e
Step 17: Configuration Profiles Interface
- Access into “Network > Networks Profiles > Interface Mgmt” and configuration as following:
Step 18: Configuration IP for interface ethernet1/1 as LAB Topology
- Access into “Network > Interfaces > Ethernet”, select “ethernet1/1”, config tab “Config” as following:
20 | P a g e
Ping_All” as following:
21 | P a g e
- Click “OK”
Step 19: set IP for interface ethernet1/2 as LAB Topology
- Access “Network > Interfaces > Ethernet”, select “ethernet1/2”, and config tab “Config” as following:
22 | P a g e
Ping_All”:
- Click “OK”
Step 20: verify configuration of Eth1/1 and Eth1/2 again
Access “Network > Interfaces > Ethernet”
23 | P a g e
Step 21: click “commit” do write config into “running-config.xml”
>>>>> TestCase phase 2 <<<<<
Result:
- Desktop-01 can ping to interface eth1/2 of PaloAlto-B success
24 | P a g e
>>>>>Configuration “Allow Ping” policy <<<<<
Step 22: Access into PaloAlto_A (192.168.1.1) và PaloAlto_B (192.168.2.1) at “Policies > Security” click
“Add”
Configuration tab “General”
Configuration tab “Source”
25 | P a g e
Configuration tab “Destination”
Configuration tab “Application”
26 | P a g e
27 | P a g e
--- Click “OK”,
*** Repeat same step with PaloAlto_B (192.168.2.1) change Zone “Inside_A” to “Inside_B”
Step 23: cick “commit” do write config into “running-config.xml”
28 | P a g e
>>>>> Configuration Static Routing for Zone Inside_A & Inside B<<<<<
Step 24: Login into PaloAlto_A (192.168.1.1), access to “Network > Virtual Routers > default > Static
Routes > IPv4 > Add”
Configuration tab “IPv4”
Click “OK”
29 | P a g e
Verify configuration of Static Routes as following:
Click “OK”
Click “commit” do write config into “running-config.xml”
30 | P a g e
Step 25: Login into PaloAlto_B (192.168.2.1), Access into “Network > Virtual Routers > default > Static
Routes > IPv4 > Add”
Click “OK”
Verify configuration of Static Routes as following:
Click “OK”
click “commit” do write config into “running-config.xml”
31 | P a g e
32 | P a g e
>>>>> TestCase <<<<<
Result:
- Desktop-01 can ping successful to Desktop-02
DONE
**** Goodluck ****
33 | P a g e

Lab Paloalto - Static Route: Topology

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lab Paloalto - Static Route: Topology

Uploaded by

Copyright:

Available Formats

Download PNETLab Platform

LAB PaloAlto – Static Route

Download PaloAlto Device

- Build the network and configuration basic firewall PaloAlto

Step 1: Turn on Lab Device

Menu > Setup Nodes > Start all nodes

Step 3: verify configuration of “Desktop-01” & “Desktop-02”

Select Menu > System tools > MATE Terminal

- at MATE Terminal, please type command “ifconfig | more”

>>>>> Configuration PaloAlto via CLI <<<<<

Step 4: access into Paloalto’s CLI

Step 5: set IP MGMT PaloAlto Firewall

>>>>> Configuration PaloAlto firewall via GUI <<<<<

- Click “proceed to 192.168.1.1 (unsafe)”

- This is login page into PaloAlto Firewalls via GUI

- click “login”, and waiting here

- and you can see Web Interface of Paloalto as picture

- check “Do not show again” > click “Close”

>>>> PaloAlto – A <<<<

Step 8: configuration ZONE Inside_A as LAB Topology.

Truy cập vào “Network > Zones > Add”

- fill information as following:

Step 9: Configuration ZONE Outside as LAB Topology

Access into “Network > Zones > Add”

- Fill information as following:

Step 10: Configuration Profiles Interface

Step 11: Configuration IP for interface ethernet1/1 as LAB Topology

- set IP via tab IPv4, click “Add” and config as following:

Step 12: set IP for interface ethernet1/2 as LAB Topology

- set IP via tab IPv4, click “Add” and config as following:

Step 13: verify configuration of Eth1/1 and Eth1/2 again

Access “Network > Interfaces > Ethernet”

Step 14: click “commit” do write config into “running-config.xml”

- when “commit” windows apparition, Click “commit”

>>>>> TestCase phase 1 <<<<<

- Desktop-01 can ping to interface e1/2 of firewalls success.

>>>> PaloAlto – B <<<<

Step 15: configuration ZONE Inside_B as LAB Topology.

Access into “Network > Zones > Add”

- fill information as following:

Step 16: Configuration ZONE Outside as LAB Topology

Access into “Network > Zones > Add”

- fill information as following:

Step 17: Configuration Profiles Interface

Step 18: Configuration IP for interface ethernet1/1 as LAB Topology

- set IP via tab IPv4, click “Add” and config as following:

Step 19: set IP for interface ethernet1/2 as LAB Topology

- set IP via tab IPv4, click “Add” and config as following:

Step 20: verify configuration of Eth1/1 and Eth1/2 again

Access “Network > Interfaces > Ethernet”

Step 21: click “commit” do write config into “running-config.xml”

- when “commit” windows apparition, Click “commit”

>>>>> TestCase phase 2 <<<<<

- Desktop-01 can ping to interface eth1/2 of PaloAlto-B success

>>>>>Configuration “Allow Ping” policy <<<<<

Configuration tab “General”

Configuration tab “Source”

Configuration tab “Destination”

Configuration tab “Application”

--- Click “OK”,

Step 23: cick “commit” do write config into “running-config.xml”

- when “commit” windows apparition, Click “commit”

Configuration tab “IPv4”

Goodluck