Scribd
Upload
331 views34 pages

Lab Paloalto - Static Route: Topology

The document provides instructions for configuring static routes on Palo Alto firewalls using the PNETLab platform. It describes: 1) Configuring zones, interfaces, and IP addresses on firewall A to represent the inside and outside networks. 2) Configuring zones, interfaces, and IP addresses on firewall B similarly. 3) Creating a security policy on each firewall to allow ICMP ping traffic between interfaces, completing the basic static route configuration.

Uploaded by

Wally Reds
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
331 views34 pages

Lab Paloalto - Static Route: Topology

The document provides instructions for configuring static routes on Palo Alto firewalls using the PNETLab platform. It describes: 1) Configuring zones, interfaces, and IP addresses on firewall A to represent the inside and outside networks. 2) Configuring zones, interfaces, and IP addresses on firewall B similarly. 3) Creating a security policy on each firewall to allow ICMP ping traffic between interfaces, completing the basic static route configuration.

Uploaded by

Wally Reds
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

Download PNETLab Platform

PNETLAB Store
PNETLab.com

LAB PaloAlto – Static Route


* Topology:

Download PaloAlto Device

Access into PNETLAB > Device > Click “Get Device” at PaloAlto 8.0.1

LAB Objective:

- Build the network and configuration basic firewall PaloAlto


- Configuration Policies and Static route
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Detail information

Guild Step-by-Step:

Step 1: Turn on Lab Device

Menu > Setup Nodes > Start all nodes

1|Page
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Step 2: Verify status of devices, Device need have “Blue” color as picture

Step 3: verify configuration of “Desktop-01” & “Desktop-02”

- Double click into “Desktop-01” & “Desktop-02”, you can login to terminal session Linux Docker.

Select Menu > System tools > MATE Terminal

- at MATE Terminal, please type command “ifconfig | more”

--- and confirm Desktop-01 & Desktop-02 have IP Address as “Detail Information” Table

2|Page
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

>>>>> Configuration PaloAlto via CLI <<<<<

Step 4: access into Paloalto’s CLI

Username: admin

Password: admin

When you login success into firewall Paloalto via CLI, Device request you must be change admin
password as following.

You should be take note <<password>>. You need it for login with Firewalls PaloAlto via GUI.

3|Page
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Step 5: set IP MGMT PaloAlto Firewall

Command Detail
admin@PA-VM> // User mode
admin@PA-VM> configure // moving to configuration mode
admin@PA-VM# set deviceconfig system type // change mode from DHCP Client to Static
static
admin@PA-VM# set device config system ip- // Set IP Address for Interface MGMT
address 192.168.xxx.xxx netmask
255.255.255.252
admin@PA-VM# commit // apply configuration to running-config.xml

>>>>> Configuration PaloAlto firewall via GUI <<<<<

Step 6:

- Double-click “Web_MGMT”

- Login into Firewall GUI via Web browser with address as following:

PaloAlto - A

https://192.168.1.1
PaloAlto - B

https://192.168.2.1

4|Page
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- When you access by https into device have a issue with certification, we need bypass it. Select
“Advanced”

- Click “proceed to 192.168.1.1 (unsafe)”

5|Page
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- This is login page into PaloAlto Firewalls via GUI

Step 7: Login into firewall with <<password>> you have changed at “step4”

- click “login”, and waiting here

6|Page
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- and you can see Web Interface of Paloalto as picture

- check “Do not show again” > click “Close”

7|Page
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

>>>> PaloAlto – A <<<<

Step 8: configuration ZONE Inside_A as LAB Topology.

Truy cập vào “Network > Zones > Add”

- fill information as following:

8|Page
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Click “OK”,

9|Page
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Step 9: Configuration ZONE Outside as LAB Topology

Access into “Network > Zones > Add”

- Fill information as following:

- Click “OK”

10 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Step 10: Configuration Profiles Interface

- Access into “Network > Networks Profiles > Interface Mgmt” and configuration as following:

Click “OK”

Step 11: Configuration IP for interface ethernet1/1 as LAB Topology

- Access into “Network > Interfaces > Ethernet”, select “ethernet1/1”, config tab “Config” as following:

11 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- set IP via tab IPv4, click “Add” and config as following:

- set Profiles for Interface Ethernet1/1, access tab “Advanced > Other info > Management Profile >
Ping_All” as following:

12 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- click “OK”

Step 12: set IP for interface ethernet1/2 as LAB Topology

- Access “Network > Interfaces > Ethernet”, select “ethernet1/2”, and config tab “Config” as following:

- set IP via tab IPv4, click “Add” and config as following:

13 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- set Profiles for Interface Ethernet1/2, access tab “Advanced > Other info > Management Profile >
Ping_All”:

- Click “OK”

Step 13: verify configuration of Eth1/1 and Eth1/2 again

Access “Network > Interfaces > Ethernet”

14 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Step 14: click “commit” do write config into “running-config.xml”

- when “commit” windows apparition, Click “commit”

>>>>> TestCase phase 1 <<<<<

Result:

- Desktop-01 can ping to interface e1/2 of firewalls success.

15 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

16 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

>>>> PaloAlto – B <<<<

Step 15: configuration ZONE Inside_B as LAB Topology.

Access into “Network > Zones > Add”

- fill information as following:

17 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Click “OK”

Step 16: Configuration ZONE Outside as LAB Topology

Access into “Network > Zones > Add”

- fill information as following:

18 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- Click “OK”

19 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Step 17: Configuration Profiles Interface

- Access into “Network > Networks Profiles > Interface Mgmt” and configuration as following:

Step 18: Configuration IP for interface ethernet1/1 as LAB Topology

- Access into “Network > Interfaces > Ethernet”, select “ethernet1/1”, config tab “Config” as following:

20 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- set IP via tab IPv4, click “Add” and config as following:

- set Profiles for Interface Ethernet1/1, access tab “Advanced > Other info > Management Profile >
Ping_All” as following:

21 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- Click “OK”

Step 19: set IP for interface ethernet1/2 as LAB Topology

- Access “Network > Interfaces > Ethernet”, select “ethernet1/2”, and config tab “Config” as following:

- set IP via tab IPv4, click “Add” and config as following:

22 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- set Profiles for Interface Ethernet1/2, access tab “Advanced > Other info > Management Profile >
Ping_All”:

- Click “OK”

Step 20: verify configuration of Eth1/1 and Eth1/2 again

Access “Network > Interfaces > Ethernet”

23 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Step 21: click “commit” do write config into “running-config.xml”

- when “commit” windows apparition, Click “commit”

>>>>> TestCase phase 2 <<<<<

Result:

- Desktop-01 can ping to interface eth1/2 of PaloAlto-B success

24 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

>>>>>Configuration “Allow Ping” policy <<<<<

Step 22: Access into PaloAlto_A (192.168.1.1) và PaloAlto_B (192.168.2.1) at “Policies > Security” click
“Add”

Configuration tab “General”

Configuration tab “Source”

25 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Configuration tab “Destination”

Configuration tab “Application”

26 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

27 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

--- Click “OK”,

*** Repeat same step with PaloAlto_B (192.168.2.1) change Zone “Inside_A” to “Inside_B”

Step 23: cick “commit” do write config into “running-config.xml”

- when “commit” windows apparition, Click “commit”

28 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

>>>>> Configuration Static Routing for Zone Inside_A & Inside B<<<<<

Step 24: Login into PaloAlto_A (192.168.1.1), access to “Network > Virtual Routers > default > Static
Routes > IPv4 > Add”

Configuration tab “IPv4”

Click “OK”

29 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Verify configuration of Static Routes as following:

Click “OK”

Click “commit” do write config into “running-config.xml”

- when “commit” windows apparition, Click “commit”

30 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

Step 25: Login into PaloAlto_B (192.168.2.1), Access into “Network > Virtual Routers > default > Static
Routes > IPv4 > Add”

Click “OK”

Verify configuration of Static Routes as following:

Click “OK”

click “commit” do write config into “running-config.xml”

31 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

- when “commit” windows apparition, Click “commit”

32 | P a g e
Nguyễn Long Bảo – Lab 02 - PaloAlto Static Route Configuration

>>>>> TestCase <<<<<

Result:

- Desktop-01 can ping successful to Desktop-02

DONE

**** Goodluck ****

33 | P a g e

You might also like