https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-best-guides-for-new-firewall-deployment/ta-p/515059 <DIV class="lia-message-template-content-zone"> <P><STRONG><EM><I data-stringify-type="italic">This article is based on a discussion,&nbsp;<SPAN><A title="Best guides for new Firewall Deployment" href="https://live.paloaltonetworks.com/t5/tkb/workflowpage/tkb-id/members_discuss/article-id/106796" target="_blank" rel="noopener">Best guides for new Firewall Deployment</A>,</SPAN></I><I data-stringify-type="italic">&nbsp;posted by<SPAN>&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/231978">@Nhussain</a>.</SPAN></I><I data-stringify-type="italic">&nbsp;Read on to see the discussion and guidance from <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/27580">@OtakarKlier</a>.</I></EM></STRONG></P> <P>&nbsp;</P> <BLOCKQUOTE> <P>I am deploying a new firewall for a PoC; however, I am having some issues. I have deployed and activated the server on Azure, I am using VM-Series. On the Azure side, there being no restrictions, the server is not able to connect to the internet for updates.&nbsp;<BR />I must be missing something basic in understanding/setup so any pointers would be great.</P> </BLOCKQUOTE> <P>If you are looking for a place to start when configuring your new firewall, check out this post to get started:&nbsp;<A href="https://live.paloaltonetworks.com/t5/general-articles/secure-day-one-configuration-not-for-the-faint-of-heart/ta-p/435501" target="_self">Secure Day-One Configuration Not for the Faint of Heart</A>.</P> <P>&nbsp;</P> <P><FONT color="#FF6600"><STRONG>Solution:&nbsp;</STRONG></FONT></P> <P>&nbsp;</P> <BLOCKQUOTE> <P>Hello,</P> <P>Sounds like a routing/policy issues with the original PAN you deployed. I wouldn't recommend having the management interface internet facing unless you lock it down to source IP's. However you can change the services, so they use a different interface to reaching out and grabbing updates, etc.</P> <P>If you're adventurous — <A href="https://live.paloaltonetworks.com/t5/general-articles/secure-day-one-configuration-not-for-the-faint-of-heart/ta-p/435501" target="_self">https://live.paloaltonetworks.com/t5/general-articles/secure-day-one-configuration-not-for-the-faint-of-heart/ta-p/435501</A>&nbsp;— it blocks almost everything so be careful.</P> <P>&nbsp;</P> </BLOCKQUOTE> <P>&nbsp;</P> </DIV> Fri, 16 Sep 2022 13:13:08 GMT JayGolf 2022-09-16T13:13:08Z https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-best-guides-for-new-firewall-deployment/ta-p/515059 <DIV class="lia-message-template-content-zone"> <P><STRONG><EM><I data-stringify-type="italic">This article is based on a discussion,&nbsp;<SPAN><A title="Best guides for new Firewall Deployment" href="https://live.paloaltonetworks.com/t5/tkb/workflowpage/tkb-id/members_discuss/article-id/106796" target="_blank" rel="noopener">Best guides for new Firewall Deployment</A>,</SPAN></I><I data-stringify-type="italic">&nbsp;posted by<SPAN>&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/231978">@Nhussain</a>.</SPAN></I><I data-stringify-type="italic">&nbsp;Read on to see the discussion and guidance from <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/27580">@OtakarKlier</a>.</I></EM></STRONG></P> <P>&nbsp;</P> <BLOCKQUOTE> <P>I am deploying a new firewall for a PoC; however, I am having some issues. I have deployed and activated the server on Azure, I am using VM-Series. On the Azure side, there being no restrictions, the server is not able to connect to the internet for updates.&nbsp;<BR />I must be missing something basic in understanding/setup so any pointers would be great.</P> </BLOCKQUOTE> <P>If you are looking for a place to start when configuring your new firewall, check out this post to get started:&nbsp;<A href="https://live.paloaltonetworks.com/t5/general-articles/secure-day-one-configuration-not-for-the-faint-of-heart/ta-p/435501" target="_self">Secure Day-One Configuration Not for the Faint of Heart</A>.</P> <P>&nbsp;</P> <P><FONT color="#FF6600"><STRONG>Solution:&nbsp;</STRONG></FONT></P> <P>&nbsp;</P> <BLOCKQUOTE> <P>Hello,</P> <P>Sounds like a routing/policy issues with the original PAN you deployed. I wouldn't recommend having the management interface internet facing unless you lock it down to source IP's. However you can change the services, so they use a different interface to reaching out and grabbing updates, etc.</P> <P>If you're adventurous — <A href="https://live.paloaltonetworks.com/t5/general-articles/secure-day-one-configuration-not-for-the-faint-of-heart/ta-p/435501" target="_self">https://live.paloaltonetworks.com/t5/general-articles/secure-day-one-configuration-not-for-the-faint-of-heart/ta-p/435501</A>&nbsp;— it blocks almost everything so be careful.</P> <P>&nbsp;</P> </BLOCKQUOTE> <P>&nbsp;</P> </DIV> Fri, 16 Sep 2022 13:13:08 GMT https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-best-guides-for-new-firewall-deployment/ta-p/515059 JayGolf 2022-09-16T13:13:08Z