https://live.paloaltonetworks.com/t5/general-topics/lost-newbie-tap-interface/m-p/13763#M10098 <HTML><HEAD></HEAD><BODY><P>We bought a PA-500 just to start kicking the tires. I was ready to see a Juniper style GUI but was quickly lost in the PA Interface. Here is what I am looking to do, maybe someone can give me a quick list of configuration steps.</P><P></P><P>All we want to do is to see the traffic for now. It would be nice if we could do the LDAP Integration to see who is doing what.</P><P></P><P>I want to use a TAP Interface. I already have a mirrored interface of a firewall that I would like to use.</P><P></P><P>I want 1 interface to manage the Box, I'm assuming I can just use the MGMT Interface for this. (duh)</P><P></P><P>I may in the future want an interface to inject TCP-Resets for traffic we dont like.</P><P></P><P>What do I need to set up? Do I need to setup new zones, virtual routers, etc ?</P><P></P><P>Thanks,<BR />Justin</P></BODY></HTML> Thu, 10 Jun 2010 20:16:45 GMT jickfoo 2010-06-10T20:16:45Z https://live.paloaltonetworks.com/t5/general-topics/lost-newbie-tap-interface/m-p/13763#M10098 <HTML><HEAD></HEAD><BODY><P>We bought a PA-500 just to start kicking the tires. I was ready to see a Juniper style GUI but was quickly lost in the PA Interface. Here is what I am looking to do, maybe someone can give me a quick list of configuration steps.</P><P></P><P>All we want to do is to see the traffic for now. It would be nice if we could do the LDAP Integration to see who is doing what.</P><P></P><P>I want to use a TAP Interface. I already have a mirrored interface of a firewall that I would like to use.</P><P></P><P>I want 1 interface to manage the Box, I'm assuming I can just use the MGMT Interface for this. (duh)</P><P></P><P>I may in the future want an interface to inject TCP-Resets for traffic we dont like.</P><P></P><P>What do I need to set up? Do I need to setup new zones, virtual routers, etc ?</P><P></P><P>Thanks,<BR />Justin</P></BODY></HTML> Thu, 10 Jun 2010 20:16:45 GMT https://live.paloaltonetworks.com/t5/general-topics/lost-newbie-tap-interface/m-p/13763#M10098 jickfoo 2010-06-10T20:16:45Z https://live.paloaltonetworks.com/t5/general-topics/lost-newbie-tap-interface/m-p/13764#M10099 <HTML><HEAD></HEAD><BODY><P>Doc to get you started</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-1445-">https://live.paloaltonetworks.com/docs/DOC-1445-</A><SPAN> For LDAP</SPAN></P><P></P><P>You use the dedicated mgt interface for OOB. In order to send TCP resets, you will have to deploy in either vwire/l2/l3 mode</P></BODY></HTML> Thu, 10 Jun 2010 20:59:30 GMT https://live.paloaltonetworks.com/t5/general-topics/lost-newbie-tap-interface/m-p/13764#M10099 jpa 2010-06-10T20:59:30Z https://live.paloaltonetworks.com/t5/general-topics/lost-newbie-tap-interface/m-p/13765#M10100 <HTML><HEAD></HEAD><BODY><P>&gt; <EM>I want to use a TAP Interface. I already have a mirrored interface of&nbsp; a firewall that I would like to use.</EM></P><P></P><P style="min-height: 8pt; height: 8pt; padding: 0px;">This part is easy.&nbsp; Under the Device Tab, click on one of the interfaces and another window will pop up allowing you to define what type of interface it is.&nbsp; In the first drop down box select "Tap" and then at the bottom select a zone.&nbsp; I recommend clicking the "New" link and creating a new zone called "Tapzone."&nbsp; Hit OK on that page and you're set for the zone, OK on the prior page and you've created your tap port.&nbsp; Now hit Commit in the top right corner to make your changes active.&nbsp; Also, you may want to make a security policy (Policies Tab).&nbsp; Just create a new policy from Tapzone to Tapzone allowing all.&nbsp; You can create profiles here to alert on all URL's, vulnerabilities, viruses so you can generate more log entries and see more logs there, too.</P><P></P><P></P><P></P><P style="min-height: 8pt; height: 8pt; padding: 0px;">&gt; <EM>I want 1 interface to manage the Box, I'm assuming I can just use the&nbsp; MGMT Interface for this. </EM></P><P></P><P style="min-height: 8pt; height: 8pt; padding: 0px;">Yes, that's it.&nbsp; By default the IP address of the device is 192.168.1.1, but to change this, you can console in, type "configure" at the first prompt and you will be in configuration mode.&nbsp; Use the following CLI command to make your changes:</P><P></P><P style="min-height: 8pt; height: 8pt; padding: 0px;">&gt; set deviceconfig system ip-address 192.168.1.150 netmask 255.255.255.0 default-gateway 192.168.1.1 dns-primary 4.2.2.1 ntp-server-1 1.2.3.4</P><P style="min-height: 8pt; height: 8pt; padding: 0px;">&gt; commit</P><P></P><P style="min-height: 8pt; height: 8pt; padding: 0px;">I'll defer to others on the LDAP nd TCP reset stuff (I think someone already replied), but if not, check out the admin guide on that, there's some good info there.</P><P></P><P style="min-height: 8pt; height: 8pt; padding: 0px;">SP</P></BODY></HTML> Fri, 11 Jun 2010 16:34:57 GMT https://live.paloaltonetworks.com/t5/general-topics/lost-newbie-tap-interface/m-p/13765#M10100 spolo 2010-06-11T16:34:57Z