This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Lost Newbie - TAP Interface

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Lost Newbie - TAP Interface

jickfoo
Not applicable

‎06-10-2010 01:16 PM

We bought a PA-500 just to start kicking the tires. I was ready to see a Juniper style GUI but was quickly lost in the PA Interface. Here is what I am looking to do, maybe someone can give me a quick list of configuration steps.

All we want to do is to see the traffic for now. It would be nice if we could do the LDAP Integration to see who is doing what.

I want to use a TAP Interface. I already have a mirrored interface of a firewall that I would like to use.

I want 1 interface to manage the Box, I'm assuming I can just use the MGMT Interface for this. (duh)

I may in the future want an interface to inject TCP-Resets for traffic we dont like.

What do I need to set up? Do I need to setup new zones, virtual routers, etc ?

Thanks,
Justin

0 Likes Likes
2 REPLIES 2

jpa
L4 Transporter

‎06-10-2010 01:59 PM

Doc to get you started

https://live.paloaltonetworks.com/docs/DOC-1445- For LDAP

You use the dedicated mgt interface for OOB. In order to send TCP resets, you will have to deploy in either vwire/l2/l3 mode

0 Likes Likes

spolo
L4 Transporter

‎06-11-2010 09:34 AM

> I want to use a TAP Interface. I already have a mirrored interface of  a firewall that I would like to use.

This part is easy.  Under the Device Tab, click on one of the interfaces and another window will pop up allowing you to define what type of interface it is.  In the first drop down box select "Tap" and then at the bottom select a zone.  I recommend clicking the "New" link and creating a new zone called "Tapzone."  Hit OK on that page and you're set for the zone, OK on the prior page and you've created your tap port.  Now hit Commit in the top right corner to make your changes active.  Also, you may want to make a security policy (Policies Tab).  Just create a new policy from Tapzone to Tapzone allowing all.  You can create profiles here to alert on all URL's, vulnerabilities, viruses so you can generate more log entries and see more logs there, too.

> I want 1 interface to manage the Box, I'm assuming I can just use the  MGMT Interface for this.

Yes, that's it.  By default the IP address of the device is 192.168.1.1, but to change this, you can console in, type "configure" at the first prompt and you will be in configuration mode.  Use the following CLI command to make your changes:

> set deviceconfig system ip-address 192.168.1.150 netmask 255.255.255.0 default-gateway 192.168.1.1 dns-primary 4.2.2.1 ntp-server-1 1.2.3.4

> commit

I'll defer to others on the LDAP nd TCP reset stuff (I think someone already replied), but if not, check out the admin guide on that, there's some good info there.

SP

0 Likes Likes
  • 2217 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks