02-26-2013 11:51 AM
I am planning a deployment of two PA-500's for just Threat Prevention and URL monitoring. I am working through the best way to do it for physical cabling and figuring out where everything should go. I would also like to use the Active Directory integration to base URL Filtering policies to groups/users. My question is, will I need to connect another interface to my internal network for it to access my domain controllers? I've gone through the Palo Alto documentation and it somewhat describes it but I'm still a little unclear of this simple implementation.
02-26-2013 03:54 PM
By default management interface is chosen and should have access to your DC.
If your network design cannot allow this access.You can configure a L3 interface and change the service route going to :
Device > Setup > Services>Service RouteConfiguration.
02-26-2013 03:54 PM
By default management interface is chosen and should have access to your DC.
If your network design cannot allow this access.You can configure a L3 interface and change the service route going to :
Device > Setup > Services>Service RouteConfiguration.
02-27-2013 07:02 AM
There is something called virtual wire subinterface introduces in PANOS 5.0. However I don't think it's possible to have a layer3 wvire subinterface, but I'm not 100% sure.
I would say your best option is to use the management interface, as you probably want to have management access to the device anyway.
02-27-2013 10:53 AM
Ok, so now I am to the point on applying my licenses. Right now I just have the Management Port plugged in and that network does have routing to the domain controllers (for DNS) and the Internet. If I try to either "Retrieve license key from license server" or "Activate deature using auth code" (which I have all the codes) it fails to install the licenses.
If I create and connect a Layer 3 interface do I need to setup a new Zone and create a policy allowing it out?
02-27-2013 11:26 AM
You need to ensure that the management interface has access to the Internet for this to work, as it connects to Palo Alto's servers. Alternately, you can download the licenses from the My Devices page by registering your device and then clicking the , and upload them to the firewall.
02-27-2013 11:29 AM
I was able to get it to work by setting the DNS and Palo Alto Updates to go out the MGT port. I forgot the changes don't take full effect until I click Commit too...
Once I did that I was able to install the license files.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
