03-18-2011 06:33 AM
Hi,
In the version 4.0 admin guide , the description for permitted IP address in Device > Setup is as follows.
"Permitted IP Addresses Enter the IPv4 or IPv6 addresses of any external servers that are used to provide updates to the firewall through the management ports."
Maybe its just me , but I got a bit confused because of the term "provides updates" , it made me think that this configration is somehow related to the "Update" server setting within Device > setup (where the firewall downloads updates from), but it looks like these settings are related management "access" restrictions on the Mangement port.
I would recommened a change in the wording to make it a bit more clear, unless it really has something to receiving "updates".
Regards,
Sunil
03-18-2011 10:32 AM
Sunil
Your understanding of permitted IP is correct. This is list of IP addresses from which management of the FW is allowed. I will get this corrected in the documentation.
Thank you
Jerish
03-18-2011 08:22 AM
Sunil,
The default behavior of the PaloAlto is to use the Management IP address as the source for requesting updates, radius and various other communications. However, it is possible to make one of the firewall interfaces the source using the "Service routes" option.
Steve Krall
03-18-2011 09:06 AM
Hi Steve,
Thanks for the reply, I may have not coveyed what I wanted to say accurately, my concern was not aimed at which interfaces handle updates and how we could change the defualt behaviour using service routes.
My only concern was the wording used to describe what the "Permitted IP" address list does under Device > Setup .
From my understanding this a Management access permit list , where you can define Ip address or ranges from which management access is allowed. but the wording used to describe that in the documentation seems a bit confusing , it tends to hint towards this list being a list of systems from when Updates can be received.
I hope this explains it better.
Regards,
Sunil
03-18-2011 10:32 AM
Sunil
Your understanding of permitted IP is correct. This is list of IP addresses from which management of the FW is allowed. I will get this corrected in the documentation.
Thank you
Jerish
03-21-2011 03:00 AM
Thanks Jerish.
Regards,
Sunil
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
