- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-17-2024 01:00 AM
I have just purchased my first PaloAlto firewall. I am a sysadmin at a small office (about 20 people) and I am in the progress of setting up a new WiFi for my office.
This is my equipment:
This is my current setting:
I have managed to connect to the PA-440 firewall by setting my network cards IP to 192.168.1.2.
What should I do in order to make my router get Internet? I have some screenshots of my setup here:
PA-440 Dashboard
PA-440 Interfaces
Asus RT-AX53U AX1800 dashboard
Asus RT-AX53U AX1800 LAN
Asus RT-AX53U AX1800 LAN -> DHCP
Asus RT-AX53U AX1800 WAN
01-17-2024 03:55 AM
there's a good book you can read 😉
there's a lot of stuff you can do but let's start with the basics
create 2 new layer3 zones
i'd firstly set the interface 1/1 to layer 3 mode and set it as dhcp client. that should get you a public IP automatically from your ISP
assign it the external zone
next, set the ethernet1/2 as a layer3 interface and assign it an IP address (e.g. 192.168.50.1/24) , and enable a dhcp server on that interface, make sure you set the 192.168.50.1 IP as default route in the dhcp features
now, it would be preferable if you can set your Asus in passthrough mode so it simply acts as an access point and not interfere with routing or additional NAT inside your network
don't forget to create a security rule that allows your new internal zone out to your new external zone (delete the rule that was already in place, fresh starts are better)
make sure to add your subscription profiles!
and lastly, create a NAT rule for your outbound traffic:
to ensure your firewall is able to fetch updates, configure it with a DNS server in the management section, then consider setting up 'service routes' (Device > setup > service > service routes) attached to your ethernet1/2 (as else the updates will be fetched via your managment interface which is currently not connected to anything)
01-17-2024 03:55 AM
there's a good book you can read 😉
there's a lot of stuff you can do but let's start with the basics
create 2 new layer3 zones
i'd firstly set the interface 1/1 to layer 3 mode and set it as dhcp client. that should get you a public IP automatically from your ISP
assign it the external zone
next, set the ethernet1/2 as a layer3 interface and assign it an IP address (e.g. 192.168.50.1/24) , and enable a dhcp server on that interface, make sure you set the 192.168.50.1 IP as default route in the dhcp features
now, it would be preferable if you can set your Asus in passthrough mode so it simply acts as an access point and not interfere with routing or additional NAT inside your network
don't forget to create a security rule that allows your new internal zone out to your new external zone (delete the rule that was already in place, fresh starts are better)
make sure to add your subscription profiles!
and lastly, create a NAT rule for your outbound traffic:
to ensure your firewall is able to fetch updates, configure it with a DNS server in the management section, then consider setting up 'service routes' (Device > setup > service > service routes) attached to your ethernet1/2 (as else the updates will be fetched via your managment interface which is currently not connected to anything)
01-17-2024 10:37 AM
Thank you for your help Reaper. Now my office have Internet via the PA-440 firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!