Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
I have just purchased my first PaloAlto firewall. I am a sysadmin at a small office (about 20 people) and I am in the progress of setting up a new WiFi for my office.
This is my equipment:
This is my current setting:
I have managed to connect to the PA-440 firewall by setting my network cards IP to 192.168.1.2.
What should I do in order to make my router get Internet? I have some screenshots of my setup here:
PA-440 Dashboard
PA-440 Interfaces
Asus RT-AX53U AX1800 dashboard
Asus RT-AX53U AX1800 LAN
Asus RT-AX53U AX1800 LAN -> DHCP
Asus RT-AX53U AX1800 WAN
there's a good book you can read 😉
there's a lot of stuff you can do but let's start with the basics
create 2 new layer3 zones
i'd firstly set the interface 1/1 to layer 3 mode and set it as dhcp client. that should get you a public IP automatically from your ISP
assign it the external zone
next, set the ethernet1/2 as a layer3 interface and assign it an IP address (e.g. 192.168.50.1/24) , and enable a dhcp server on that interface, make sure you set the 192.168.50.1 IP as default route in the dhcp features
now, it would be preferable if you can set your Asus in passthrough mode so it simply acts as an access point and not interfere with routing or additional NAT inside your network
don't forget to create a security rule that allows your new internal zone out to your new external zone (delete the rule that was already in place, fresh starts are better)
make sure to add your subscription profiles!
and lastly, create a NAT rule for your outbound traffic:
to ensure your firewall is able to fetch updates, configure it with a DNS server in the management section, then consider setting up 'service routes' (Device > setup > service > service routes) attached to your ethernet1/2 (as else the updates will be fetched via your managment interface which is currently not connected to anything)
there's a good book you can read 😉
there's a lot of stuff you can do but let's start with the basics
create 2 new layer3 zones
i'd firstly set the interface 1/1 to layer 3 mode and set it as dhcp client. that should get you a public IP automatically from your ISP
assign it the external zone
next, set the ethernet1/2 as a layer3 interface and assign it an IP address (e.g. 192.168.50.1/24) , and enable a dhcp server on that interface, make sure you set the 192.168.50.1 IP as default route in the dhcp features
now, it would be preferable if you can set your Asus in passthrough mode so it simply acts as an access point and not interfere with routing or additional NAT inside your network
don't forget to create a security rule that allows your new internal zone out to your new external zone (delete the rule that was already in place, fresh starts are better)
make sure to add your subscription profiles!
and lastly, create a NAT rule for your outbound traffic:
to ensure your firewall is able to fetch updates, configure it with a DNS server in the management section, then consider setting up 'service routes' (Device > setup > service > service routes) attached to your ethernet1/2 (as else the updates will be fetched via your managment interface which is currently not connected to anything)
