Module 2 Initial Firewall Config

Question 1

Initial config must be done by what two things

Answer 1

Out of band mgmt, or serial cable

Question 2

What s imp to know about the out of band mgmt

Answer 2

Only passes management traffic. Is labeled MGT port.

Question 3

What is imp to know about the mgt port

Answer 3

MGT int can run as a static IP or dhcp client.

Question 4

What are the four ways to do access firewall mgt

Answer 4

Panorama, SSH, REST/XML API, web based

Question 5

What are the special req’s for creating predefined admin pass

Answer 5

8 characters, 1 upper, 1 lower, one special and numerical

Question 6

What are the two ways to reset to factory config?

Answer 6

Via CLI with a known admin password. (Erases logs, including IP address)
VIA console port, type maint - set to factory default

Question 7

What is important to know about MGT interface config via web interface?

Answer 7

At a minimum, need IP, gateway and subnet. For the MGT port by default, PING, SSH and HTTPS are enabled.

Question 8

What else is required for initial setup?

Answer 8

DNS is REQUIRED, NTP is OPTIONAL.

Question 9

What is the update server domain name?

Answer 9

default paloaltonetworks.com do not change this setting

Question 10

What does the MGT port do?

Answer 10

Accesses external services like DNS, NTP, and update servers, URL updates, licenses and auto focus.

Question 11

What is a service route?

Answer 11

Path from the interface to the service on a server. Allows you to access external services like the mgt port.

Question 12

Before registering your license, what must you do/

Answer 12

Provide serial number of your device. Before you register, it must be configured with an IP, netmask, DG and DNS server add.