I’m not sure if any of you have tried to configure a Palo Alto firewall, but if you have then you know it’s kind of a pain in the ass.
Just last night I was setting up a PA-200 I’ve had sitting around in a box for a few months and while going through the setup documentation I was just thinking “What the hell is this?”. Granted I do use Palo Alto’s at work but I do basic configurations and maybe some management here and there, I’ve never set one up from scratch.
After reading guide after guide on how to get this setup both on Palo’s KB and other sites I found from a quick google search. I noticed no one really sets these up or assumes you’re going to be setting them up with your public IPv4 address given via DHCP. I had to piece together some guides here and there to exactly understand what I was doing and how I was going to do it. So I’m going to outline the process you need to go through (at least on PanOS 8.1.3) to get this working when your public address is given via DHCP.
- Configure your zones (Network > Zones)
I have two primary zones configured; trusted and untrusted. These zones are for the LAN/WAN interfaces respectively. Make sure you make these as Layer3 zones as the interfaces we’re going to configure are Layer3.
2. Configure your interfaces (Network > Interfaces)
As you may be able to tell from the image below, ethernet1/3 is my LAN and ethernet1/4 is my WAN (ISP). The key here is having ethernet1/4 set to ‘DHCP Client’ under the IPv4 settings of the interface. Make sure the box ‘Automatically create default route pointing to default gateway provided by server‘ is checked otherwise this process won’t work. After you’ve confirmed that, the virtual router on both interfaces to ‘default’. This will get explained shortly.
Read more Configure Palo Alto With Public DHCP