Initial System Access To Firewall
Use either a MGT out of band ethernet interface, serial console connection default IP address 192.168.1.1/24. Must change admin password user name
Username: admin
Password: admin
Use web, SSH/Console CLI Rest/XML API and Panorama (many firewalls) as admin access tools
Reset to factory configuration
use CLI line command system private-data-reset, use boot up maintenance mode without admin password (from the console port)... the firewall is booting up, type the operational command maint into the CLI through the serial console port.
Web interface
Functional category tabs, commit tab and task are sections of this interface
Configure management network settings
MGT interface config 8 step process
includes using an ethernet interface (cable) using a web browser on 192.168.1.1, add the password/useranme... Device setup management. Management MGT interface, reconnect with web interface. [restrict to admin networks)
Use a firewall host name and domain name. Other config are login banner, long and lat (used for FW map on the ACC and monitor tabs)
Config DNS server primary and secondary. Also use NTP services and update services
Service Routes
External services (update servers, DNS servers NTP server... Use Device>setup >services>service routes configuration
Activate a firewall, and manage licenses and software
Reg with Palto Alto services licenses etc. Support license needs to be activated (license key are needed and authorisation codes
Devise>licences
licences.... are:
- DNS security
- GlobalProtect
- Wildfire
- AutoFocus
- URL filtering
- Threat Prevention
- Virtual system
- Cortex data lake
- SD Wan
PAN-OS software updates
Use the MGT interface to get the most upto date version. Install from the updates server.
Dynamic updates
Devise > dynamic updates
Threat and updates database
- Antivirus
- App and threats
- Wildfire
Question 1
Correct
Mark 1.00 out of 1.00
Not flaggedFlag question
Question text
Select True or False. The running configuration consists of configuration changes in progress but not active on the firewall.
Select one:
a. True
b. False
Feedback
The correct answer is: False
Question 2
Correct
Mark 1.00 out of 1.00
Not flaggedFlag question
Question text
When committing changes to a firewall, what is the result of clicking the Preview Changes link?
Select one:
a. Compares the candidate configuration to the running configuration
b. Displays any unresolved application dependencies
c. Lists the individual settings for which you are committing changes
d. Shows any error messages that would appear during a commit
Feedback
The correct answer is: Compares the candidate configuration to the running configuration
Question 3
Correct
Mark 1.00 out of 1.00
Not flaggedFlag question
Question text
When making changes to configuration settings on the PAN-OS firewall, which of the following options lists the individual changes for which you are committing changes:
Select one:
a. Preview Changes for selected administrators.
b. Preview Changes for all
c. Change Summary
d. Validate Commit
Feedback
The correct answer is: Change Summary
Question 4
Correct
Mark 1.00 out of 1.00
Not flaggedFlag question
Question text
Which Next Generation FW configuration type has settings active on the firewall?
Select one:
a. Legacy
b. Startup
c. Candidate
d. Running
Feedback
The correct answer is: Running
Question 5
Correct
Mark 1.00 out of 1.00
Not flaggedFlag question
Question text
Which statement is true regarding the Palo Alto Networks Firewall candidate configuration?
Select one:
a. It can be reverted to the current configuration.
b. It always contains the factory default configuration.
c. It controls the current operation of the firewall.
d. It does not control changes to the current configuration.
Feedback
The correct answer is: It can be reverted to the current configuration.
Question 6
Correct
Mark 1.00 out of 1.00
Not flaggedFlag question
Question text
Which type of firewall license or subscription provides a graphical analysis of firewall traffic logs and identifies potential risks to your network by using threat intelligence from a portal?
Select one:
a. WildFire
b. Threat Prevention
c. GlobalProtect
d. AutoFocus
1. False. The running configuration consists of configuration changes in progress but not active on the firewall.
2. When committing changes to a firewall, what is the result of clicking the Preview Changes link?
Compares the candidate configuration to the running configuration
Displays any unresolved application dependencies
Lists the individual settings for which you are committing changes
Shows any error messages that would appear during a commit
3. When making changes to configuration settings on the PAN-OS firewall, which of the following options lists the individual changes for which you are committing changes:
Preview Changes for selected administrators.
Preview Changes for all
Change Summary
Validate Commit
4. Which Next Generation FW configuration type has settings active on the firewall?
Legacy
Startup
Candidate
Running
5. Which statement is true regarding the Palo Alto Networks Firewall candidate configuration?
It can be reverted to the current configuration.
It always contains the factory default configuration.
It controls the current operation of the firewall.
It does not control changes to the current configuration.
6. Which type of firewall license or subscription provides a graphical analysis of firewall traffic logs and identifies potential risks to your network by using threat intelligence from a portal?
WildFire
Threat Prevention
GlobalProtect
AutoFocus
Comments