Allowing Specific IP Addresses to Access the Palo Alto Network Device

Allowing Specific IP Addresses to Access the Palo Alto Network Device

149467
Created On 09/26/18 13:47 PM - Last Modified 06/06/23 19:38 PM


Resolution


Overview

This document describes how to allow specific IP addresses to access the Palo Alto Networks device through the Management and Dataplane Interface.

 

Steps

  • The following is the Management Interface configuration:
  1. From the WebUI, go to Device > Setup > Interfaces and click Management. As shown below, configure Management Interface IP address, on the right-hand side are Services to be allowed on the Interface and add permitted IP address:per.JPG
  2. Click "OK" and perform a commit on the device

 

  • The following is the Dataplane Interface with Interface Management Profile configuration:
  1. From the WebGUI, go to Network > Interface Mgmt (Under Network Profile)
  2. Create a new profile and configure the permitted IP address and allowed servicesmgmt.JPG
  3. Go to Network > Interfaces > Ethernet and click the desired Interface to map the profile as shown below.
  4. Now only IP "10.0.0.100" can access the device through Management Interface and Ethernet Interface.
User-added image

 

See Also

How to Restrict the IP Addresses that can Manage the Firewall

 

owner: sbabu
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClovCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language