Jeremy Cooper [AFS MBP]
527b8e468b
Revert "Upgrades TF and TG in Common env"
|
3 роки тому | |
|---|---|---|
| .. | ||
| README.md | 4 роки тому | |
| terragrunt.hcl | 3 роки тому | |
README.md
016-panorama
NOTE: DISABLED
These are presently disabled by setting the number of instances to 0. This will allow us to spin up PAs when we want to.
IMPORTANT: These instances consume a license, and may do so automatically. Before destroying, make sure you return the license through the Palo Alto support portal.
Description
Creates an HA pair of panarama nodes to manage the palo altos.
Note: Post install configuration is required.
Post-install
For each instance:
ssh -l admin <eip>
configure
set mgt-config users admin password
<password>
<password>
commit
Then follow these steps:
Step 1: Log in to the web interface of the primary Panorama server. Step 2: Accept the browser certificate warning. Step 3: On the There are no device groups dialog box, click OK. Step 4: On the Retrieve Panorama License dialog box, click OK. Step 5: On the Retrieve Panorama License dialog box, click Complete Manually. Step 6: On the Offline Licensing Information dialog box, click OK. Step 7: In Panorama > Setup > Management > General Settings, click the gear icon. Step 8: In the Hostname box, enter xdr-panorama-0 (or xdr-panorama-1 on the standby) Step 9: In the Time Zone list, choose the appropriate time zone (Example: US/Pacific). Step 10: In the Serial Number box, enter the serial number found in the customer support portal, and then click OK. Step 11: In Panorama > Setup > Services, click the gear icon. Step 12: In the Primary DNS Server box, enter 169.254.169.253. This address is the DNS address for AWS. Step 13: In the Secondary DNS Server box, enter 8.8.8.8. Step 14: On the NTP tab, in the Primary NTP Server section, in the NTP Server Address box, enter 169.254.169.123 Step 15: In the Secondary NTP Server section, in the NTP Server Address box, enter 0.pool.ntp.org, and then click OK. Step 16: On the Commit menu, select Commit to Panorama, and then click Commit. Step 17: In Panorama > Licenses, click Retrieve license keys from license server. Step 18: Verify in the status pane that Device Management License is active and has the correct device count. Step 19: If you are deploying Panorama as a HA pair, repeat this procedure on the secondary Panorama server. In Step 8, enter the name of the secondary Panorama server, Panorama-secondary. You must have a unique serial number for the secondary Panorama system.