From SAASYAN docs
Jump to: navigation, search

Advance Deployment Guide

Generate API key

  • Generate an API key on the Palo Alto Networks Next Generation Firewall using the steps below. This API key will be used by Advance to inject UserID - IP Address mappings into the Palo Alto Next Generation Firewall.
  • To generate the key, you must construct a URL request using the administrative credentials as follows.
http(s)://hostname/api/?type=keygen&user=username&password=password
  • Make sure that special characters in the password are URL/percent-encoded.
  • The result with be an XML block that contains the key. It should look like the following:
API key generation.png
  • The key must be URL encoded when used in HTTP requests. The key generation operation uses the master key for generating keys. If you have not changed the master key from the default, all firewalls with the same username/password will return the same key. You must change the master key on the device if you want different keys returned for the same username/password combination on two different devices.
  • To revoke or change the key, change the password with the associated admin account. As a best practice, set up a separate admin account for XML API access.

Advance Virtual Appliance

  • SAASYAN support will email you a link to download the preconfigured Advance VM along with the login credentials to logon to this VM's console if needed.
  • Deploy the Advance virtual appliance into your environment.
  • Make sure you set the network adapter's device status to connected and start the VM. Also, make sure your network is configured to allow the Advance Virtual Appliance outbound internet access on TCP port 443 - it uses this port to activate and renew its license information.

Advance Virtual Appliance Management Console

Once the Advance Virtual Appliance is deployed, use the provided login credentials to logon to the VM's console. The Advance management console will launch and you will have the below screen. Press OK to continue

Advance-management console 1.png

You can perform several actions, as per below. You can either type the number or use the arrow keys to move up and down to select the desired action

Advance-management console 2.png

Interface Configuration

Advance-management console 3.png

Select the interface ens32 and you will have two options

Advance-management console 4.png

Select Static IP and enter the needed values for the static IP configuration. Make sure the DNS Servers are space separated

Advance-management console 5.png

Advance Web Interface

Launch your Web browser and use the IP address to access Advance. Use the appliance admin account details (advance_adm with the provided password) to login.

Advance-login.png

Appliance Registration

The first step will be to register the appliance using your licence key.

Advance-control panel.png

Once you enter a valid license key, you will be able to use your appliance and proceed with the configuration.

Advance-register appliance.png
  • The Palo Alto NGF certificate must be uploaded for the appliance to trust the self signed certificate on the Palo Alto NGF. Optionally, you can upload your certificate and private key to be used on the Advance web interface.

Appliance Admin Section

You can use the different sections in the Admin menu to perform your configurations.

Advance-admin menu.png

Change Advance Admin Password

Before any other settings, it's advisable to use the Advance Admin Password Change page to change the password for advance_adm.

Advance-appliance admin.png

Parameters

Most parameters used by Advance can be configured using the Parameters page. You can click on the value to edit it.

Advance-parameters 1.png
Advance-parameters 2.png