>
    Configure the Firewall General Settings
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Onboard NGFWs to Strata Cloud Manager
    4. Configure the Firewall General Settings
    Download PDF
    Next-Generation Firewall

    Configure the Firewall General Settings

    Table of Contents

    Configure the Firewall General Settings

    Configure and specify the general firewall management settings.
    Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • VM-Series, funded with Software NGFW Credits
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    After you successfully onboard your firewall to cloud management, you have the option to configure and specify the general firewall management settings. Configuring the general settings for a firewall isn’t required but is recommended. You can configure some or all of the firewall general settings as needed.
    1. Log in to cloud management.
    2. Select ManageConfigurationNGFW and Prisma AccessDevice SettingsDevice SetupManagement and select the Configuration Scope where you want to configure the general settings.
      You can select a folder or firewall from your Folders or select Snippets to configure the general settings in a snippet.
    3. Click the cog wheel to edit the General Settings and Customize.
      If you modified the General Settings for a nested folder or individual device, you can Revert to Inherited to revert the General Settings configuration from the Customized configuration to that inherited from the parent folder of the nester folder or that inherited from the folder the firewall is associated with.
    4. Enter the network Domain domain name for the firewall (up to 31 characters).
    5. Enter text to display in the Login Banner on the firewall web interface login page (up to 3,200 characters).
      (Optional) Check (enable) Force Admins to Acknowledge Login Banner to force administrators to select I Accept and Acknowledge the Statement Below when logging in to the firewall web interface. This forces local firewall admins to acknowledge the login banner before they can log into the firewall web interface.
    6. Select or create a SSL/TSL Service Profile to specify a certificate and the SSL/TSL protocol settings allowed on the management interface.
      The firewall uses this certificate to authenticate to administrators who access the web interface through the management (MGT) interface or through any other interface that supports HTTP/HTTPS management traffic. If you select None, the firewall uses a predefined certificate.
    7. Select the Time Zone where the firewall is located.
    8. Select the Locale where the firewall is located to specify the language for PDF reports generated locally on the firewall.
    9. Enter the Latitude (-90.0 to 90.0) and Longitude (-180.0 to 180.0) of the firewall.
    10. Check (enable) Automatically Acquire Commit Lock to automatically apply a commit lock when you change the candidate configuration.
      Enable this setting so that other administrators can’t make configuration changes until the first administrator commits their changes.
    11. Check (enable) Certificate Expiration Check to instruct the firewall to create a warning message when on-device certificates approach their expiration date.
    12. (VM-Series firewall only) Check (enable) Use Hypervisor Assigned MAC Addresses to have the VM-Series firewall use the MAC address that the hypervisor assigned, instead of generating a MAC address using the PAN-OS custom schema.
    13. Check (enable) Tunnel Acceleration to improve performance and throughput for traffic going through GRE tunnels, VXLAN tunnels, and GTP-U tunnels. This option is enabled by default.
      If you disable or reenable Tunnel Acceleration and commit, you must reboot the firewall.
    14. Save.
    15. Push Config to push your configuration changes.

    © 2024 Palo Alto Networks, Inc. All rights reserved.