M-200 and M-600 Quick Start Guide

The Palo Alto Networks® M-200 and M-600 appliances are multifunction appliances you can configure in one of several modes: Step 3 | Assign a new IP address to the management interface and enable management
services.
◼  Panorama™ mode (default) — Performs both central management and log collection for Palo Alto Networks firewalls and M-Series appliances running
in Log Collector mode. 1  Select Panorama > Setup > Interfaces and click the Management interface.

◼  Management-only mode — Performs central management for Palo Alto Networks firewalls and Log Collectors but the Panorama server does not collect 2  Enter the new management interface information (IP Address, Netmask, and Default Gateway) for your network.
or store logs; all managed firewall logs are stored on Log Collectors. 3  Enable the following device management services if they are not already enabled:
◼  Log Collector mode — Functions as a Dedicated Log Collector that you can manage using a virtual Panorama appliance or an M-Series appliance running
in Panorama mode. ◼  Device Management and Device Log Collection

◼  PAN-DB Private Cloud mode (M-600 only) — Functions as a private URL filtering solution that Palo Alto Networks firewalls use for URL filtering ◼  Collector Group Communication
lookups. This solution is suitable for organizations that prohibit or restrict the use of the PAN-DB public cloud service. For more information, refer to the ◼  Device Deployment
PAN-OS Administrator’s guide specific to your release (guides are located on the Technical Documentation portal: https://www.paloaltonetworks.com/
documentation). 4  Enable HTTPS and SSH network connectivity services. We recommend you disable HTTP and Telnet.

Step 4 | Configure the hostname, time zone, and general settings.

1 Before You Begin 1  Select Panorama > Setup > Management and edit General Settings.
2  Configure the Panorama clock and the clock on all managed firewalls to use the same Time Zone (for example, GMT or UTC). The firewall
◼  Register your new appliance at http://support.paloaltonetworks.com (Assets tab) so you can access the latest software updates and activate records timestamps when it generate logs and Panorama records timestamps when receiving the logs. Aligning the time zones ensures that
support for your appliance. timestamps and the processes for querying logs and generating reports on Panorama are in sync.

◼  Obtain the IP addresses for your DNS servers and an IP address for the management (MGT) interface. Optionally, obtain IP 3  Enter a Hostname for the server. Panorama uses this hostname as the display name (label) for the appliance. For example, this hostname
addresses for additional Ethernet ports. The M-200 and M-600 appliances have four 10/100/1000Mbps interfaces (MGT, Eth1, Eth2, and is the name that displays as part of the CLI prompt and also in the Collector Name field if you add the appliance as a managed collector
Eth3). The M-600 appliance has two additional 10Gbps interfaces (Eth4 and Eth5). (Panorama > Managed Collectors).

4  Enter the Latitude and Longitude for the physical location of the server to enable accurate placement of the M-Series appliance on the world
By default, all communication between an M-200 or an M-600 appliance and managed firewalls occurs over the management interface. In map (used for App Scope > Traffic Maps and App Scope > Threat Maps).
an environment with heavy log traffic, you can configure Panorama to distribute traffic for various functions to other Ethernet interfaces
5  Click OK to save your changes.
In PAN-DB mode, this applies only to the MGT and Eth1 interfaces. For more information, refer to the Panorama 9.1 Administrator’s

Step 5 |Configure DNS servers and the Palo Alto Networks Update Server.
Guide: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin.html.

1  Select Panorama > Setup > Services and edit Services.

◼  Rack-mount and power on the appliance as described in the M-200 and M-600 Appliance Hardware Reference:
https://docs.paloaltonetworks.com/hardware. 2  Enter the URL or static IP address of the Update Server (default is updates.paloaltonetworks.com).
3  Enter the IP address of the Primary DNS Server and, optionally, the Secondary DNS Server.
4  (Optional) Verify Update Server Identity if you want Panorama to verify that the Update Server from which it downloads
software or content packages has an SSL certificate signed by a trusted authority. This option adds an additional level of security for

2 Perform the Initial Configuration

communication between the Panorama management server and the Update Server.

5  Click OK to save and then Commit. Select Panorama as the Commit Type, and click Commit again.
Use the following procedure to connect a management computer to the appliance and to configure basic management access.

Step 1 | Connect your computer to the appliance. Step 6 | Verify management access to the appliance.
1  Connect the management interface on the appliance to the management network.
1  Take note of the existing IP address on your computer in case you need it in Step 6.
2  Change the IP address on your computer back to the previous IP address (captured in Step 1) and then reconnect your computer to the
2  Change the IP address on your computer to an address in the 192.168.1.0/24 network, such as 192.168.1.2.
management network.
3  Connect an RJ-45 Ethernet cable from your computer to the MGT port on the appliance.
3  Open a browser and connect to the appliance using the IP address that you assigned to the management interface. For
4  Launch a web browser on your computer and enter https://192.168.1.1. At the login prompt, enter the default username and password (admin/ example, if the management interface IP address is 10.43.4.4, then enter https://10.43.4.4.
admin).
4  Log in to the appliance using the new administrator password you configured in Step 2.

Step 2 | Change the default administrator password on the appliance.

1  Click admin (lower-left portion of the management console) to display the password change prompt.
2  Type the Old Password, type the New Password, and then Confirm New Password.
3  Click OK to save the new password.


docs.paloaltonetworks.com Page 1 of 2
M-200 AND M-600 QUICK START GUIDE (CONTINUED)

3 Change the Mode of Operation

Change the appliance mode to one described in the Overview. If you change to Log Collector mode or (M-600 only) PAN-DB Private
Cloud mode, you must use the command line interface (CLI) to manage the appliance; the web interface is available only in Panorama
and Management-only mode.

Before you change the mode of operation from Panorama or Management-only mode to Log Collector mode, configure the Log Collector
options using the Panorama web interface as described in the Panorama Administrator’s Guide for your release.

You cannot switch directly between Log Collector mode and PAN-DB Private Cloud mode; instead, you must first switch to Panorama
mode. Switching the mode reboots the appliance and deletes the existing configuration and data but does not delete the management
access configuration.

To change modes:

1  Use terminal emulation software to access the CLI on the appliance.

2  Log in to the appliance using the administrator username (admin) and the password you configured during initial configuration.
3  Use one of the following commands to change modes:

◼  From Panorama mode to Log Collector mode: > request system system-mode logger
◼  From Panorama mode to Management-only mode: > request system system-mode management-only
◼  (M-600 only) From Panorama mode to PAN-DB Private Cloud mode: > request system system-mode panurldb
◼  From Log Collector or PAN-DB Private Cloud mode to Panorama mode: > request system system-mode panorama

4  After the appliance reboots, verify the mode of operation by running the following command:
> show system info | match system-mode

The output shows the mode for the appliance. For example: system-mode: panorama

Where To Go Next
To learn more about the appliances, refer to the M-200 and M-600 Appliance Hardware Reference Guide:
https://docs.paloaltonetworks.com/hardware.

To learn how to configure Panorama, go to the Technical Documentation portal:

https://docs.paloaltonetworks.com.

Start here to Register and Set Up your firewall and access all resources and support tools:
https://go.paloaltonetworks.com/CustomerLaunchPad

docs.paloaltonetworks.com | © 2020 | Palo Alto Networks, Inc. | Part Number: 810-000278-00C Page 2 of 2