How to check management ip in palo alto cli

cfg. show. com> run show network interfaces. You will want to ensure that you are not using a service route though, as the DNS requests are all sent using that service route. >show config running xpath devices (will start at network interface config) (to view config in set format) > set cli config-output-format set. 22 Chile > show location ip 49. Configure ip address with the same subnet as firewall-management's ip. 0/24 IP range, as the default IP of the management port will be 192. If Management port is used as HA1 bkup then Heartbeat backup is not needed. Scripting mode allows copying and pasting commands from a text file directly into the CLI without the commands being truncated admin@Lab196-118-PA-VM1> set cli scripting-mode on set session drop-stp-packet. When using a console cable, set the terminal emulator to 9600baud, 8 data bits, 1 stop bit, parity none, VT100. If HA1 and HA1-backup are configured with data plane ports then Heartbeat backup is needed. Use the following commands to perform common User-ID configuration and monitoring tasks. A Custom Region contains IP addresses in the format of IP (x. Refer example below. Perform Initial Configuration. 120 Netmask: 255. How to view Management Interface Setting in the CLI - Knowledge Base - Palo Alto Networks. The firewall will reboot in the maintenance mode. Refresh SSH Keys and Configure Key Options for Management Interface Connection. 1: PAN-OS 8 and up . DHCP Leases. To create a new security policy from the CLI: > configure (press enter) # set rulebase security rules <name> from <source zone> to <destination zone> destination <ip> application <application> service <any/application-default/service name> action <allow/deny> (press enter) # exit Sep 25, 2018 · > show interface management ----- Name: Management Interface Link status: Runtime link speed/duplex/state: unknown/unknown/down Configured link speed/duplex/state: auto/auto/auto MAC address: Port MAC addresss 00:1b:17:eb:4d:fc Ip address: 192. From firewall: Directly connect the above laptop to management interface. Click the cog wheel to edit the Management Interface Settings and. To change the value of a setting, use a. For example, the following command displays the configuration hierarchy for the Ethernet interface segment of the hierarchy: Entering configuration mode. To configure an active/passive HA pair, first complete the following workflow on the first firewall and then repeat the steps on the second firewall. 2 CLI Quick Start to get up and running with the PAN-OS and Panorama command-line interface (CLI) quickly and easily. Adding Static Management IP. Customize. Drop all STP BPDU packets. The following commands are run on the device CLI. That’s why the output format can be set to “set” mode: 1. > Configure # set deviceconfig system ip-address x. kadak. Just make sure IP address and API key is correct. flow_pvid_inconsistent. > show running nat-rule-cache // Show all NAT rules of all versions in cache. Our previous article was introduction to Palo Alto Networks Firewall appliances and technical specifications, while this article covers basic IP management interface configuration, DNS, NTP and other services plus account password modification and appliance registration and activation. tcpdump. For additional resources regarding BPA, visit our LIVEcommunity BPA tool page. com> run ping 1. One big advantage of Palo is seperate dataplane (network ports, HA2, HA3) and control plane (mgmt port, HA1). From the WebGUI: Go to Device > Setup > Management tab; Click on edit icon inside the Management Interface window: Add the IP address or network address along with the subnet mask. PA@Kareemccie. MTU values can be set on the interface level. Select. # show network interface. . Apply the interface to a virtual router; #set network virtual-router VR1 interface ethernet1/9. ping: ping interface host (args =" ") Example of ping which controls the count (-c) and the ping packet size (-s) Perform Initial Configuration. This reveals the complete configuration with “set …” commands. Example: Sep 26, 2018 · For example, if connectivity to WEB UI is lost check the setting disable-https. L5 Sessionator. For example, you might want to prevent users from accessing the firewall web interface over the ethernet1/1 interface but allow that interface to receive Jul 3, 2021 · This article describes how to configure the Management Interface IP on a Palo Alto firewall via CLI/console. For security reasons, you must change these settings before continuing with other firewall configuration tasks. 8 China. Configure custom Services Object for the non-default ports that will allow access to the firewall. PAN-OS. Nov 24, 2013 · 1 accepted solution. Next Hop. field and then enter the IP address and netmask for your Internet gateway (for example, 203. The PA-220 firewalls capture 68 bytes of data from each packet and anything over that is truncated. with keywords displays a segment of the hierarchy. radio button in the. Sep 25, 2018 · If a permitted IP list is configured for the management interface, make sure that Panorama IP is allowed in the list. Mar 1, 2022 · From the MP, you can use the following command to ping a single IP address using the Management Interface IP: >ping host x. This will return all the existing CLI commands containing 'default-gateway'. The IPv6 firewalling can be enabled/disabled under Device > Setup > Session: PAN-OS 7. 1 and a username/password of admin/admin. View the Entire Command Hierarchy. An example scenario for the use of the command is for an inbound NAT configuration on a Palo Alto Networks firewall. set deviceconfig high-availability interface ha1 port ha1-a. CLI > configure # set deviceconfig setting session ipv6-firewalling [yes|no] # commit # exit . Sep 26, 2018 · Issue. Ping command using the Management interface. Show the authentication logs. 2 Ipv6 address: unknown Ipv6 link local Jun 28, 2024 · This article is the second-part of our Palo Alto Networks Firewall technical articles. prod. show vlan all. x netmask x. Reset the system to factory default settings. 89. com Connected : yes DNS: msg: Successfully resolved FQDN status: success timestamp: 2023/11/07 12:43:15 TCP: msg: TCP channel established status: success Sep 25, 2018 · CLI commands that can be used to ip mac state duration lease_time 192. <vid>. Interface configuration Nov 19, 2019 · I would recommend to use a static IP vs reservation for the mgmt port. You must perform these initial configuration tasks either from the MGT interface, even if you Sep 25, 2018 · From the CLI use command show location ip <ip> > show location ip 212. Change CLI Modes. The counters can be used to view management server statistics (number of logs written to trigger counters assigned to each management server process) This command is useful when suspecting a hardware issue that would require RMA After you connect your system controllers to a management console or console server, you can configure a management IP address from the CLI. 1. find command. Palo Alto Firewall. paloaltonetworks. Sep 25, 2018 · > show interface management ----- Name: Management Interface Link status: Runtime link speed/duplex/state: unknown/unknown/down Configured link speed/duplex/state: auto/auto/auto MAC address: Port MAC addresss 00:1b:17:eb:4d:fc Ip address: 192. configure # set deviceconfig system ip-address <IP> set deviceconfig system netmask <mask> set deviceconfig system default-gateway <gw IP> #commit Sep 25, 2018 · When using the management port, the workstation you'll be using must be reconfigured so its network interface has an IP address in the 192. Look at the. 122. y host x. com>find command keyword network. Customize the CLI. The PA-7000 Series firewalls and VM-Series firewalls Jan 5, 2018 · In my network we tag certain IP addresses for various reasons on our Palo Alto's. Use the PAN-OS 10. As shown below, configure Management Interface IP address, on the right-hand side are Services to be allowed on the Interface and add permitted IP address: Click "OK" and perform a commit on the device Hence ping from the management interface will not be affected by the "Permitted IP Addresses". Click. Created On 09/26/18 13:51 PM - Last Modified 06/13/23 16:41 PM other IP default timeout: 30 seconds Session This document describes how to view the active session information on the CLI. Each platform has a default number of bytes that. Steps. Note that if you don't know a specific CLI command you can use the following command to find existing command options : admin@PA-200# find command keyword default-gateway. deviceconfig. phy [x=slot number and y=port number] Example output: > show system state filter-pretty sys. Enter. Even smallest 2 core firewall has one cpu core dedicated for checking passthrough traffic and other for management. The lease might be extended (renewed) upon subsequent requests. Perform this task to view DHCP pool statistics, IP addresses the DHCP server has assigned, the corresponding MAC address, state and duration of the lease, and time the lease began. May 23, 2017 · 05-23-2017 06:54 AM. Also try the command : show system state filter cfg. The example below is 9. phy. 0" until "commit force" is executed. Adding MGMT IP: Jun 12, 2012 · 1 accepted solution. q/m # commit # exit Note: Replace x. 72. ngfw. Note: Make sure management's LED is GREEN and blinking. 60. 26 Sep 25, 2018 · Palo Alto Firewall; PAN-OS 8. 10/24. Sep 28, 2020 · Thank you, for the most part i think I got it: configure. Change the system setting to static (DHCP is enabled by default). # set network profiles interface-management-profile man ssh yes # set network profiles interface-management-profile man https yes # set network profiles interface-management-profile man ping yes ; Add interface management profile ”MAN” to an interface (L3 interface, ethernet 1/3 for this example): Select the. For firewalls with dedicated HA ports, use an Ethernet cable to connect the dedicated HA1 ports and the HA2 ports on peers. The default superuser password is. Changing DHCP to Static: admin@LetsConfig-NGFW# delete deviceconfig system type dhcp-client. y Sep 25, 2018 · Apply the profile to the interface and assign an IP address. s(x). IP Address. 172116. Home. If the lease was configured as. x), Range (x. ping host <IP address of syslog server> If ping is successful then proceed to (b) otherwise check physical layer1 and data link layer2 on your network. Sep 25, 2018 · Uptime may differ between the management plane and data plane on a Palo Alto Networks device. Sep 26, 2018 · The following is the Management Interface configuration: From the WebUI, go to Device > Setup > Interfaces and click Management. View all tags registered from a specific information source. 0/24; commit Nov 21, 2013 · The XML output of the “show config running” command might be unpractical when troubleshooting at the console. Verify SSH Connection to Firewall. The IP assigned to the loopback interface should be unique and not identical to a dataplane or management interface. From laptop: Run wireshark. 11-25-2013 07:01 AM. 100 00:18:8b:b2:1b:b6 committed 0 Mon Dec 14 08:43:10 2009 er config agent with Feb 10, 2022 · If Service Route is set to "Use Management Interface for all" or "Use Default" then from the firewall CLI: Check IP connection between firewall and the syslog server. 22 200. This feature is enabled by default. 0 Operational Commands and Configure Commands or view the CLI Changes in PAN-OS 9. Entering. commands to view configuration settings and statistics about the performance of the firewall or Panorama and about the traffic and threats identified on the firewall. Sep 25, 2018 · Examples. Global Find enables you to search the candidate configuration on a firewall or on Panorama for a particular string, such as an IP address, object name, policy rule name, threat ID, UUID, or application name. Use show system info to check the current version. Give Administrators Access to the CLI. x default-gateway x. To view the active sessions run the command: > show session all filter state active-----ID/vsys application state type flag src[sport]/zone/proto (translated IP[port]) Mar 13, 2023 · CLI Cheat Sheet: User-ID. In the end, you are doing the same thing, right???. Enter the administrative password. y. set session pvst-native-vlan-id. Click OK and click on the commit button in the upper right to commit the changes. I hope this helps, Aug 29, 2023 · Access the CLI. PAN-OS Web Interface Reference. debug object registered-ip test [<register/unregister>] <ip/netmask><tag>. From the DP, you can use the following command to use an interface that owns ip y. Sep 25, 2018 · Note: The management profile permitting access only needs to be on the loopback interface, and not the Untrust interface. 0, change the translation type to "Dynamic IP" for all the DNAT rules using an FQDN. The CLI command "set deviceconfig system ip-address" can be used to change the IP address. 26 tunnel. Network. 3 version. In addition to searching for configuration objects and settings, you Sep 25, 2018 · In the above example: "override deviceconfig system permitted-ip" is added before the set command: > configure # override deviceconfig system permitted-ip # set deviceconfig system permitted-ip x. Login to the device with the default username and password (admin/admin). Sometimes we will get a large batch of these that need to be done and manually creating an address object and then tagging it via the GUi can be time consuming (to say the least). 60/23. WebUI. To display a segment of the current hierarchy, use the. Environment. Get Help on Command Syntax. debug user-id log-ip-user-mapping no. Feb 5, 2021 · Allowed management protocols/services; Trusted IP addresses designated for administration; Even if your firewall is on a dedicated management network you can secure the firewall further by restricting the source IP addresses that can access the management interface to those of your administrators (network/security operations, IT administrators debug object registered-ip clear all. After a fresh reboot of the firewall, the command "show running nat-policy" might still show the destination as "0. View DHCP Server Information. 124. Management Interface: May 6, 2021 · traceroute - Traces route to an IPv4 address to check a path; Environment CloudGenix Procedure. Best Bet would be to include Columns such as NAT Source IP,NAT Destination IP and for NATed ports as well in the GUI Traffic Logs (Monitor>Logs>Traffic) to have a bird's eye view. From firewall: From the console port, run the following commands: Jan 3, 2019 · At step 5, if the commands being pasted in exceed longer than 20 lines, recommend switching to scripting mode. 1 and above. com> set cli config-output-format set. I'm wondering if there is a way to add these object groups and tag them via the CLI. 113. 01-14-2022 12:40 PM. Enter the following CLI command: debug system maintenance-mode. Navigate the CLI. Some of the commands are listed below with the expected outputs. After deploying, you will want to follow the Palo Alto initial setup CLI process to get a static IP on your management interface, set up a default gateway Sep 25, 2018 · Interface IP address: 10. NOTE: If there is any discrepancy between what shows in the logs or CLI see KB listed in Additional Information. 30. Dec 19, 2023 · Check the output of the CLI command: > show cloud-management-status Managed by Cloud Management Service Endpoint: cyzf2994-f01f-48f7-ab8c-d1cd4b439200. 2 Ipv6 address: unknown Ipv6 link local Apr 16, 2020 · Getting Started: Layer 3, NAT, and DHCP. 1Q tag and PVID fields in a PVST+ BPDU packet do not match. Jul 7, 2020 · Permitted IP addresses when configured ensures only the IP address and subnets defined in this list can access the firewall management interface and deny the rest of the IP addresses accessing the device management. #set network interface ethernet ethernet1/9 link-state auto link-duplex auto layer3 interface-management-profile test ip 10. So, we need to delete DHCP and choose Static IP. PAN-OS 8. com. View DHCP pool statistics, IP address the DHCP server assigned, MAC to configure the management interface settings in a snippet. First boot of palo alto pan os in vm series firewall. cloudmgmt. displays the entire command hierarchy. So you'll get more clarity. 255. By default, the PA-Series firewall has an IP address of 192. q/m with the IP address configured in your network for the firewall. Sep 25, 2018 · delete deviceconfig system permitted-ip <subnet to be removed> Tip: The TAB key can be used after typing "permitted-ip" to view the current list of allowed IP addresses; Add the subnet that needs access to the GUI with the command set deviceconfig system permitted-ip <subnet to be added> set deviceconfig system permitted-ip 192. If the address was configured as a. You can test and verify that your policy rules are allowing and denying the correct traffic by executing policy Access the CLI. parameter, find command keyword displays all commands that contain the specified keyword. Resolution There are 3 solutions for such scenario, and implementing one of them depends on your network needs: 1- Lower the MTU of the management interface of the Palo Alto Firewall to avoid the device along the path from dropping the (Server Hello Use. To view system information about a Panorama virtual Sep 25, 2018 · The following document describes how to allow certain IP addresses to access the Management Interface on the Palo Alto Networks firewall. For example, to configure an NTP server, you would enter the complete hierarchy to the NTP server setting followed by the value you want to set: admin@PA-3060#. 50% helpful (1/2) High Availability - HA Heartbeat Backup. Show counter of times the 802. HTTP. To view system information about a Panorama virtual PAN-OS. If step 2 fails to fix the problem, then check step 3. 0 Default gateway: 192. 54. Commit the changes Use the Tab key in the middle of entering a command and the command will automatically complete, provided there are no other commands that match the letters you have typed thus far. Dec 10, 2019 · Any Palo Alto Firewall. Options. Configure the management interface settings. > show global-protect-gateway flow total tunnels configured: 1 filter - type GlobalProtect-Gateway, state any total GlobalProtect-Gateway tunnel shown: 1 id name local-i/f local-ip tunnel-i/f ----- 2 gp-gateway-N ethernet1/3 10. Note: If you change the management IP address, and commit Sep 25, 2018 · The following CLI command displays the physical media connected to a port: > show system state filter-pretty sys. Use Global Find to Search the Firewall or Panorama Management Server. If the client no longer needs the address, it can release the address back to the server before the lease is up. show counter global. set network interface ethernet ethernet1/2 ha. Feb 2, 2021 · The first adapter will be assigned as the management adapter. Configure the external interface (the interface that connects to the Internet). Verify PVST+ BPDU rewrite configuration, native VLAN ID, and STP BPDU packet drop. Issue a ping command to firewall-management's ip. to continue to the maintenance mode menu. Sep 25, 2018 · Note: Post 9. --> To run the operational mode commands in configuration mode of the Palo Alto Firewall: PA@Kareemccie. As a result you can manage the box even if you are under attack or your dataplane is fully utilized. Dec 29, 2014 · Three different options to view configured network interfaces: (to see management interface ip address use >show system info) > show interface all. Sep 26, 2018 · How to Monitor Live Sessions in the CLI. set. Sep 25, 2018 · There are different ways to import a list of IP addresses to be handled by a policy on the Palo Alto Networks firewall. Network > Network Profiles. Mar 17, 2021 · Hi @FabioSouza, which command are you using, how are you using it (Postman, curl, etc), and is it to Panorama or NGFW directly? It looks like you are using the "sslmgr-store" command from earlier in the thread, but maybe try the config command later in the thread which includes certificate names in the response. Navigate to Device > Setup > Services, Click edit and add a DNS server. To set up CLI access for other administrative users, see Give Administrators Access to the CLI. Use a terminal emulator, such as PuTTY, to connect to the CLI of a Palo Alto Networks device in one of the following ways: SSH Connection. An Interface Management profile protects the firewall from unauthorized access by defining the protocols, services, and IP addresses that a firewall interface permits for management traffic. OK. The changes can be verified by running the "show system info" command. captures. p1. For example, if you type. You can also view a complete listing of all PAN-OS 9. Apr 25, 2022 · After verifying and validating the config diff between local and peer as mentioned in A login to the CLI for the "active" Firewall for A/P setup ("active primary" Firewall for A/A setup) and issue following command: > request high-availability sync-to-remote running-config. Sep 25, 2018 · Management Server Statistics. >. This clearly reduces the scope of access to the Panorama or firewall management and limits the connection only to the list of IP Sign in to access Palo Alto Networks' knowledge base for information on network device management and IP address configuration. x. set cli config-output-format set. Test the policy rules in your running configuration to ensure that your policies appropriately allow and deny traffic and access to applications and websites in compliance with your business needs and requirements. Procedure. set deviceconfig system ntp-servers primary-ntp-server Wed Jan 24 00:36:34 UTC 2024. show vm-monitor source source-name vmware1 tag all. 180 United States > show location ip 200. s1. You can use. In general we can find details for each physical interface by using the show arp command as in the following example: > show arp ethernet1/24. 66. Show the administrators who are currently logged in to the web interface, CLI, or API. To troubleshoot Management Server Statistics, use show counter management-server. Jun 7, 2021 · Options. 180 212. Sep 25, 2018 · The IPv6 firewalling can be enabled or disabled through the WebUI or the CLI. Now, enter the configure mode and type show. By default, Palo Alto use DHCP IP. When the firewall reboots, press. show system info. In the post, may be you're not able to see full path, just copy below path and paste it in notepad. 8 49. Connect the HA ports to set up a physical connection between the firewalls. This is only required to establish initial communication with the controller. Sep 25, 2018 · Details. Panorama > Setup > Interfaces. Navigate to Device > Setup > Management, Click on the setup icon on the right hand corner and configure the Management Interface IP. Apply the interface to a zone. guaranteeing that the FW will consistently have the same IP . Resolution. Yes. set deviceconfig high-availability interface ha1 ip-address 192. To change the Management Interface service settings, run the following commands: admin@lab-82-PA500# set deviceconfig system service + disable-http disable-http + disable-https disable-https + disable-icmp disable-icmp + disable-snmp disable-snmp Jan 14, 2022 · Options. Restart the device. Details. twice to save the virtual router configuration. and then press Tab, the CLI will recognize that the command you are entering is. Sep 25, 2018 · How to Configure MTU and MSS Settings from the CLI Palo Alto Firewall. 2 Ipv6 address: unknown Ipv6 link local Apr 23, 2020 · As you're looking for exporting arp list, just put IP address of your firewall and a associated API key in below path, the file will get exported through curl. set deviceconfig high-availability enabled yes. 55. debug user-id log-ip-user-mapping yes. Sep 26, 2018 · When the Renew option is clicked, it causes the interface of the firewall to get an IP address again, it will check if the previously configured IP address is available in the pool. If you need detailed view click the "Magnifying Glass"" icon at start of the log. If yes, then it will assign that IP address first, if not then the next available IP address will be configured on the interface: Jun 11, 2014 · There is no nslookup command, but you can do a simple ping. Enter your login credentials. The CLI command "show running security-policy-addresses" displays all the IP addresses of an address object referenced in a security policy; To view any single address object and and their associated IP addresses, use "show address" command from config mode. Add or delete tags for a given IP address that was registered using the XML API. p(y). By default, it will allow all IPs if a list is not specified. phy: {link-partner: { }, media: CAT5, type: Ethernet,} The following command displays the interface counters: Sep 26, 2018 · Any IP address in subnet 10. 24. However, for security reasons you should immediately change the admin password. keyword. Viewing the network connections on a Palo Alto VM 100 virtual firewall. Select which Administrative Management Services that you want to enable on the interface in order to access the firewall web interface and CLI. When you run this command on the firewall, the output includes local administrators, remote administrators, and all administrators pushed from a Panorama template. admin. You must perform these initial configuration tasks either from the MGT interface, even if you ION device command-line interface (CLI) using the console and assign a static IP address to an unclaimed ION device controller or internet port. However, there does not appear to be an option to view ARP details for a sub-interface. Log in to the CLI; Go into configure mode: > configure. Create/Add a management user and assign a password # set mgt-config users <name> password Jun 26, 2024 · This article is the second-part of our Palo Alto Networks Firewall technical articles. Apr 30, 2021 · PA@Kareemccie. command. 168. Make sure Panorama is on a version greater than or equal to that of the managed devices. x # commit. 0. Remote administrators are listed regardless Mar 13, 2023 · CLI Cheat Sheet: Panorama. Any PAN-OS. Find a Command. Management Plane. Dec 11, 2019 · Objective Upgrade PAN-OS using CLI commands. CLI command enables you to capture packets that traverse the management interface (MGT) on a Palo Alto Networks firewall. It includes instructions for logging in to the CLI and creating admin accounts. eth0. For example, the. Step 1. Even if the destination doesn't allow ping, the DNS lookup will still happen. 10. sys. net. 67/23 can be used with the test arp gratuitous command to forcefully refresh the IP-MAC address mapping on connected Layer-3 devices. Mar 14, 2023 · CLI Cheat Sheet: Panorama. y on the firewall to source the Ping command from: >ping source y. Hello Tician, Here are some of the useful commands for NAT troubleshooting ( "nat-inside-2-outside" is the rule used for reference): > show running nat-policy // Show currently deployed NAT policy. To see more comprehensive logging information enable debug mode on the agent using the. Step 3. If prompted to acknowledge the login banner, enter. Use Regions or Custom Regions Use a Pre-Defined Region, see Palo Alto Networks Pre-defined Regions, or create a Custom Region. CLI command: show system resource | match up The following is a sample output of the command. on ‎07-13-2020 12:57 PM. Use the following commands on Panorama to perform common configuration and monitoring tasks for the Panorama management server (M-Series appliance in Panorama mode), Dedicated Log Collectors (M-Series appliances in Log Collector mode), and managed firewalls. set session drop-stp-packet. commands in both Operational and Configure mode. The server is then free to assign that address to a Creating/Adding Users. 06-12-2012 02:12 PM. set network interface ethernet ethernet1/1 ha. 44. x-y. 6. Try to see that the DHCP is not enabled: set deviceconfig system type static. CLI commands are organized in a hierarchical structure. The command to ping from the management interface is: ping host www. --> To Change Configuration output format in Palo Alto Firewall: PA@Kareemccie. > configure. You can use either IPv4 or IPv6 format for these IP addresses. In addition, it provides instructions on how to find a command and how to get syntactical help and command reference information Test Policy Rules. When you are done troubleshooting, disable debug mode using. Step 2. This document explains various ways to get uptime for each management plane and data plane. Enter configuration mode using the command configure. Interface management profile: ping-only ping: yes telnet: no ssh: no http: no https: no snmp: no response-pages: no Verify if the DF bit (Do not Fragment) is set to 1 in the packets received on the Palo Alto Networks firewall by looking at WireShark captures. Focus. set dev. us. A lease is defined as the time period for which a DHCP server allocates a network address to a client. example. z. Panorama Web Interface. In most cases you must be in Configure mode to modify the configuration. Used with the. Download PDF. admin@LetsConfig-NGFW# set deviceconfig system type static. Network > Network Profiles > Interface Mgmt. —To ensure you are logging in to your firewall and not a malicious device, you can verify the SSH connection to the firewall when you perform initial configuration . 1).