Palo Alto Networks Firewalls

Note: Guidance on Palo Alto Networks firewalls is publicly available within Palo Alto Networks device documentation.

Administrative Information

  1. Make sure your firewall is powered on and connected to your network.
  2. Connect the RJ-45 Ethernet cable from the RJ-45 port on your computer to the MGT port on the firewall.
  3. Change the IP address on your computer to an address in the 192.168.1.0/24 network (e.g., 192.168.1.2.3).
  4. From a web browser on your computer, navigate to https://192.168.1.1.4.
  5. Log in (default credentials shown below).
    • Username: admin
    • Password: admin

Note: If you are not able to connect to the web interface, consult the quick start guide for your particular device model for additional options.

Adding/editing 8x8 subnets is recommended when available. Please click here and review the Traffic Shaping and Specific Subnet/Port Configuration section. (Login required.)


Configuring 8x8 Voice Services on Palo Alto Networks Firewalls

Click to enlarge all images below.

1. Disable SIP ALG

  1. Objects → Applications → (Search for SIP)

  2. Under Options, next to ALG, click Customize.

  3. Check the box for Disable ALG, then click OK.

  4. Click OK, then Close the SIP configuration.

2. Import 8x8 application XML into the PAN system

  1. Download the 8x8 App XML for PAN Firewalls to your computer.
  2. Objects → Applications → Import

  3. Import appid_8x8_App.xml.

3. Add 8x8 public IP subnets

  1. Objects → Addresses → Add

  2. Click here to add the complete list of 8x8 subnets. See the Traffic Shaping and Specific Subnet/Port Configuration(Login required.)

4. Create Address Group for 8x8 public IP subnets

  1. Objects →Address Groups
  2. Add all entries you created in the previous screen. (Name can be whatever you like.)

5. Create application override rule for UDP

  1. Policies → Application Override → Add

  2. Name the rule and add any description.

  3. Set Source Addresses or Zones (any subnet or zone that will have 8x8 phones or 8x8 Virtual Office Desktop or Mobile running on it).

  4. Set Destination Addresses by adding the Destination Address group you created previously. Also Untrust the zone for your network.

  5. Under Protocol/Application, select UDP.
  6. Copy and paste all of the following UDP ports in the Port field: 5060,5061,5196-5199,5299,5399,5301,5401,5443
  7. For Application, select the 8x8 App.

6. Create Security Rule on PAN System

  1. Policies → Security → Add

  2. Name Security Rule and add Description as desired.

  3. Set Source Addresses or Zones (any subnet or zone that will have 8x8 phones or 8x8 Virtual Office Desktop or Mobile running on it).

  4. Leave User tab blank.
  5. Set Destination Addresses by adding the Destination Address group you created previously. Also Untrust the zone for your network.

  6. Under Application, add the 8x8 App.

  7. Leave Service/URL Category blank (or as set by default).
  8. Under Actions, set Action Setting to Allow.

  9. Move new rule to top of rule list to avoid rule conflicts.

7. Commit Changes