First Access to your firewall

Introduction

Whether you’re deploying a new firewall or recovering access to an existing one, this comprehensive guide covers all major firewall brands including Palo Alto, Cisco ASA/FTD, FortiGate, Check Point, Sophos, Juniper SRX, and WatchGuard. We’ll walk through first-time setup methods, troubleshooting common issues, and step-by-step password recovery procedures.

---

Table of Contents

1. Palo Alto Firewall
2. Cisco ASA/FTD
3. FortiGate
4. Check Point
5. Sophos
6. Juniper SRX
7. WatchGuard
8. Quick Recovery Reference
9. Final Notes
10. Resource

---

Palo Alto Firewall First-Time Setup Guide

Table of Contents

1. Before You Begin
2. Physical Installation
3. Initial Access Methods
4. Basic Configuration
5. Network Setup
6. Security Policies
7. System Services
8. Troubleshooting
9. Best Practices
10. Additional Resources

---

1. Before You Begin

What You’ll Need

• Palo Alto firewall appliance (e.g., PA-220, PA-800 series)
• Ethernet cables (for management and data ports)
• Management PC with:
  • Modern web browser (Chrome or Firefox recommended)
  • Terminal emulator (PuTTY, Tera Term, etc.)
• Valid support license (required for software updates and threat prevention)

Default Credentials

• Web GUI: admin / admin
• CLI: admin / admin (or check device sticker for specifics)

---

2. Physical Installation

A. Hardware Connections

• Management Port (MGT):
  Connect your management PC directly to the dedicated MGT port.
  Default IP address: 192.168.1.1/24
• Network Interfaces:
  • ethernet1/1: WAN (connect to your ISP modem)
  • ethernet1/2: LAN (connect to your internal switch or network)

B. Power On

• Connect power and wait for system LEDs to stabilize (typically 5–10 minutes).
• Status LED should turn solid green when the device is ready.

---

3. Initial Access Methods

A. Web GUI (Recommended)

1. Configure your PC’s IP address to 192.168.1.2/24.
2. Open a browser and navigate to:
   https://192.168.1.1
3. Log in using the default credentials.

B. CLI Console Access

1. Connect to the firewall via serial console cable (settings: 9600 baud, 8N1).
2. Login prompt: login: admin password: admin
3. Enter operational mode by typing: > configure

---

4. Basic Configuration

A. Web GUI Setup

• Change Admin Password:
  Navigate to Device > Administrators > admin > Edit, then set a strong password (minimum 8 characters).
• Device Setup:
  • Set Hostname: PA-Firewall
  • Configure Timezone to your local time zone
  • Set DNS: e.g., 8.8.8.8 (Google DNS)
• Activate License:
  Go to Device > Licenses, click Activate, and follow the prompts.

B. CLI Initial Setup (alternative)

set deviceconfig system hostname PA-Firewall
set network interface ethernet ethernet1/1 layer3 ip 192.168.1.1/24
commit

---

5. Network Setup

A. Interface Configuration

Interface	Zone	IP Address	Purpose
ethernet1/1	untrust	DHCP or ISP IP	WAN
ethernet1/2	trust	10.0.1.1/24	LAN

B. Default Route

set network virtual-router default interface ethernet1/1
set network virtual-router default routing-table ip static-route default nexthop ip-address <ISP_GATEWAY_IP>
commit

---

6. Security Policies

A. Basic Rule Setup

• Outbound Rule:
  • Name: allow-outbound
  • Source Zone: trust
  • Destination Zone: untrust
  • Service: application-default
  • Action: Allow
• Inbound Rule:
  • Name: deny-inbound
  • Source Zone: untrust
  • Destination Zone: trust
  • Action: Deny

B. NAT Configuration

• Source NAT (Masquerading):
  Translate internal IPs to the WAN IP address.
• Destination NAT (Port Forwarding):
  Used for hosting internal services accessible from outside.

---

7. System Services

Enable Management Access Services

set deviceconfig system service ssh yes
set deviceconfig system service https yes
set deviceconfig system service ping yes
commit

Logging & Reporting

• Enable traffic logging to monitor network activity.
• Optionally configure log forwarding to an external syslog or SIEM server.

---

8. Troubleshooting

Issue	Possible Solution
Can’t access Web GUI	Verify PC connection to MGT port and IP settings
No Internet access	Check NAT and security policies
License activation fails	Ensure internet connectivity

Useful CLI Commands

show system info
show interface all
show routing route

---

9. Best Practices

Security

• Enable multi-factor authentication (MFA) for administrator accounts
• Restrict management access to trusted IP addresses only
• Regularly update threat signatures and firewall firmware

Maintenance

• Schedule regular configuration backups (weekly recommended)
• Monitor system health and logs continuously

Documentation

• Keep updated records of interface assignments and IP schemes
• Log all policy and configuration changes for auditing

---

10. Additional Resources

• Official Palo Alto Networks Documentation
• Firewall.cx Palo Alto Guide
• Rowell Dionicio’s Palo Alto Tutorials

---

Here’s your revised and improved version, ready for a professional blog post — I kept it clear, well-structured, and easy to follow while fixing grammar, punctuation, and formatting for better readability.

---

Palo Alto Firewall – First-Time Setup Guide

Table of Contents

1. Before You Begin
2. Physical Installation
3. Initial Access Methods
4. Basic Configuration
5. Network Setup
6. Security Policies
7. System Services
8. Troubleshooting
9. Best Practices
10. Additional Resources

---

1. Before You Begin

What You’ll Need

• Palo Alto firewall appliance (e.g., PA-220, PA-800, etc.)
• Ethernet cables (for management and data ports)
• Management PC with:
  • Web browser (Chrome or Firefox recommended)
  • Terminal emulator (PuTTY, Tera Term)
• Valid support license (for updates and threat prevention)

Default Credentials

• Web GUI: admin / admin
• CLI: admin / admin (or check the device label for confirmation)

---

2. Physical Installation

A. Hardware Connections

• Management Port (MGT)
  • Connect your PC to the dedicated MGT port
  • Default IP: 192.168.1.1/24
• Network Interfaces
  • Ethernet1/1 – WAN (connect to ISP modem)
  • Ethernet1/2 – LAN (connect to internal switch)
• Power On
  • Wait 5–10 minutes for the system LEDs to stabilize
  • The Status LED should be solid green when ready

---

3. Initial Access Methods

A. Web GUI (Recommended)

1. Set your PC IP to 192.168.1.2/24
2. Open a browser and go to: https://192.168.1.1
3. Login using the default credentials

B. CLI Console

1. Connect via serial cable (9600 baud, 8N1)
2. Login: login: admin password: admin
3. Enter configuration mode: > configure

---

4. Basic Configuration

A. Web GUI Setup

• Change Admin Password
  • Navigate: Device > Administrators > admin > Edit
  • Set a strong password (minimum 8 characters)
• Device Setup
  • Hostname: PA-Firewall
  • Timezone: Set local time
  • DNS: 8.8.8.8 (Google DNS)
• Activate License
  • Navigate: Device > Licenses
  • Click Activate and follow the prompts

B. CLI Initial Setup

# Set hostname
set deviceconfig system hostname PA-Firewall

# Configure management interface
set network interface ethernet ethernet1/1 layer3 ip 192.168.1.1/24

# Commit changes
commit

---

5. Network Setup

A. Interface Configuration

Interface	Zone	IP Address	Purpose
Ethernet1/1	untrust	DHCP/ISP IP	WAN
Ethernet1/2	trust	10.0.1.1/24	LAN

B. Default Route

set network virtual-router default interface ethernet1/1
set network virtual-router default routing-table ip static-route default nexthop ip-address [ISP_GATEWAY]

---

6. Security Policies

A. Basic Rule Setup

• Outbound Rule
  • Name: allow-outbound
  • Source: trust
  • Destination: untrust
  • Service: application-default
  • Action: Allow
• Inbound Rule
  • Name: deny-inbound
  • Source: untrust
  • Destination: trust
  • Action: Deny

B. NAT Configuration

• Source NAT (Masquerading) – Translates internal IPs to the WAN IP
• Destination NAT (Port Forwarding) – Required for hosting internal services

---

7. System Services

A. Enable Management Services

set deviceconfig system service ssh yes
set deviceconfig system service https yes
set deviceconfig system service ping yes

B. Logging & Reporting

• Enable traffic logs
• (Optional) Configure log forwarding

---

8. Troubleshooting

Issue	Solution
Can’t access web GUI	Verify MGT port connection
No internet access	Check NAT and security rules
License activation fails	Verify internet connectivity

Useful Commands

show system info
show interface all
show routing route

---

9. Best Practices

Security

• Enable multi-factor authentication
• Restrict management access
• Keep threat signatures up to date

Maintenance

• Schedule weekly configuration backups
• Monitor system health regularly

Documentation

• Record interface assignments
• Document all policy changes

---

10. Additional Resources

• Official Palo Alto Networks Documentation
• Firewall.cx Guide
• Rowell Dionicio’s Blog

---

Here’s your revised and improved version, ready for a professional blog post — I kept it clear, well-structured, and easy to follow while fixing grammar, punctuation, and formatting for better readability.

---

Palo Alto Firewall – First-Time Setup Guide

Table of Contents

1. Before You Begin
2. Physical Installation
3. Initial Access Methods
4. Basic Configuration
5. Network Setup
6. Security Policies
7. System Services
8. Troubleshooting
9. Best Practices
10. Additional Resources

---

1. Before You Begin

What You’ll Need

• Palo Alto firewall appliance (e.g., PA-220, PA-800, etc.)
• Ethernet cables (for management and data ports)
• Management PC with:
  • Web browser (Chrome or Firefox recommended)
  • Terminal emulator (PuTTY, Tera Term)
• Valid support license (for updates and threat prevention)

Default Credentials

• Web GUI: admin / admin
• CLI: admin / admin (or check the device label for confirmation)

---

2. Physical Installation

A. Hardware Connections

• Management Port (MGT)
  • Connect your PC to the dedicated MGT port
  • Default IP: 192.168.1.1/24
• Network Interfaces
  • Ethernet1/1 – WAN (connect to ISP modem)
  • Ethernet1/2 – LAN (connect to internal switch)
• Power On
  • Wait 5–10 minutes for the system LEDs to stabilize
  • The Status LED should be solid green when ready

---

3. Initial Access Methods

A. Web GUI (Recommended)

1. Set your PC IP to 192.168.1.2/24
2. Open a browser and go to: https://192.168.1.1
3. Login using the default credentials

B. CLI Console

1. Connect via serial cable (9600 baud, 8N1)
2. Login: login: admin password: admin
3. Enter configuration mode: > configure

---

4. Basic Configuration

A. Web GUI Setup

• Change Admin Password
  • Navigate: Device > Administrators > admin > Edit
  • Set a strong password (minimum 8 characters)
• Device Setup
  • Hostname: PA-Firewall
  • Timezone: Set local time
  • DNS: 8.8.8.8 (Google DNS)
• Activate License
  • Navigate: Device > Licenses
  • Click Activate and follow the prompts

B. CLI Initial Setup

# Set hostname
set deviceconfig system hostname PA-Firewall

# Configure management interface
set network interface ethernet ethernet1/1 layer3 ip 192.168.1.1/24

# Commit changes
commit

---

5. Network Setup

A. Interface Configuration

Interface	Zone	IP Address	Purpose
Ethernet1/1	untrust	DHCP/ISP IP	WAN
Ethernet1/2	trust	10.0.1.1/24	LAN

B. Default Route

set network virtual-router default interface ethernet1/1
set network virtual-router default routing-table ip static-route default nexthop ip-address [ISP_GATEWAY]

---

6. Security Policies

A. Basic Rule Setup

• Outbound Rule
  • Name: allow-outbound
  • Source: trust
  • Destination: untrust
  • Service: application-default
  • Action: Allow
• Inbound Rule
  • Name: deny-inbound
  • Source: untrust
  • Destination: trust
  • Action: Deny

B. NAT Configuration

• Source NAT (Masquerading) – Translates internal IPs to the WAN IP
• Destination NAT (Port Forwarding) – Required for hosting internal services

---

7. System Services

A. Enable Management Services

set deviceconfig system service ssh yes
set deviceconfig system service https yes
set deviceconfig system service ping yes

B. Logging & Reporting

• Enable traffic logs
• (Optional) Configure log forwarding

---

8. Troubleshooting

Issue	Solution
Can’t access web GUI	Verify MGT port connection
No internet access	Check NAT and security rules
License activation fails	Verify internet connectivity

Useful Commands

show system info
show interface all
show routing route

---

9. Best Practices

Security

• Enable multi-factor authentication
• Restrict management access
• Keep threat signatures up to date

Maintenance

• Schedule weekly configuration backups
• Monitor system health regularly

Documentation

• Record interface assignments
• Document all policy changes

---

10. Additional Resources

• Official Palo Alto Networks Documentation
• Firewall.cx Guide
• Rowell Dionicio’s Blog

---

Cisco Firewall: First-Time Setup Guide

Table of Contents

1. Before You Begin
2. Physical Installation
3. Initial Access Methods
4. Basic Configuration
5. Network Setup
6. Security Policies
7. System Services
8. Troubleshooting
9. Best Practices
10. Additional Resources

---

1. Before You Begin

What You’ll Need

• Cisco firewall appliance (e.g., ASA, Firepower)
• Ethernet cables for management and data interfaces
• A management PC with:
  • Web browser (Chrome/Firefox recommended)
  • Terminal emulator (PuTTY, Tera Term, or SecureCRT)
• Valid support contract for software updates and threat prevention features

Default Credentials

• Web GUI: admin / admin (varies by model; check device label)
• CLI: admin / admin (or as specified by your device documentation)

---

2. Physical Installation

A. Hardware Connections

• Management Port
  • Connect your PC to the dedicated management interface
  • Default IP: 192.168.1.1/24
• Network Interfaces
  • GigabitEthernet0/0: WAN (connect to ISP modem/router)
  • GigabitEthernet0/1: LAN (connect to internal switch)
• Power On
  • Wait for system initialization (5–10 minutes)
  • Status LED should indicate normal operation (steady green on most models)

---

3. Initial Access Methods

A. Web GUI (Recommended)

1. Set your PC IP to 192.168.1.2/24
2. Open a browser and go to: https://192.168.1.1
3. Log in with default credentials

B. CLI Console

1. Connect via console cable (9600 baud, 8N1)
2. Log in: login: admin password: admin
3. Enter privileged mode: enable configure terminal

---

4. Basic Configuration

A. Web GUI Setup

• Change Admin Password
  • Navigate to: Device Management > Users > admin
  • Set a strong password (minimum 8 characters, mix of upper/lowercase, numbers, symbols)
• Device Setup
  • Hostname: Cisco-Firewall
  • Timezone: set according to local time
  • DNS: 8.8.8.8 (Google DNS) or preferred resolver
• License Activation
  • Navigate to: Device Management > Licensing
  • Activate licenses for features such as Threat Defense

B. CLI Initial Setup Example

# Set hostname
hostname Cisco-Firewall

# Configure management interface
interface management 0/0
 ip address 192.168.1.1 255.255.255.0
 no shutdown

# Save configuration
write memory

---

5. Network Setup

Interface	Zone	IP Address	Purpose
GigabitEthernet0/0	outside	DHCP/ISP IP	WAN
GigabitEthernet0/1	inside	10.0.1.1/24	LAN

Default Route Example:

route outside 0.0.0.0 0.0.0.0 [ISP_GATEWAY]

---

6. Security Policies

A. Basic Access Rules

• Outbound Traffic Rule:
  • Name: allow-outbound
  • Source: inside
  • Destination: outside
  • Service: any/application-default
  • Action: permit
• Inbound Traffic Rule:
  • Name: deny-inbound
  • Source: outside
  • Destination: inside
  • Action: deny

B. NAT Configuration

• Source NAT (PAT): Translate internal addresses to WAN IP for outbound traffic
• Destination NAT (Port Forwarding): For hosting internal services accessible from outside

---

7. System Services

Enable only necessary management protocols:

ssh 10.0.1.0 255.255.255.0 inside
http 10.0.1.0 255.255.255.0 inside
ping inside

Configure logging:

logging enable
logging buffered warnings

---

8. Troubleshooting

Common Issues and Solutions

Issue	Solution
Cannot access Web GUI	Check management port connectivity
No internet access	Verify NAT and access control rules
License activation fails	Check internet reachability and DNS

Useful CLI Commands

show version
show interface ip brief
show route
show access-list

---

9. Best Practices

Security

• Enable multi-factor authentication
• Restrict management access by IP
• Keep firmware and signatures updated

Maintenance

• Schedule regular configuration backups
• Monitor CPU/memory usage and interface statistics

Documentation

• Maintain an updated network diagram
• Keep a change log for firewall rules and NAT policies

---

10. Additional Resources

• Cisco ASA Documentation
• Cisco Firepower Management Center Guide
• Networking forums and community guides for troubleshooting and advanced configuration

---

FortiGate

1. Before You Begin

What’s Included

• FortiGate appliance (model-specific)
• Power cord and console cable
• Quick start guide

System Requirements

• Management PC with Chrome/Firefox
• Terminal emulator (PuTTY recommended)
• Valid FortiGuard subscription

2. Physical Installation

A. Hardware Setup

1. Place unit in well-ventilated area
2. Connect:
   • WAN (port1) to modem
   • LAN (port2) to switch
   • Console port to PC

B. Power On

• Wait for status LED to turn solid green (5-10 mins)

3. Initial Access Methods

A. Web Admin (Recommended)

1. Connect PC to port2
2. Set IP to 192.168.1.100/24
3. Browse to https://192.168.1.99
   • Username: admin
   • Password: (none by default)

B. Console Access

1. Serial settings: 9600 baud, 8N1
2. Basic commands:
   config system interface
   edit “port1”
   set ip 192.168.1.99 255.255.255.0
   next
   end

4. Web Setup Wizard

Mandatory Steps

1. Change admin password (min 8 chars)
2. Configure WAN interface:
   • DHCP (recommended for home use)
   • Static IP (for business)
3. Set system:
   • Hostname
   • Timezone (enable NTP)

5. CLI Configuration

Essential Commands

Set hostname

config system global
set hostname Office-FW
end

Enable ping access

config system interface
edit “port1”
set allowaccess ping https ssh
next
end

6. Network Setup

Interface Configuration

Interface	Purpose	IP Address
WAN1	Internet	DHCP/ISP IP
LAN1	Internal	192.168.1.1/24

Default Route

config router static
edit 0
set gateway 203.0.113.1
set device “wan1”
next
end

7. Security Configuration

Firewall Policies

1. Outbound Rule:
   • Source: LAN
   • Action: ACCEPT + NAT
2. Inbound Rule:
   • Source: WAN
   • Action: DENY (default)

Security Profiles

• Enable: Antivirus, IPS, Web Filter
• Set update schedule: Daily

8. Troubleshooting

Common Issues

• Can’t access web UI: Verify cables, try different browser
• No internet: Check WAN connection and NAT rules
• License issues: Verify FortiGuard subscription

Recovery Commands

Reset to factory

execute factoryreset
confirm

Password recovery

execute reset-passwd admin

9. Best Practices

1. Security:
   • Change default credentials immediately
   • Enable HTTPS-only management
   • Restrict admin access
2. Maintenance:
   • Weekly config backups
   • Monthly firmware checks
3. Documentation:
   • Keep network diagrams
   • Record configuration changes

Password Recovery

1. Power on, press Ctrl+Break
2. Select “Execute FortiGate Recovery”
3. Run execute factoryreset

---

Check Point Firewall Setup Guide

What You’ll Need

• Check Point firewall appliance – SMB models (600/1100/1500 series) or enterprise models.
• Ethernet cables – Cat5e or higher.
• Management computer – Windows, macOS, or Linux.
• Valid license – Usually included with hardware purchase.
• Serial console cable – For initial troubleshooting if required.

---

Physical Setup

1. Rack Mounting (Enterprise Models)

• Use the included rails for 19″ racks.
• Leave at least 1U space above and below for proper ventilation.
• Secure the unit with all screws firmly tightened.

2. Cable Connections

Management Port

• Connect a straight-through Ethernet cable to the dedicated MGMT port (yellow).

Network Interfaces

• WAN – Connect to your ISP modem (typically port 1).
• LAN – Connect to the internal switch (typically ports 2–4).
• Optional – Use dedicated ports for a DMZ network.

Power Connection

• Use the provided power cable.
• For HA (High Availability) setups, connect both power supplies.

---

Initial Configuration Methods

Method 1: Web-Based Setup (Recommended)

1. Access the Web Interface
   • Default IP: 192.168.1.1 (SMB) or 192.168.0.1 (Enterprise).
   • URL: https://<firewall-ip>
   • Accept/Bypass the initial certificate warning.
2. Run the First-Time Configuration Wizard
   • Step 1 – Set the admin password (minimum 8 characters).
   • Step 2 – Configure network topology (Gateway or Router mode).
   • Step 3 – Set system time (use NTP for accuracy).
   • Step 4 – Activate licenses (requires internet connection).

---

Method 2: CLI Console Setup

Serial Connection Parameters

• Baud rate: 9600
• Data bits: 8
• Parity: None
• Stop bits: 1

Login

• Use credentials printed on the appliance sticker.

Basic Configuration Commands

# Set management IP
set interface eth1 ipv4-address 192.168.1.1 mask-length 24

# Configure hostname
set hostname CP-Firewall01

# Enable web management
set web-mgmt state on

save config

---

Network Configuration

1. Interface Setup

Interface	Purpose	Recommended Settings
eth1	WAN	DHCP or ISP-provided static
eth2	LAN	192.168.1.1/24
eth3	DMZ	10.0.0.1/24

2. NAT Configuration

• Hide NAT (Basic)
  • Source: Internal network
  • Destination: Any
  • Translation: Hide behind gateway IP
• Static NAT (For Servers)
  • Map a public IP to an internal server IP.
  • Configure port forwarding as needed.

---

Security Policy Setup

1. Basic Rule Base

• Cleanup Rule (Bottom)
  • Action: Drop
  • Source: Any
  • Destination: Any
  • Service: Any
• Stealth Rule (Top)
  • Action: Drop
  • Source: Any
  • Destination: Firewall
  • Service: Any
• Allow Internet Access
  • Action: Accept
  • Source: Internal Network
  • Destination: Any
  • Service: HTTP, HTTPS, DNS

---

Troubleshooting Guide

Symptom	Possible Cause	Solution
No web access	Incorrect IP configuration	Ensure PC is on the same subnet.
License errors	Invalid/expired license	Verify license status in User Center.
No internet	Incorrect NAT policy	Check Hide NAT configuration.
High CPU usage	Underpowered model	Compare SKU to required throughput.

Recovery Procedures

• Password Reset
  1. Connect via console.
  2. Reboot and interrupt the boot process.
  3. Enter Maintenance Mode.
  4. Reset admin credentials.
• Factory Reset

restore factory confirm

---

Best Practices

1. Security Hardening

• Enable HTTPS management only.
• Restrict admin access by IP.
• Implement two-factor authentication.

2. Maintenance

• Daily: Check system health indicators.
• Weekly: Backup configuration.
• Monthly: Review logs and update policies.

3. Documentation

• Maintain a network diagram of all interfaces.
• Keep a log of policy changes.
• Document backup schedules.

---

Next Steps

• Advanced Configuration
  • Configure VPN (Site-to-Site or Remote Access).
  • Enable Threat Prevention blades.
  • Configure logging to an external syslog server.
• Performance Tuning
  • Enable SecureXL acceleration.
  • Set up QoS policies.
  • Optimize firewall rules for efficiency.

---

Resources

• Enterprise Installation Guide
• SMB Administration Guide

---

Sophos Firewall – First-Time Setup Guide

1. Before You Begin

Included in the Box

• Sophos XG/SG series firewall appliance
• Power cord with regional adapters
• (2) Ethernet cables (minimum)
• Quick start guide and warranty card

System Requirements

A management PC with:

• A modern web browser (Chrome, Firefox, or Edge)
• Java Runtime Environment (for console access)
• Terminal emulation software (PuTTY or Tera Term)

---

2. Physical Installation

A. Hardware Setup

Rack Mounting (19″ racks)

• Use the included mounting brackets
• Leave at least 1U of ventilation space above and below
• Secure with the provided screws

Port Connections

• Port 1 (Red): WAN – connect to modem
• Port 2 (Green): LAN – connect to switch or PC
• Console Port: RJ-45 to USB serial connection

B. Power-On Sequence

1. Connect the power cable.
2. Wait for system LED indicators:
   • Power: Solid green
   • Status: Blinking green → solid green (ready)

---

3. Initial Access Methods

A. Web Admin (Recommended)

1. Connect your PC to the LAN port.
2. Set IP to 192.168.1.100/24 or enable DHCP.
3. Open a browser and navigate to: https://192.168.1.1:4444
4. Default credentials:
   • Username: admin
   • Password: admin

B. Console Access (CLI)

Serial Connection Settings

• Baud rate: 115200
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None

Default credentials

• Login: admin
• Password: admin

Basic network configuration via CLI:

system interface ethernet modify port1 ipv4-address=192.168.1.1 ipv4-subnet=24
system dns-server set primary=8.8.8.8
system ntp-server set server1=pool.ntp.org
config save

---

4. Web Setup Wizard

A. Mandatory Steps

• Admin Password Reset
  • Minimum: 8 characters, including uppercase, lowercase, and a number.
• Network Mode
  • Gateway: Standard firewall mode
  • Transparent: Bridge mode
  • Wireless: For Wi-Fi-enabled models
• WAN Configuration
  • DHCP: Common for residential setups
  • Static IP: Typical for business networks

B. Advanced Options

• Port Profiles
  • Create VLAN interfaces
  • Configure link aggregation
• System Services
  • Enable SSH/HTTPS management
  • Restrict admin access by IP

---

5. Security Configuration

A. Firewall Rules

Rule Name	Source	Destination	Service	Action
Outbound	LAN	Any	HTTP/HTTPS/DNS	Allow
Block All	Any	Any	Any	Drop

B. NAT Policies

• Masquerading:
  • Source: LAN
  • Translated: WAN IP
• DNAT (Port Forwarding):
  • Public IP → Internal IP
  • Specify required ports

---

6. Wireless Configuration (If Applicable)

• Radio Settings
  • Choose 2.4 GHz or 5 GHz channels
  • Adjust transmit power
• SSID Setup
  • Security: WPA2-Enterprise (recommended)
  • Client Isolation: Prevents device-to-device communication

---

7. System Maintenance

A. Backup Procedures

• Manual Backup: config save filename=backup_YYYYMMDD.xml
• Scheduled Backups:
  • Store on SFTP or cloud storage

B. Firmware Updates

• Manual Update:
  • Download .sig file from Sophos
  • Upload via Web Admin
• Automatic Updates:
  • Define maintenance window
  • Enable auto-reboot after update

---

Troubleshooting Guide

Console Access Scenarios

Issue	CLI Command
Locked out of web admin	system reset-admin-password
Test network connectivity	diagnose ping google.com
Factory reset	system restore-defaults

Recovery Procedures

• Password Recovery:
  Connect via console and use reset-admin-password.
• Firmware Recovery:
  Boot into recovery mode and TFTP a new image.

---

Next Steps

• Advanced Protection:
  • Enable IPS/IDS
  • Configure Sandstorm threat analysis
• Remote Access:
  • Set up SSL VPN
  • Configure Sophos Connect client

---

Documentation & Resources

• Web Admin Guide
• CLI Reference
• Video Tutorials

Note: Always verify firmware compatibility before upgrading. For complex deployments, consider Sophos Professional Services or certified partners.

---

Juniper SRX Firewall — First-Time Setup Guide

This guide walks you through the first-time setup of a Juniper SRX firewall using both CLI and J-Web GUI methods. Whether you prefer the command-line’s precision or the GUI’s simplicity, this step-by-step guide has you covered.

---

1. Physical Connections

What You’ll Need

• Juniper SRX device
• Ethernet cables
• Console cable (RJ-45 to USB/Serial)
• Management PC

Connection Steps

A. Console Access

1. Connect the RJ-45 to USB/serial cable from your SRX’s console port to your PC.
2. Configure your terminal emulator with: Baud Rate: 9600 Data Bits: 8 Parity: None Stop Bits: 1

B. Management Interface

• Default IP: 192.168.1.1/24 (fxp0 or em0 interface)
• PC Configuration: Assign your PC an IP in the same subnet, e.g., 192.168.1.2/24.

---

2. Initial Setup via CLI

Step 1: Basic Configuration

login: root   # No password by default
cli
configure
set system host-name SRX-FW
set system root-authentication plain-text-password
# Enter and confirm your new password

Step 2: Interface Setup

set interfaces ge-0/0/0 unit 0 family inet address 203.0.113.10/24
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24

Step 3: Security Zones

set security zones security-zone untrust interfaces ge-0/0/0.0
set security zones security-zone trust interfaces ge-0/0/1.0

Step 4: Save Configuration

commit
save

---

3. Initial Setup via J-Web GUI

Step 1: Access J-Web

1. Open a browser and navigate to: https://192.168.1.1
2. Login as root (no password initially).

Step 2: Basic Configuration

• Change Admin Password:
  Configure > System Properties > User Management
• Set Device Identity:
  Configure > System Properties > Device Information
• Configure Interfaces:
  Configure > Interfaces → Edit ge-0/0/0 (WAN) and ge-0/0/1 (LAN).

Step 3: Security Policies

• Create a basic trust-to-untrust policy.
• Configure source NAT for outbound internet access.

---

4. Useful Commands

show interfaces terse
show security zones
show security policies

---

5. Resources

• Official Juniper Documentation
• J-Web User Guide
• SRX Configuration Examples

💡 Tip: For more advanced CLI references, see the official Juniper Quick Start Guide.

---

WatchGuard Firebox – First-Time Setup Guide

This step-by-step guide walks you through setting up your WatchGuard Firebox for the first time, from physical connections to securing your configuration.

---

What You’ll Need

• WatchGuard Firebox appliance
• Ethernet cables
• Computer with a web browser
• (Optional) USB drive for backup

---

Step 1: Physical Connections

1. Connect to the Firebox
   • Plug your computer into the Trusted (LAN) port (default IP: 10.0.1.1).
   • Connect the External (WAN) port to your modem or ISP device.
2. Power On
   • Wait 2–5 minutes for the device to fully boot (LEDs will stabilize).

---

Step 2: Access the Web UI

1. Configure Your Computer’s Network
   • Static IP (if DHCP is not enabled): IP Address: 10.0.1.100 Subnet Mask: 255.255.255.0 Gateway: 10.0.1.1
   • OR use DHCP if available.
2. Open the Web Interface
   • In a browser, go to: https://10.0.1.1:8080
   • Default Credentials: Username: admin Password: readwrite

---

Step 3: Initial Configuration

1. Run the Setup Wizard(recommended)
   • Change the admin password (System > Administration).
   • Set the hostname and time zone.
2. Configure Interfaces
   • External (WAN): DHCP or static IP (provided by ISP).
   • Trusted (LAN): Keep 10.0.1.1/24 or customize.
3. Enable Additional Features (Optional)
   • Firewall Policies: Ensure outbound traffic is allowed (default policy exists).
   • VPN: Configure SSL or IPSec if required.

---

Step 4: Save & Backup

1. Save Configuration
   • Navigate to: System > Configuration File > Save.
2. Create a USB Backup(recommended)
   • Format USB drive as FAT32.
   • Save the config file as WG-Config.xml and insert it into the Firebox.

---

Troubleshooting

Can’t Access Web UI?

• Ensure PC is on the same subnet (10.0.1.x).
• Try a different browser (Chrome/Firefox recommended).
• Reset the Firebox (hold reset button for 30 seconds).

No Internet via WAN?

• Verify ISP settings (PPPoE credentials or static IP).
• Test with a direct modem connection.

---

Next Steps

• Update Firmware: System > Software > Check for Updates.
• Enable Logging: Configure WatchGuard Dimension or Cloud Logging.

---

Official Resources

• WatchGuard Firebox Setup Guide
• Quick Start Guide

---

Quick Recovery Reference

Firewall	Recovery Method	Default Creds After Reset
Palo Alto	Maintenance Mode	admin/(new password)
Cisco ASA	ROMMON Mode	cisco/(blank)
FortiGate	Factory Reset	admin/(blank)
Check Point	Expert Mode	admin/(new password)
Sophos	Recovery Shell	admin/(new password)
Juniper SRX	Single-User Mode	root/(new password)
WatchGuard	Factory Reset Menu	admin/readwrite

---

Final Notes

1. Always document passwords securely
2. Update firmware immediately after recovery
3. Enable MFA where possible
4. Backup configurations regularly

For enterprise deployments, consider centralized management solutions like Cisco FMC or FortiCloud. Small businesses may prefer simpler web GUI setups.

Need help with license recovery after a reset? Contact the firewall vendor’s support with proof of ownership.

Share your firewall setup experiences in the comments below! Have questions about a specific model? Our team is happy to help.