webplexor.com

Changing management IP address on a Palo Alto firewall is a common administrative task during network changes, migrations, or readdressing. Since the interface is already configured, extra care must be taken to avoid losing access.

Prerequisites for Changing management IP address on a Palo Alto firewall

Before making changes, ensure:

• You are already logged into the firewall via the existing management IP.
• You have the new IP address, subnet mask, and default gateway ready.
• Your system can reach the new subnet.
• (Recommended) You have console access as a fallback in case connectivity is lost.

Step 1: Access the Web Interface

1. Open a web browser and navigate to the current management IP:

https://<current-management-ip>

2. Log in with your administrative credentials.

Step 2: Navigate to Management Interface Settings

• Go to the Device tab.
• Select Setup from the left-hand pane.
• Click on the Interfaces tab.
• Under the Management section, click Management to edit the interface.

Step 3: Modify the Management IP Address

• Ensure IP Type is set to Static.
• Update the existing values with the new network details:
  • IP Address → New management IP
  • Netmask → Updated subnet mask
  • Default Gateway → New gateway (if applicable)

Step 4: Review Management Services

• Keep enabled:
  • HTTPS
  • SSH (if CLI access is needed)
• Disable (if not required):
  • HTTP
  • Telnet

Step 5: Save and Commit Changes

1. Click OK to save the updated configuration.
2. Click Commit (top-right corner) to apply the changes.

Note : During commit, the management interface will restart with the new IP.

Step 6: Reconnect Using the New IP

After the commit completes:

1. Access the firewall using the new management IP:

https://<new-management-ip>

Post-Change Validation

• Verify GUI access via HTTPS.
• Test SSH connectivity (if enabled).
• Confirm routing to the default gateway.
• Optionally, ping the management IP (if allowed).