Overview 2 firewalls can be configured in a High Availability pair HA Provides: Redundancy Business Continuity If one firewall fails, the second can continue service with little to no interruption HA options can be deployed as: Active/Passive: One active, one standby firewall Active/Active: Both Active, used in specific circumstances, such as asynchronous routing setups Items [...]

Dashboard, ACC and Monitor Dashboard On the dashboard, individual widgets can be added and removed to have a customized display A custom refresh counter can be set in the upper right hand corner. ACC Interactive graph of traffic and applications going through the firewall Threat graph shows the risk of traffic going through Custom Tabs [...]

Overview PanOS does IPSec tunnels as route-based tunnels Support for connecting to 3rd party IPSec devices The tunnel is represented by a logical tunnel interface The tunnel interface is placed in a zone When traffic is sent to the tunnel, the VPN is connected and traffic sent across IKEv1 vs IKEv2 IKEv1 is the most [...]

Overview GlobalProtect: Solution to VPN Issues Extends NGFW to endpoints Deilvers full traffic visibility Simplifies Management Unifies policies Stops Advanced Threat Components Portal – Provides Management functions for GP; every client connecting to GP receives configuration information from the portal Gateways – Provide Security Enforcement for traffic External gateways provide security enforcement and VPN Access [...]

User-ID Overview Identify users by username and user group Creates Policies and view logs/reports based on user/group name Used in combination with App-ID allows for very granular control Can be used to profile identified vs non-identified users for policy control Prior to being ready for use, the FW needs to know the group mapping to [...]

Wildfire Concepts When a file receives a file: It will check to see if it is signed by trusted signer. If there is not a signature, it creates a hash of the file to check if it has already been sent to wildfire If not already submitted, it will check if it is below the [...]

Decryption Concepts Encrypted traffic is growing every year PAN’s can decrypt SSHv2 and SSL/TLS inbound and outbound traffic SSL Establishment includes: Client – requests SSL connection Server – sends server public cert Client – Verifies Cert Client – sends encrypted session key Server – begins encrypted communications session When an SSL session is first established [...]

URL Filtering Security profiles Added to security policies that are set to ‘allow’ Applied to all packets over the life of a session Items are logged under: Monitor > Logs URL Category in the logs show which category the site falls under. The actions of ‘Alert’, ‘Block’, ‘Continue’ and ‘Override’ will generate a log entry [...]

Overview Scans traffic for/offers protection against/can do: Software Vulnerability exploits – detects attempts to exploit known software vulnerabilities Viruses – detects infected files crossing the firewall Spyware – detects spyware downloads and already infected system traffic Malicious URL’s – blocks URL’s known to be locations that host or assist any of the content scanned with [...]

Application ID Overview An application is a specific program or feature who’s communication can be labeled, monitored and controlled App-ID does additional work beyond just port Port-based rules use ‘Service’ Application-based rules use ‘application’ Application rules will allow only the application traffic that is allowed (ex: FTP) and not other traffic using that port. Zero-day [...]

Security Policy fundamental concepts All traffic must match a session and security policy (stateful firewall) Basics are a source and destination zone Granular includes Source/Dest Address, ports, application, URL Categories, Source user and HIP profiles. Sessions are established for bidirectional data flow. Policies > Security has the current security rules Columns on this page can [...]

Security Zones and interfaces Security zones are used to group like-devices, user groups, locations or specific-use systems. In-band interfaces are traffic-passing ports, ex: ethernet1/1, 1/2, etc Each interface (or subinterface) can only be assigned to one zone A zone can have multiple physical or logical interfaces Traffic inside zones is allowed by default. Example: Trust [...]

Administrative Controls WebUI Panorama CLI XML API Initial Access to System MGT is out of band, connected to the management plane; default IP it is [192.168.1.1/24](https://192.168.1.1/24) for physical. VM is DHCP. Console port (RJ45) 9600,8,N,1 Admin/Admin default login (nag screen until changed) MGT can be set for DHCP (although Static is highly recommended) Initial config [...]

Here is the datasheet for the hardware platforms, has some good information to look over! https://www.paloaltonetworks.com/resources/datasheets/product-summary-specsheet Security Platform Overview Recon, Weaponize, Deliver, Exploitation, Installation, Command & Control, Act on Objective NGFW: Identifies and inspects all traffic Blocks known threats Sense unknown to cloud Extends to mobile and virtual networks Threat Intel Cloud: Gathers potential threats [...]

The following arguments will always be needed to run the test Security policy , NAT policy and PBF policy : • source – source IP address • destination – destination IP address • destination port – specify the destination port number • protocol – specify the IP protocol number expected for the packet between 1 [...]

There are two methods to setup the firewall-CLI and GUI. We will follow the method of using GUI as it’s easier than CLI Connect the Ethernet to the Management port of firewall and connect other end to workstation and setup that workstation ip address in 192.168.1.0/24 network range. When making your first connection to the [...]