Palo Alto Security – Network Interview QnA

In Palo Alto Firewall-How to test Security, NAT, and PBF Rules via the CLI

The following arguments will always be needed to run the test Security policy , NAT policy and PBF policy : • source – source IP address • destination – destination IP address • destination port – specify the destination port number • protocol – specify the IP protocol number expected for the packet between 1 [...]

Setup the Palo Alto Firewall from scratch

There are two methods to setup the firewall-CLI and GUI. We will follow the method of using GUI as it’s easier than CLI Connect the Ethernet to the Management port of firewall and connect other end to workstation and setup that workstation ip address in 192.168.1.0/24 network range. When making your first connection to the [...]

What are the modes in which interfaces on Palo Alto can be configured?

When configuring the Ethernet ports on your firewall, you can choose from virtual wire, Layer 2, or Layer 3 interface deployments. In addition, to allow you to integrate into a variety of network segments, you can configure different types of interfaces on different ports. The following sections provide basic information on each type of deployment. [...]

How to enable logging in Palo Alto Networks Firewall?

When it comes to live troubleshooting or to ensure certain traffic is either blocked or allowed one relies heavily on logs, Palo Alto Network Firewalls does provides very good logging options and fields. Its quite easy to read them and understands them. By default when some one creates any security policy Palo Alto Networks Firewall [...]

What does Virtual Wire interface in Palo Alto firewall used for?

We all know Palo Alto Network Firewalls offers quite flexibility deployment options, one can also deploy Palo Alto Networks in Virtual Wire or V-Wire mode. This is the beauty of Palo Alto Networks Firewalls , the flexibility it offers cannot be matched by some of the leading firewall vendors. Though other vendors offers the same [...]

How packet flow in Palo Alto Firewall?

Basic: Initial Packet Processing —-> Security Pre-Policy —-> Application —-> Security Policy —-> Post Policy Processing Advance: Initial Packet Processing —-> Source Zone/Source Address —-> Forward Lookup —-> Destination Zone/Destination Address —-> NAT policy evaluated Security Pre-Policy —-> Check Allowed Ports —-> Session Created Application —-> Check for Encrypted Traffic —-> Decryption Policy —-> Application Override Policy —-> Application ID [...]

Palo Alto-CLI cheat sheet

Device management: Show general system-health information –> show system info Show percent usage of disk partitions –> show system disk-space Show the maximum log file size –> show system logdb-quota Show running processes –> show system software status Show processes running in the management plane –> show system resources Show resource utilization in the dataplane [...]