PCNSE Study Notes: Global Protect

Overview GlobalProtect: Solution to VPN Issues Extends NGFW to endpoints Deilvers full traffic visibility Simplifies Management Unifies policies Stops Advanced Threat Components Portal – Provides Management functions for GP; every client connecting to GP receives configuration information from the portal Gateways – Provide Security Enforcement for traffic External gateways provide security enforcement and VPN Access [...]

PCNSE Study Notes: Content-ID

Overview Scans traffic for/offers protection against/can do: Software Vulnerability exploits – detects attempts to exploit known software vulnerabilities Viruses – detects infected files crossing the firewall Spyware – detects spyware downloads and already infected system traffic Malicious URL’s – blocks URL’s known to be locations that host or assist any of the content scanned with [...]

PCNSE Study notes: App-ID

Application ID Overview An application is a specific program or feature who’s communication can be labeled, monitored and controlled App-ID does additional work beyond just port Port-based rules use ‘Service’ Application-based rules use ‘application’ Application rules will allow only the application traffic that is allowed (ex: FTP) and not other traffic using that port. Zero-day [...]

PCNSE Study Notes: Security Policies and NATs

Security Policy fundamental concepts All traffic must match a session and security policy (stateful firewall) Basics are a source and destination zone Granular includes Source/Dest Address, ports, application, URL Categories, Source user and HIP profiles. Sessions are established for bidirectional data flow. Policies > Security has the current security rules Columns on this page can [...]

PCNSE Study notes: Interface and Routing Configuratin

Security Zones and interfaces Security zones are used to group like-devices, user groups, locations or specific-use systems. In-band interfaces are traffic-passing ports, ex: ethernet1/1, 1/2, etc Each interface (or subinterface) can only be assigned to one zone A zone can have multiple physical or logical interfaces Traffic inside zones is allowed by default. Example: Trust [...]

PCNSE Study Notes: Platforms and Architecture

Here is the datasheet for the hardware platforms, has some good information to look over! https://www.paloaltonetworks.com/resources/datasheets/product-summary-specsheet Security Platform Overview Recon, Weaponize, Deliver, Exploitation, Installation, Command & Control, Act on Objective NGFW: Identifies and inspects all traffic Blocks known threats Sense unknown to cloud Extends to mobile and virtual networks Threat Intel Cloud: Gathers potential threats [...]

How packet flow in Palo Alto Firewall?

Basic: Initial Packet Processing —-> Security Pre-Policy —-> Application —-> Security Policy —-> Post Policy Processing Advance: Initial Packet Processing —-> Source Zone/Source Address —-> Forward Lookup —-> Destination Zone/Destination Address —-> NAT policy evaluated   Security Pre-Policy —-> Check Allowed Ports —-> Session Created   Application —-> Check for Encrypted Traffic —-> Decryption Policy —-> Application Override Policy —-> Application ID [...]

Palo Alto-CLI cheat sheet

Device management: Show general system-health information –> show system info Show percent usage of disk partitions –> show system disk-space Show the maximum log file size –> show system logdb-quota Show running processes –> show system software status Show processes running in the management plane –> show system resources Show resource utilization in the dataplane [...]