Table of Contents

Preface

Section 1: First Steps and Basic Configuration

Chapter 1: Understanding the Core Technologies

Technical requirements  16

Understanding the zone-based firewall   16

Expected behavior when determining zones  19

Understanding App-ID and Content-ID  20

How App-ID gives more control  21

How Content-ID makes things safe  23

The management and data plane  24

Authenticating users with User-ID  25

Summary  25

Chapter 2: Setting Up a New Device

Technical requirements  28

Gaining access to the user interface  28

Connecting to the web interface and CLI  33

Adding licenses and setting up dynamic updates  35

Creating a new account  35

Registering a new device  36

Activating licenses  37

Downloading and scheduling dynamic updates  42

Upgrading the firewall  46

Understanding the partitions  46

Upgrade considerations  48

Upgrading via the CLI  49

Upgrading via the web interface  51

Hardening the management interface  54

Limiting access via an access List  54

Accessing internet resources from offline management  57

Admin accounts  58

Understanding the interface types  74

VWire  74

The Layer 3 interface  76

The Layer 2 interface and VLANs  81

The loopback interface  83

The tunnel interface  84

Subinterfaces  86

HA interfaces  86

AE interfaces  87

Tap interfaces  89

The Decryption Port Mirror interface  90

Section 2: Advanced Configuration and Putting the Features to Work

Chapter 3: Building Strong Policies

Technical requirements  95

Understanding and preparing security profiles  96

The Antivirus profile  96

The Anti-Spyware profile   97

The Vulnerability Protection profile  102

URL filtering  105

The file blocking profile  111

The WildFire Analysis profile  113

Custom objects  113

Security profile groups  119

Understanding and building security rules  119

Dropping "bad" traffic  120

Allowing applications  123

Controlling logging and schedules  128

Address objects  130

Tags  131

Policy Optimizer  132

Creating NAT rules  132

Inbound NAT  133

Outbound NAT  135

Summary  143

Chapter 4: Taking Control of Sessions

Technical requirements   145

Controlling the bandwidth with quality of service policies  146

DSCP and ToS headers  146

QoS enforcement in the firewall  147

Leveraging SSL decryption to break open encrypted sessions  160

SSH proxy  160

SSL forward proxy  160

SSL Inbound Inspection  166

Redirecting sessions over different paths using policy-based forwarding  168

Redirecting critical traffic   168

Load balancing  171

Summary  174

Chapter 5: Services and Operational Modes

Technical requirements  176

Applying a DHCP client and DHCP server  176

DHCP client  176

DHCP server and relay  178

Configuring a DNS proxy  180

Setting up high availability  182

Active/Passive mode  184

Active/Active mode  185

Firewall states  186

High-availability interfaces  187

Setting up Active/Passive mode  190

Setting up Active/Active  193

Enabling virtual systems  199

Creating a new VSYS  200

Inter-VSYS routing  204

Creating a shared gateway  206

Managing certificates  208

Summary  212

Chapter 6: Identifying Users and Controlling Access

Technical requirements   214

User-ID basics  214

Preparing Active Directory and setting up the agents  215

Configuring group mapping  230

Setting up a captive portal  236

Authenticating users  236

Using an API for User-ID  245

User credential detection  249

Summary  252

Chapter 7: Managing Firewalls through Panorama

Technical requirements  254

Setting up Panorama  254

Initial Panorama configuration  254

Panorama logging  259

Device groups  265

Adding managed devices  266

Preparing device groups  268

Creating policies and objects  269

Important things to know when creating objects in device groups  271

Setting up templates and template stacks  273

Panorama management  275

Device deployment  275

Migrating unmanaged to managed devices  278

Panorama HA  279

Tips and tricks  280

Summary  283

Section 3: Maintenance and Troubleshooting

Chapter 8: Upgrading Firewalls and Panorama

Technical requirements  288

Documenting the key aspects  288

Upgrade considerations  289

Preparing for the upgrade  290

The upgrade process  293

Upgrading a single Panorama instance  293

Upgrading a Panorama HA cluster  294

Upgrading a single firewall  296

Upgrading a firewall cluster  297

Upgrading log collectors (or firewalls) through Panorama  300

After the upgrade  301

The rollback procedure  302

Special case for upgrading older hardware  303

The downgrade procedure  304

Summary  305

Chapter 9: Logging and Reporting

Technical requirements  308

Log storage and forwarding  308

Configuring log collectors and log collector groups  309

Logging Service  312

External logging  314

Configuring log forwarding  315

System logs  315

Session logs  317

Reporting  320

Pre-defined reports  320

Custom reports  322

The Application Command Center  328

Filtering logs  333

Summary  339

z: VPN and Advanced Protection

Technical requirements   342

Setting up the VPN  342

Configuring the IPSec site-to-site VPN  343

Configuring GlobalProtect  354

Custom applications and threats  372

Application override  373

Signature-based custom applications  376

Custom threats  379

Zone protection and DoS protection   385

System protection settings  385

Configuring zone protection  389

Configuring DoS protection  396

Summary  399

Chapter 11: Troubleshooting Common Session Issues

Technical requirements  402

Using the tools at our disposal  402

Log files  402

Packet captures  405

Botnet reports  410

Interpreting session details  411

Using the troubleshooting tool  420

Using maintenance mode to resolve and recover from system issues  426

Summary  430

Chapter 12: A Deep Dive into Troubleshooting

Technical requirements  431

Understanding global counters  432

Analyzing session flows  439

Preparation  441

Execution  442

Cleanup  443

A practical example  444

Debugging processes  462

CLI troubleshooting commands cheat sheet  465

Summary  470

Chapter 13: Supporting Tools

Technical requirements  472

Integrating Palo Alto Networks with Splunk  472

Monitoring with Pan(w)achrome  478

Threat intelligence with MineMeld  482

Exploring the API  490

Summary  494

Other Books You May Enjoy

Leave a review - let other readers know what you think  497