Home Page Icon
Home Page
Table of Contents for
B13292_TOC_ePub_AM
Close
B13292_TOC_ePub_AM
by Tom Piens
Mastering Palo Alto Networks
Mastering Palo Alto Networks
Why subscribe?
Contributors
About the author
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
Section 1: First Steps and Basic Configuration
Chapter 1: Understanding the Core Technologies
Technical requirements
Understanding the zone-based firewall
Expected behavior when determining zones
Understanding App-ID and Content-ID
How App-ID gives more control
How Content-ID makes things safe
The management and data plane
Authenticating users with User-ID
Summary
Chapter 2: Setting Up a New Device
Technical requirements
Gaining access to the user interface
Connecting to the web interface and CLI
Adding licenses and setting up dynamic updates
Creating a new account
Registering a new device
Activating licenses
Downloading and scheduling dynamic updates
Upgrading the firewall
Understanding the partitions
Upgrade considerations
Upgrading via the CLI
Upgrading via the web interface
Hardening the management interface
Limiting access via an access List
Accessing internet resources from offline management
Admin accounts
Understanding the interface types
VWire
The Layer 3 interface
The Layer 2 interface and VLANs
The loopback interface
The tunnel interface
Subinterfaces
HA interfaces
AE interfaces
Tap interfaces
The Decryption Port Mirror interface
Section 2: Advanced Configuration and Putting the Features to Work
Chapter 3: Building Strong Policies
Technical requirements
Understanding and preparing security profiles
The Antivirus profile
The Anti-Spyware profile
The Vulnerability Protection profile
URL filtering
The file blocking profile
The WildFire Analysis profile
Custom objects
Security profile groups
Understanding and building security rules
Dropping "bad" traffic
Allowing applications
Controlling logging and schedules
Address objects
Tags
Policy Optimizer
Creating NAT rules
Inbound NAT
Outbound NAT
Summary
Chapter 4: Taking Control of Sessions
Technical requirements
Controlling the bandwidth with quality of service policies
DSCP and ToS headers
QoS enforcement in the firewall
Leveraging SSL decryption to break open encrypted sessions
SSH proxy
SSL forward proxy
SSL Inbound Inspection
Redirecting sessions over different paths using policy-based forwarding
Redirecting critical traffic
Load balancing
Summary
Chapter 5: Services and Operational Modes
Technical requirements
Applying a DHCP client and DHCP server
DHCP client
DHCP server and relay
Configuring a DNS proxy
Setting up high availability
Active/Passive mode
Active/Active mode
Firewall states
High-availability interfaces
Setting up Active/Passive mode
Setting up Active/Active
Enabling virtual systems
Creating a new VSYS
Inter-VSYS routing
Creating a shared gateway
Managing certificates
Summary
Chapter 6: Identifying Users and Controlling Access
Technical requirements
User-ID basics
Preparing Active Directory and setting up the agents
Configuring group mapping
Setting up a captive portal
Authenticating users
Using an API for User-ID
User credential detection
Summary
Chapter 7: Managing Firewalls through Panorama
Technical requirements
Setting up Panorama
Initial Panorama configuration
Panorama logging
Device groups
Adding managed devices
Preparing device groups
Creating policies and objects
Important things to know when creating objects in device groups
Setting up templates and template stacks
Panorama management
Device deployment
Migrating unmanaged to managed devices
Panorama HA
Tips and tricks
Summary
Section 3: Maintenance and Troubleshooting
Chapter 8: Upgrading Firewalls and Panorama
Technical requirements
Documenting the key aspects
Upgrade considerations
Preparing for the upgrade
The upgrade process
Upgrading a single Panorama instance
Upgrading a Panorama HA cluster
Upgrading a single firewall
Upgrading a firewall cluster
Upgrading log collectors (or firewalls) through Panorama
After the upgrade
The rollback procedure
Special case for upgrading older hardware
The downgrade procedure
Summary
Chapter 9: Logging and Reporting
Technical requirements
Log storage and forwarding
Configuring log collectors and log collector groups
Logging Service
External logging
Configuring log forwarding
System logs
Session logs
Reporting
Pre-defined reports
Custom reports
The Application Command Center
Filtering logs
Summary
z: VPN and Advanced Protection
Technical requirements
Setting up the VPN
Configuring the IPSec site-to-site VPN
Configuring GlobalProtect
Custom applications and threats
Application override
Signature-based custom applications
Custom threats
Zone protection and DoS protection
System protection settings
Configuring zone protection
Configuring DoS protection
Summary
Chapter 11: Troubleshooting Common Session Issues
Technical requirements
Using the tools at our disposal
Log files
Packet captures
Botnet reports
Interpreting session details
Using the troubleshooting tool
Using maintenance mode to resolve and recover from system issues
Summary
Chapter 12: A Deep Dive into Troubleshooting
Technical requirements
Understanding global counters
Analyzing session flows
Preparation
Execution
Cleanup
A practical example
Debugging processes
CLI troubleshooting commands cheat sheet
Summary
Chapter 13: Supporting Tools
Technical requirements
Integrating Palo Alto Networks with Splunk
Monitoring with Pan(w)achrome
Threat intelligence with MineMeld
Exploring the API
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Mastering Palo Alto Networks
Next
Next Chapter
Preface
Table of Contents
Preface
Section 1:
First Steps and Basic Configuration
Chapter 1
: Understanding the Core Technologies
Technical requirements 16
Understanding the zone-based firewall 16
Expected behavior when determining zones 19
Understanding App-ID and Content-ID 20
How App-ID gives more control 21
How Content-ID makes things safe 23
The management and data plane 24
Authenticating users with User-ID 25
Summary 25
Chapter 2
: Setting Up a New Device
Technical requirements 28
Gaining access to the user interface 28
Connecting to the web interface and CLI 33
Adding licenses and setting up dynamic updates 35
Creating a new account 35
Registering a new device 36
Activating licenses 37
Downloading and scheduling dynamic updates 42
Upgrading the firewall 46
Understanding the partitions 46
Upgrade considerations 48
Upgrading via the CLI 49
Upgrading via the web interface 51
Hardening the management interface 54
Limiting access via an access List 54
Accessing internet resources from offline management 57
Admin accounts 58
Understanding the interface types 74
VWire 74
The Layer 3 interface 76
The Layer 2 interface and VLANs 81
The loopback interface 83
The tunnel interface 84
Subinterfaces 86
HA interfaces 86
AE interfaces 87
Tap interfaces 89
The Decryption Port Mirror interface 90
Section 2: Advanced Configuration and Putting the Features to Work
Chapter 3
: Building Strong Policies
Technical requirements 95
Understanding and preparing security profiles 96
The Antivirus profile 96
The Anti-Spyware profile 97
The Vulnerability Protection profile 102
URL filtering 105
The file blocking profile 111
The WildFire Analysis profile 113
Custom objects 113
Security profile groups 119
Understanding and building security rules 119
Dropping "bad" traffic 120
Allowing applications 123
Controlling logging and schedules 128
Address objects 130
Tags 131
Policy Optimizer 132
Creating NAT rules 132
Inbound NAT 133
Outbound NAT 135
Summary 143
Chapter 4
: Taking Control of Sessions
Technical requirements 145
Controlling the bandwidth with quality of service policies 146
DSCP and ToS headers 146
QoS enforcement in the firewall 147
Leveraging SSL decryption to break open encrypted sessions 160
SSH proxy 160
SSL forward proxy 160
SSL Inbound Inspection 166
Redirecting sessions over different paths using policy-based forwarding 168
Redirecting critical traffic 168
Load balancing 171
Summary 174
Chapter 5
: Services and Operational Modes
Technical requirements 176
Applying a DHCP client and DHCP server 176
DHCP client 176
DHCP server and relay 178
Configuring a DNS proxy 180
Setting up high availability 182
Active/Passive mode 184
Active/Active mode 185
Firewall states 186
High-availability interfaces 187
Setting up Active/Passive mode 190
Setting up Active/Active 193
Enabling virtual systems 199
Creating a new VSYS 200
Inter-VSYS routing 204
Creating a shared gateway 206
Managing certificates 208
Summary 212
Chapter 6
: Identifying Users and Controlling Access
Technical requirements 214
User-ID basics 214
Preparing Active Directory and setting up the agents 215
Configuring group mapping 230
Setting up a captive portal 236
Authenticating users 236
Using an API for User-ID 245
User credential detection 249
Summary 252
Chapter 7
: Managing Firewalls through Panorama
Technical requirements 254
Setting up Panorama 254
Initial Panorama configuration 254
Panorama logging 259
Device groups 265
Adding managed devices 266
Preparing device groups 268
Creating policies and objects 269
Important things to know when creating objects in device groups 271
Setting up templates and template stacks 273
Panorama management 275
Device deployment 275
Migrating unmanaged to managed devices 278
Panorama HA 279
Tips and tricks 280
Summary 283
Section 3: Maintenance and Troubleshooting
Chapter 8
: Upgrading Firewalls and Panorama
Technical requirements 288
Documenting the key aspects 288
Upgrade considerations 289
Preparing for the upgrade 290
The upgrade process 293
Upgrading a single Panorama instance 293
Upgrading a Panorama HA cluster 294
Upgrading a single firewall 296
Upgrading a firewall cluster 297
Upgrading log collectors (or firewalls) through Panorama 300
After the upgrade 301
The rollback procedure 302
Special case for upgrading older hardware 303
The downgrade procedure 304
Summary 305
Chapter 9
: Logging and Reporting
Technical requirements 308
Log storage and forwarding 308
Configuring log collectors and log collector groups 309
Logging Service 312
External logging 314
Configuring log forwarding 315
System logs 315
Session logs 317
Reporting 320
Pre-defined reports 320
Custom reports 322
The Application Command Center 328
Filtering logs 333
Summary 339
z
: VPN and Advanced Protection
Technical requirements 342
Setting up the VPN 342
Configuring the IPSec site-to-site VPN 343
Configuring GlobalProtect 354
Custom applications and threats 372
Application override 373
Signature-based custom applications 376
Custom threats 379
Zone protection and DoS protection 385
System protection settings 385
Configuring zone protection 389
Configuring DoS protection 396
Summary 399
Chapter 11
: Troubleshooting Common Session Issues
Technical requirements 402
Using the tools at our disposal 402
Log files 402
Packet captures 405
Botnet reports 410
Interpreting session details 411
Using the troubleshooting tool 420
Using maintenance mode to resolve and recover from system issues 426
Summary 430
Chapter 12
: A Deep Dive into Troubleshooting
Technical requirements 431
Understanding global counters 432
Analyzing session flows 439
Preparation 441
Execution 442
Cleanup 443
A practical example 444
Debugging processes 462
CLI troubleshooting commands cheat sheet 465
Summary 470
Chapter 13
: Supporting Tools
Technical requirements 472
Integrating Palo Alto Networks with Splunk 472
Monitoring with Pan(w)achrome 478
Threat intelligence with MineMeld 482
Exploring the API 490
Summary 494
Other Books You May Enjoy
Leave a review - let other readers know what you think 497
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset