VOD-3741_Palo Alto Firewall Essentials.pdf
sanghp1
51 views
37 slides
Aug 14, 2024
Slide 1 of 37
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
About This Presentation
sadasd
Slide Content
Palo Alto Firewall Essentials
Course Introduction
ine.com
Course Introduction
ine.com
Course Prerequisites
+Basic Networking
concepts
+Basic Security concepts
+Basic Networking
concepts
+Basic Security concepts
Course Overview
+Module 1Platform Overview
+Module 2Management Access
+Module 3 Firewall Maintenance
+Module 4Firewall Basic Settings
+Module 5Firewall Interfaces
+Module 6Firewall Initialization
+Module 1Platform Overview
+Module 2Management Access
+Module 3 Firewall Maintenance
+Module 4Firewall Basic Settings
+Module 5Firewall Interfaces
+Module 6Firewall Initialization
Palo Alto Firewall Essentials
Platform Overview
ine.com
Platform Overview
ine.com
Module Overview
+Introduction to Palo Alto
Firewall
+Platform types
+Processing architecture
+Introduction to Palo Alto
Firewall
+Platform types
+Processing architecture
+Next-generation prevention-focused security system
+User, Application, Content
+Key Capabilities
+User-ID, App-ID
+Zero Trust
+Security enforcement everywhere
+Advanced Threat Prevention
+IPS, URL Filtering, WildFire& DNS protection
+Advanced Logging
+Cortex Data Lake
+SD-WAN integration
Introduction to Palo Alto Firewall
+User, Application, Content
+Key Capabilities
+User-ID, App-ID
+Zero Trust
+Security enforcement everywhere
+Advanced Threat Prevention
+IPS, URL Filtering, WildFire& DNS protection
+Advanced Logging
+Cortex Data Lake
+SD-WAN integration
Introduction to Palo Alto Firewall
+VM-Series
+Public Cloud
+Meet public cloud security obligations
+Private & Hybrid Clouds
+Secure virtualized compute resources & hypervisors
+Branches
+Isolate & protect critical systems
+DevOps
+Prisma Access
+Cloud-based firewall
Next-Generation Firewall Platforms
+Public Cloud
+Meet public cloud security obligations
+Private & Hybrid Clouds
+Secure virtualized compute resources & hypervisors
+Branches
+Isolate & protect critical systems
+DevOps
+Prisma Access
+Cloud-based firewall
Next-Generation Firewall Platforms
+Physical Appliances
+220, 800, 3200, 5200 & 7000 PA series
+https://www.paloaltonetworks.com/network-security/pa-series
Next-Generation Firewall Platforms
+220, 800, 3200, 5200 & 7000 PA series
+https://www.paloaltonetworks.com/network-security/pa-series
Next-Generation Firewall Platforms
+Single-Pass Parallel Processing (SP3)
+Simultaneous traffic classification & enforcement
+Full-stack single-pass inspection
+Heavily reduces latency & increases performance
+Traffic Planes
+Palo Alto splits hardware resources between two traffic planes
+Control
+Configuration, logging, reporting
+Data
+Signature matching, security & network processing
Processing Architecture
+Simultaneous traffic classification & enforcement
+Full-stack single-pass inspection
+Heavily reduces latency & increases performance
+Traffic Planes
+Palo Alto splits hardware resources between two traffic planes
+Control
+Configuration, logging, reporting
+Data
+Signature matching, security & network processing
Processing Architecture
Palo Alto Firewall Essentials
Management Access
ine.com
Management Access
ine.com
Module Overview+Management options
+Management port
+CLI
+Management port
+CLI
+Web Interface
+Local
+Centralized
+Panorama
+Panorama is recommended for networks with 6+ firewalls
+Reduces complexity and administration overhead
+Aggregates data from all managed devices
Management Options
+Local
+Centralized
+Panorama
+Panorama is recommended for networks with 6+ firewalls
+Reduces complexity and administration overhead
+Aggregates data from all managed devices
Management Options
+CLI
+Console, SSH, Telnet
+API
+XML
+REST
Management Options
+Console, SSH, Telnet
+API
+XML
+REST
Management Options
+Special interface designed for administration
+Part of the Control Plane
+Preconfigured with 192.168.1.1/24 for HTTPS
+admin//admin
+Data ports also support management functions
+Management Profiles
+Service Routes
Management Port
+Part of the Control Plane
+Preconfigured with 192.168.1.1/24 for HTTPS
+admin//admin
+Data ports also support management functions
+Management Profiles
+Service Routes
Management Port
+Required to provide access to external services through data ports
+Device > Setup > Services > Service Route Configuration > Customize
Service Routes
+Device > Setup > Services > Service Route Configuration > Customize
Service Routes
+Palo Alto firewalls use two CLI modes
+Operational
+Basic networking/system commands & verification
+E.g. ping, traceroute, show, debug
+Configuration
+Accessible via configure
+CLI Enhancements
+Use findto figure out the command syntax
+Use "?" to get help on command options and parameters
+Use the "Tab" key for command auto-completion
+Use the "|" symbol along with matchor exceptfor output filtering
Firewall CLI
+Operational
+Basic networking/system commands & verification
+E.g. ping, traceroute, show, debug
+Configuration
+Accessible via configure
+CLI Enhancements
+Use findto figure out the command syntax
+Use "?" to get help on command options and parameters
+Use the "Tab" key for command auto-completion
+Use the "|" symbol along with matchor exceptfor output filtering
Firewall CLI
Palo Alto Firewall Essentials
Firewall Maintenance
ine.com
Firewall Maintenance
ine.com
Module Overview+Configuration files
+Updates
+Updates
+Running Configuration
+Current configuration enforced in the Data Plane
+Controls the firewall's behavior
+Saved to running-config.xml
+Candidate Configuration
+Temporary configuration stored in the memory in the Control Plane
+Saved as either default snapshot.xml or as a custom XML file
+Saving candidate configuration does not activate the changes
+Requires a commit
+Turns candidate configuration into running configuration
Configuration Files
+Current configuration enforced in the Data Plane
+Controls the firewall's behavior
+Saved to running-config.xml
+Candidate Configuration
+Temporary configuration stored in the memory in the Control Plane
+Saved as either default snapshot.xml or as a custom XML file
+Saving candidate configuration does not activate the changes
+Requires a commit
+Turns candidate configuration into running configuration
Configuration Files
+Firewall configurations are managed using several options
+Revert to Last Saved Configuration
+Replaces current candidate configuration settings with a saved
candidate configuration file
+Revert to Running Configuration
+Replaces current candidate configuration settings with the current
running configuration
+Load
+Overwrites the current candidate configuration with a config file
+Export
+Exports a Current/Running Configuration file as an XML (backups)
+Import, Save
Configuration Files
+Revert to Last Saved Configuration
+Replaces current candidate configuration settings with a saved
candidate configuration file
+Revert to Running Configuration
+Replaces current candidate configuration settings with the current
running configuration
+Load
+Overwrites the current candidate configuration with a config file
+Export
+Exports a Current/Running Configuration file as an XML (backups)
+Import, Save
Configuration Files
+Keep the system up-to-date with latest threats, applications & more
+AntiVirus
+Including WildFiresignatures
+Applications, Applications and Threats
+GlobalProtectData File
+Host Information Profile (HIP) data
+GlobalProtectClientless VPN
+Enables clientless VPN access to common web applications from the
GlobalProtectportal
+PAN-DB URL Filtering
Dynamic Updates
+AntiVirus
+Including WildFiresignatures
+Applications, Applications and Threats
+GlobalProtectData File
+Host Information Profile (HIP) data
+GlobalProtectClientless VPN
+Enables clientless VPN access to common web applications from the
GlobalProtectportal
+PAN-DB URL Filtering
Dynamic Updates
+Used for scheduled PAN-OS code updates
+Require a system reboot
+Software can be downloaded manually or over the Management interface
Software Updates
+Require a system reboot
+Software can be downloaded manually or over the Management interface
Software Updates
Palo Alto Firewall Essentials
Firewall Basic Settings
ine.com
Firewall Basic Settings
ine.com
Module Overview+General configuration
+Admin roles
+Admin roles
+Device -> Setup -> Management
+Hostname
+Domain
+Login Banner
+Device -> Setup -> Operations
+SNMP
+Device -> Setup -> Services
+DNS
+NTP
General Configuration
+Hostname
+Domain
+Login Banner
+Device -> Setup -> Operations
+SNMP
+Device -> Setup -> Services
+DNS
+NTP
General Configuration
+Defines the type of access that an administrator has to the firewall
+Dynamic
+Based on pre-built profiles
+E.g. Superuser, Superuser (read-only), Device administrator
+Role Based
+Custom access for granular control
+Configuration
+Device -> Administrators
+Device -> Admin Roles
Admin Roles
+Dynamic
+Based on pre-built profiles
+E.g. Superuser, Superuser (read-only), Device administrator
+Role Based
+Custom access for granular control
+Configuration
+Device -> Administrators
+Device -> Admin Roles
Admin Roles
Palo Alto Firewall Essentials
Firewall Interfaces
ine.com
Firewall Interfaces
ine.com
Module Overview+Datainterfaces
+Other interfaces
+Other interfaces
+PAN-OS supports several types of interfaces and can operate in
multiple deployments
+Tap, Virtual Wire, Layer 2, Layer 3
+Tap
+Works on a copy of network traffic
+Port mirroring (SPAN)
+Deployed for logging & visibility
Data Interfaces
multiple deployments
+Tap, Virtual Wire, Layer 2, Layer 3
+Tap
+Works on a copy of network traffic
+Port mirroring (SPAN)
+Deployed for logging & visibility
Data Interfaces
+Virtual Wire
+For inline deployments
+Traffic control, decryption, QoS, etc.
+A logical connection of two ports
+No L2/L3 addresses
+No management capabilities
+Easy to integrate
+Allows for subinterfaces
+Virtual Wire interfaces must be attached to a Virtual Wire Object
+Default Virtual Wire ports may need to be removed
Data Interfaces
+For inline deployments
+Traffic control, decryption, QoS, etc.
+A logical connection of two ports
+No L2/L3 addresses
+No management capabilities
+Easy to integrate
+Allows for subinterfaces
+Virtual Wire interfaces must be attached to a Virtual Wire Object
+Default Virtual Wire ports may need to be removed
Data Interfaces
+Layer 2
+Used for L2 switching
+Inline
+Require a VLAN Object
+Support subinterfaces
+Layer3
+Used for L3 routing (IPv4, IPv6)
+Inline
+Require a Virtual Router
+Support subinterfaces& management
Data Interfaces
+Used for L2 switching
+Inline
+Require a VLAN Object
+Support subinterfaces
+Layer3
+Used for L3 routing (IPv4, IPv6)
+Inline
+Require a Virtual Router
+Support subinterfaces& management
Data Interfaces
+Loopback
+Virtual L3 ports internal to the firewall
+Used in many scenarios
+Routing, DNS Sinkholes & more
+Tunnel
+Virtual interface used for VPN representation
Other Interfaces
+Virtual L3 ports internal to the firewall
+Used in many scenarios
+Routing, DNS Sinkholes & more
+Tunnel
+Virtual interface used for VPN representation
Other Interfaces
Palo Alto Firewall Essentials
Firewall Initialization
ine.com
Firewall Initialization
ine.com
Module Overview+Virtual routers
+Security zones
+Security zones
+Enables routing functions
+Interfaces
+RIB
+Control Plane
+FIB
+Data Plane
+Supported Routing Technologies
+Static routes
+OSPF, OSPFv3, BGP, RIP
+PIM-SM, PIM-ASM, PIM-SSM, IGMP version 1/2/3
Virtual Router
+Interfaces
+RIB
+Control Plane
+FIB
+Data Plane
+Supported Routing Technologies
+Static routes
+OSPF, OSPFv3, BGP, RIP
+PIM-SM, PIM-ASM, PIM-SSM, IGMP version 1/2/3
Virtual Router
+A group of interfaces representing a segment controlled by the firewall
+LAN1, Internet, etc.
+A firewall interface can belong to only one zone
+Interface Type & Zone Type must match
+Zone-unassigned interface does not process traffic
+Zones affects the data traffic
+Intra-zone
+Inter-zone
Security Zone
+LAN1, Internet, etc.
+A firewall interface can belong to only one zone
+Interface Type & Zone Type must match
+Zone-unassigned interface does not process traffic
+Zones affects the data traffic
+Intra-zone
+Inter-zone
Security Zone
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 51
- Slides 37
- Age 495 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
45 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
48 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
44 views
14
Fertility awareness methods for women in the society
Isaiah47
41 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
43 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
42 views