This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Palo Alto Networks is one of the top firewall platform choices when it comes to protecting and securing all your critical on-premise and cloud infrastructures. This training guide will help you fully understand what tools, features, and options your Palo Alto firewalls can offer to protect and enhance visibility in your network traffic.
This Course will get you from zero to hero in no time, so you can take full advantage of all of the features that the Palo Alto firewall platform has to offer. From initial policy configurations to configuring Nat and security rules to performing Active-Active highly available clusters, you’ll learn all there is required to set it up
In this courses, feature lecture and hands-on labs, you will learn to install, configure, manage and troubleshoot Palo Alto Networks firewalls, gaining the skills and expertise needed to protect your organization from the most advanced cyber-security attacks. The student will get hands-on experience in configuring, managing, and monitoring a firewall in a lab environment.
This Palo Alto Firewall course covers many topics required for PCNSE V10 and new topics are added frequently. This course dives deeper into Palo Alto Network Firewalls policies and network configuration to give the students a clear understanding on several topics. Topics covered include Security Policies configuration, SSL Decryption, Routing configuration, IPSec configuration, High Availability configuration and other real-world configuration examples. There are also PDF materials included with this video.
Palo Alto Initial Configuration & Installation
-
2Comman Network Security Terms
Common Network Security Terms:
Key Network Security technical terms are Asset, Vulnerability, Exploit, Threat, Attack, Risk and Countermeasures.
-
3Introduction to Firewall Technology
Firewall Technologies:
o The word firewall commonly describes a system or device or Software.
o Firewall is placed between a trusted network and an untrusted network.
o A firewall is security devices used to stop or mitigate unauthorized access.
o The only traffic allowed on the network is defined via the firewall policies.
o It grants or rejects access to traffic flows between untrusted & trusted zone.
o A firewall monitors and check incoming and outgoing network related traffic.
o It decides to allow or block specific traffic based on defined set of security rules.
o A firewall can be hardware, software, or both or can be Cloud-based or Virtual.
o The first generation of firewall technology consisted of packet filters techniques.
o The second generation of firewall started with application layers technologies.
o The third generation of firewall had “Stateful” filters inspection also called NGFW.
o Firewalls are relied upon to secure home and corporate networks from any attacks.
-
4About Palo Alto Networks Firewall
About Palo Alto Networks:
o Palo Alto is a City in California’s San Francisco Bay Area in USA.
o This Next-Generation Firewall is named by this City of USA.
o PA is USA Multinational cybersecurity company headquarters in California.
o Palo Alto Networks was founded in 2005 by Israeli-American Nir Zuk.
o Nir Zuk is former engineer from Check Point and NetScreen Technologies.
o World-class team with strong security and networking experience.
o Innovations of Palo Alto Firewall are App-ID, User-ID and Content-ID.
o Builds next-generation firewalls that identify & control more than 900 applications.
o Palo Alto Network is Global footprint presence in 50+ countries, 24/7 support.
o The company serves over 60,000 organizations in over 150 countries.
o Palo Alto Next-Generation firewall named Gartner Cool Vendor in the Year 2008.
o Former Google executive Nikesh Arora joined company as Chairman & CEO 2018.
o Palo Alto has been named Leader in Gartner Magic for Network Firewalls 8 time in a row.
Palo Alto Firewall Basic Administration
-
5Palo Alto Firewall VMWare Installation
PA Initial Configuration:
o To configure and access first time Palo Alto Networks Next-Generation Firewalls.
o PA Firewalls can be accessed by either out-of-band management port labelled as MGT.
o Or Palo Alto Firewalls can be accessed by a Serial Console port (similar to Cisco devices).
o MGT port, separate management functions of firewall from data processing functions.
o All initial configurations be performed either on out-of-band management interface.
o Or all initial configurations of firewall be performed by using a serial console port.
o The serial port need standard roll over cable to used to connect to Palo Alto Firewall.
o To access the Palo Alto Networks Firewall for the first time through the MGT port,
o You need to connect a laptop to the MGT port using a straight-thru Ethernet cable.
o By default, the web GUI interface is accessed through 192.168.1.1 /24 IP Address.
o By default, Web GUI & CLI login credentials Username: admin and Password: admin.
-
6Installing Palo Alto Firewall In GNS3.
In this video we gonna install Palo Alto Firewall in GNS3 Step by Step.
-
7Installing Palo Alto Firewall In EVE-NG
In this video we gonna install Palo Alto Firewall in EVE NG Step by Step.
Activate Licenses,Subscriptions & Updates
-
8Dashboard Introduction
Dashboard Tab:
The Dashboard widgets show general firewall information, such as the software version, status of each interface, resource utilization, and up to 10 entries for each of several log types; log widgets display entries from the last hour. By default, the Dashboard displays widgets in a Layout of 3 Columns, but you can customize the Dashboard to display only 2 Columns, instead.
-
9Console-Based Administration
CLI Access Modes:
Operational Mode:
o Use operational mode to view information about firewall & the traffic running through.
o Use to perform operations such as restarting, loading configuration, or shutting down.
o When log in to Firewall , the Command Line Interface (CLI) opens in operational mode.
o Palo Alto Firewall Operational Mode, command prompt sign is a greater then sing ( >).
Configuration Mode:
o Use configuration mode to view and modify the Palo Alto Firewall configuration.
o You can switch between operational mode and configuration mode at any time.
o Command prompt changes from a > to a #, indicating that successfully changed modes.
o Switch from configuration mode to operational mode, use either quit or exit command.
o To enter operational mode command while in configuration mode, use the run command.
-
10DNS & NTP Management Services
DNS Server:
o DNS Stands for Domain Name System or Domain Name Server.
o DNS is a large database, which resides on various computers.
o DNS contains names & IP addresses of hosts on Internet & various domains.
o DNS servers match domain names to their associated IP addresses.
o The Domain Name Systems (DNS) is the phonebook of the Internet.
o DNS convert IP Address to domain name & domain name into IP address.
o DNS names are assigned through the Internet Registries by the IANA.
o There are 13 root name servers from a.root-server.net to m.root-server.net.
o 13 DNS root name servers can be check on this link http://www.root-servers.org.
o DNS primarily uses User Datagram Protocol on port number 53 to serve requests.
o Domain name system of the Internet works in an inverted tree structure.
o The TLD is the letters immediately following the final dot in an Internet address.
o In Internet address, http://mail.google.com, com is the top-level domain name.
o Google is the second-level domain name and mail is a subdomain name.
o Altogether, http://mail.google.com is fully qualified domain name (FQDN).
o Addition of HTTP:// makes a fully qualified domain name FQDN complete URL.
Basic of Palo Alto Firewall
Security Policies
-
15Virtual Router, Default & RIPv2
Routed Protocols:
o Routed protocols are the actual data that is transferred from router to router.
o Examples of routed protocols are Internet Protocol (IP) such as IPV4 and IPV6.
o Routed Protocol is used to send user data from one network to another network.
o Routed Protocol carries user traffic such as e-mails, file transfers, web traffic etc.
o Used between routers to direct user traffic, it is also called network protocols.
That are signs at intersections that point to nearby cities, giving mileage to each
-
16Redistribute and OSPF
Dynamic Routing:
o Dynamic routing protocols can dynamically respond to changes in the network.
o Routing protocol is configured on each device & device learn about both each other.
o Dynamic routing table is created, maintained and updates by routing protocol.
o Examples of Dynamic routing protocols includes RIPv2, OSPFV3 and OSPF and BGP.
o Dynamic routing protocols share routing updates with neighbors and find best path.
o Dynamically choose a different route if a link goes also updates are dynamically.
o Also, Dynamic Protocols has the ability to load balance between multiple links.
o Dynamic Routing protocols put additional load on devices CPU and RAM.
o The choice of the best route is on the hands of the Dynamic Routing Protocol.
Objects in Palo Alto Firewall
-
17Security Policy Concepts
Security Policy Concepts:
o Palo Alto Firewalls uses security policies to either allow or deny an access.
o It allow to enforce rules and take action and can be as general or specific.
o The policy rules are compared against the incoming traffic in sequence.
o Traffic is processed by the security policy in a top-down, left to right flow.
o For traffic that does not match any user-defined rules, the default rules apply.
o The default rules displayed at the bottom of the security rulebase are predefined.
o Palo Alto Firewalls Security Policies comprises of a list of security policy rules.
o Palo Alto Firewalls basics Security Policy only includes source & destination zone.
o Advance includes Source/Destination Address, ports, application, URL Categories etc.
o Palo Alto Firewalls Security Policy, Sessions are established for bidirectional data flow.
o Columns of Security Policy page can be customized for preferred information to display.
o In PA Firewall there are three types of security rules Intrazone, Interzone and Universal.
o Intrazone – All traffic within a zone. this traffic is allowed by default in Palo Alto Firewall.
o Interzone – All traffic between zones. This traffic is blocked by default in Palo Alto Firewall.
o Universal – Allowing all traffic between source & destination any Intrazone or Interzone.
o In Palo Alto Firewalls, any created Security policy rules have traffic logged by default.
o System created rules Intrazone and Interzone at the end are not the traffic logged.
o For pre-defined allow/deny rules, choose override to set logging or other profile settings.
o Rules are evaluated from top to bottom, when match is found, no further eval is done.
o If not, Palo Alto Firewall keeps on looking for match until the last rule is evaluated.
o In Palo Alto Firewall if there were no matches found the session will be dropped.
o Rule Shadowing is when multiple security policy rules match the same scope of traffic.
o Security policy rule can be reordered, disabled, deleted, added and can be cloned.
o Unused rules can be shown by clicking the ‘Highlight Unused Rules’ checkbox at bottom.
o In every Security Policy must include, Source Zone, Destination Zone, and Action.
o Security policies also include: Source IP, Destination IP, User, Application, Service & URL’s.
o Security rules additional actions (logging, vuln/av/malware profiles, scheduling and QoS).
o Palo Alto Firewalls, in Security Policy Rules, Scheduling can set times when a rule is allowed.
o There is limit to number of security profiles as well as security rules that can be configured.
o All traffic pass through dataplane of Palo Alto firewall is matched against a security policy.
o This doesn't include traffic originating from the management interface of the firewall.
-
18Security Policy Schedules,Shadows Rule
Shadows Rule:
o When committing configuration, warning may appear that one rule "shadows" another rule.
o Shadow rule warning generally indicates more broad rule matching criteria is configured.
o Avoid "Rule Shadowing" by placing more specific rules above the larger scope rules.
o When committing the shadow rule can also appear if there are unresolved FQDNs.
o Policy-1 is configured which indicates more broad rule matching criteria, application is any.
o Policy-2 is configured which indicates more specific rule application is web-browsing only.
SSL Forward Proxy
-
20Security Profiles & Antivirus Profiles
Security Profiles:
o Palo Alto firewall Security Profiles are added to the end of security policy rules.
o After a packet has been allowed by the security policy, security profiles are used.
o Security Profile scan packets for threats, vulnerabilities, viruses, and spyware.
o Security Profile also scan packets for malicious URLs, and exploitation software.
o Security Profile check and scanned the traffic for suspicious file uploads also.
o Allowed traffic is analyzed for virus, spyware or content using security profile.
o Threat log keeps records of vulnerability, AV, Anti-Spyware that can be reviewed.
-
21Anti-Spyware Profiles
Anti-Spyware Profiles:
o Anti-Spyware Profiles help to control spyware, contains own ruleset.
o Anti-Spyware Profile contains its own ruleset to detect & process threats.
o There are already two included predefined read only profiles default & strict.
o These can be cloned for making custom, or new profile can be built from scratch.
o Default action will be applied to traffic, generally used for the initial deployments.
o Strict implementation of the profiles used for the ‘out of the box’ protection.
o Best Practice is to create to network design, deployment & company security policy.
o Each profile can contain several rules to apply policy based on severity or type of spyware.
-
22Vulnerability Protection Profiles
Vulnerability Protection Profiles:
o Vulnerability is security weakness which is going to get compromised by Hackers.
o Vulnerability protection detects attempts to exploit known software vulnerabilities.
o It determines the level of protection against buffer overflows, illegal code execution.
o It determines level of protection other attempts to exploit system vulnerabilities.
o There are already two included predefined read only profiles default & strict.
o These can be cloned for making custom, or new profile can be built from scratch.
o Default action will be applied to traffic, generally used for the initial deployments.
o Default profile applies default action critical, high & medium severity vulnerabilities.
o Default profile does not detect low and informational vulnerability protection events.
o Strict implementation of the profiles used for the ‘out of the box’ protection.
o It applies block response to critical, high and medium severity spyware events.
o It uses the default action for low and informational vulnerability protection events.
o In Vulnerability Protection Exceptions can be set to override the actions on rules.
o In Vulnerability Protection this can be used to override false detection being detected.
-
23URL Filtering Profiles
URL Filtering Profile:
o Using URL filtering to block outbound communication to known malicious URLs.
o Reduction of the risk of infection from dangerous websites and protection of users
o In PA Firewall URL filtering classifies and controls web browsing based on content.
o URL filtering automatically prevents attacks that leverage web as an attack vector.
o Including phishing links in emails, phishing sites, HTTP‐based command and control.
o URL Filtering prevents attacks includes malicious sites & pages that carry exploit kits.
o Palo Alto Networks URL filtering solution supports both BrightCloud and PAN-DB.
o URL Filtering with enables safe web access, protecting users from dangerous websites.
o PAN-DB is our URL & IP database, designed to fulfill an enterprise’s web security needs.
o URL Filtering protecting users from malware sites, credential-phishing pages & threats.
o To do URL Filtering, Application should be allowed in PA Firewall Security Policy Rule.
o There is already one included predefined read only profiles with name default.
o This can be cloned for making custom, or new profile can be built from scratch.
o Custom profile can be created based on your company’s internal security policies.
o URL filtering should be customized to meet the unique needs of your organization.
o A URL filtering profile can be configured to take specific actions per each category.
o Allow list and block lists can be used to add sites you don’t want the users to access.
o User’s name will be displayed on the page if UserID is enabled; otherwise the IP add.
o If Continue or Override is used, 15-minute timer is set to allow access to that category.
o Transparent mode can be used make block pages look to originate from blocked website.
o Redirect will send request to specified IP; this IP must be an L3 interface on the firewall.
-
24File Blocking Profiles
This video is all about File Blocking profile.
-
25WildFire Analysis Profile
This video is all about WildFire Analysis Profile configuration and verification.
-
26Data Filtering Profile
This video is all about Data Filtering Profile configuration and verification.
-
27Security Profile Groups
All about Security Profile Group how to create and apply.
Network Address Translation
Palo Alto Firewall Deployment Methods
Service Route Configuration
-
30Layer 2 Deployment
How to deploy Palo Alto Firewall as Layer 2.
-
31Tap Mode Deployment
Tap Mode Deployment:
o TAP Mode deployment allows passive monitoring of the traffic flow across a network.
o TAP mode using the Switch Port Analyzer (SPAN) feature also known as mirroring.
o A typical deployment involve the configuration of SPAN on Cisco Switches.
o Destination SPAN port is the switch port to which our Palo Alto Firewall connects.
o The advantage of this deployment model to closely monitor traffic to their servers.
o Other advantage is network without requiring any changes to network infrastructure.
o Palo Alto Firewall Tap Mode offers visibility of application, user and content.
o In Tap mode, firewall is unable to control the traffic as no security rules can be applied.
o Palo Alto Tap mode deployment simply offers visibility in the ACC tab of the dashboard.
o The catch here is to ensure that the tap interface is assigned to a security zone.
-
32Virtual Wire Deployment
About Virtual Wire Deployment
User-ID (User Identification)
Palo Alto Firewall App-ID
-
34User-ID (User Identification)
User-ID (User Identification):
o Security infrastructure is based on three pillars application, user and content.
o The User Identification is a Palo Alto Networks next-generation firewall feature.
o User-ID, as opposed to IP address, is integral component of security infrastructure.
o User-ID, knowing which who is using each of the applications on your network.
o Who have transmitted threat or transferring files can strengthen security policies.
o User-Id technology not only identifies users with usernames but also IP Address.
o Create policies & display logs and reports based on usernames and group names.
o User-ID technology provide Visibility, Policy control, & Logging, reporting, forensics.
o Firewall collects Group Mapping info by connecting directly to LDAP directory server.
o Visibility into what users are doing on the network becomes increasingly important.
o Full visibility into user activity on the network & user-based policy control & reporting.
o Improved visibility into application usage and more relevant picture of network activity.
o Configuring User-ID enables ACC, App Scope, reports, and logs to include usernames.
o User-ID enables you to identify all users on your network using a variety of techniques.
o User-ID, when tied to the application activity, provides you with more complete visibility.
o Greater policy control, and more granular logging, reporting and forensics capabilities.
o Main things provide by User-ID is Visibility, Policy control & Logging, reporting, forensics.
o User-ID integrates Palo Alto firewall functionality with wide range of user repositories.
-
35LADAP Integration
How to integrate Palo Alto firewall with Active Directory
VPN Virtual Private Network
High Availability
Backup & Restore
Monitoring and Reporting
Configure RADIUS Authentication
-
42Configure & Verify Syslogs
In this video student will learn about how to configure Syslog and verify.
-
43Logs Type in Palo Alto Firewall
All about log types in Palo Alto firewall.
-
44Packet Capture GUI and CLI
Packet Capture through GUI and CLI and verification
-
45Monitoring Reports App Scope
Monitoring Reports and App Scope
-
46ACC (Application Command Center)
In this video student will learn about Application Command Center ACC tab
-
47Configure and Verify NetFlow
Student will learn how to configure and verify NetFlow in Palo Alto Firewall
-
48Configure and Verify SNMP
In part of lecture student will learn about SNMP configuration in Palo Alto Firewall