Book Image

Mastering Palo Alto Networks

By : Tom Piens aka Piens aka 'reaper'
Book Image

Mastering Palo Alto Networks

By: Tom Piens aka Piens aka 'reaper'

Overview of this book

To safeguard against security threats, it is crucial to ensure that your organization is effectively secured across networks, mobile devices, and the cloud. Palo Alto Networks’ integrated platform makes it easy to manage network and cloud security along with endpoint protection and a wide range of security services. With this book, you'll understand Palo Alto Networks and learn how to implement essential techniques, right from deploying firewalls through to advanced troubleshooting. The book starts by showing you how to set up and configure the Palo Alto Networks firewall, helping you to understand the technology and appreciate the simple, yet powerful, PAN-OS platform. Once you've explored the web interface and command-line structure, you'll be able to predict expected behavior and troubleshoot anomalies with confidence. You'll learn why and how to create strong security policies and discover how the firewall protects against encrypted threats. In addition to this, you'll get to grips with identifying users and controlling access to your network with user IDs and even prioritize traffic using quality of service (QoS). The book will show you how to enable special modes on the firewall for shared environments and extend security capabilities to smaller locations. By the end of this network security book, you'll be well-versed with advanced troubleshooting techniques and best practices recommended by an experienced security engineer and Palo Alto Networks expert.

Related Content you might be interested in

Current Title:

Small book image
Mastering Palo Alto Networks
Tom Piens aka Piens aka 'reaper'
Sep, 2020 | 514 pages
No titles found
Table of Contents (18 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: First Steps and Basic Configuration
Section 1: First Steps and Basic Configuration
Free Chapter
2
Chapter 1: Understanding the Core Technologies
Chapter 1: Understanding the Core Technologies
Technical requirements
Understanding the zone-based firewall
Understanding App-ID and Content-ID
The management and data plane
Authenticating users with User-ID
Summary
3
Chapter 2: Setting Up a New Device
Chapter 2: Setting Up a New Device
Technical requirements
Gaining access to the user interface
Adding licenses and setting up dynamic updates
Upgrading the firewall
Hardening the management interface
Understanding the interface types
4
Section 2: Advanced Configuration and Putting the Features to Work
Section 2: Advanced Configuration and Putting the Features to Work
5
Chapter 3: Building Strong Policies
Chapter 3: Building Strong Policies
Technical requirements
Understanding and preparing security profiles
Understanding and building security rules
Creating NAT rules
Summary
6
Chapter 4: Taking Control of Sessions
Chapter 4: Taking Control of Sessions
Technical requirements
Controlling the bandwidth with quality of service policies
Leveraging SSL decryption to break open encrypted sessions
Redirecting sessions over different paths using policy-based forwarding
Summary
7
Chapter 5: Services and Operational Modes
Chapter 5: Services and Operational Modes
Technical requirements
Applying a DHCP client and DHCP server
Configuring a DNS proxy
Setting up high availability
Enabling virtual systems
Managing certificates
Summary
8
Chapter 6: Identifying Users and Controlling Access
Chapter 6: Identifying Users and Controlling Access
Technical requirements
User-ID basics
Configuring group mapping
Setting up a captive portal
Using an API for User-ID
User credential detection
Summary
9
Chapter 7: Managing Firewalls through Panorama
Chapter 7: Managing Firewalls through Panorama
Technical requirements
Setting up Panorama
Device groups
Setting up templates and template stacks
Panorama management
Summary
10
Section 3: Maintenance and Troubleshooting
Section 3: Maintenance and Troubleshooting
11
Chapter 8: Upgrading Firewalls and Panorama
Chapter 8: Upgrading Firewalls and Panorama
Technical requirements
Documenting the key aspects
Preparing for the upgrade
The upgrade process
The rollback procedure
Special case for upgrading older hardware
The downgrade procedure
Summary
12
Chapter 9: Logging and Reporting
Chapter 9: Logging and Reporting
Technical requirements
Log storage and forwarding
Configuring log collectors and log collector groups
Logging Service
External logging
Configuring log forwarding
Reporting
The Application Command Center
Filtering logs
Summary
13
Chapter 10: VPN and Advanced Protection
Chapter 10: VPN and Advanced Protection
Technical requirements
Setting up the VPN
Custom applications and threats
Zone protection and DoS protection
Summary
14
Chapter 11: Troubleshooting Common Session Issues
Chapter 11: Troubleshooting Common Session Issues
Technical requirements
Using the tools at our disposal
Interpreting session details
Using the troubleshooting tool
Using maintenance mode to resolve and recover from system issues
Summary
15
Chapter 12: A Deep Dive into Troubleshooting
Chapter 12: A Deep Dive into Troubleshooting
Technical requirements
Understanding global counters
Analyzing session flows
Debugging processes
CLI troubleshooting commands cheat sheet
Summary
16
Chapter 13: Supporting Tools
Chapter 13: Supporting Tools
Technical requirements
Integrating Palo Alto Networks with Splunk
Monitoring with Pan(w)achrome
Threat intelligence with MineMeld
Exploring the API
Summary
17
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

The management and data plane

There are two main planes that make up a firewall, the data plane and the management plane, which are physical or logical boards that perform specific functions. All platforms have a management plane. Larger platforms like the PA-5200 come with 2 to 3 data planes and the largest platforms have replaceable hardware blades (line cards) that have up to 3 data plane equivalents per line card and can hold up to 10 line cards. The smaller platforms like the PA-220 only have the one hardware board that virtually splits up responsibilities among its CPU cores.

The management plane is where all administrative tasks happen. It serves the web interfaces used by the system to allow configuration, provide URL filtering block pages, and serve the client VPN portal. It performs cloud lookups for URL filtering and DNS security, and downloads and installs content updates onto the data plane. It also performs the logic part of routing and communicates with dynamic routing peers and neighbors. Authentication, User-ID, logging, and many other supporting functions that are not directly related to processing packets.

The data plane is responsible for processing flows and performs all the security features associated with the next-generation firewall. It scans sessions for patterns and heuristics. It maintains IPSec VPN connections and has hardware offloading to provide wire-speed throughputs. Due to its architecture and the use of interconnected specialty chips, all types of scanning can happen in parallel as each chip processes packets simultaneously and reports its findings.

A switch fabric enables communication between planes so the data plane can send lookup requests to the management plane, and the management plane can send configuration updates and content updates.

Another important feature is the ability to identify users and apply different security policies based on identity or group membership.

Previous Section
End of Section 5
Next Section