Book Image

Securing Remote Access in Palo Alto Networks

By : Tom Piens aka Piens aka 'reaper'
Book Image

Securing Remote Access in Palo Alto Networks

By: Tom Piens aka Piens aka 'reaper'

Overview of this book

This book builds on the content found in Mastering Palo Alto Networks, focusing on the different methods of establishing remote connectivity, automating log actions, and protecting against phishing attacks through user credential detection. Complete with step-by-step instructions, practical examples, and troubleshooting tips, you will gain a solid understanding of how to configure and deploy Palo Alto Networks remote access products. As you advance, you will learn how to design, deploy, and troubleshoot large-scale end-to-end user VPNs. Later, you will explore new features and discover how to incorporate them into your environment. By the end of this Palo Alto Networks book, you will have mastered the skills needed to design and configure SASE-compliant remote connectivity and prevent credential theft with credential detection.

Related Content you might be interested in

Current Title:

Small book image
Securing Remote Access in Palo Alto Networks
Tom Piens aka Piens aka 'reaper'
Jul, 2021 | 336 pages
Small book image
Mastering Palo Alto Networks
Tom Piens aka reaper
Jun, 2022 | 636 pages
Small book image
OPNsense Beginner to Professional
Julio Cesar Bueno de Camargo
Jun, 2022 | 464 pages
Small book image
CCNA Security 210-260 Certification Guide
Glen D Singh | Vijay Anandh | Michael Vinod
Jun, 2018 | 518 pages
Table of Contents (11 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Code in Action
Download the colour images
Conventions used
Get in touch
Reviews
1
Section 1: Leveraging the Cloud and Enabling Remote Access
Section 1: Leveraging the Cloud and Enabling Remote Access
Free Chapter
2
Chapter 1: Centralizing Logs
Chapter 1: Centralizing Logs
Technical requirements
Understanding log forwarding profiles and best practices
Learning about Panorama and log collectors
Forwarding logs to syslog, SMTP, and other options
Exploring log forwarding profiles
Troubleshooting logs and log forwarding
Summary
3
Chapter 2: Configuring Advanced GlobalProtect Features
Chapter 2: Configuring Advanced GlobalProtect Features
Technical requirements
Learning about advanced configuration features
Leveraging quarantine to isolate agents
Practical troubleshooting for GlobalProtect issues
Summary
4
Chapter 3: Setting up Site-to-Site VPNs and Large-Scale VPNs
Chapter 3: Setting up Site-to-Site VPNs and Large-Scale VPNs
Technical requirements
Configuring a site-to-site VPN connection
Summary
5
Chapter 4: Configuring Prisma Access
Chapter 4: Configuring Prisma Access
Technical requirements
Configuring Prisma Access
Configuring the service infrastructure
Configuring the service connection
Configuring directory sync
Configuring mobile users
Configuring remote networks
Configuring the remote firewalls
Configuring Cortex Data Lake
Summary
6
Section 2: Tools, Troubleshooting, and Best Practices
Section 2: Tools, Troubleshooting, and Best Practices
7
Chapter 5: Enabling Features to Improve Your Security Posture
Chapter 5: Enabling Features to Improve Your Security Posture
Technical requirements
Hardening the management interface
EDLs
Summary
8
Chapter 6: Anti-Phishing with User Credential Detection
Chapter 6: Anti-Phishing with User Credential Detection
Technical requirements
Preparing the firewall for credential detection
Using IP user mapping for credential detection
Using group mapping for credential detection
Using domain credential filter
Summary
9
Chapter 7: Practical Troubleshooting and Best Practices Tools
Chapter 7: Practical Troubleshooting and Best Practices Tools
Technical requirements
Troubleshooting User-ID
Troubleshooting NAT
BPA tool
Summary
Why subscribe?
10
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

Learning about Panorama and log collectors

To enable log forwarding to Panorama, the firewall must be connected to a Panorama server. This can be achieved by adding the Panorama IP via Device > Setup > Panorama Settings, as shown in the following screenshot:

Figure 1.3 – Panorama settings on the firewall

Figure 1.3 – Panorama settings on the firewall

Once the firewall has established a connection with Panorama, Panorama sets its external logging destinations to what you specify in the collector group configuration.

As shown in the following screenshot, enabling Enable log redundancy across collectors will ensure each log entry has a copy on a different log collector in the same group. Enabling Forward to all collectors in the preference list will let PA-5200 and PA-7000 devices forward to all collectors in a preference list, managed by Panorama in a round-robin fashion. Otherwise, the default behavior is to send logs to the first available collector in the list:

Figure 1.4 – Collector Group general settings

Figure 1.4 – Collector Group general settings

In the Device Log Forwarding tab, you can select firewall devices and assign a list of collectors that they may send logs to. The first member of a collector group is the primary collector; firewalls will send their logs to this collector for as long as it is available, using the next collector down the list as a fallback collector for redundancy. In the following screenshot, we have two firewalls that have different preferences assigned for the two available collectors. The firewall called PANgurus will send logs to Panorama itself, while the RemoteLAB firewall will send logs to Collector. If one of the log destinations becomes unavailable, the firewalls will fall back to the second collector in the list:

Figure 1.5 – Device log forwarding

Figure 1.5 – Device log forwarding

In the next section, we will review other useful log forwarding options.

Previous Section
End of Section 4
Next Section