Book Image

Securing Remote Access in Palo Alto Networks

By : Tom Piens aka Piens aka 'reaper'
Book Image

Securing Remote Access in Palo Alto Networks

By: Tom Piens aka Piens aka 'reaper'

Overview of this book

This book builds on the content found in Mastering Palo Alto Networks, focusing on the different methods of establishing remote connectivity, automating log actions, and protecting against phishing attacks through user credential detection. Complete with step-by-step instructions, practical examples, and troubleshooting tips, you will gain a solid understanding of how to configure and deploy Palo Alto Networks remote access products. As you advance, you will learn how to design, deploy, and troubleshoot large-scale end-to-end user VPNs. Later, you will explore new features and discover how to incorporate them into your environment. By the end of this Palo Alto Networks book, you will have mastered the skills needed to design and configure SASE-compliant remote connectivity and prevent credential theft with credential detection.
Table of Contents (11 chapters)
1
Section 1: Leveraging the Cloud and Enabling Remote Access
6
Section 2: Tools, Troubleshooting, and Best Practices

Configuring directory sync

Before we configure mobile users, we need to consider how user information such as group membership can be learned. An on-premises Panorama server can connect directly to the Active Directory servers to gather the required information, but a cloud-based management server does not have this access. For a cloud-based Panorama instance, we need to set up an additional service called Directory Sync so that it can collect user information. The remote networks and mobile users can also use Directory Sync or connect directly to Active Directory through the service connection.

Directory Sync can be activated via the Hub at https://apps.paloaltonetworks.com. On the landing, page scroll down until you see the corresponding tile, as shown in the following figure:

  1. Click Activate on the Directory Sync tile.

    On the next page, you can change the company account if you have multiple accounts, and set a user-friendly name for the connection. Make sure you select...