Book Image

Mastering Palo Alto Networks - Second Edition

By : Tom Piens aka Piens aka 'reaper'

Book Image

Mastering Palo Alto Networks - Second Edition

By: Tom Piens aka Piens aka 'reaper'

Overview of this book

Palo Alto Networks’ integrated platform makes it easy to manage network and cloud security along with endpoint protection and a wide range of security services. This book is an end-to-end guide to configure firewalls and deploy them in your network infrastructure. You will see how to quickly set up, configure and understand the technology, and troubleshoot any issues that may occur. This book will serve as your go-to reference for everything from setting up to troubleshooting complex issues. You will learn your way around the web interface and command-line structure, understand how the technology works so you can confidently predict the expected behavior, and successfully troubleshoot any anomalies you may encounter. Finally, you will see how to deploy firewalls in a cloud environment, and special or unique considerations when setting them to protect resources. By the end of this book, for your configuration setup you will instinctively know how to approach challenges, find the resources you need, and solve most issues efficiently.

Preface

Who this book is for

What this book covers

To get the most out of this book

Understanding the Core Technologies

Understanding the Core Technologies

Technical requirements

Understanding the zone-based firewall

Understanding App-ID and Content-ID

The management and data plane

Authenticating and authorizing users with User-ID

Free Chapter

Setting Up a New Device

Setting Up a New Device

Technical requirements

Gaining access to the user interface

Adding licenses and setting up dynamic updates

Upgrading the firewall

Hardening the management interface

Understanding the interface types

Building Strong Policies

Building Strong Policies

Technical requirements

Understanding and preparing security profiles

Understanding and building security rules

Creating NAT rules

Taking Control of Sessions

Taking Control of Sessions

Technical requirements

Controlling the bandwidth with quality-of-service policies

Leveraging SSL decryption to look inside encrypted sessions

Redirecting sessions over different paths using policy-based forwarding

Services and Operational Modes

Services and Operational Modes

Technical requirements

Applying a DHCP client and DHCP server

Configuring a DNS proxy

Setting up High Availability

Enabling virtual systems

Managing certificates

Identifying Users and Controlling Access

Identifying Users and Controlling Access

Technical requirements

Configuring group mapping

Setting up a captive portal

Using an API for User-ID

User credential detection

Managing Firewalls through Panorama

Managing Firewalls through Panorama

Technical requirements

Setting up Panorama

Setting up templates and template stacks

Panorama management

Upgrading Firewalls and Panorama

Upgrading Firewalls and Panorama

Technical requirements

Documenting the key aspects

Preparing for the upgrade

The upgrade process

The rollback procedure

The downgrade procedure

Special case for upgrading older hardware

Logging and Reporting

Logging and Reporting

Technical requirements

Configuring log collectors and log collector groups

Cortex Data Lake logging service

External logging

Configuring log forwarding

The Application Command Center

Virtual Private Networks

Virtual Private Networks

Technical requirements

Setting up the VPN

Advanced Protection

Advanced Protection

Technical requirements

Custom applications and threats

Zone protection and DoS protection

Troubleshooting Common Session Issues

Troubleshooting Common Session Issues

Technical requirements

Using the tools at our disposal

Interpreting session details

Using the troubleshooting tool

Using maintenance mode to resolve and recover from system issues

A Deep Dive into Troubleshooting

A Deep Dive into Troubleshooting

Technical requirements

Understanding global counters

Analyzing session flows

Debugging processes

CLI troubleshooting commands cheat sheet

Cloud-Based Firewall Deployment

Cloud-Based Firewall Deployment

Technical requirements

Licensing a cloud firewall

Deploying a firewall in Azure from the Marketplace

Bootstrapping a firewall

Putting the firewall in-line

Supporting Tools

Supporting Tools

Technical requirements

Integrating Palo Alto Networks with Splunk

Monitoring with Pan(w)achrome

Threat intelligence with MineMeld

Exploring the API

Other Books You May Enjoy

Other Books You May Enjoy

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Taking Control of Sessions

In this chapter, you will see how you can ensure business-critical or latency-sensitive applications do not run out of bandwidth and less important applications are prevented from consuming too much. You will learn how to bypass the routing table and make exceptions for certain sessions, as well as how to decrypt encrypted sessions and look within them to determine actual applications and stop threats.

In this chapter, we’re going to cover the following main topics:

Controlling the bandwidth with quality-of-service policies
Leveraging SSL decryption to look inside encrypted sessions
Redirecting sessions over different paths using policy-based forwarding

By the end of this chapter, you will have learned how to look inside encrypted TLS sessions so threats can be stopped, manipulate how sessions are forwarded regardless of the routing table, and make the best of your available bandwidth.