Book Image

Mastering Palo Alto Networks - Second Edition

By : Tom Piens aka Piens aka 'reaper'

Book Image

Mastering Palo Alto Networks - Second Edition

By: Tom Piens aka Piens aka 'reaper'

Overview of this book

Palo Alto Networks’ integrated platform makes it easy to manage network and cloud security along with endpoint protection and a wide range of security services. This book is an end-to-end guide to configure firewalls and deploy them in your network infrastructure. You will see how to quickly set up, configure and understand the technology, and troubleshoot any issues that may occur. This book will serve as your go-to reference for everything from setting up to troubleshooting complex issues. You will learn your way around the web interface and command-line structure, understand how the technology works so you can confidently predict the expected behavior, and successfully troubleshoot any anomalies you may encounter. Finally, you will see how to deploy firewalls in a cloud environment, and special or unique considerations when setting them to protect resources. By the end of this book, for your configuration setup you will instinctively know how to approach challenges, find the resources you need, and solve most issues efficiently.

Preface

Who this book is for

What this book covers

To get the most out of this book

Understanding the Core Technologies

Understanding the Core Technologies

Technical requirements

Understanding the zone-based firewall

Understanding App-ID and Content-ID

The management and data plane

Authenticating and authorizing users with User-ID

Free Chapter

Setting Up a New Device

Setting Up a New Device

Technical requirements

Gaining access to the user interface

Adding licenses and setting up dynamic updates

Upgrading the firewall

Hardening the management interface

Understanding the interface types

Building Strong Policies

Building Strong Policies

Technical requirements

Understanding and preparing security profiles

Understanding and building security rules

Creating NAT rules

Taking Control of Sessions

Taking Control of Sessions

Technical requirements

Controlling the bandwidth with quality-of-service policies

Leveraging SSL decryption to look inside encrypted sessions

Redirecting sessions over different paths using policy-based forwarding

Services and Operational Modes

Services and Operational Modes

Technical requirements

Applying a DHCP client and DHCP server

Configuring a DNS proxy

Setting up High Availability

Enabling virtual systems

Managing certificates

Identifying Users and Controlling Access

Identifying Users and Controlling Access

Technical requirements

Configuring group mapping

Setting up a captive portal

Using an API for User-ID

User credential detection

Managing Firewalls through Panorama

Managing Firewalls through Panorama

Technical requirements

Setting up Panorama

Setting up templates and template stacks

Panorama management

Upgrading Firewalls and Panorama

Upgrading Firewalls and Panorama

Technical requirements

Documenting the key aspects

Preparing for the upgrade

The upgrade process

The rollback procedure

The downgrade procedure

Special case for upgrading older hardware

Logging and Reporting

Logging and Reporting

Technical requirements

Configuring log collectors and log collector groups

Cortex Data Lake logging service

External logging

Configuring log forwarding

The Application Command Center

Virtual Private Networks

Virtual Private Networks

Technical requirements

Setting up the VPN

Advanced Protection

Advanced Protection

Technical requirements

Custom applications and threats

Zone protection and DoS protection

Troubleshooting Common Session Issues

Troubleshooting Common Session Issues

Technical requirements

Using the tools at our disposal

Interpreting session details

Using the troubleshooting tool

Using maintenance mode to resolve and recover from system issues

A Deep Dive into Troubleshooting

A Deep Dive into Troubleshooting

Technical requirements

Understanding global counters

Analyzing session flows

Debugging processes

CLI troubleshooting commands cheat sheet

Cloud-Based Firewall Deployment

Cloud-Based Firewall Deployment

Technical requirements

Licensing a cloud firewall

Deploying a firewall in Azure from the Marketplace

Bootstrapping a firewall

Putting the firewall in-line

Supporting Tools

Supporting Tools

Technical requirements

Integrating Palo Alto Networks with Splunk

Monitoring with Pan(w)achrome

Threat intelligence with MineMeld

Exploring the API

Other Books You May Enjoy

Other Books You May Enjoy

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Configuring group mapping

If you are able to identify users on your network, you are also able to create security rules to allow or limit their access to certain resources. Role-Based Access Control (RBAC) can easily be enforced by binding LDAP groups to security policies, granting members of a certain organization within your company exclusive and reliable access to the resources they need wherever they go.

To get started, we need to create an LDAP profile so we can fetch group information. Go to Device | Server Profiles | LDAP and create a new profile. You will need one LDAP profile per domain in a multidomain or forest configuration.

There needs to be at least one server, but there can be up to four for redundancy. Don’t forget to change the port (636 should be the default, 389 for legacy unencrypted systems) if you’re going to use TLS encryption:

Add at least one server by IP or FQDN and set the appropriate port (389 unencrypted, 636 for TLS).