Mastering Palo Alto Networks

Mastering Palo Alto Networks

by Tom Piens
Released September 2020
Publisher(s): Packt Publishing
ISBN: 9781789956375

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Set up next-generation firewalls from Palo Alto Networks and get to grips with configuring and troubleshooting using the PAN-OS platform

Key Features

  • Understand how to optimally use PAN-OS features
  • Build firewall solutions to safeguard local, cloud, and mobile networks
  • Protect your infrastructure and users by implementing robust threat prevention solutions

Book Description

To safeguard against security threats, it is crucial to ensure that your organization is effectively secured across networks, mobile devices, and the cloud. Palo Alto Networks' integrated platform makes it easy to manage network and cloud security along with endpoint protection and a wide range of security services. With this book, you'll understand Palo Alto Networks and learn how to implement essential techniques, right from deploying firewalls through to advanced troubleshooting.

The book starts by showing you how to set up and configure the Palo Alto Networks firewall, helping you to understand the technology and appreciate the simple, yet powerful, PAN-OS platform. Once you've explored the web interface and command-line structure, you'll be able to predict expected behavior and troubleshoot anomalies with confidence. You'll learn why and how to create strong security policies and discover how the firewall protects against encrypted threats. In addition to this, you'll get to grips with identifying users and controlling access to your network with user IDs and even prioritize traffic using quality of service (QoS). The book will show you how to enable special modes on the firewall for shared environments and extend security capabilities to smaller locations.

By the end of this network security book, you'll be well-versed with advanced troubleshooting techniques and best practices recommended by an experienced security engineer and Palo Alto Networks expert.

What you will learn

  • Perform administrative tasks using the web interface and command-line interface (CLI)
  • Explore the core technologies that will help you boost your network security
  • Discover best practices and considerations for configuring security policies
  • Run and interpret troubleshooting and debugging commands
  • Manage firewalls through Panorama to reduce administrative workloads
  • Protect your network from malicious traffic via threat prevention

Who this book is for

This book is for network engineers, network security analysts, and security professionals who want to understand and deploy Palo Alto Networks in their infrastructure. Anyone looking for in-depth knowledge of Palo Alto Network technologies, including those who currently use Palo Alto Network products, will find this book useful. Intermediate-level network administration knowledge is necessary to get started with this cybersecurity book.

Table of contents

  1. Table of Contents
  2. Preface
  3. Who this book is for
  4. What this book covers
  5. To get the most out of this book
  6. Download the example code files
  7. Code in Action
  8. Download the color images
  9. Conventions used
  10. Get in touch
  11. Reviews
  12. Section 1: First Steps and Basic Configuration
  13. Chapter 1: Understanding the Core Technologies
  14. Technical requirements
  15. Understanding the zone-based firewall
    1. Expected behavior when determining zones
  16. Understanding App-ID and Content-ID
    1. How App-ID gives more control
    2. How Content-ID makes things safe
  17. The management and data plane
  18. Authenticating users with User-ID
  19. Summary
  20. Chapter 2: Setting Up a New Device
  21. Technical requirements
  22. Gaining access to the user interface
    1. Connecting to the web interface and CLI
  23. Adding licenses and setting up dynamic updates
    1. Creating a new account
    2. Registering a new device
    3. Activating licenses
    4. Downloading and scheduling dynamic updates
  24. Upgrading the firewall
    1. Understanding the partitions
    2. Upgrade considerations
    3. Upgrading via the CLI
    4. Upgrading via the web interface
  25. Hardening the management interface
    1. Limiting access via an access List
    2. Accessing internet resources from offline management
    3. Admin accounts
  26. Understanding the interface types
    1. VWire
    2. The Layer 3 interface
    3. The Layer 2 interface and VLANs
    4. The loopback interface
    5. The tunnel interface
    6. Subinterfaces
    7. HA interfaces
    8. AE interfaces
    9. Tap interfaces
    10. The Decryption Port Mirror interface
  27. Section 2: Advanced Configuration and Putting the Features to Work
  28. Chapter 3: Building Strong Policies
  29. Technical requirements
  30. Understanding and preparing security profiles
    1. The Antivirus profile
    2. The Anti-Spyware profile
    3. The Vulnerability Protection profile
    4. URL filtering
    5. The file blocking profile
    6. The WildFire Analysis profile
    7. Custom objects
    8. Security profile groups
  31. Understanding and building security rules
    1. Dropping "bad" traffic
    2. Allowing applications
    3. Controlling logging and schedules
    4. Address objects
    5. Tags
    6. Policy Optimizer
  32. Creating NAT rules
    1. Inbound NAT
    2. Outbound NAT
  33. Summary
  34. Chapter 4: Taking Control of Sessions
  35. Technical requirements
  36. Controlling the bandwidth with quality of service policies
    1. DSCP and ToS headers
    2. QoS enforcement in the firewall
  37. Leveraging SSL decryption to break open encrypted sessions
    1. SSH proxy
    2. SSL forward proxy
    3. SSL Inbound Inspection
  38. Redirecting sessions over different paths using policy-based forwarding
    1. Redirecting critical traffic
    2. Load balancing
  39. Summary
  40. Chapter 5: Services and Operational Modes
  41. Technical requirements
  42. Applying a DHCP client and DHCP server
    1. DHCP client
    2. DHCP server and relay
  43. Configuring a DNS proxy
  44. Setting up high availability
    1. Active/Passive mode
    2. Active/Active mode
    3. Firewall states
    4. High-availability interfaces
    5. Setting up Active/Passive mode
    6. Setting up Active/Active
  45. Enabling virtual systems
    1. Creating a new VSYS
    2. Inter-VSYS routing
    3. Creating a shared gateway
  46. Managing certificates
  47. Summary
  48. Chapter 6: Identifying Users and Controlling Access
  49. Technical requirements
  50. User-ID basics
    1. Preparing Active Directory and setting up the agents
  51. Configuring group mapping
  52. Setting up a captive portal
    1. Authenticating users
  53. Using an API for User-ID
  54. User credential detection
  55. Summary
  56. Chapter 7: Managing Firewalls through Panorama
  57. Technical requirements
  58. Setting up Panorama
    1. Initial Panorama configuration
    2. Panorama logging
  59. Device groups
    1. Adding managed devices
    2. Preparing device groups
    3. Creating policies and objects
    4. Important things to know when creating objects in device groups
  60. Setting up templates and template stacks
  61. Panorama management
    1. Device deployment
    2. Migrating unmanaged to managed devices
    3. Panorama HA
    4. Tips and tricks
  62. Summary
  63. Section 3: Maintenance and Troubleshooting
  64. Chapter 8: Upgrading Firewalls and Panorama
  65. Technical requirements
  66. Documenting the key aspects
    1. Upgrade considerations
  67. Preparing for the upgrade
  68. The upgrade process
    1. Upgrading a single Panorama instance
    2. Upgrading a Panorama HA cluster
    3. Upgrading a single firewall
    4. Upgrading a firewall cluster
    5. Upgrading log collectors (or firewalls) through Panorama
    6. After the upgrade
  69. The rollback procedure
  70. Special case for upgrading older hardware
  71. The downgrade procedure
  72. Summary
  73. Chapter 9: Logging and Reporting
  74. Technical requirements
  75. Log storage and forwarding
  76. Configuring log collectors and log collector groups
  77. Logging Service
  78. External logging
  79. Configuring log forwarding
    1. System logs
    2. Session logs
  80. Reporting
    1. Pre-defined reports
    2. Custom reports
  81. The Application Command Center
  82. Filtering logs
  83. Summary
  84. z: VPN and Advanced Protection
  85. Technical requirements
  86. Setting up the VPN
    1. Configuring the IPSec site-to-site VPN
    2. Configuring GlobalProtect
  87. Custom applications and threats
    1. Application override
    2. Signature-based custom applications
    3. Custom threats
  88. Zone protection and DoS protection
    1. System protection settings
    2. Configuring zone protection
    3. Configuring DoS protection
  89. Summary
  90. Chapter 11: Troubleshooting Common Session Issues
  91. Technical requirements
  92. Using the tools at our disposal
    1. Log files
    2. Packet captures
    3. Botnet reports
  93. Interpreting session details
  94. Using the troubleshooting tool
  95. Using maintenance mode to resolve and recover from system issues
  96. Summary
  97. Chapter 12: A Deep Dive into Troubleshooting
  98. Technical requirements
  99. Understanding global counters
  100. Analyzing session flows
    1. Preparation
    2. Execution
    3. Cleanup
    4. A practical example
  101. Debugging processes
  102. CLI troubleshooting commands cheat sheet
  103. Summary
  104. Chapter 13: Supporting Tools
  105. Technical requirements
  106. Integrating Palo Alto Networks with Splunk
  107. Monitoring with Pan(w)achrome
  108. Threat intelligence with MineMeld
  109. Exploring the API
  110. Summary
  111. Other Books You May Enjoy
  112. Leave a review - let other readers know what you think

Product information

  • Title: Mastering Palo Alto Networks
  • Author(s): Tom Piens
  • Release date: September 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781789956375