Securing Remote Access in Palo Alto Networks

Securing Remote Access in Palo Alto Networks

by Tom Piens
Released July 2021
Publisher(s): Packt Publishing
ISBN: 9781801077446

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Explore everything you need to know to set up secure remote access, harden your firewall deployment, and protect against phishing

Key Features

  • Learn the ins and outs of log forwarding and troubleshooting issues
  • Set up GlobalProtect satellite connections, configure site-to-site VPNs, and troubleshoot LSVPN issues
  • Gain an in-depth understanding of user credential detection to prevent data leaks

Book Description

This book builds on the content found in Mastering Palo Alto Networks, focusing on the different methods of establishing remote connectivity, automating log actions, and protecting against phishing attacks through user credential detection.

Complete with step-by-step instructions, practical examples, and troubleshooting tips, you will gain a solid understanding of how to configure and deploy Palo Alto Networks remote access products. As you advance, you will learn how to design, deploy, and troubleshoot large-scale end-to-end user VPNs. Later, you will explore new features and discover how to incorporate them into your environment.

By the end of this Palo Alto Networks book, you will have mastered the skills needed to design and configure SASE-compliant remote connectivity and prevent credential theft with credential detection.

What you will learn

  • Understand how log forwarding is configured on the firewall
  • Focus on effectively enabling remote access
  • Explore alternative ways for connecting users and remote networks
  • Protect against phishing with credential detection
  • Understand how to troubleshoot complex issues confidently
  • Strengthen the security posture of your firewalls

Who this book is for

This book is for anyone who wants to learn more about remote access for users and remote locations by using GlobalProtect and Prisma access and by deploying Large Scale VPN. Basic knowledge of Palo Alto Networks, network protocols, and network design will be helpful, which is why reading Mastering Palo Alto Networks is recommended first to help you make the most of this book.

Table of contents

  1. Securing Remote Access in Palo Alto Networks
  2. Contributors
  3. About the author
  4. About the reviewer
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Code in Action
    5. Download the colour images
    6. Conventions used
    7. Get in touch
    8. Reviews
  6. Section 1: Leveraging the Cloud and Enabling Remote Access
  7. Chapter 1: Centralizing Logs
    1. Technical requirements
    2. Understanding log forwarding profiles and best practices
      1. Allocating log storage
      2. Adding disk space to a VM firewall
    3. Learning about Panorama and log collectors
    4. Forwarding logs to syslog, SMTP, and other options
      1. SNMP trap server profile
      2. Syslog server profile
      3. Email server profile
      4. HTTP server profile
      5. Netflow Profile
      6. Configuring system log forwarding on the firewall
    5. Exploring log forwarding profiles
      1. Dynamic tagging
      2. Assigning log forwarding actions
    6. Troubleshooting logs and log forwarding
      1. Debugging log-receiver
      2. Reading system resources
      3. Using tcpdump
      4. Troubleshooting forwarding to a log collector
    7. Summary
  8. Chapter 2: Configuring Advanced GlobalProtect Features
    1. Technical requirements
    2. Learning about advanced configuration features
      1. Integrating SAML into authentication methods
      2. Setting up a VPN connection before the user has logged on
    3. Leveraging quarantine to isolate agents
    4. Practical troubleshooting for GlobalProtect issues
    5. Summary
  9. Chapter 3: Setting up Site-to-Site VPNs and Large-Scale VPNs
    1. Technical requirements
    2. Configuring a site-to-site VPN connection
      1. Static site-to-site tunnels
      2. Dynamic site-to-site tunnels
      3. Setting up the LSVPN
    3. Summary
  10. Chapter 4: Configuring Prisma Access
    1. Technical requirements
    2. Configuring Prisma Access
    3. Configuring the service infrastructure
    4. Configuring the service connection
    5. Configuring directory sync
    6. Configuring mobile users
    7. Configuring remote networks
    8. Configuring the remote firewalls
    9. Configuring Cortex Data Lake
    10. Summary
  11. Section 2: Tools, Troubleshooting, and Best Practices
  12. Chapter 5: Enabling Features to Improve Your Security Posture
    1. Technical requirements
    2. Hardening the management interface
      1. FIPS-CC mode
      2. Replacing the default certificates
      3. Setting minimum password complexity
      4. Configuring administrator roles
      5. Restricting access to the management interface
      6. Setting the master key
    3. EDLs
      1. MineMeld
    4. Summary
  13. Chapter 6: Anti-Phishing with User Credential Detection
    1. Technical requirements
    2. Preparing the firewall for credential detection
      1. Configuring SSL/TLS decryption
      2. Enabling IP user mapping
    3. Using IP user mapping for credential detection
      1. Enabling group mapping
      2. Troubleshooting user-ID
    4. Using group mapping for credential detection
    5. Using domain credential filter
      1. Troubleshoot domain credential filter
    6. Summary
  14. Chapter 7: Practical Troubleshooting and Best Practices Tools
    1. Technical requirements
    2. Troubleshooting User-ID
      1. Users are not being mapped
      2. Users are mapped briefly
      3. Inconsistent domain in username
      4. Command-line interface (CLI) cheat sheet
    3. Troubleshooting NAT
      1. Loss of connectivity – proxy-ARP misconfiguration
      2. Troubleshooting destination NAT issues
      3. Troubleshooting source NAT
    4. BPA tool
    5. Summary
    6. Why subscribe?
  15. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Leave a review - let other readers know what you think

Product information

  • Title: Securing Remote Access in Palo Alto Networks
  • Author(s): Tom Piens
  • Release date: July 2021
  • Publisher(s): Packt Publishing
  • ISBN: 9781801077446