Helion


Szczegóły ebooka

Mastering Palo Alto Networks - Second Edition

Mastering Palo Alto Networks - Second Edition


Palo Alto Networks' integrated platform makes it easy to manage network and cloud security along with endpoint protection and a wide range of security services.

This book is an end-to-end guide to configure firewalls and deploy them in your network infrastructure. You will see how to quickly set up, configure and understand the technology, and troubleshoot any issues that may occur. This book will serve as your go-to reference for everything from setting up to troubleshooting complex issues. You will learn your way around the web interface and command-line structure, understand how the technology works so you can confidently predict the expected behavior, and successfully troubleshoot any anomalies you may encounter. Finally, you will see how to deploy firewalls in a cloud environment, and special or unique considerations when setting them to protect resources.

By the end of this book, for your configuration setup you will instinctively know how to approach challenges, find the resources you need, and solve most issues efficiently.

  • Preface
    • Who this book is for
    • What this book covers
    • To get the most out of this book
    • Get in touch
  • Understanding the Core Technologies
    • Technical requirements
    • Understanding the zone-based firewall
      • Expected behavior when determining zones
    • Understanding App-ID and Content-ID
      • How App-ID gives more control
      • How Content-ID makes things safe
    • The management and data plane
    • Authenticating and authorizing users with User-ID
    • Summary
  • Setting Up a New Device
    • Technical requirements
    • Gaining access to the user interface
      • Connecting to the web interface and CLI
    • Adding licenses and setting up dynamic updates
      • Creating a new account
      • Registering a new device
      • Activating licenses
        • Activating licenses via the customer support portal
        • Activating licenses via the web interface
      • Downloading and scheduling dynamic updates
        • Dynamic updates cheat sheet
    • Upgrading the firewall
      • Understanding the partitions
      • Upgrade considerations
        • Which features are required?
        • Is the code train mature?
        • When is an upgrade required and when is it optional?
      • Upgrading via the CLI
      • Upgrading via the web interface
        • Upgrade cheat sheet
    • Hardening the management interface
      • Limiting access via an access list
      • Accessing internet resources from offline management
      • Admin accounts
        • Dynamic accounts
        • Role-based administrators
        • Password security
        • External authentication
    • Understanding the interface types
      • VWire
      • The Layer 3 interface
        • Virtual router
      • The Layer 2 interface and VLANs
      • The loopback interface
      • The tunnel interface
      • Subinterfaces
      • HA interfaces
      • AE interfaces
      • Tap interfaces
      • The Decryption Port Mirror interface
    • Summary
  • Building Strong Policies
    • Technical requirements
    • Understanding and preparing security profiles
      • The Antivirus profile
      • The Anti-Spyware profile
      • The Vulnerability Protection profile
      • URL Filtering profile
        • Custom URL categories
        • Configuring the URL Filtering profile
        • URL filtering priorities
      • The File Blocking profile
      • The WildFire Analysis profile
      • Custom objects
        • The Custom Spyware/Vulnerability objects
        • The custom data pattern
      • Security profile groups
    • Understanding and building security rules
      • Dropping bad traffic
        • Action options
      • Allowing applications
        • Application dependencies
        • Application-default versus manual service ports
      • Controlling logging and schedules
      • Address objects
      • Tags
      • Policy Optimizer
        • The Apps Seen column
    • Creating NAT rules
      • Inbound NAT
      • Outbound NAT
        • Hide NAT or one-to-many NAT
        • One-to-one NAT
        • U-turn or hairpin NAT
    • Summary
  • Taking Control of Sessions
    • Technical requirements
    • Controlling the bandwidth with quality-of-service policies
      • DSCP and ToS headers
      • QoS enforcement in the firewall
        • Creating QoS profiles
        • Creating QoS policies
    • Leveraging SSL decryption to look inside encrypted sessions
      • SSH proxy
      • SSL forward proxy
      • SSL Inbound Inspection
      • Forwarding sessions to an external device
    • Redirecting sessions over different paths using policy-based forwarding
      • Redirecting critical traffic
      • Load balancing
        • Equal cost multipath as an alternative
    • Summary
  • Services and Operational Modes
    • Technical requirements
    • Applying a DHCP client and DHCP server
      • DHCP client
      • DHCP server and relay
    • Configuring a DNS proxy
    • Setting up High Availability
      • Active/Passive mode
      • Active/Active mode
      • Clustering
      • Firewall states
      • High Availability interfaces
      • Setting up Active/Passive mode
      • Setting up Active/Active mode
      • HA1 encryption
    • Enabling virtual systems
      • Creating a new VSYS
      • Inter-VSYS routing
      • Creating a shared gateway
    • Managing certificates
    • Summary
  • Identifying Users and Controlling Access
    • Technical requirements
    • User-ID basics
      • Preparing Active Directory and setting up the agents
        • WMI probes
        • User-ID agent
        • Terminal Server Agent
        • Agentless User-ID
    • Configuring group mapping
      • The Cloud Identity Engine
        • Configuring Azure enterprise applications
    • Setting up a captive portal
      • Authenticating users
        • Configuring the captive portal
    • Using an API for User-ID
    • User credential detection
    • Summary
  • Managing Firewalls through Panorama
    • Technical requirements
    • Setting up Panorama
      • Initial Panorama configuration
      • Panorama logging
    • Device groups
      • Adding managed devices
      • Preparing device groups
      • Creating policies and objects
      • Important things to know when creating objects in device groups
    • Setting up templates and template stacks
    • Panorama management
      • Device deployment
      • Migrating unmanaged to managed devices
      • Panorama HA
      • Tips and tricks
    • Summary
  • Upgrading Firewalls and Panorama
    • Technical requirements
    • Documenting the key aspects
      • Upgrade considerations
    • Preparing for the upgrade
    • The upgrade process
      • Upgrading a single Panorama instance
      • Upgrading a Panorama HA cluster
      • Upgrading log collectors (or firewalls) through Panorama
      • Upgrading a single firewall
      • Upgrading a firewall cluster
      • After the upgrade
    • The rollback procedure
    • The downgrade procedure
    • Special case for upgrading older hardware
    • Summary
  • Logging and Reporting
    • Technical requirements
    • Log storage
    • Configuring log collectors and log collector groups
    • Cortex Data Lake logging service
    • External logging
    • Configuring log forwarding
      • System logs
      • Session logs
    • Reporting
      • Pre-defined reports
      • Custom reports
    • The Application Command Center
    • Filtering logs
    • Summary
  • Virtual Private Networks
    • Technical requirements
    • Setting up the VPN
      • Configuring the IPSec site-to-site VPN
      • Configuring GlobalProtect
        • Setting up the portal
        • Setting up the gateway
        • HIP objects and profiles
    • Summary
  • Advanced Protection
    • Technical requirements
    • Custom applications and threats
      • Application override
      • Signature-based custom applications
      • Custom threats
    • Zone protection and DoS protection
      • System protection settings
      • Configuring zone protection
      • Configuring DoS protection
    • Summary
  • Troubleshooting Common Session Issues
    • Technical requirements
    • Using the tools at our disposal
      • Log files
      • Packet captures
      • Botnet reports
    • Interpreting session details
    • Using the troubleshooting tool
    • Using maintenance mode to resolve and recover from system issues
    • Summary
  • A Deep Dive into Troubleshooting
    • Technical requirements
    • Understanding global counters
      • Understanding bad counters
    • Analyzing session flows
      • Preparation
      • Execution
      • Cleanup
      • A practical example
    • Debugging processes
    • CLI troubleshooting commands cheat sheet
    • Summary
  • Cloud-Based Firewall Deployment
    • Technical requirements
    • Licensing a cloud firewall
    • Deploying a firewall in Azure from the Marketplace
    • Bootstrapping a firewall
      • Creating a new storage account
      • Creating a bootstrap file share
        • The init-cfg.txt file
        • The bootstrap.xml file
      • Bootstrapping a firewall on Azure
    • Putting the firewall in-line
      • Adding a new public IP address
      • Adding the Untrust subnet to an NSG
      • Creating a server subnet
      • Setting up routing
      • Forcing internal hosts to route over the firewall
      • Setting up a load balancer
    • Summary
  • Supporting Tools
    • Technical requirements
    • Integrating Palo Alto Networks with Splunk
    • Monitoring with Pan(w)achrome
    • Threat intelligence with MineMeld
    • Exploring the API
    • Summary
  • Other Books You May Enjoy
    • Share your thoughts
  • Index