Press "Enter" to skip to content

Posts published in “Palo Alto”

Palo Alto UserID Agent Configure Steps

0

One of the challenges in configuring firewall policies is the fact
that they rely on IP addresses and IP subnets rather than users or user groups.
In particular for next generation firewalls, that provide services like URL
filtering, there is a need to have policies based on users and user groups
rather than IP addresses. The Palo Alto UserID service provides a mapping
between users and the IP addresses they use. The service also maintains a list
of AD groups and keeps it in sync with the AD domain controllers. The UserID
agent is using the Windows login event logs to identify the current IP used by
a user. The specific Security event records the user id and the IP address
where the login comes from. The UserID agent is also capable of retrieving this
type of information from other authentication services but in our case we will
only use the AD logins. Since the users may login using any of the DCs in the
domain, the UserID agents has to poll all the domain controllers. In order to
compile the required information, the UserID agent needs the right to query the
AD users and their AD group membership, as well as the ability to read the Windows
Security event logs for events related to logins.

Palo Alto Firewall Migration Plan Tasks List

0

It is simple breakdown for a complicate firewall migration plan. It can be used to plan migration from existing firewalls to new Palo Alto Firewall. The tasks should be modified based on the real production situation in your environment.

This is for on prem case. For cloud situation, the tasks will be slightly different. But most will be same.

Sophos Update Error – Troubleshooting with Palo Alto Firewall

0

Our Sophos Management Server is installed behind a Palo Alto firewall, which is used to centrally update and manage all internal Sophos clients.

After new installation of this Sophos Management Server, we found update from Internet always failed. The Palo Alto firewall rule was configured to use FQDN addresses as destination. Based on Sophos support site,
"The Sophos Update Manager (SUM) server uses port 80 (http) and requires access to the following eight addresses:

  • dci.sophosupd.com
  • d1.sophosupd.com
  • d2.sophosupd.com
  • d3.sophosupd.com
  • dci.sophosupd.net
  • d1.sophosupd.net
  • d2.sophosupd.net
  • d3.sophosupd.net
"

Install and Configure Palo Alto VM in Vmware Workstation / ESXi

0

Palo Alto Networks has developed Virtualized Firewalls VM series to run in virtual environment. Here is the list for supported hypervisors from its website:

The VM-Series supports the exact same next-generation firewall and
advanced threat prevention features available in our physical form
factor appliances, allowing you to safely enable applications flowing
into, and across your private, public and hybrid cloud computing
environments.
Automation
features such as VM monitoring, dynamic address groups and a REST-based
API allow you to proactively monitor VM changes dynamically feeding
that context into security policies, thereby eliminating the policy lag
that may occur when your VMs change.
The VM-Series supports the following hypervisors:

  • VMWare ESXi and NSX
  • Citrix SDX,
  • KVM (Centos/RHEL)
  • Ubuntu
  • Amazon Web Services





There are four models for different requirements:

  • VM-100
  • VM-200
  • VM-300
  • VM-1000-HV

Palo Alto Study Notes: Firewall Configuration Essentials I (101) PAN-OS v.6.1

0

To view Firewall Configuration Essentials 101 Course, please login to the Palo Alto Networks Learning Center. [Updating] 1. Palo Alto Networks Platforms The PA-500, PA-200, and VM-Series firewalls do not support virtual systems. High Availability and Aggregated interfaces are also only supported on higher models of the product. The even-numbered platforms are older platforms. The PA-4000 is End-of-Sale. The PA-3000 and PA-5000 models use superior hardware, such as Cavium chips and SSD for logging. The PA-7050 is…

Configure Palo Alto VM 6.0.0 in Vmware Workstation and ESXi

12

Palo Alto Networks has developed Virtualized Firewalls VM series to run in virtual environment. Here is the list for supported hypervisors from its website: The VM-Series supports the exact same next-generation firewall and advanced threat prevention features available in our physical form factor appliances, allowing you to safely enable applications flowing into, and across your private, public and hybrid cloud computing environments.Automation features such as VM monitoring, dynamic address groups and a REST-based API allow…