Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Home > Cloud & Networking > Mastering Palo Alto Networks - Second Edition
Back Cloud & Networking
Mastering Palo Alto Networks - Second Edition
Mastering Palo Alto Networks - Second Edition

Mastering Palo Alto Networks: Build, configure, and deploy network solutions for your infrastructure using features of PAN-OS, Second Edition

By Tom Piens aka Piens aka 'reaper'
€29.99 €20.98
Book Jun 2022 636 pages 2nd Edition
eBook
€29.99 €20.98
Print
€37.99
Audiobook
€35.99
Subscription
€14.99 Monthly
eBook
€29.99 €20.98
Print
€37.99
Audiobook
€35.99
Subscription
€14.99 Monthly

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Jun 8, 2022
Length 636 pages
Edition : 2nd Edition
Language : English
ISBN-13 : 9781803241418
Category :
Cloud & Networking
Concepts :
Networking
Tools :
Palo Alto Networks (Intermediate)
Table of content icon View table of contents Preview book icon Preview Book

Mastering Palo Alto Networks - Second Edition

Understanding the Core Technologies

In this chapter, we’re going to examine the core technologies that make up the Palo Alto Networks firewall.

We are going to take a closer look at how security zones control how security, Network Address Translation (NAT), and routing verdicts are made. We will review the mechanics behind App-ID and Content-ID so you get a deeper understanding of how packets are processed and security decisions are made by the firewall, and we will review how User-ID contributes to a more robust security stance by applying group-based or user-based access control.

This chapter will cover the following topics:

  • Understanding the zone-based firewall
  • Understanding App-ID and Content-ID
  • The management and data plane
  • Authenticating users with User-ID

By the end of this chapter, you will have a better understanding of how the core technology is built up and will be able to apply these skills when we start building configuration...

Technical requirements

For this chapter, no physical installation is required; technology is only explained. A good understanding of basic networking protocols like UDP and TCP is necessary to fully benefit from the following materials. It is helpful if you’ve already worked with Palo Alto Networks firewalls, but it is not required. Some experience with firewalls or web proxies in general is recommended, as this will make the subject matter more tangible.

Understanding the zone-based firewall

Traditionally, when considering a firewall as an element of your network, most likely you will imagine a network design like the one in Figure 1.1, with two to four areas surrounding a box. Most of the time, whatever is placed in the north is considered dangerous, the east and west are somewhat gray areas, and the south is the happy place where users do their daily tasks. The box in the middle is the firewall:

Figure 1.1: Basic network topology

In reality, a network design may look a lot more complex due to network segmentation, remote offices being connected to headquarters via all sorts of different technologies, and the adoption of cloud vendors.

In a route-based firewall, zones are simply an architectural or topological concept that helps identify which areas comprise the global network that is used by the company and are usually represented by tags that can be attached to a subnet object.

They hold no bearing in any...

Understanding App-ID and Content-ID

App-ID and Content-ID are two technologies that go hand in hand and make up the core inspection mechanism. They ensure applications are identified and act as expected, threats are intercepted and action is applied based on a configurable policy, and data exfiltration is prevented.

How App-ID gives more control

Determining which application is contained within a specific data flow is the cornerstone of any next-generation firewall. It can no longer be assumed that any sessions using TCP ports 80 and 443 are simply plaintext or encrypted web browsing. Today’s applications predominantly use these ports as their base transport, and many malware developers have leveraged this convergence to well-known ports in an attempt to masquerade their malware as legitimate web traffic while exfiltrating sensitive information or downloading more malicious payloads into an infected host.

The following image illustrates the steps taken by App-ID...

The management and data plane

There are two main planes that make up a firewall, the data plane and the management plane, which are physical or logical boards that perform specific functions. All platforms have a management plane. Larger platforms like the PA-5200 have an additional control plane and two to three data planes, and the largest platforms have replaceable hardware blades (line cards) that have up to three data plane equivalents per line card and can hold up to 10 line cards. Smaller platforms like the PA-220 only have one hardware board that virtually splits up responsibilities among its CPU cores.

The management plane is where all administrative tasks happen. It serves the web interfaces used by the system to allow configuration, provide URL filtering block pages, and serve the client VPN portal. It performs cloud lookups for URL filtering and DNS security, and downloads and installs content updates onto the data plane. It also performs the logic part of routing...

Authenticating and authorizing users with User-ID

Frequently neglected but very powerful when set up properly is a standard (no additional license required) feature called User-ID. Through several mechanisms, the firewall can learn who is initiating which sessions, regardless of their device, operating system, or source IP. Additionally, security policies can be set so users are granted access or restricted in their capabilities based on their individual ID or group membership.

User-ID expands functionality with granular control of who is accessing certain resources and provides customizable reporting capabilities for forensic or managerial reporting.

Users can be identified through several different methods:

  • Server monitoring:
    • Microsoft Active Directory security log reading for log-on events
    • Microsoft Exchange Server log-on events
    • Novell eDirectory log-on events
  • The interception of X-Forward-For (XFF) headers...

Summary

Now that you’ve completed this chapter, you are able to identify the strengths of using a zone-based firewall versus a route-based one. You understand how applications can be identified even though they may all be using the same protocol and port, and you understand how deep packet inspection is achieved in single-pass parallel processing. Most importantly, you have a firm grasp of which phases a packet goes through to form a session. It’s okay if this information seems a bit overwhelming; we will see more practical applications, and implications, in the next two chapters. We will be taking a closer look at how security and NAT rules behave once you start playing with zones, and how to anticipate expected behavior by simply glancing at the rules.

If you are preparing for the PCNSE exam, this chapter covered parts of the Planning and Core Concepts and Deploy and Configure domains. Make note of Figure 1.2 regarding packet processing, remember that route lookups...

Left arrow icon

Page 1 of 7

Right arrow icon
Download code icon Download Code

Key benefits

  • Understand how to optimally use PAN-OS features
  • Build firewall solutions to safeguard local, cloud, and mobile networks
  • Protect your infrastructure and users by implementing robust threat prevention solutions

Description

Palo Alto Networks’ integrated platform makes it easy to manage network and cloud security along with endpoint protection and a wide range of security services. This book is an end-to-end guide to configure firewalls and deploy them in your network infrastructure. You will see how to quickly set up, configure and understand the technology, and troubleshoot any issues that may occur. This book will serve as your go-to reference for everything from setting up to troubleshooting complex issues. You will learn your way around the web interface and command-line structure, understand how the technology works so you can confidently predict the expected behavior, and successfully troubleshoot any anomalies you may encounter. Finally, you will see how to deploy firewalls in a cloud environment, and special or unique considerations when setting them to protect resources. By the end of this book, for your configuration setup you will instinctively know how to approach challenges, find the resources you need, and solve most issues efficiently.

What you will learn

Explore your way around the web interface and command line Discover the core technologies and see how to maximize your potential in your network Identify best practices and important considerations when configuring a security policy Connect to a freshly booted appliance or VM via a web interface or command-line interface Get your firewall up and running with a rudimentary but rigid configuration Gain insight into encrypted sessions by setting up SSL decryption Troubleshoot common issues, and deep-dive into flow analytics Configure the GlobalProtect VPN for remote workers as well as site-to-site VPN

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Jun 8, 2022
Length 636 pages
Edition : 2nd Edition
Language : English
ISBN-13 : 9781803241418
Category :
Cloud & Networking
Concepts :
Networking
Tools :
Palo Alto Networks (Intermediate)

Table of Contents

18 Chapters
Preface Chevron down icon Chevron up icon
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
1. Understanding the Core Technologies Chevron down icon Chevron up icon
Understanding the Core Technologies
Technical requirements
Understanding the zone-based firewall
Understanding App-ID and Content-ID
The management and data plane
Authenticating and authorizing users with User-ID
Summary
2. Setting Up a New Device Chevron down icon Chevron up icon
Setting Up a New Device
Technical requirements
Gaining access to the user interface
Adding licenses and setting up dynamic updates
Upgrading the firewall
Hardening the management interface
Understanding the interface types
Summary
3. Building Strong Policies Chevron down icon Chevron up icon
Building Strong Policies
Technical requirements
Understanding and preparing security profiles
Understanding and building security rules
Creating NAT rules
Summary
4. Taking Control of Sessions Chevron down icon Chevron up icon
Taking Control of Sessions
Technical requirements
Controlling the bandwidth with quality-of-service policies
Leveraging SSL decryption to look inside encrypted sessions
Redirecting sessions over different paths using policy-based forwarding
Summary
5. Services and Operational Modes Chevron down icon Chevron up icon
Services and Operational Modes
Technical requirements
Applying a DHCP client and DHCP server
Configuring a DNS proxy
Setting up High Availability
Enabling virtual systems
Managing certificates
Summary
6. Identifying Users and Controlling Access Chevron down icon Chevron up icon
Identifying Users and Controlling Access
Technical requirements
User-ID basics
Configuring group mapping
Setting up a captive portal
Using an API for User-ID
User credential detection
Summary
7. Managing Firewalls through Panorama Chevron down icon Chevron up icon
Managing Firewalls through Panorama
Technical requirements
Setting up Panorama
Device groups
Setting up templates and template stacks
Panorama management
Summary
8. Upgrading Firewalls and Panorama Chevron down icon Chevron up icon
Upgrading Firewalls and Panorama
Technical requirements
Documenting the key aspects
Preparing for the upgrade
The upgrade process
The rollback procedure
The downgrade procedure
Special case for upgrading older hardware
Summary
9. Logging and Reporting Chevron down icon Chevron up icon
Logging and Reporting
Technical requirements
Log storage
Configuring log collectors and log collector groups
Cortex Data Lake logging service
External logging
Configuring log forwarding
Reporting
The Application Command Center
Filtering logs
Summary
10. Virtual Private Networks Chevron down icon Chevron up icon
Virtual Private Networks
Technical requirements
Setting up the VPN
Summary
11. Advanced Protection Chevron down icon Chevron up icon
Advanced Protection
Technical requirements
Custom applications and threats
Zone protection and DoS protection
Summary
12. Troubleshooting Common Session Issues Chevron down icon Chevron up icon
Troubleshooting Common Session Issues
Technical requirements
Using the tools at our disposal
Interpreting session details
Using the troubleshooting tool
Using maintenance mode to resolve and recover from system issues
Summary
13. A Deep Dive into Troubleshooting Chevron down icon Chevron up icon
A Deep Dive into Troubleshooting
Technical requirements
Understanding global counters
Analyzing session flows
Debugging processes
CLI troubleshooting commands cheat sheet
Summary
14. Cloud-Based Firewall Deployment Chevron down icon Chevron up icon
Cloud-Based Firewall Deployment
Technical requirements
Licensing a cloud firewall
Deploying a firewall in Azure from the Marketplace
Bootstrapping a firewall
Putting the firewall in-line
Summary
15. Supporting Tools Chevron down icon Chevron up icon
Supporting Tools
Technical requirements
Integrating Palo Alto Networks with Splunk
Monitoring with Pan(w)achrome
Threat intelligence with MineMeld
Exploring the API
Summary
16. Other Books You May Enjoy Chevron down icon Chevron up icon
Other Books You May Enjoy
17. Index Chevron down icon Chevron up icon
Index

Recommendations for you

Left arrow icon
Solutions Architect's Handbook
Solutions Architect's Handbook
Mar 2024 578 pages
ebook
eBook
  • ebook eBook €24.99
  • print Print €32.99
€24.99 €35.99
€32.99 €44.99
Linux Kernel Programming
Linux Kernel Programming
Feb 2024 826 pages
ebook
eBook
  • ebook eBook €20.98
  • print Print €37.99
€20.98 €29.99
€37.99
Mastering PowerShell Scripting
Mastering PowerShell Scripting
May 2024 826 pages
ebook
eBook
  • ebook eBook €17.99
  • print Print €33.99
€17.99 €26.99
€33.99
Learn Ansible
Learn Ansible
May 2024 414 pages
ebook
eBook
  • ebook eBook €17.99
  • print Print €33.99
€17.99 €26.99
€33.99
AZ-500: Microsoft Azure Security Technologies
AZ-500: Microsoft Azure Security Technologies
May 2024 15h and 8min
video
Video
  • video Video €187.99
€187.99
Microsoft Azure Administrator (AZ-104)
Microsoft Azure Administrator (AZ-104)
May 2024 27h and 23min
video
Video
  • video Video €187.99
€187.99
MS-102: Microsoft 365 Administrator
MS-102: Microsoft 365 Administrator
May 2024 9h and 50min
video
Video
  • video Video €187.99
€187.99
Developing Solutions for Microsoft Azure (AZ-204)
Developing Solutions for Microsoft Azure (AZ-204)
May 2024 14h and 26min
video
Video
  • video Video €187.99
€187.99
Developing Solutions for Microsoft Azure AZ-204 Exam Guide
Developing Solutions for Microsoft Azure AZ-204 Exam Guide
May 2024 428 pages
ebook
eBook
  • ebook eBook €17.99
  • print Print €33.99
€17.99 €26.99
€33.99
Microsoft 365 Fundamentals (MS-900)
Microsoft 365 Fundamentals (MS-900)
May 2024 12h and 31min
video
Video
  • video Video €187.99
€187.99
Right arrow icon

Customer reviews

Filter icon Filter
Top Reviews
  • Top Reviews
  • Most Recent
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by

No reviews found

People who bought this also bought

Left arrow icon
Kubernetes – An Enterprise Guide
Kubernetes – An Enterprise Guide
Dec 2021 578 pages
ebook
eBook
  • ebook eBook €19.99
  • print Print €37.99
€19.99 €28.99
€37.99
Mastering Ansible, 4th Edition
Mastering Ansible, 4th Edition
Dec 2021 540 pages
ebook
eBook
  • ebook eBook €17.99
  • print Print €32.99
€17.99 €25.99
€32.99
Enterprise DevOps for Architects
Enterprise DevOps for Architects
Nov 2021 288 pages
Full star icon 4
ebook
eBook
  • ebook eBook €22.99
  • print Print €41.99
€22.99 €32.99
€41.99
Mastering Palo Alto Networks
Mastering Palo Alto Networks
Jun 2022 636 pages
ebook
eBook
  • ebook eBook €20.98
  • print Print €37.99
  • audiobook Audiobook €35.99
€20.98 €29.99
€37.99
€35.99
Mastering Ubuntu Server
Mastering Ubuntu Server
Sep 2022 584 pages
Full star icon 5
ebook
eBook
  • ebook eBook €22.99
  • print Print €41.99
€22.99 €32.99
€41.99
Ansible for Real-Life Automation
Ansible for Real-Life Automation
Sep 2022 480 pages
ebook
eBook
  • ebook eBook €17.99
  • print Print €31.99
€17.99 €25.99
€31.99
Right arrow icon

Authors (1)

Profile icon Tom Piens Aka 'Reaper'
LinkedIn
Tom Piens, PCNSE, CISSP, and founder of PANgurus, has over 12 years of experience working with Palo Alto Networks products. Tom has been at the forefront of engaging with customers, responding to questions, and analyzing unique needs to apply the best possible solutions or workarounds. He has authored a great many articles on the Palo Alto Networks knowledge base and discussion forum solutions, including the popular Getting Started series. Also known as "reaper" on the PANgurus and LIVEcommunity forums, and PANWreaper on Twitter, Tom has been recognized by Palo Alto Networks user groups and community members, and by countless thankful customers.
Read more
See other products by Tom Piens Aka 'Reaper'
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.