Mastering Palo Alto Networks covers all aspects of configuring and maintaining Palo Alto Networks firewalls and Panorama management systems. We start with setting up a new system from the factory default settings and learning how the technology works, and move on to building advanced configurations and leveraging next-generation features to safeguard the network and its users. Plenty of tricks, gotchas, and advanced commands are revealed to help administrators gain a firm hold on their deployments.

This book is for novice to expert level firewall and network engineers. Anyone who is new to Palo Alto Networks will find their way around the basic configurations and will be able to set up a complex configuration after finishing this book. Expert admins will pick up solid tips and tricks to make their config and methodologies even better.

Chapter 1, Understanding the Core Technologies, introduces PAN-OS functions and explains the core next-generation firewall features.

Chapter 2, Setting Up a New Device, provides everything that’s needed to get a fresh device or VM up and running.

Chapter 3, Building Strong Policies, explains how to create and optimize rules to their maximum potential.

Chapter 4, Taking Control of Sessions, demonstrates how shaping and redirecting sessions over alternate links can optimize bandwidth usage. It also covers how to apply decryption to inspect encrypted sessions.

Chapter 5, Services and Operational Modes, demonstrates how shaping and redirecting sessions over alternate links can optimize bandwidth usage. It also covers how to apply decryption to inspect encrypted sessions.

Chapter 6, Identifying Users and Controlling Access, explains how to leverage User-ID to control user access regardless of their IP address and physical location.

Chapter 7, Managing Firewalls through Panorama, demonstrates setting up the Panorama central management system, building shared policies, and system configuration.

Chapter 8, Upgrading Firewalls and Panorama, provides a straightforward and complete process to upgrade any system.

Chapter 9, Logging and Reporting, demonstrates how to configure log collectors and log forwarding, and explains how to customize and schedule reports.

Chapter 10, Virtual Private Networks, shows how to set up site-to-site IPsec tunnels and SSL or IPsec user VPNs, and how to enable a clientless VPN.

Chapter 11, Advanced Protection, covers the creation of custom signatures for App-ID and custom threats, as well as how to configure DDoS and zone protection.

Chapter 12, Troubleshooting Common Session Issues, guides you through basic troubleshooting steps and session details.

Chapter 13, A Deep Dive into Troubleshooting, explains advanced troubleshooting techniques, leveraging flow analysis and global counters.

Chapter 14, Cloud-Based Firewall Deployment, explains how to deploy firewalls in Azure cloud environment, and the unique considerations when setting them to protect resources.

Chapter 15, Supporting Tools, discusses integrating with third-party tools to gain advanced visibility and control.

To follow all the topics we will be covering, it will be helpful if you have access to an up-to-date firewall and Panorama in a lab environment. Being able to spin up test devices that can serve as domain controllers, authentication servers, clients, Docker hosts, and generic web servers will be helpful with some of the more involved chapters. It will also allow you to test your new skills before implementing them in a production environment. Basic networking and system administration skills are required and a familiarity with Wireshark to analyze packet captures is helpful.

You will need an SSH- and TTY-capable client such as PuTTY or Terminal to access the command-line and console interfaces.

If you are using the digital version of this book, we advise you to type the code yourself or access the code via the GitHub repository (link available in the next section). Doing so will help you avoid any potential errors related to the copy/pasting of code.

Download the example code files

The code bundle for the book is hosted on GitHub at https://github.com/PacktPublishing/Mastering-Palo-Alto-Networks-2e. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781803241418_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. For example: “Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system.”

A block of code is set as follows:

[default]
exten => s,1,Dial(Zap/1|30)
exten => s,2,Voicemail(u100)
exten => s,102,Voicemail(b100)
exten => i,1,Voicemail(s0)

Any command-line input or output is written as follows:

# cp /usr/src/asterisk-addons/configs/cdr_mysql.conf.sample
     /etc/asterisk/cdr_mysql.conf

Bold: Indicates a new term, an important word, or words that you see on the screen. For example, words in menus or dialog boxes appear in the text like this. For example: “Select System info from the Administration panel.”

Feedback from our readers is always welcome.

General feedback: Email feedback@packtpub.com, and mention the book’s title in the subject of your message. If you have questions about any aspect of this book, please email us at questions@packtpub.com.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packtpub.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit http://authors.packtpub.com.