Palo Alto Firewall Training in Urdu/Hindi

Common Network Security Terms:

Key Network Security technical terms are Asset, Vulnerability, Exploit, Threat, Attack, Risk and Countermeasures.

Firewall Technologies:

o The word firewall commonly describes a system or device or Software.

o Firewall is placed between a trusted network and an untrusted network.

o A firewall is security devices used to stop or mitigate unauthorized access.

o The only traffic allowed on the network is defined via the firewall policies.

o It grants or rejects access to traffic flows between untrusted & trusted zone.

o A firewall monitors and check incoming and outgoing network related traffic.

o It decides to allow or block specific traffic based on defined set of security rules.

o A firewall can be hardware, software, or both or can be Cloud-based or Virtual.

o The first generation of firewall technology consisted of packet filters techniques.

o The second generation of firewall started with application layers technologies.

o The third generation of firewall had “Stateful” filters inspection also called NGFW.

o Firewalls are relied upon to secure home and corporate networks from any attacks.

About Palo Alto Networks:

o Palo Alto is a City in California’s San Francisco Bay Area in USA.

o This Next-Generation Firewall is named by this City of USA.

o PA is USA Multinational cybersecurity company headquarters in California.

o Palo Alto Networks was founded in 2005 by Israeli-American Nir Zuk.

o Nir Zuk is former engineer from Check Point and NetScreen Technologies.

o World-class team with strong security and networking experience.

o Innovations of Palo Alto Firewall are App-ID, User-ID and Content-ID.

o Builds next-generation firewalls that identify & control more than 900 applications.

o Palo Alto Network is Global footprint presence in 50+ countries, 24/7 support.

o The company serves over 60,000 organizations in over 150 countries.

o Palo Alto Next-Generation firewall named Gartner Cool Vendor in the Year 2008.

o Former Google executive Nikesh Arora joined company as Chairman & CEO 2018.

o Palo Alto has been named Leader in Gartner Magic for Network Firewalls 8 time in a row.

PA Initial Configuration:

o To configure and access first time Palo Alto Networks Next-Generation Firewalls.

o PA Firewalls can be accessed by either out-of-band management port labelled as MGT.

o Or Palo Alto Firewalls can be accessed by a Serial Console port (similar to Cisco devices).

o MGT port, separate management functions of firewall from data processing functions.

o All initial configurations be performed either on out-of-band management interface.

o Or all initial configurations of firewall be performed by using a serial console port.

o The serial port need standard roll over cable to used to connect to Palo Alto Firewall.

o To access the Palo Alto Networks Firewall for the first time through the MGT port,

o You need to connect a laptop to the MGT port using a straight-thru Ethernet cable.

o By default, the web GUI interface is accessed through 192.168.1.1 /24 IP Address.

o By default, Web GUI & CLI login credentials Username: admin and Password: admin.

In this video we gonna install Palo Alto Firewall in GNS3 Step by Step.

In this video we gonna install Palo Alto Firewall in EVE NG Step by Step.

Dashboard Tab:

The Dashboard widgets show general firewall information, such as the software version, status of each interface, resource utilization, and up to 10 entries for each of several log types; log widgets display entries from the last hour. By default, the Dashboard displays widgets in a Layout of 3 Columns, but you can customize the Dashboard to display only 2 Columns, instead.

CLI Access Modes:

Operational Mode:

o Use operational mode to view information about firewall & the traffic running through.

o Use to perform operations such as restarting, loading configuration, or shutting down.

o When log in to Firewall , the Command Line Interface (CLI) opens in operational mode.

o Palo Alto Firewall Operational Mode, command prompt sign is a greater then sing ( >).

Configuration Mode:

o Use configuration mode to view and modify the Palo Alto Firewall configuration.

o You can switch between operational mode and configuration mode at any time.

o Command prompt changes from a > to a #, indicating that successfully changed modes.

o Switch from configuration mode to operational mode, use either quit or exit command.

o To enter operational mode command while in configuration mode, use the run command.

DNS Server:

o DNS Stands for Domain Name System or Domain Name Server.

o DNS is a large database, which resides on various computers.

o DNS contains names & IP addresses of hosts on Internet & various domains.

o DNS servers match domain names to their associated IP addresses.

o The Domain Name Systems (DNS) is the phonebook of the Internet.

o DNS convert IP Address to domain name & domain name into IP address.

o DNS names are assigned through the Internet Registries by the IANA.

o There are 13 root name servers from a.root-server.net to m.root-server.net.

o 13 DNS root name servers can be check on this link http://www.root-servers.org.

o DNS primarily uses User Datagram Protocol on port number 53 to serve requests.

o Domain name system of the Internet works in an inverted tree structure.

o The TLD is the letters immediately following the final dot in an Internet address.

o In Internet address, http://mail.google.com, com is the top-level domain name.

o Google is the second-level domain name and mail is a subdomain name.

o Altogether, http://mail.google.com is fully qualified domain name (FQDN).

o Addition of HTTP:// makes a fully qualified domain name FQDN complete URL.

Available licenses and subscriptions include the following:

Threat Prevention:

Provides Antivirus, Anti-Spyware, and Vulnerability Protection.

Decryption Mirroring:

Provides the ability to create a copy of decrypted traffic from a firewall and send it to a traffic collection tool that is capable of receiving raw packet captures.

URL Filtering:

Provides the ability to create security policy that allows or blocks access to the web based on dynamic URL categories.

Virtual Systems:

This license is required to enable support for multiple virtual systems on PA-3000 Series firewalls. VM-Series firewalls do not support virtual systems.

WildFire:

Although basic WildFire support is included as part of the Threat Prevention license, the WildFire subscription service provides enhanced services for organizations.

GlobalProtect:

Provides mobility solutions and/or large-scale VPN capabilities. By default, you can deploy GlobalProtect portals and gateways (without HIP checks) without a license. If you want to use advanced GlobalProtect features (HIP checks and related content updates, the GlobalProtect Mobile App, IPv6 connections, or a GlobalProtect Clientless VPN) you will need a GlobalProtect license (subscription) for each gateway.

AutoFocus:

Provides a graphical analysis of firewall traffic logs and identifies potential risks to your network using threat intelligence from the AutoFocus portal.

In this Video we gonna create small basic initial Lab in GNS3.

Firewall Interfaces:

o Interface configurations of firewall data ports enable traffic to enter & exit Firewall.

o Firewall interfaces (Ports) enable a Firewall to connect with other network devices.

o Firewall interfaces also enable Firewall to connect with other interfaces within Firewall.

o Palo Alto Networks Firewall can operate in multiple deployments simultaneously.

o You can Configure the PA Interfaces to support different deployments methods.

o Can configure Ethernet interfaces for Virtual-Wire, Layer 2, 3, & tap mode deployment.

o The interfaces that the Firewall supports are Physical Interfaces and Logical Interfaces.

o The Firewall supports two kinds of Physical Interfaces media—Copper and Fiber Optic.

o Logical Interfaces include VLAN interfaces, loopback interfaces, and tunnel interfaces.

o The Physical interface name is predefined, and you cannot change the name it is fix.

o Interface Type, Tap, HA, Decrypt Mirror, Virtual Wire, L2, L3 and Aggregate Ethernet.

Administrator Accounts:

o Administrators can configure, manage & monitor Palo Alto Networks Firewalls.

o The Administrator accounts control access to Palo Alto Networks Firewalls.

o Administrative accounts specify roles & authentication methods for Administrators.

o Each Palo Alto Firewall has a predefined default administrative account (Admin).

o That provides full read-write access also known as superuser access to the firewall.

o Other administrative accounts can be created as needed have full or read-only access.

o Palo Alto Network Firewalls have a predefined admin account that has full access.

Routed Protocols:

o Routed protocols are the actual data that is transferred from router to router.

o Examples of routed protocols are Internet Protocol (IP) such as IPV4 and IPV6.

o Routed Protocol is used to send user data from one network to another network.

o Routed Protocol carries user traffic such as e-mails, file transfers, web traffic etc.

o Used between routers to direct user traffic, it is also called network protocols.

That are signs at intersections that point to nearby cities, giving mileage to each

Dynamic Routing:

o Dynamic routing protocols can dynamically respond to changes in the network.

o Routing protocol is configured on each device & device learn about both each other.

o Dynamic routing table is created, maintained and updates by routing protocol.

o Examples of Dynamic routing protocols includes RIPv2, OSPFV3 and OSPF and BGP.

o Dynamic routing protocols share routing updates with neighbors and find best path.

o Dynamically choose a different route if a link goes also updates are dynamically.

o Also, Dynamic Protocols has the ability to load balance between multiple links.

o Dynamic Routing protocols put additional load on devices CPU and RAM.

o The choice of the best route is on the hands of the Dynamic Routing Protocol.

Security Policy Concepts:

o Palo Alto Firewalls uses security policies to either allow or deny an access.

o It allow to enforce rules and take action and can be as general or specific.

o The policy rules are compared against the incoming traffic in sequence.

o Traffic is processed by the security policy in a top-down, left to right flow.

o For traffic that does not match any user-defined rules, the default rules apply.

o The default rules displayed at the bottom of the security rulebase are predefined.

o Palo Alto Firewalls Security Policies comprises of a list of security policy rules.

o Palo Alto Firewalls basics Security Policy only includes source & destination zone.

o Advance includes Source/Destination Address, ports, application, URL Categories etc.

o Palo Alto Firewalls Security Policy, Sessions are established for bidirectional data flow.

o Columns of Security Policy page can be customized for preferred information to display.

o In PA Firewall there are three types of security rules Intrazone, Interzone and Universal.

o Intrazone – All traffic within a zone. this traffic is allowed by default in Palo Alto Firewall.

o Interzone – All traffic between zones. This traffic is blocked by default in Palo Alto Firewall.

o Universal – Allowing all traffic between source & destination any Intrazone or Interzone.

o In Palo Alto Firewalls, any created Security policy rules have traffic logged by default.

o System created rules Intrazone and Interzone at the end are not the traffic logged.

o For pre-defined allow/deny rules, choose override to set logging or other profile settings.

o Rules are evaluated from top to bottom, when match is found, no further eval is done.

o If not, Palo Alto Firewall keeps on looking for match until the last rule is evaluated.

o In Palo Alto Firewall if there were no matches found the session will be dropped.

o Rule Shadowing is when multiple security policy rules match the same scope of traffic.

o Security policy rule can be reordered, disabled, deleted, added and can be cloned.

o Unused rules can be shown by clicking the ‘Highlight Unused Rules’ checkbox at bottom.

o In every Security Policy must include, Source Zone, Destination Zone, and Action.

o Security policies also include: Source IP, Destination IP, User, Application, Service & URL’s.

o Security rules additional actions (logging, vuln/av/malware profiles, scheduling and QoS).

o Palo Alto Firewalls, in Security Policy Rules, Scheduling can set times when a rule is allowed.

o There is limit to number of security profiles as well as security rules that can be configured.

o All traffic pass through dataplane of Palo Alto firewall is matched against a security policy.

o This doesn't include traffic originating from the management interface of the firewall.

Shadows Rule:

o When committing configuration, warning may appear that one rule "shadows" another rule.

o Shadow rule warning generally indicates more broad rule matching criteria is configured.

o Avoid "Rule Shadowing" by placing more specific rules above the larger scope rules.

o When committing the shadow rule can also appear if there are unresolved FQDNs.

o Policy-1 is configured which indicates more broad rule matching criteria, application is any.

o Policy-2 is configured which indicates more specific rule application is web-browsing only.