>show system info
Thursday, January 22, 2015
Wednesday, January 21, 2015
Palo Alto - CLI --- Operation Mode and Configuration Mode OKAY
Operation Mode >
Configuration Mode #
Palo Alto - Packet Capture --okay
4 State Capture --> 4 difference files
Receive State ---------->Drop State ---------->FW State -------->Transmit (marked to leave firewall)
to check if the packet actually left the FW , check the device on the other side
Packet Capture on GUI
"Monitor" --> " Packet Capture
Pre-Parse Match ---> Never use it
Put a Limit
CLI Capture
debug dataplane packet-diag clear all
debug dataplane packet-diag set filter match
debug dataplane packet-diag set capture stage receive (firewall,transmit, drop) file rx.pcap
debug dataplane packet-diag set capture off
debug dataplane packet-diag set capture off
Packet Flow Sequence in PAN-OS
Palo Alto Networks next-generation firewalls use a unique Single Pass Parallel Processing (SP3) Architecture – which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology
Interface --->L2 to L3 (+NAT)--->App ID --->Content ID --->
**NAT***
Outbound (Company to Outside)
-Security (INSIDE) 10.x.x.x --- fw----> (OUTSIDE) 172.24.x.x (actual destination)
-NAT Policy (INSIDE) 10.x.x.x ---fw---->(OUTSIDE) 172.24.x.x(actual destination) ---source translation
Inbound (Outside to Company)
-Security (OUTSIDE) 172.24.x.x ----FW-----> (INSIDE) 10.x.x.x
-NAT (OUTSIDE) 172.24.x.x ---FW------> (OUTSIDE) NATIP translation type : destination type (actual IP)
Interface --->L2 to L3 (+NAT)--->App ID --->Content ID --->
**NAT***
Outbound (Company to Outside)
-Security (INSIDE) 10.x.x.x --- fw----> (OUTSIDE) 172.24.x.x (actual destination)
-NAT Policy (INSIDE) 10.x.x.x ---fw---->(OUTSIDE) 172.24.x.x(actual destination) ---source translation
Inbound (Outside to Company)
-Security (OUTSIDE) 172.24.x.x ----FW-----> (INSIDE) 10.x.x.x
-NAT (OUTSIDE) 172.24.x.x ---FW------> (OUTSIDE) NATIP translation type : destination type (actual IP)
Tuesday, January 20, 2015
Palo Alto - Custom Signatures
Make a signature to identity the traffic
Patterns , Context , Decoders
Wireshark to identify signatures .
=============
Custom App-IDs
• To identify proprietary applications.
• To achieve granularity of visibility and control over traffic particular to your environment. If your traffic is classified as unkown-tcp/udp, HTTP or SSL, you could bring visibility by developing custom App-IDs.
• To identify ephemeral apps with topical interest.
o Ex: ESPN3-Video for soccer world cup, March Madness, Wikileaks.
• To identify nested applications.
o Further Identify Facebook-apps – Farmville, chat, marketplace, etc.
• To perform QoS for your specific application.
• URL filtering is incapable of providing control to administrators on websites that replicate on a different host, emulating the same look-n-feel as well as content. Example: wikileaks.com
-------Creating Custom Signature DOC5534
Step1 : Packet Capture
Patterns , Context , Decoders
Wireshark to identify signatures .
=============
Custom App-IDs
• To identify proprietary applications.
• To achieve granularity of visibility and control over traffic particular to your environment. If your traffic is classified as unkown-tcp/udp, HTTP or SSL, you could bring visibility by developing custom App-IDs.
• To identify ephemeral apps with topical interest.
o Ex: ESPN3-Video for soccer world cup, March Madness, Wikileaks.
• To identify nested applications.
o Further Identify Facebook-apps – Farmville, chat, marketplace, etc.
• To perform QoS for your specific application.
• URL filtering is incapable of providing control to administrators on websites that replicate on a different host, emulating the same look-n-feel as well as content. Example: wikileaks.com
-------Creating Custom Signature DOC5534
Step1 : Packet Capture
Subscribe to:
Posts (Atom)