+91 97031 81624 [email protected]

What is Palo Alto Networks?

Palo Alto Networks, Inc. is a multinational cybersecurity company founded by Nir Zuk in the year 2005. It offers multiple products of advanced firewalls and cloud-based services that help an organization to cover the aspects of security.
The company’s first product is an advanced enterprise firewall released in the year 2007. The latest product of the company is Cortex, an AI-based continuous security platform released in February 2019. Palo Alto Networks has a threat intelligence team called Unit 42. Their main goal is to research through the data collected by the company’s security platform and discover new threats. 
Palo Alto Networks has made numerous acquisitions and had grown to be a global cybersecurity leader. They implement a Zero Trust strategy to reduce the overall cybersecurity risk across the network. It offers integration with tools like Threat Intel, Network Policy Management tools, SIEM, IAM, and many more.

palo alto firewall training technical discussion

Palo Alto Firewall Technical discussion from Real world scenarios

 

1. Palo Alto firewall is a next generation firewall which inspects traffic from Layer 3 (Network Layer) to Layer 7(Application).
2. Zone based firewall it works on sessions based. While looking for a business requirement, we need to consider number of sessions that required for the network.
3. Due to architecture of Palo Alto firewall, there be low latency and have high security to the network
4. These firewalls can be protected from DOS attach such as TCP flood, UDP flood and port scanning at zone level or IP address level
5. This firewall has various security profiles which are used to inspect traffic at payload level to identify any kind of malicious traffic and to block
6. URL filtering is another profile is used block or allow traffic based on URLs
7. Along with URL filtering if we have SSL decryption profile enable firewall have more visibility to inspect traffic at pay load level to check the traffic. 
8. Management level we have a device called panorama which is used to manage firewalls centrally and it is easy to manage
9. In panorama we have device groups and templates which used to group security policies and network tab of all firewalls where configuration can be pushed at single instead to logging to firewalls and configuration items
10. Policy validation is being at top-down approach where in palo alto we have 5 types of policies. Follow the Introduction to setup Palo Alto Networks firewall for Beginners

life of a packet in palo alto Firewall network

How NAT works in Palo Alto?
Types of NAT available
a. Source NAT
b. Destination NAT
c. Bi-directional NAT
d. Dynamic NAT

Destination NAT:

Palo alto firewalls NAT works a bit different If we look at flow of traffic first it will look for route evaluation then it goes to the NAT evaluation and in case of D-NAT, Policy Based Routing (PBR) flow will go for second route lookup

  1. NAT policy will be like
  • source zone: OUT-SIDE IP : any
  • Destination: Public IP present assigned to DMZ server to NATIP: DMZ IP address(private IP)

2. Security Policy will be source zone: OUT-SIDE IP: any destination zone: DMZ IP: Public IP address of the server which configured in NAT.

Note: For security policy rule should be like Pre-Nat IP post NAT Zone

Find the below steps to setup Palo Alto networks firewall for beginners

Verification:-

Verify the sender IP address and target IP address in the ARP request packet: Packet received at ingress stage Packet info: len 60 port 16 interface 16 wqe index 229341 packet 0x0x8000000416ffe0e0 Packet decoded dump: L2: a4:c2:db:ba:44:07->ff:ff:ff:ff:ff:ff, type 0x0806 ARP: hardware type 0x0001 protocol type 0x0800 hardware size 6 protocol size 4 opcode REQUEST sender mac address a4:c2:db:ba:44:07 sender ip address 1.1.1.250 target mac address 00:00:00:00:00:00 target ip address 1.1.1.100 No flow lookup for packet, continue with forwarding lookup, ingress interface 16 L3 mode, virtual-router 1 Enqueue packet to ARP process

Debug:-

Flow debug Packet received at fastpath stage Packet info: len 477 port 16 interface 16 wqe index 229320 packet 0x0x8000000916fa70e6 Packet decoded dump: L2: a4:ba:db:ba:3f:07->00:1b:17:01:4a:10, type 0x0800 IP: 1.1.1.250->1.1.1.100, protocol 6 version 4, ihl 5, tos 0x00, len 463, id 699, frag_off 0x4000, ttl 128, checksum 61710 TCP: sport 52288, dport 80, seq 3878305383, ack 933869295, reserved 0, offset 5, window 63537, checksum 28577, flags 0x0018 ( ACK PSH), urgent data 0 TCP option: Flow fastpath, session 15 NAT session, run address/port translation session 15 packet sequeunce old 13 new 14 == Jun 07 10:43:07 == Packet received at forwarding stage Packet info: len 477 port 7 interface 11 wqe index 229345 packet 0x0x8000000416fe70e6 Packet decoded dump: L2: a4:ba:db:ba:3f:07->00:1b:17:01:4a:10, type 0x0800 IP: 1.1.1.250->10.1.1.100, protocol 6 version 4, ihl 5, tos 0x00, len 463, id 699, frag_off 0x4000, ttl 128, checksum 59406 TCP: sport 52288, dport 80, seq 3878305383, ack 933159295, reserved 0, offset 5, window 63537, checksum 26273, flags 0x0018 ( ACK PSH), urgent data 0 TCP option: Forwarding lookup, ingress interface 16 L3 mode, virtual-router 1 Route lookup in virtual-router 1, IP 10.1.1.100 Route found, interface ethernet1/2, zone 19 Resolve ARP for IP 10.1.1.100 on interface ethernet1/2 ARP entry found on interface 17. 

Related Articles

Pin It on Pinterest

Share This