admin_guide.book

Palo Alto Networks 4.1 12/21/11 - Palo Alto Networks

Palo Alto Networks, Inc. www.paloaltonetworks.com 2007-2011 Palo Alto Networks Palo Alto Networks PAN-OS Panorama Palo Alto Networks, Inc. P/N 810-000100-00A

12 21, 2011 - Palo Alto Networks..................................................................... 11............................................................ 11.................................................................. 11.............................................................. 13............................................................ 13.............................................................. 13 1..................................................................... 15............................................................ 15............................................................ 16.............................................................. 17 2..................................................................... 19............................................................ 19............................................................ 20 Web................................................... 21.............................................................. 23........................................................ 23.................................................... 24.............................................................. 24.............................................................. 24.......................................................... 25.................................................. 25.......................................................... 25.............................................................. 25 3................................................................. 27............................................ 28.......................................................... 28.......................................................... 30.......................................................... 33 ID........................................................ 34 Palo Alto Networks 3

.......................................................... 35 SNMP.................................................................. 36.......................................................... 37........................................................... 38............................................................. 38 PAN-OS....................................................... 39............................................... 40................................................. 40............................................. 41..................................................... 41....................................................... 42................................................. 43....................................................... 44............................................... 44................................................. 45 RADIUS.............................................. 46 LDAP................................................ 47 Kerberos Active Directory..................... 47........................................................... 48................................................... 48..................................................... 49............................................................. 50.......................................................... 51....................................................... 51................................................... 52................................................... 52 HIP............................................... 53................................................... 53....................................................... 54 SNMP..................................................... 54 Syslog...................................................... 56................................................... 56............................................................... 57 Netflow....................................................... 58............................................... 58.............................................. 60............................................................... 61 / HA...................................................... 61 / HA...................................................... 61........................................................... 62........................................................... 63 NAT....................................................... 63 HA............................................................ 66 HA.................................................. 67............................................................... 73.................................................... 74............................................................... 75....................................................... 75....................................................... 76..................................................... 77........................................................... 78 4................................................................. 79............................................................. 80 4 Palo Alto Networks

....................................................... 80 2......................................................... 81 3......................................................... 81....................................................... 81....................................................... 82............................................................ 82....................................................... 83 2..................................................... 83 2................................................... 84 3..................................................... 85 3................................................... 88................................................... 90..................................................... 91 Aggregate Ethernet.......................................... 92 VLAN..................................................... 92....................................................... 94....................................................... 95....................................................... 95 HA........................................................ 96.............................................................. 96....................................................... 97 VLAN............................................................. 98.................................................. 98....................................................... 99................................................. 99....................................................... 99.......................................................... 100.................................................... 100 DHCP.................................................... 112 DNS............................................................. 114......................................................... 115............................................. 116.............................................. 116 5...................................................... 121................................................................. 121...................................................... 122.......................................... 123.............................................................. 124...................................................... 124 NAT.............................................................. 126 NAT................................... 127 NAT...................................................... 128.............................................. 128 NAT...................................................... 129.................................................... 130.............................................................. 131...................................................... 133.............................. 133.............................................. 133...................................................... 134.............................................. 134 DoS.......................................................... 135 DoS...................................................... 136......................................................... 137 Palo Alto Networks 5

....................................................... 138................................................... 139..................................................... 140 URL...................................................... 141................................................. 143..................................................... 146 DoS.......................................................... 147.......................................................... 148......................................................... 149...................................................... 149........................................................ 150.......................................................... 150................................................. 151...................................................... 153.......................................... 156.................................................... 158....................................................... 158.................................................................. 159................................................................ 160.............................................................. 160 URL....................................................... 161...................................................... 162............................................. 163....................................................... 164.............................................................. 165.................................................................. 166 6............................................................. 167............................................................ 168.................................................. 169.......................................................... 171.......................................................... 172...................................................... 173...................................................... 174...................................................... 175...................................................... 176...................................................... 177.............................................................. 178...................................................... 181 Botnet........................................................ 181 Botnet.................................................... 181 Botnet.................................................... 182 PDF...................................................... 183...................................................... 185............................................................ 185............................................ 186.............................................................. 186........................................................ 187............................................ 188.......................................................... 189 Palo Alto Networks App-ID..................................... 189......................................................... 190........................................................ 190 6 Palo Alto Networks

7.................................................... 193....................................................... 193................................................... 193......................................................... 194 User-ID................................................. 194 User-ID Agent....................................................... 194...................................................... 195 PAN-OS........................................................... 195......................................................... 195...................................................... 196.............................................. 196 User-ID Agent..................................................... 199 User-ID Agent.................................................. 199 User-ID Agent.................................................. 200...................................................... 202 User-ID Agent.............................................. 203 User-ID Agent............................................ 203..................................................... 203.............................. 203 Terminal Server Agent............................. 204 Terminal Server Agent............................. 207 8 IPSec........................................................... 209......................................................... 210 IPSec VPN SSL-VPN............................................... 211 VPN.......................................................... 211 IPSec IKE........................................................... 211 IPSec IKE............................................ 212 IPSec VPN........................................................ 212 IKE...................................................... 214 IPSec..................................................... 215 IKE.............................................. 216 IPSec............................................. 217.................................................. 217 IPSec...................................... 218 VPN........................................................ 218.......................................................... 219............................................................ 219 VPN..................................................... 220 VPN.................................................. 221 9 GlobalProtect........................................................ 223................................................................. 223 GlobalProtect.............................................. 224 GlobalProtect..................................................... 224 GlobalProtect......................................... 232 GlobalProtect............................................ 233 Palo Alto Networks 7

10........................................................... 235 QoS...................................................... 235 QoS.............................................. 236 QoS..................................................... 238 QoS......................................................... 239 QoS..................................................... 242 11 Panorama........................................................... 243.................................................................. 244 Panorama......................................................... 244 Panorama................................................ 245 Panorama................................................... 245 SSL.......................................................... 246 Panorama........................................ 246.......................................................... 247 HA............................................................... 248 HA............................................ 249 12 Panorama.............................................. 251 Panorama Web................................................ 252 Panorama.................................................... 252 Panorama....................................................... 253.............................................................. 254........................................................... 255.................................................... 255.............................................................. 256.............................................................. 257.............................................................. 258 Panorama................................................... 259........................................................ 259..................................................... 259..................................................... 259.................................................... 260........................................................ 261.......................................................... 261 Panorama.................................................... 262 13 WildFire................................................................. 263 WildFire.......................................................... 263 WildFire...................................................... 263 WildFire........................................... 264 WildFire...................................................... 264 WildFire............................................. 265 WildFire..................................................... 266 8 Palo Alto Networks

A.............................................................. 267................................................... 267................................................. 269................................................. 269 URL................................................. 270........................................... 271................................................. 271 Web............................................ 272 URL................................................ 272 SSL VPN...................................................... 273 SSL.................................................. 274 B........................................ 275................................................. 275......................................................... 277......................................................... 277 C.................................................... 279 D.............................................................. 281........................................................... 282 BSD.................................................................. 283 GNU.................................................. 284 GNU............................................ 287 MIT/X11.............................................................. 291 OpenSSH............................................................. 292 PSF.................................................................. 295 PHP.................................................................. 295 Zlib.................................................................. 296.................................................................... 297 Palo Alto Networks 9

10 Palo Alto Networks

12 21, 2011 - Palo Alto Networks 11 13 13 13 Web Palo Alto Networks 1 2 3 4 5 / 6 7 8 IPSec IP (IPSec) Palo Alto Networks 11

9 GlobalProtect GlobalProtect 10 (QoS) 11 Panorama Palo Alto Networks 12 Panorama Panorama 13 WildFire WildFire A HTML B Palo Alto Networks C 140-2 D 12 Palo Alto Networks

Web (URL) SecuritySecurity Rules Palo Alto Networks http://www.paloaltonetworks.com a:\setup Devices Administrators Clone Rule Palo Alto Networks 13

14 Palo Alto Networks

1 16 17 Palo Alto Networks 80 IPv4 IPv6 IPv4 IPv6 Palo Alto Networks 15

SSL 137 URL 141 URL Web 167 GlobalProtect GlobalProtect / 67 HA WildFire Web (CLI) Panorama Web Web 16 Palo Alto Networks

25 Web Web HTTP HTTPS CLI Telnet (SSH) PAN-OS Panorama Palo Alto Networks Web Panorama Web Panorama 243 Panorama Panorama 251 Panorama (SNMP) RFC 1213 (MIB-II) RFC 2665 SNMP 54 SNMP Syslog Syslog 56 Syslog XML API (REST) https://<firewall>/api API <firewall> IP API DevCenter http://live.paloaltonetworks.com XML API Palo Alto Networks 17

18 Palo Alto Networks

2 20 21 Web 25 Panorama 243 Panorama 1. 2. https://support.paloaltonetworks.com App-ID 3. IP Palo Alto Networks 19

1. RJ-45 (MGT) 2. 255.255.255.0 192.168.1.0 IP 192.168.1.5 3. Web https://192.168.1.1 Palo Alto Networks 4. admin Login OK 5. Device Setup Web 21 Web Management Management Interface Settings IP Services (DNS) IP (NTP) IP Support Palo Alto Networks Register Device Activate support using authorization codes 6. Devices Administrators 7. admin 8. New Password Confirm New Password 15 9. OK 10. 5 IP 23 20 Palo Alto Networks

Web Web Objects Device Add Delete OK Cancel Clone Palo Alto Networks 21

Web Help Tasks Task Manager Show Devices Setup OK Save OK candidate 22 Palo Alto Networks

Web Web Commit Advanced Include Device and Network configuration Include Shared Object configuration Include Policy and Objects Include virtual system configuration 30 Vulnerability Protection Objects Security Profiles Vulnerability Protection Objects > Security Profiles > Vulnerability Protection Palo Alto Networks 23

Web Web Config lock Commit Lock Locks Take a Lock OK Close Lock Locks Yes Close Lock 24 Palo Alto Networks

Device Setup Management Automatically acquire commit lock 28 Web Web Internet Explorer 7 Firefox 3.6 Safari 5 Chrome 11 http://www.paloaltonetworks.com Web Help / https://live.paloaltonetworks.com/community/devcenter http://live.paloaltonetworks.com KnowledgePoint https://support.paloaltonetworks.com Palo Alto Networks 25

26 Palo Alto Networks

3 38 38 39 PAN-OS 40 41 44 48 49 50 54 SNMP 56 Syslog 56 57 58 Netflow 58 61 73 77 78 Palo Alto Networks 27

30 33 34 ID 35 WildFire 263 WildFire Device > Setup > Management Setup WildFire IP 94 Edit 1. General Settings Host Name Domain Login Banner Timezone Locale Time Serial Number 31 (FQDN) 31 Name Password PDF 183 PDF Set Time YYYY/MM/DD 24 (HH:MM:SS) Panorama 28 Palo Alto Networks

1. Geo Location Automatically acquire commit lock Certificate Expiration Check Multi Virtual System Capability Authentication Settings Authentication Profile Client Certificate Profile Idle Timeout # Failed Attempts Lockout Time Panorama Settings Panorama Server Panorama Server 2 Receive Timeout for connection to Panorama Send Timeout for connection to Panorama Retry Count for SSL send to Panorama Management Interface Settings MGT Interface Speed MGT Interface IP Address -90.0 90.0-180.0 180.0 24 Setup Multi Virtual System Capability Edit OK 73 44 49 1-1440 0 Web CLI Web CLI 1-10 00 0-60 0 Panorama Palo Alto Networks IP Panorama Panorama Disabled Shared Policies Panorama Import shared policies from Panorama before disabling OK Panorama (HA) HA Panorama Panorama TCP 1-120 20 TCP Panorama 1-120 20 (SSL) Panorama 1-64 25 10Mbps 100Mbps 1Gbps IP IP Palo Alto Networks 29

1. Netmask Default Gateway MGT Interface IPv6 Address Default IPv6 Gateway MGT Interface Services Permitted IPs Logging and Reporting Settings Log Storage Max. Rows in User Activity Report Number of Versions for Config Audit Number of Versions for Config Backups Stop Traffic when LogDb full Send Hostname In Syslog IP 255.255.255.0 IP IPv6 IPv6 IPv6 HTTP HTTPS Telnet (SSH) / Ping IP 100% 100% OK Restore Defaults 1-1048576 65535 100 Panorama 100 syslog syslog Device > Setup > Operations OK Commit Save Commit 30 Palo Alto Networks

Save 2. Restart Data Plane Web CLI debug swm revert PAN-OS (running-config.xml ) Save (running-config.xml ) (running-config.xml ) / Browse Reboot Device PAN-OS 30 Web CLI request restart system PAN-OS Restart Dataplane Web CLI request restart dataplane PAN-OS Palo Alto Networks 31

2. Custom Logo SNMP Setup Statistics Service Setup Custom Logo (UI) PDF 183 PDF PDF png gif jpg 128 KB PDF PDF 183 PDF SNMP 36 SNMP 37 Commit commit CLI Web CLI 24 32 Palo Alto Networks

Device > Setup > Services Services (DNS) (NTP) 3. DNS Primary DNS Server Secondary DNS Server Primary NTP Server Secondary NTP Server Update Server Secure Proxy Server Secure Proxy Port Secure Proxy User Secure Proxy Password Confirm Secure Proxy Password Service Route Configuration DNS FQDN DNS DNS DNS DNS DNS IP DNS DNS FDQN DNS IP NTP IP NTP NTP IP Palo Alto Networks IP updates.paloaltonetworks.com Palo Alto Networks IP Service Route Configuration Use Management Interface for all Select Source Address Palo Alto Networks 33

ID Device > Setup > Content-ID Content-ID URL 4. ID URL Filtering Dynamic URL Cache Timeout URL Continue Timeout URL Admin Override Timeout URL Admin Lockout Timeout x-forwarded-for Strip-x-forwarded-for URL Admin Override Settings for URL admin override Edit URL URL URL 141 URL continue URL continue 1-86400 15 URL 1-86400 900 URL 1-86400 1800 IP X-Forwarded-For X-Forwarded-For HTTP IP Src x.x.x.x URL x.x.x.x IP Source User IP X-Forwarded-For IP URL Override 141 URL Add URL Location Password/Confirm Password Server Certificate SSL Mode Redirect IP 34 Palo Alto Networks

4. ID Content-ID Features Manage Data Protection Container Pages Manage Data Protection Set Password Change Password Delete Password text/html text/xml text/plain application (pdf) image (jpeg) URL Location Add Device > Setup > Session Sessions IPv6 5. Session Settings Rematch Sessions ICMPv6 Token Bucket Size ICMPv6 Error Packet Rate Jumbo Frame Jumbo Frame MTU Enable IPv6 Firewalling Edit Rematch all sessions on config policy change Telnet Deny Telnet ICMPv6 ICMPv6 10-65535 100 ICMPv6 10-65535 / 100 MTU 9192 http://www.paloaltonetworks.com IPv6 Edit IPv6 Firewalling IPv6 IPv6 Palo Alto Networks 35

5. Accelerated Aging Session Timeouts Timeouts Server CRL/OCSP Enable Receive Timeout Enable OCSP Receive Timeout Block Unknown Certificate Block Timeout Certificate Certificate Status Timeout (%) Accelerated Aging Threshold (% full) Accelerated Aging Scaling Factor 10 3600 360 CRL SSL (CA) (CRL) SSL SSL (OCSP) SSL 131 CRL 1-60 OCSP SSL OCSP 1-60 1-60 SNMP Device > Setup > Operations SNMPv2c SNMPv3 SNMP (MIB) Setup SNMP Setup MIB SNMP ID (OID) SNMP (varbind) 6. SNMP Physical Location Contact Use Event-Specific Trap Definitions MIB SNMP OID 36 Palo Alto Networks

6. SNMP Version SNMP V2c V3 MIB V2cpublic V2c SNMP Community String SNMP public V3 Views Add Name View OID (OID)1.2.3.4 Option OID Mask 0xf0 OID Users Add Users View Auth Password 8 (SHA) Priv Password 8 (AES) Device > Setup > Operations Statistics Service Setup Palo Alto Networks URL Panorama URL Report Sample Palo Alto Networks 37

Device > Config Audit Config Audit Go 1. Panorama Panorama Device > Licenses Palo Alto Networks URL URL Activate Licenses URL Activate Retrieve license keys from license server 38 Palo Alto Networks

PAN-OS Activate feature using authorization code OK a. http://support.paloaltonetworks.com b. c. Manually upload license key Browse OK Web URL CLI PAN- OS PAN-OS Device > Software PAN-OS Palo Alto Networks PAN-OS Software Refresh Palo Alto Networks Release Notes 4.1.0 3.1.9 4.1.4 Download Downloaded Install Upload PC Install from File OK PAN-OS PAN-OS PAN-OS Decrypt failed: GnuPG edit non-zero, with code 171072 Failed to load into PAN software manager. Palo Alto Networks 39

PAN-OS PAN-OS (HA) HA 61 HA 1. 2. PAN-OS 3. 4. 5. 6. 2 3 Device > Dynamic Updates Palo Alto Networks URL GlobalProtect Dynamic Updates Application and Threats Antivirus URL Filtering Check Now Palo Alto Networks Upgrade Revert Release Notes Upload PC Install from File OK Schedule Download Only Dynamic Updates Upgrade OK 40 Palo Alto Networks

Local database RADIUS (RADIUS) LDAP (LDAP) Kerberos Kerberos Client Certificate RADIUS LDAP Kerberos DB 44 41 49 SSL (VPN) 223 GlobalProtect 43 49 Device > Admin Roles Admin Roles 42 7. Name Role 31 Palo Alto Networks 41

7. WebUI CLI Role Web / CLI disable CLI superuser superreader deviceadmin devicereader Device > Administrators admin Password authentication Client certificate authentication (web) Public key authentication (SSH) / 8. Name Authentication Profile Use only client certificate authentication (web) 15 RADIUS LDAP Kerberos DB 44 Web 42 Palo Alto Networks

8. New Password Confirm New Password Use Public Key Authentication (SSH) Role Virtual System 15 SSH Import Key IETF SECSH OpenSSH DSA 1024 RSA 768-4096 Dynamic Superuser Superuser (Read Only) Device Admin Device Admin (Read Only) Vsys Admin Vsys Admin (Read Only) Role Based Admin 41 Role Based 41 Add Available Selected Panorama Administrators Device > Access Domain Access Domain RADIUS (VSA) RADIUS RADIUS RADIUS RADIUS Palo Alto Networks 43

9. Name Virtual Systems 31 Available Add RADIUS LDAP Kerberos SSL-VPN SSL-VPN Setup 28 Setup RADIUS RADIUS RADIUS http://support. paloaltonetworks.com Settings None Device > Authentication Profile Authentication Profile 10. Name Shared Lockout Time Failed Attempts 31 0-60 0 0 1-10 00 44 Palo Alto Networks

10. Allow List Authentication Server Profile Login Attribute Password Expiration Warning Edit Allow List Available Add Selected All Search Available Add Selected Remove any None Local DB RADIUS RADIUS LDAP LDAP Kerberos Kerberos RADIUS LDAP Kerberos Server 46 RADIUS 47 LDAP 47 Kerberos Active Directory LDAP LDAP LDAP Active Directory edirectory Sun ONE Directory SSL-VPN 223 GlobalProtect SSL-VPN <SCRIPT> function getpasswarnhtml(expdays) { var str = "Your password will expire in " + expdays + " days"; return str; } </SCRIPT> str Device > Local User Database > Users Local Users Palo Alto Networks 45

11. Local User Name Location Mode Enable 31 Shared Password Phash Device > Local User Database > User Groups Local User Groups 12. Local User Group Name RADIUS Location All Local Users Device > Server Profiles > RADIUS 31 Shared Add RADIUS RADIUS 44 13. RADIUS Name Location Administrator Use Only Domain Timeout Retries Retrieve User Group 31 Shared RADIUS 1-30 3 1-5 3 RADIUS VSA 46 Palo Alto Networks

13. RADIUS Servers Name IP address IP Port Secret/Confirm Secret RADIUS LDAP Device > Server Profiles > LDAP LDAP LDAP 44 14. LDAP Name Location Administrator Use Only Servers Domain Type Base Bind DN Bind Password/ Confirm Bind Password SSL Time Limit Bind Time Limit Retry Interval 31 Shared LDAP IP Palo Alto Networks SSL (TLS) 0-60 30 0-60 30 LDAP 1-3600 Kerberos Active Directory Palo Alto Networks 47

Device > Server Profiles > Kerberos Kerberos Active Directory RADIUS Internet (IAS) Kerberos Kerberos Kerberos 44 Kerberos domain realm Kerberos domain\username username@realm 15. Kerberos Name Location Administrator Use Only Realm Domain Servers 31 Shared 127 user@example.local example.local 31 Kerberos Add Server IP Host FQDN Port Active Directory LDAP 48 Palo Alto Networks

Device > Authentication Sequence Authentication Sequence 44 16. Profile Name Shared Lockout Time Failed Attempts Profile List 31 0-60 0 0 1-10 00 Move Up Move Down Device > Client Certificate Profile Setup SSL-VPN 28 196 17. Name Location Username Field Domain CA Certificates Use CRL Use OCSP CRL Receive Timeout OCSP Receive Timeout Certificate Status Timeout 31 CA OCSP URL CA Add (CRL) OCSP CRL 1-60 OCSP 1-60 1-60 Palo Alto Networks 49

17. Block Unknown Certificate Block Timeout Certificate Monitor > Logs Panorama SNMP syslog 18 Alarms Configuration Data Filtering HIP Match System Threat Alarms 57 Panorama syslog SNMP After Change Before Change 146 HIP GlobalProtect (HIP) 223 GlobalProtect HA SNMP / 124 167 50 Palo Alto Networks

18 Traffic URL Filtering allow deny drop / 167 URL URL 141 URL Panorama SNMP syslog 19 Destination Panorama SNMP trap Syslog Email Panorama Panorama 28 SNMP SNMP 54 SNMP Syslog syslog 56 Syslog 56 Device > Scheduled Log Export CSV (FTP) FTP 3 FTP OK Scheduled Log Export Palo Alto Networks 51

20. Name Enabled Log Type Scheduled export start time (daily) Hostname Port Passive Mode Username Password Device > Log Settings > Config 31 URL HIP 24 (hh:mm) (00:00-23:59) FTP IP FTP 21 FTP FTP anonymous Panorama syslog / 21. Panorama SNMP Trap Email Syslog Panorama SNMP SNMP 54 SNMP 56 syslog syslog syslog 56 Syslog Device > Log Settings > System Panorama SNMP syslog / HA 52 Palo Alto Networks

22. Panorama SNMP Trap Email Syslog Panorama Panorama 28 Critical HA High syslog RADIUS Medium Low Informational / SNMP syslog / 54 SNMP 56 Syslog 56 HIP Device > Log Settings > HIP Match (HIP) GlobalProtect 223 23. HIP Panorama SNMP Trap Email Syslog Device > Log Settings > Alarms Panorama HIP SNMP SNMP 54 SNMP 56 syslog syslog syslog 56 Syslog Alarms Palo Alto Networks 53

SNMP 24. Enable Alarms Enable CLI Alarm Notifications Enable Web Alarm Notifications Enable Audible Alarms Encryption/Decryption Failure Threshold Log DB Alarm Threshold % Full Security Policy Limits Security Rule Group Limits Selective Audit CLI Web CLI / IP Security Violations Time Period Security Violations Threshold Security Rule Group Violations Time Period Security Rule Group Violations Threshold Security Rule Group Tags Common Criteria Alarms CC Specific Logging Common Criteria (CC) Login Success Logging Login Failure Logging Suppressed Administrators Device > Log Settings > Manage Logs SNMP Device > Server Profiles > SNMP Trap SNMP SNMP 52 54 Palo Alto Networks

SNMP 25. SNMP Name Shared Version V2c settings V3 settings SNMP 31 SNMP SNMP V2c Server SNMP 31 Manager IP Community V3 Server SNMP 31 Manager IP User SNMP EngineID SNMP ID Auth Password SNMP Priv Password SNMP SNMP MIB SNMP MIB SNMPv2-MIB DISMAN-EVENT-MIB IF-MIB HOST-RESOURCES-MIB ENTITY-SENSOR-MIB PAN-COMMON-MIB PAN-TRAPS-MIB Palo Alto Networks Technical Documentation MIB http://support.paloaltonetworks.com Palo Alto Networks 55

Syslog Syslog Device > Server Profiles > Syslog HIP syslog Syslog syslog 52 26. Syslog Name Shared Servers Name Server Port Facility Custom Log Format Log Type Escaping syslog 31 Add Syslog 31 syslog IP syslog 514 Log Format Log Format OK Escaped characters Device > Server Profiles > Email 52 186 56 Palo Alto Networks

27. Name Shared Servers Server Display Name From To And Also To Gateway Custom Log Format Log Type Escaping 31 1-31 From security_alert@company.com (SMTP) IP Log Format OK Web Alarms Acknowledge Acknowledge Alarms Device > Log Settings > Alarms > Alarm Settings Enable Alarms Alarms Palo Alto Networks 57

Netflow Netflow Device > Server Profiles > Netflow IP Netflow Version 9 Netflow IPv4 IPv4 NAT IPv6 App-ID User-ID PAN-OS 4000 Netflow Netflow Netflow Netflow Netflow Netflow 82 28. Netflow Name Template Refresh Rate Active Timeout Export PAN-OS Specific Field Types Servers Name Server Port Netflow 31 Netflow 1-3600 30 1-600 20 Netflow PAN-OS App-ID User-ID 31 IP 2055 Device > Certificates Certificates Forward Trust CA CA Certificates Forward Trust Certificate Forward Untrust CA CA 58 Palo Alto Networks

Trusted Root CA CA CA CA CA CA CA SSL Exclude SSL SSL Certificate for Secure Web GUI Web Web Certificates Web CA SSL a. Import b. c. PKCS #12 PEM d. Import Private Key PKCS #12 PEM *.key e. a. b. Export c. PKCS#12.pfx.pem d. Export Private Key e. Save Palo Alto Networks 59

a. Generate Generate Certificate b. Forward Trust Forward Untrust Trusted Root CA SSL Exclude Certificate for Secure Web GUI Panorama Panorama Panorama 251 Panorama (HA) Import HA Key HA Export HA Key HA 1 2 29. Certificate Name Common Name Location Signed By Certificate Authority Number of Bits Digest Country State Locality Organization Department Email 31 IP FQDN Shared CA CA / ISO 6366 Country Codes Device > Master Key and Diagnostics Master Key and Diagnostics 30. Master Key 60 Palo Alto Networks

30. New Master Key Confirm Master Key Life Time Time for Reminder Common Criteria Common Criteria PAN-OS / / (HA) HA / HA / HA HA HA HA HA / HA / HA App-ID Content-ID App-ID Content-ID 7 PAN-OS HA3 Palo Alto Networks 61

/ 3 3 HA3 App-ID Content-ID 3 IP ARP IP IP 3 Static interface IP 3 IP / HA / Floating IP (VRRP) HA IP IP ID IP HA ARP load sharing (ARP) / App-ID Content-ID (1) (2) primary device / HA IP modulo IP IP IP HA Primary Device Hash HA App-ID Content-ID 62 Palo Alto Networks

HA HA3 7 NAT / HA 3 IPv6 / IPv6 Virtual Wire Deployment / App-ID Content-ID Layer 3 Floating IP Deployment HA IP IP MAC ARP VRRP IP IP VPN (NAT) Layer 3 ARP Load-Sharing ARP Load-Sharing HA IP IP ARP HA IP ARP ARP Load-Sharing 3 ARP Load-Sharing Layer 3 Route Based Redundancy (Static Interface IPs) (OSPF) IP HA / NAT / HA / / Web NAT NAT NAT NAT NAT NAT 1 1 NAT 0 Palo Alto Networks 63

NAT Device 0 and Device 1 NAT ID IP NAT Both NAT NAT Primary NAT NAT ARP 0/1 / NAT IP IP/ IP IP/ NAT Device ID 0 1 HA IP Device 0 1.1.1.1 Device 1 1.1.1.2 0 1.1.1.1 IP 2. IP 31. IP Name Source Zone Destination Zone Source Translation Active/Active HA Binding Src NAT Device 0 Src NAT Device 1 L3Trust L3Untrust dynamic-ip-andport 1.1.1.1 L3Trust L3Untrust dynamic-ip-andport 1.1.1.2 0 1 64 Palo Alto Networks

Internet (ISP) IP NAT Device ID 0 1Device 0 1.1.1.1 Device 1 2.2.2.1 Device 0 Device 1 IP 1.1.1.1 ISP ISP IP IP 3. IP 32. IP Name Source Zone Destination Zone Source Translation Active/Active HA Binding Src NAT Device 0 Src NAT Device 1 L3Trust L3Untrust dynamic-ip-andport 1.1.1.1 L3Trust L3Untrust dynamic-ip-andport 2.2.2.1 0 1 Palo Alto Networks 65

IP NAT 3.3.3.30 10.0.0.200 4. IP 33. IP Name Source Zone Destination Zone Destination Address Destination Translation Active/Active HA Binding DNAT Prov Indep L3Untrust L3Untrust 3.3.3.30 address: 10.0.0.200 both HA HA 1. 2. Factory Reset PAN- OS 3. Internet 4. RJ-45 HA1 HA2 HA1 HA2 / HA3 HA3 66 Palo Alto Networks

HA HA 1/15 1/16 5. Network HA HA 5. HA 6. HA 67 HA HA HA HA Device > High Availability 66 HA HA HA High Availability Edit 34. HA General Setup Enable HA HA Group ID / 1 31 / 2 ID Description / Mode active-active active-passive Peer HA IP Address Control Link HA1 IP Backup Peer HA IP Address HA IP IP Enable Config Sync Link Speed HA Link Duplex HA Palo Alto Networks 67

34. HA Election Settings Device Priority 0-255 Heartbeat Backup HA IP HA1 HA Preemptive Preemption Hold Time 0-60000 ms 0 ms Promotion Hold Time / / HA Hello Interval HA PA-4000/PA-5000 1000-60000 ms PA-200/PA-2000/PA-500 8000-60000 ms PA-4000/PA-5000 1000 ms PA-200/PA-2000/PA-500 8000 ms Heartbeat Interval HA ICMP Ping 1000-60000ms 1000ms Maximum No. of Flaps 15 0-16 3 0 Monitor Fail Hold Up Time (ms) HA 0-60000 ms 0 ms Additional Master Hold Up Time (min) Monitor Fail Hold Up Time 0-60000 ms 500 ms / / / 68 Palo Alto Networks

34. HA Control Link (HA1) Port HA1 HA1 HA IP Address HA1 HA1 HA1 IP Netmask HA1 HA1 IP 255.255.255.0 Gateway HA1 HA1 IP Control Link Monitor Hold Time (ms) 1000-60000 3000 HA1 Encryption Enabled HA HA HA HA HA1 / Certificates 60 Monitor Fail Hold Up Time (ms) 0-60000 0 HA Palo Alto Networks 69

34. HA Data Link (HA2) Link and Path Monitoring Path Monitoring Path Group Port HA HA2 IP Address HA2 HA2 HA IP Netmask HA2 HA2 HA Gateway HA2 HA2 HA HA HA2 IP Gateway State Synchronization Enabled Transport Ethernet (Ethertype 0x7261) IP 3 IP 99 UDP IP UDP 29281 Link Speed (Models with dedicated HA ports only) HA2 Link Duplex (Models with dedicated HA ports only) HA2 Enabled ICMP ping IP 2 3 Failure Condition Virtual Wire VLAN Virtual Router Add Name Enabled Failure Condition Source IP VLAN IP IP IP IP IP Destination IPs 70 Palo Alto Networks

34. HA Link Monitoring Link Groups Active Passive Passive Link State Monitor Fail Hold Down Time Active Active Enabled Failure Condition Add Name Enabled Failure Condition Interfaces auto 3 auto shutdown 1 60 1 Packet Forwarding HA3 App-ID Content-ID 7 HA3 Interface VR Sync QoS Sync Session Owner Selection Session Setup / HA HA QoS QoS Network QoS QoS Primary Device / 7 First packet App-ID Content-ID 7 HA3 IP Modulo IP Primary Device IP Hash IP IP Palo Alto Networks 71

HA HA Preemption HA Preemption IP OS LED HA CLI request high-availability state suspend High Availability Device Suspend CLI request high-availability state functional HA CLI show high-availability all CLI show high-availability state Device Config Audit Dashboard HA Push Configuration Web CLI request high-availability sync-to-remote running-config CLI show jobs processed PA-200 HA Lite PA-200 / HA HA lite IPSec DHCP DHCP PPPoE 3 72 Palo Alto Networks

VLAN 97 NAT QoS PA-4000 PA-5000 PA-2000 PA-500 PA- 200 6 Internet Device admin Dept 1 VSYS Dept 2 VSYS Dept 3 VSYS Dept 4 VSYS Policies Policies Policies Policies vsys admin vsys admin vsys admin vsys admin 6. (vsys1) Policies Objects Virtual System VLAN 75 Palo Alto Networks 73

SNMP syslog external Dept 1 VSYS Dept 2 VSYS VSYS 1 VSYS 2 VSYS 1 VSYS 2 VSYS 2 VSYS 1 VSYS Internet Dept 1 VSYS Dept 2 VSYS Dept 3 VSYS Dept 4 VSYS Policies Policies Policies Policies 7. 74 Palo Alto Networks

74 IP Internet a.a.a.a b.b.b.b c.c.c.c d.d.d.d Dept 1 VSYS Dept 2 VSYS Dept 3 VSYS Dept 4 VSYS 8. ISP IP IP 9 Internet x.x.x.x Shared gateway a.a.a.a b.b.b.b c.c.c.c d.d.d.d Dept 1 VSYS Dept 2 VSYS Dept 3 VSYS Dept 4 VSYS 9. NAT Virtual System Palo Alto Networks 75

Device > Virtual Systems Device > Setup Management General Settings Edit Multi Virtual System Capability Virtual Systems Virtual Systems Add 35. ID Name General Resource 31 DNS DNS 114 DNS VLAN Add Delete Sessions Limit Security Rules NAT Rules NAT Decryption Rules QoS Rules QoS Application Override Rules PBF Rules (PBF) CP Rules (CP) DoS Rules (DoS) Site to Site VPN Tunnels VPN Concurrent GlobalProtect Tunnel Mode Users GlobalProtect VLAN OK Network > Zones 97 Network > Interfaces Device > Shared Gateways 76 Palo Alto Networks

3 3 85 3 36. ID Name Interfaces 31 Device > Response Pages URL HTML A 37. Antivirus Block Application Block Captive Portal Comfort File Blocking Block File Blocking Continue GlobalProtect Portal Help GlobalProtect Portal Login GlobalProtect Welcome Page SSL Certificate Revoked Notify Active Directory 143 GlobalProtect GlobalProtect GlobalProtect 223 GlobalProtect GlobalProtect 223 SSL SSL Palo Alto Networks 77

37. URL URL Filtering and Category Match Block Page Continue URL 1 URL URL URL Response Pages HTML Import HTML HTML Export Application Block SSL Decryption Opt-out Enable Enable Restore Block Page Restore Device > Support Support Palo Alto Networks Palo Alto Networks Support Manage Cases Palo Alto Networks Generate Tech Support Download Tech Support File 78 Palo Alto Networks

4 82 96 98 VLAN 98 112 DHCP 114 DNS 115 VPN 209 IPSec 209 IPSec (QoS) 235 Palo Alto Networks 79

Internet 81 2 81 3 81 82 10 LAN (VLAN) default-vwire 1 2 No routing or switching performed User network Internet 10. 90 80 Palo Alto Networks

2 2 VLAN 2 11 Switching between two networks User network Internet 11. 2 3 3 IP NAT 12 Routing between two networks 10.1.2.1/24 10.1.1.1/24 User network Internet 12. 3 (PPPoE) (DSL) DSL PPPoE 3 PPPoE 85 3 DHCP DHCP IP SPAN SPAN SPAN SPAN QoS Palo Alto Networks 81

Network > Virtual Wires 80 90 38. Virtual Wire Name Interfaces Tags Allowed Multicast Firewalling Link State Pass Through 31 0 4094 (tag1-tag2) Multicast Firewalling Virtual Wires OK Interfaces 90 Delete Interfaces 39. Interface 2 3 VLAN 2 VLAN 2 85 2 86 2 3 VLAN 3 IP 87 3 90 3 82 Palo Alto Networks

39. Interface Aggregate Ethernet 2 3 93 QoS Aggregate Ethernet VLAN VLAN VLAN VLAN 3 92 VLAN Tunnel Virtual Wire High Availability GlobalProtect IPSec 3 IP 94 95 VLAN NAT 90 SPAN URL 95 Palo Alto (HA) 96 HA Network > Interfaces Interfaces IP VLAN VLAN Interfaces none 2 Network > Interfaces > Ethernet VLAN 2 2 2 VLAN 84 2 VLAN VLAN 3 92 VLAN 2 Ethernet Palo Alto Networks 83

40. 2 Interface Name Interface Type Netflow Profile Comment Config VLAN Virtual System Zone Advanced Link Speed Link Duplex Link State Layer 2 Netflow 58 Netflow VLAN New VLAN 98 VLAN None None New 97 None Mbps 10 100 1000 (Full) (Half) (Auto) (Up) (Down) (Auto) 2 Network > Interfaces 2 VLAN 2 2 83 2 2 Add Layer 2 Subinterface 41. 2 Interface Name Tag Netflow Profile Comment 2 2 83 2 1 9999 ethernetx/y.<1-9999> 1 4094 Netflow 58 Netflow 84 Palo Alto Networks

3 41. 2 VLAN Zone Virtual System Network > Interfaces > Ethernet 2 VLAN New VLAN 115 None None New 97 None 3 VLAN 3 88 3 PPPoE 3 81 3 Ethernet 42. 3 Interface Name Interface Type Netflow Profile Comment Config Virtual Router Virtual System Security Zone IPv4 Type Static Layer 3 Netflow 58 Netflow New 98 None None New 97 None IP Static PPPoE DHCP Client ip_address/mask IP Add IP IP Delete Palo Alto Networks 85

42. 3 PPPoE DHCP Client PPPoE PPPoE General Enable PPPoE Username Password/Confirm Password Advanced Authentication CHAP PAP Auto PPPoE Static IP Address IP Automatically create default route pointing to peer PPPoE Default Route Metric 1-65535 Access Concentrator Service Passive PPPoE DHCP Client DHCP IP Enable DHCP Automatically create default route point to server DHCP Default Route Metric 1-65535 Show DHCP Client Runtime Info DHCP DHCP IP DNS NTP WINS NIS POP3 SMTP 86 Palo Alto Networks

42. 3 IPv6 Enable IPv6 on the interface Interface ID Address Duplicate Address Detection Advanced Link Speed Link Duplex Link State Other Info ARP/Interface Entries ND Entries IPv6 64 00:26:08:FF:FE:DE:4E:29 Interface ID MAC EUI-64 Add IPv6 Prefix IPv6 Interface ID Anycast Prefix IPv6 (DAD) DAD Attempts DAD Neighbor Solicitation Interval 1-10 Neighbor Solicitation (NS) Interval DAD 1-10 Reachable Time 1-36000 Mbps 10 100 1000 (Full) (Half) (Auto) (Up) (Down) (Auto) Other Info Management Profile MTU 3 (MTU) 512 1500 1500 MTU (PMTUD) MTU ICMP MTU Adjust TCP MSS (MSS) MTU 40 MSS MSS Untagged Subinterface 3 IP VLAN ARP Add IP (MAC) 3 Add IP MAC Palo Alto Networks 87

3 Network > Interfaces 3 VLAN 3 3 85 3 3 Untagged Subinterface 3 VLAN ISP VLAN ISP IP IP NAT NAT NAT IP IP 3 Add Layer 3 Subinterface 43. 3 Interface Name Tag Netflow Profile Comment Config Virtual Router Virtual System Security Zone IPv4 Type Static 3 3 85 3 1 9999 ethernetx/y.<1-9999> 1 4094 Netflow 58 Netflow New 98 None None New 97 None IP Static PPPoE DHCP Client ip_address/mask IP Add IP IP Delete 88 Palo Alto Networks

43. 3 DHCP Client IPv6 Enable IPv6 on the interface Interface ID Address Duplicate Address Detection Advanced Other Info ARP Entries ND Entries DHCP Client DHCP IP Enable DHCP Automatically create default route point to server DHCP Default Route Metric 1-65535 Show DHCP Client Runtime Info DHCP DHCP IP DNS NTP WINS NIS POP3 SMTP IPv6 64 00:26:08:FF:FE:DE:4E:29 Interface ID MAC EUI-64 Add IPv6 Prefix IPv6 Interface ID Anycast Prefix IPv6 (DAD) DAD Attempts DAD Neighbor Solicitation Interval 1-10 Neighbor Solicitation (NS) Interval DAD 1-10 Reachable Time 1-36000 Other Info Management Profile MTU 3 (MTU) 512 1500 1500 MTU (PMTUD) MTU ICMP MTU Adjust TCP MSS (MSS) MTU 40 MSS MSS (ARP) IP MAC Add Delete ARP ARP man-in-the-middle Add IP MAC Palo Alto Networks 89

Network > Interfaces VLAN 80 1. Ethernet 2. 44. Interface Name Interface Type Netflow Profile Comment Config Virtual Wire Virtual System Zone Advanced Link Speed Link Duplex Link State Virtual Wire Netflow 58 Netflow New 82 None None New 97 None 10Gbps auto 10 100 1000 auto (Full) (Half) (Auto) (Up) (Down) (Auto) VLAN/Virtual Wire None OK 90 Palo Alto Networks

Network > Interfaces Aggregate 1 Gbps 802.3ad 1 Gbps 10Gbps XFP SFP+ Aggregate VPN VLAN Aggregate Aggregate Aggregate Ethernet Aggregate Aggregate Ethernet 2 3 Aggregate 2 3 1 Gig / HA HA3 Aggregate Ethernet 88 3 Add Aggregate Group 45. Aggregate Interface Name Interface Type Comment Virtual System mm.n mm n (1-8) HA Layer 2 41 Layer 3 43 Layer 2 VLAN Layer 3 Virtual Wire HA None Palo Alto Networks 91

Aggregate Ethernet Network > Interfaces Aggregate Ethernet ae.number 2 3 Ethernet VLAN 46. Aggregate Ethernet Interface Name Interface Type Netflow Profile Comment Config Virtual System Security Zone Advanced Link Speed Link Duplex Link State Network > Interfaces Aggregate Ethernet Netflow 58 Netflow None New 97 None Mbps 10 100 1000 (Full) (Half) (Auto) (Up) (Down) (Auto) 2 VLAN VLAN VLAN 3 2 83 2 VLAN VLAN Add 47. VLAN Interface Name Comment Config VLAN Virtual Router Virtual System (1-4999) VLAN New VLAN 115 None New 98 None None 92 Palo Alto Networks

47. VLAN Security Zone IPv4 Static DHCP Client ARP Entries IPv6 Enable Interface ID Address Neighbor Discovery Advanced Other Info ARP/Interface Entries ND Entries New 97 None Static IP Add ip_address/mask IP IP DHCP DHCP Enable DHCP Automatically create default route point to server DHCP Default Route Metric 1-65535 Show DHCP Client Runtime Info DHCP DHCP IP DNS NTP WINS NIS POP3 SMTP ARP IP (MAC) Add Delete IPv6 64 IPv6 Prefix IPv6 Interface ID Anycast 85 3 Neighbor Discovery Management Profile MTU MTU512 1500 1500 PMTUD MTU ICMP MTU Adjust TCP MSS (MSS) MTU 40 MSS MSS ARP Add IP (MAC) 3 Add IP MAC Palo Alto Networks 93

Network > Interfaces 3 VLAN Loopback Add 48. Interface Name Comment Config Virtual Router Virtual System Zone MTU Management Profile IPv4 IP Address IPv6 Enable Interface ID Address Advanced Other Info (1-4999) New 98 None None New 97 None MTU512 1500 1500 PMTUD MTU ICMP MTU Add IP IPv6 64 IPv6 Prefix IPv6 Interface ID Anycast Management Profile MTU 3 (MTU) 512 1500 1500 MTU (PMTUD) MTU ICMP MTU Adjust TCP MSS (MSS) MTU 40 MSS MSS 94 Palo Alto Networks

. Network > Interfaces Tunnel Add 49. Interface Name Comment IP Management Profile MTU Virtual Router Virtual System Zone (1-4999) IP 3 MTU512 1500 1500 PMTUD MTU ICMP MTU IP TCP (MSS) New 98 None None New 97 None Network > Interfaces SPAN 81 Ethernet 50. Interface Name Interface Type Netflow Profile Comment Config Virtual System Zone Tap Netflow 58 Netflow None New 97 None Palo Alto Networks 95

HA 50. Advanced Link Speed Link Duplex Link State Mbps 10 100 1000 (Full) (Half) (Auto) (Up) (Down) (Auto) HA / HA Palo Alto Networks HA HA HA 67 HA HA 51. HA Interface Name Interface Type Comment Advanced Link Speed Link Duplex Link State HA Mbps 10 100 1000 (Full) (Half) (Auto) (Up) (Down) (Auto) Internet 2 3 VLAN VLAN VLAN 3 13 2 3 96 Palo Alto Networks

13. Network > Zones New 52. Name Location Type Zone Protection Profiles Log Setting Enable User Identification User Identification ACL Include List 31 Layer2 Layer3 Virtual Wire Tap External vsys Layer 2 Layer 3 External vsys 74 116 IP IP / ip_address/mask 10.1.1.1/24 IP Palo Alto Networks 97

VLAN 52. User Identification ACL Exclude List IP IP / ip_address/ mask 10.1.1.1/24 IP VLAN Network > VLANs IEEE 802.1Q VLAN 2 VLAN VLAN 2 VLAN VLAN VLAN 3 VLAN 53. VLAN Name VLAN 31 VLAN VLAN Interface VLAN VLAN VLAN 92 VLAN L3 Forwarding Enabled VLAN 3 Interfaces VLAN Static MAC Configuration MAC MAC IP 3 VLAN 3 (RIP) (OSPF) (BGP) 3 98 Palo Alto Networks

RIP IP RIP UDP 520 15 15 RIP OSPF RIP v2 (LSA) OSPF LSA LSA OSPF RIP (BGP) Internet BGP (AS) IP AS IP BGP (RIB) RIB RIB BGP BGP BGP BGP BGP AS BGP IGP-BGP BGP BGP ID AS AS BGP MD5 AS Palo Alto Networks 99

PIMv2 Protocol Independent Multicast Sparse Mode (PIM-SM) PIM Source Specific Multicast (PIM-SSM) IGMP Internet (IGMP) 3 PIM-SM IGMP IGMP v1 v2 v3 PIM IGMP PAN-OS PIM (DR) PIM (RP) PIM IGMP RP (BSR) Palo Alto Networks IPSec IPSec GRE PAN-OS IGMP PIM Multicast QoS DoS Network > Virtual Routers 3 3 VLAN 3 85 3 3 88 3 98 General 54. - General Name Interfaces 31 82 100 Palo Alto Networks

54. - General Admin Distances 10-240 10 OSPF 10-240 30 OSPF 10-240 110 BGP (IBGP) 10-240 200 BGP (EBGP) 10-240 20 RIP 10-240 120 Static Routes IP IPv6 IPv4 IPv6 (0.0.0.0/0) 55. - Static Routes Name Destination Interface Next Hop Admin Distance Metric No Install 31 ip_address/mask IP / Next Hop None IP Address IP Discard Next VR 10-240 10 (1-65535) Redistribution Profiles RIP OSPF Redistribution Rules BGP Palo Alto Networks 101

56. - Redistribution Profiles Name Priority Redistribute General Filter Type Interface Destination Next Hop OSPF Filter Path Type Area Tag BGP Filter Community Extended Community Add Redistribution Profile 1-255 Redist No Redist IP x.x.x.x x.x.x.x/n Add IP x.x.x.x x.x.x.x/n Add OSPF OSPF OSPF ID x.x.x.x Add OSPF (1-255) Add BGP BGP RIP (RIP) RIP OSPF 57. - RIP Enable Reject Default Route Allow Redist Default Route Interfaces Interface Enable RIP RIP RIP RIP 102 Palo Alto Networks

57. - RIP Advertise Metric Auth Profile Mode Timers Interval Seconds (sec) Update Intervals Expire Intervals Delete Intervals Auth Profiles Profile Name Password Type Auth Profiles Export Rules RIP Advertise normal passive send-only RIP Timing (1-60) (1-3600) (1-3600) (1-3600) RIP RIP RIP Simple MD5 Simple MD5 Key-ID (0-255) Key Preferred Add OK Preferred OSPF (OSPF) RIP OSPF 58. - OSPF Enable Reject Default Route Router ID RFC 1583 Compatibility Areas Area ID OSPF OSPF OSPF ID OSPF ID OSPF OSPF ID OSPF ID OSPF RFC 1583 OSPF x.x.x.x Palo Alto Networks 103

58. - OSPF Type Range Interface Virtual Link Normal Stub (LSA) Accept Summary LSA (1-255) stub stub (ABR) Accept Summary OSPF Stubby ABR LSA NSSA(not so stub area) OSPF LSA Accept Summary LSA (1-255) stub LSA NSSA External Ranges Add Add LSA LSA OK Add OK Interface Enable OSPF Passive OSPF OSPF OSPF LSA Link type OSPF broadcast p2p p2mp p2mp Metric OSPF (0-65535) Priority OSPF (0-255) OSPF (DR) DR (BDR) DR BDR Auth Profile Timing Neighbors p2pmp IP (0.0.0.0) Add OK Name Neighbor ID ID Transit Area ID Enable Timing Auth Profile 104 Palo Alto Networks

58. - OSPF Auth Profiles Profile Name Password Type Export Rules Allow Redist Default Route Name New Path Type New Tag OSPF OSPF Simple MD5 Simple MD5 Key-ID (0-255) Key Preferred Add OK Preferred OSPF 32 BGP (BGP) 59. - BGP Enable Router ID AS Number General Allow Redistribute Default Route Reject Default Route Install Route Aggregate MED Default Local Preference AS Format Always Compare MED Deterministic MED Comparison Auth Profiles BGP IP ID AS 1-4294967295 BGP BGP BGP (MED) 2-byte 4-byte MED MED IBGP BGP Add Profile Name Secret/Confirm Secret BGP Palo Alto Networks 105

59. - BGP Advanced Graceful Restart Reflector Cluster ID Confederation Member AS Dampening Profiles Peer Group Name Enable Aggregated Confed AS Path Soft Reset with Stored Info Stale Route Time 1-3600 120 Local Restart Time 1-3600 120 Max Peer Restart Time 1-3600 120 IPv4 AS AS BGP Profile Name Enable Cutoff 0.0-1000.0 1.25 Reuse 0.0-1000.0 0.5 Max. Hold Time 0-3600 900 Decay Half Life Reachable 0-3600 300 Decay Half Life Unreachable 0-3600 300 AS 106 Palo Alto Networks

59. - BGP Type Import Next Hop Export Next Hop Import Next Hop Export Next Hop IBGP Export Next Hop EBGP Confed Export Next Hop IBGP Confed Export Next Hop EBGP Next Hop Import Next Hop Export Remove Private AS BGP AS original Next Hop use-peer IP Next Hop resolve Next Hop original Next Hop use-self IP Next Hop Palo Alto Networks 107

59. - BGP Peers New Name Enable Peer AS AS Local Address IP Connection Options Passive Connection Auth Profile Keep Alive Interval 0-1200 disabled 30 Multi Hop IP (TTL) 1-255 0 0 ebgp 2 ibgp 255 Open Delay Time TCP BGP 0-240 0 Hold Time KEEPALIVE UPDATE 3-3600 disabled 90 Idle Hold Time 1-3600 15 Peer Address IP Advanced Options Reflector Client Non-Client Client Meshed Client BGP Peering Type Max. Prefixes IP 1-100000 Incoming Connections/Outgoing Connections Allow 108 Palo Alto Networks

59. - BGP Import Rules/Export Rules Import Rules/Export Rules BGP Import Rules Export Rules Add General Name Enable Used by Match AS-Path Regular Expression AS Community Regular Expression Extended Community Regular Expression Address Prefix IP MED MED Next Hop From Peer Action Action Allow Deny Local Preference Allow MED MED (0-65535) Allow Weight Allow (0-65535). Next Hop Allow Origin IGP EGP incomplete Allow AS Path Limit AS Allow AS Path AS None Remove Prepend Remove and Prepend Allow Community None Remove All Remove Regex Append Overwrite Allow Extended Community None Remove All Remove Regex Append Overwrite Allow Dampening Allow Clone Palo Alto Networks 109

59. - BGP Conditional Adv Policy Used by Non Exist Filters Advertise Filters Add Import Rules Export Rules Import Rules Export Rules Aggregate Aggregate Filters Add General Suppress Filters Advertise Filters Aggregate Route Attributes Done Addresses Import Rules Export Rules Redist Rules Redist Rules Add Done Import Rules Export Rules Multicast 60. - Multicast Enable Rendezvous Point RP Type (RP) PIM RP RP None RP Static RP IP RP Interface RP Address RP RP Override learned RP for the same group Candidate RP RP Interface RP L3 VLAN RP Address RP IP Priority RP 192 Advertisement interval RP Group list Static Candidate Add RP RP 110 Palo Alto Networks

60. - Multicast Remote Rendezvous Point Add IP address RP IP Override learned RP for the same group RP RP Group RP Interfaces Name Interface Group Permissions IGMP Add Any Source Add PIM-SM Source-Specific Add PIM-SSM IGMP IGMP IGMP IGMP Enable IGMP IGMP Version 1 2 3 Enforce Router-Alert IP Option IGMPv2 IGMPv3 router-alert IP IGMPv1 Robustness 1-7 2 Max Sources 0 = Max Groups Query Configuration Query interval Max Query Response Time Last Member Query Interval Immediate Leave PIM configuration PIM Enable / PIM Assert Interval PIM Hello Interval PIM Join Prune Interval PIM 60 DR Priority BSR Border PIM Neighbors Add PIM Palo Alto Networks 111

DHCP 60. - Multicast SPT Threshold Name Source Specific Address Space Name Network > Virtual Routers (SPT) kbps Add SPT Multicast Group Prefix (kbps) SPT IP / Threshold (SSM) Add Name Group SSM Included SSM Virtual Routers More Runtime Stats 98 DHCP Network > DHCP DHCP DHCP 3 IP DHCP DHCP IPSec VPN IPSec DHCP IP IPSec VPN 209 IPSec DHCP Server DHCP Relay 61. DHCP DHCP Server Interface Mode 112 Palo Alto Networks

DHCP 61. DHCP Ping IP when allocating new IP Lease Inheritance Source Primary DNS Secondary DNS Primary WINS Secondary WINS Primary NIS Secondary NIS Primary NTP Secondary NTP Gateway POP3 Server SMTP Server DNS Suffix IP Pools Reserved Address DHCP Relay Interface IPv4 IPv6 IP Ping Unlimited Timeout DHCP DHCP PPPoE DHCP (DNS) IP Windows Internet (WINS) IP (NIS) IP IP DHCP IP (POP3) IP (SMTP) IP DHCP IP Add IP 192.168.1.0/24 IP 192.168.1.10-192.168.1.20 IP Edit Done Delete IP DHCP IP x.x.x.x MAC xx:xx:xx:xx:xx:xx Edit Done Delete IP Enabled IPv4 DHCP DHCP IPv4 Enabled IPv6 DHCP DHCP IPv6 IPv6 Palo Alto Networks 113

DNS DNS Network > DNS Proxy IP DNS DNS TCP UDP DNS DNS UDP UDP TCP DNS DNS DNS 62. DNS Name Enable Inheritance Source Primary Secondary Check inheritance source Interfaces DNS Proxy Rules Static Entries DNS 31 DNS DNS DNS DNS IP DHCP PPPoE DNS WINS NTP POP3 SMTP DNS Interface DNS Add Delete DNS Add Name Turn on/off caching of domains resolved by this mapping Domain Name Add Delete DNS *.engineering.local engineering.local Primary/Secondary DNS DNS IP DNS Add Domain Name DNS FQDN DNS Fully Qualified Domain Name (FQDN) Address Add IP Delete 114 Palo Alto Networks

62. DNS Advanced Cache DNS Size 1024-10240 1024 Timeout DNS 4 24 4 TCP Queries TCP DNS Max Pending Requests TCP DNS 64-256 64 UDP Queries Retries UDP Interval e 1-30 2 Attempts DNS 1-30 5 IKE IPSec IKE IPSec VPN 209 IPSec IKE IPSec VPN IKE IKE VPN 1 IPSec VPN 2 IPSec (PBF) IPSec Interface 3 VLAN 116 116 Flood SYN ICMP UDP IP flood IP Palo Alto Networks 115

ICMP ICMP QoS QoS 238 QoS Network > Network Profiles > Interface Mgmt 85 3 88 3 82 63. Name Ping Telnet SSH HTTP HTTPS SNMP Response Pages Permitted IP Addresses 31 Response Pages 3 URL 6080 6081 IPv4 IPv6 Network > Network Profiles > Zone Protection 96 116 Palo Alto Networks

64. Name 31 Flood - SYN Flood Action SYN flood Random Early Drop SYN flood Alarm Rate Activate Rate SYN Maximal Rate SYN cookie SYN-ACK Alarm Rate Activate Rate Maximal Rate SYN 168 188 SYN SYN Flood - ICMP Flood Alarm Rate Activate Rate Maximal Rate ICMP (ping) ICMP ICMP ICMP Flood - ICMPv6 Flood Alarm Rate Activate Rate Maximal rate ICMPv6 (ping) ICMPv6 ICMPv6 ICMPv6 ICMPv6 Flood - UDP Flood Alarm Rate Activate Rate Maximal rate UDP UDP UDP UDP UDP Flood - IP Flood Alarm Rate IP Palo Alto Networks 117

64. Activate Rate Maximal rate IP IP IP IP - TCP UDP Interval Threshold Action IPv6 Drop Packets with Type 0 Router Header IPv4 Compatible Address Multicast Source Address Anycast Source Address IP address spoof Block fragmented traffic ICMP ping ID 0 ICMP fragment ICMP large packet (>1024) Suppress ICMP TTL expired error Suppress ICMP NEEDFRAG Discard Strict Source Routing Discard Loose Source Routing Discard Timestamp Discard Record Route Allow Alert Block Block IP 0 IPv6 IPv4 IPv6 IPv6 IPv6 IP IP ping ID 0 ICMP 1024 ICMP ICMP TTL ICMP MTU (DF) PMTUD Strict Source Routing IP Loose Source Routing IP Timestamp IP Record Route IP 118 Palo Alto Networks

64. Reject non-syn TCP Packet TCP SYN Global CLI Yes SYN TCP No SYN TCP Palo Alto Networks 119

120 Palo Alto Networks

5 137 148 / 124 (NAT) 126 NAT 130 URL SSH SSH SSH 131 133 (QoS) QoS 239 QoS 134 (DoS) DoS 135 DoS Palo Alto Networks 121

Panorama Web 21 Web Policies Filter Rules Filter Add Clone Rule Clone Rule rulen n Move Up Move Down Move Top Move Bottom Move Enable Highlight Unused Rules Log Viewer Value 122 Palo Alto Networks

Policies Policies > Security Policies > Decryption Security Decryption 153 1. Security Decryption RADIUS User-ID Agent 2. any known-user unknown Select 3. Available User Groups Add User Group Add User Group 4. User Find Add User Additional Users 5. OK Palo Alto Networks 123

HTTP Internet deny all Policies > Security Security 122 65. General Name Tag Source Source Zone Source Address User Source User HIP 31 Add Add 2 3 97 Add Address Address Group Regions Add Add (HIP) HIP 223 124 Palo Alto Networks

65. Destination Destination Zone Destination Address Application Application Service/ URL Category Service URL Category Actions Action Setting Profile Setting Add 2 3 97 Add Address 153 158 TCP / UDP any application-default Palo Alto Networks Select Add Service Service Group 159 160 URL any URL Add 161 URL allow deny URL / Profile Groups Group New 164 Palo Alto Networks 125

65. Log Setting Other Settings Log Setting Panorama syslog Log Forwarding Profile New 165 Log At Session Start Log At Session End drop deny Schedule New 166 QoS Marking (QoS) IP DSCP IP QoS QoS 235 Disable Server Response Inspection NAT 3 (NAT) IP IP NAT ARP IP ARP NAT NAT NAT NAT IP Dynamic IP/Port IP IP/ NAT IP IP IP IP/NAT Palo Alto Networks Dynamic IP/port NAT NAT IP NAT IP PA-2000 IP PA-4020 PA-4050 PA-4060 PA-5000 126 Palo Alto Networks

Dynamic IP IP NAT IP IP IP Static IP IP IP IP NAT (M) NAT (N) M N N 1 Dynamic IP/Port NAT Dynamic IP NAT TCP UDP Dynamic IP/Port Dynamic IP NAT IP Static IP NAT IP IP M M 66. NAT PAN-OS NAT Dynamic IP/ Port / IP NAT TCP UDP HTTP (service-http) TCP 80 8080 TCP 80 M N 254 Dynamic IP M N 16k Static IP 1 1 M M MIP 1 VIP PAT NAT NAT NAT IP Internet IP IP NAT IP IP NAT NAT NAT NAT NAT NAT IP IP NAT IP NAT Palo Alto Networks 127

NAT NAT NAT NAT NAT NAT NAT IP NAT source translation No Source Translation NAT NAT NAT NAT IP 10.0.1.10 IP 3.3.3.1 IP 3.3.3.1 IP 10.0.1.10 NAT Policies > NAT NAT HTTP NAT 82 122 67. NAT Name Tag Source Zone Destination Zone Destination Interface Source Address Destination Address Service / Add NAT any 2 3 97 NAT IP VLAN IP ISP IP 160 128 Palo Alto Networks

NAT 67. NAT Source Translation Destination Translation IP (address1-address2) Dynamic IP And Port 64K IP 254 IP Dynamic IP 16K IP Static IP 192.168.0.1-192.168.0.10 10.0.0.1-10.0.0.10 192.168.0.2 10.0.0.2 None IP IP 1 65535 Translated Port NAT L3Trust 10.0.0.1 10.0.0.100 IP L3Untrust 200.10.2.100 L3Trust 3 L3Untrust NAT NAT / / 14. NAT IP L3Trust L3Untrust Rule2 L3Untrust NAT NAT NAT IP L3Untrust 15. Palo Alto Networks 129

Policies > Policy Based Forwarding IP (PBF) IP ID IP PBF IP PBF PBF Forward-to-VSYS PBF 122 68. General Name Tag Source Source Zone Source Address Source User Destination/ Application/Service Destination Address 31 Add Add 2 3 97 Add Address Address Group Regions Add Add Address Address Group Regions 130 Palo Alto Networks

68. Application Service Forwarding Action Egress Interface Next Hop Monitor Schedule 153 158 160 Forward IP Forward To VSYS Discard No PBF IP Monitor Profile Disable if unreachable IP Address IP Ping 166 Policies > Decryption (SSL) (SSH) SSH SSH URL ID URL SSL SSL Palo Alto Networks SSL Palo Alto Networks 131

CA SSL Device > Certificates Forward Trust Certificate 58 69. General Name Tag Source Source Zone Source Address Source User Destination Destination Zone Destination Address Options Action Type Category Block sessions that cannot be decrypted 31 Add Add 2 3 97 Add Address Address Group Regions Negate Add Add 2 3 97 Add Address Address Group Regions Negate decrypt no-decrypt SSL Forward Proxy SSH Proxy SSH sshtunnel App-ID SSH SSL Inbound Inspection SSL Add URL 132 Palo Alto Networks

unknown 153 PAN-OS ID IP IP 1. 153 2. IP IP Policies > Application Override 70. General Name Tag Source 31 Add Source Zone Add 2 3 97 Source Address Add Address Address Group Regions Negate Palo Alto Networks 133

70. Destination Destination Zone Destination Address Protocol/Application Protocol Port Application Add 2 3 97 Add Address Address Group Regions Negate 0 65535 (port1-port2) New Application 153 User-ID Agent Active Directory IP Policies > Captive Portal User Identification 196 71. Name Tag 31 Add 134 Palo Alto Networks

71. Source Source Destination Destination Service/ URL Category Service URL Category Service/Action Action Setting Add Source Address Negate Add Add Destination Address Negate Add TCP / UDP any default Palo Alto Networks Select Add Service Service Group 159 160 URL any Service/Action URL Add 161 URL captive-portal no-captive-portal ntlm-auth Web NT LAN (NTLM) Web DoS DoS / IP / Palo Alto Networks 135

DoS Policies > DoS Protection DoS 72. DoS General Name Shared Tag Source Source Destination Destination Option/Protection Service Action Schedule Aggregate 31 Add Type Interface DoS DoS Zone Add Source Address DoS Negate Add Source User DoS Add Type Interface DoS DoS Zone Add Destination Address DoS Negate Add DoS Deny Allow Protect DoS DoS / DoS DoS 136 Palo Alto Networks

72. DoS Classified Profile Address IP IP IP IP 100 source Address IP 100 139 140 URL 141 URL 143 146 DoS (DoS) 147 DoS Default Alert Block Allow Palo Alto Networks 137

None Default Alert Drop Drop-all-packets Reset-both Reset-client Reset-server Block-IP - Phone Home DoS Objects > Security Profiles > Antivirus (SMTP) Internet (IMAP) 3 (POP3) Internet 137 73. Name Antivirus Packet Capture Decoders and Actions 31 138 Palo Alto Networks

73. Applications Exceptions and Actions Virus Exception Threat ID HTTP Block HTTP Allow ID Add ID 178 Objects > Security Profiles > Anti-Spyware Phone Home phone-home Internet Exceptions Anti-Spyware Columns 24 74. Name Shared Rules Severity Action Packet Capture 31 critical high medium low informational Default Alert Allow Drop Palo Alto Networks 139

74. Exceptions Exceptions Enable All Objects > Security Profiles > Vulnerability Protection Internet 124 Rules Exceptions Exception Vulnerability Protection Columns 24 75. Name Shared Rules Rule Name Threat Name Action Host Packet Capture Category 31 Alert Allow Default Block (any) 140 Palo Alto Networks

75. CVE List Vendor ID Severity Exceptions Threats CVE (CVE) CVE CVE-yyyy-xxxx yyyy xxxx 2011 2011 ID ID Microsoft ID MSyy-xxx yy xxx 2009 Microsoft MS09 informational low medium high critical Enable All Action Show All Show All Packet Capture FTP ID 40001 Vulnerability Custom IP IP IP IP CVE (CVE) URL Objects > Security Profiles > URL Filtering URL URL Web Palo Alto Networks URL 124 URL URL 161 URL Palo Alto Networks 141

76. URL Name Shared Action on License Expiration Dynamic URL Filtering Log Container Page Only Block List 31 URL URL Block Allow URL URL URL URL URL URL URL 5 Category and Action Category Action Not resolved URL URL IP URL URL http[s]:// www.ebay.com ebay.com *.ebay.com ebay.com www.ebay.com 198.133.219.25/en/US. /? & = ; + ASCII * *.yahoo.com www.*.com www.yahoo.com/search=* * yahoo com ) www * com ) www yahoo com search * ) * ww*.yahoo.com www.y*.com 142 Palo Alto Networks

76. URL Action Allow List Category/Action Check URL Category alert URL block continue Continue override Settings URL Admin Override 28 1 IP URL URL alert URL allow block continue Continue override Settings URL Admin Override 28 1 URL IP Objects > Security Profiles > File Blocking / 78 124 77. Name 31 Palo Alto Networks 143

77. Shared Rules Add Name 31 Applications any File Types Direction Upload Download Both Action alert block continue forward WildFire continue-and-forward WildFire continue forward Move Up Move Down Edit Delete 78. avi bat bmp-upload cab cmd dll doc docx dwg enc-doc enc-docx enc-ppt enc-pptx enc-office2007 enc-rar enc-xls Microsoft AVI (RIFF) MS DOS Microsoft Windows Microsoft Microsoft Windows Microsoft Office Microsoft Office 2007 Autodesk AutoCAD Microsoft Office Microsoft Office 2007 Microsoft Office PowerPoint Microsoft Office 2007 PowerPoint Microsoft Office 2007 rar Microsoft Office Excel 144 Palo Alto Networks

78. enc-xlsx enc-zip exe flv gif-upload gzip hta iso jpeg-upload lha lnk lzh mdb mdi mov mpeg msi msoffice ocx pdf pe pgp pif pl ppt pptx psd rar reg rm rtf sh tar tif torrent Microsoft Office 2007 Excel zip Microsoft Windows Adobe Flash GIF gzip HTML ISO-9660 JPG/JPEG lha / Microsoft Windows lha/lzh / Microsoft Access Microsoft Apple Quicktime MPEG-1 MPEG-2 Microsoft Windows Installer Microsoft Office doc xls ppt pub pst Microsoft ActiveX Adobe Microsoft Windows exe dll com scr ocx cpl sys drv tlb PGP Windows Perl Microsoft Office PowerPoint Microsoft Office 2007 PowerPoint Adobe Photoshop winrar Windows RealNetworks Real Media Windows Unix Unix tar Windows BitTorrent Palo Alto Networks 145

78. wmf Windows Metafile wmv Windows Media wri Windows wsf Windows xls Microsoft Office Excel xlsx Microsoft Office 2007 Excel Zcompressed Unix Z uncompress zip Winzip/pkzip Objects > Security Profiles > Data Filtering 124 79. Name Shared Data Capture 31 Settings Manage Data Protection 28 146 Palo Alto Networks

Add 80. Data Pattern Applications File Types Direction Alert Threshold Block Threshold Data Pattern Data Pattern Name Description Shared Weight SSN# 5 SSN 5 SSN 10 x 5= 50 CC# 0-255 SSN# 123-45-6789 0-255 255 SSN# 123456789 0-255 255 Custom Patterns Add (regex) 0-255 255 any Add any Add 100 SSN 5 20 SSN 20 x 5 = 100 100 SSN 5 20 SSN 20 x 5 = 100 DoS Objects > Security Profiles > DoS Protection DoS DoS DoS DoS DoS 135 DoS Palo Alto Networks 147

81. DoS Name Shared Type Flood Protection Syn Flood UDP Flood ICMP Flood Resources Protection Sessions Max Concurrent Limit 31 aggregate DoS 10000 (pps) SYN Flood DoS classified DoS IP IP IP SYN flood Choice SYN Flood Random early drop DoS SYN cookies SYN cookies SYN flood Alarm Rate DoS (pps) 0-2000000 pps 10000 pps Activate Rate DoS (pps) 0-2000000 pps 10000 pps Maximal Rate Block Duration DoS DoS DoS DoS IP IP IP DoS DoS 151 148 Palo Alto Networks

158 159 160 URL URL URL 161 URL 164 165 166 Objects > Addresses 150 82. Name Shared 63 Palo Alto Networks 149

82. Type IPv4 IPv6 FQDN IP Netmask IPv4 IPv6 IP ip_address/mask ip_address mask 192.168.80.150/32192.168.80.0/24 192.168.80.0 192.168.80.255 2001:db8:123:1::1 2001:db8:123:1::/64 IP Range IP Range ip_address-ip_address IPv4 IPv6 2001:db8:123:1::1-2001:db8:123:1::22 FQDN FQDN FQDN FQDN DNS FQDN DNS DNS DNS 114 DNS Objects > Address Groups 83. Name Shared Addresses 63 Add / Objects > Regions / DoS / 150 Palo Alto Networks

84. Name Geo Location Addresses 31 xxx.xxxxxx App-Scope 171 IP IP x.x.x.x x.x.x.x-y.y.y.y x.x.x.x/n Applications 1 5 Networking Networking Attribute Technology Objects > Application Filters Palo Alto Networks 151

Search Enter 85. Name Additional Information Standard Ports Capable of File Transfer Used by Malware Excessive Bandwidth Use Evasive Widely used Has Known Vulnerabilities Tunnels Other Applications Depends on Applications Category Subcategory Technology Risk Prone to Misuse Web Wikipedia Google Yahoo! Customize (1-5) OK 152 Palo Alto Networks

85. Session Timeout TCP Timeout (seconds) UDP Timeout (seconds): Customize OK TCP 1-604800 Customize OK UCP 1-604800 Customize OK ID unknown-tcp unknown-udp HTTP 188 Objects > Applications Applications 86. Configuration Name Shared Category Sub Category Technology Parent App Risk 31 email database 275 Top Ten Application Categories 169 email database 275 Top Ten Application Categories 169 277 1 5 Palo Alto Networks 153

86. Characteristics Advanced Defaults - Port IP Protocol ICMP Type None Timeouts TCP Timeout UDP Timeout Scanning 277 TCP / UDP Port <protocol>/<port> <port> dynamic TCP/dynamic UDP/32 Service app-default TCP UDP IP IP Protocol 1 255 Internet (ICMP) ICMP Type IPv4 ICMP6 Type IPv6 0-255 None 0-604800 TCP UDP TCP UDP TCP UDP TCP UDP 0-604800 154 Palo Alto Networks

86. Signature Signatures Add Signature Name Comment Scope Ordered Condition Match Add AND Condition Add OR Condition Add Condition Pattern Match Equal To Context Pattern 90 Qualifier and Value / Context TCP UDP Position Mask 4 0xffffff00 Value 4 0xaabbccdd Move Up Move Down Move Up Move Down Import Destination Export Palo Alto Networks 155

PAN-OS Command Line Interface Reference Guide - Web Web www.specifiedsite.com GET /001/guest/ viewprofile.act?fa=25&tg=m&mg=f&searchtype=zipcode&type=quick&pict=true&cont ext=adrr&zip=94024&ta=34&sb=&item=0&pn=0 HTTP/1.1 Host: www.specifiedsite.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-us; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 Accept: text/html,application/ xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.specifiedsite.com/ 001/guest/ search.act?type=quick&pict=true&sb=&fa=25&ta=34&mg=f&tg=m&searchtype=zipcode &zip=94024&context=adrr&context=adrr Cookie: JSESSIONID=A41B41A19B7533589D6E88190B7F0B3D.001; specifiedsite.com/ jumpcookie=445461346*google.com/search?q=lava+life&; locale=en_us; campaign=1; imagenum=2; cftag_logsid=9327803497943a1237780204643; utma=69052556.1949878616336713500.1238193797.1238193797.1238193797.1; utmb=69052556.2.10.1238193797; utmc=69052556; utmz=69052556.1238193797.1.1.utmcsr=(direct) utmccn=(direct) utmcmd=(none) ; utmv=69052556.gender%3df; launch=1 www.specifiedsite.com specifiedsite username@hostname# show application specifiedsite specifiedsite { category collaboration; subcategory social-networking; technology browser-based; decoder http; signature { s1 { and-condition { a1 { or-condition { o1 { context http-req-host-header; pattern www\.specifiedsite\.com; } } } } } } } - www.specifiedblog.com POST /wp-admin/post.php HTTP/1.1 Host: panqa100.specifiedblog.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-us; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 Accept: text/html,application/ 156 Palo Alto Networks

xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http:// panqa100.specifiedblog.com/wp-admin/post.php?action=edit&post=1 Cookie: utma=96763468.235424814.1238195613.1238195613.1238195613.1; utmb=96731468; utmc=96731468; utmz=96731468.1238195613.1.1.utmccn=(organic) utmcsr=google utmctr=blog+ho st utmcmd=organic; wordpressuser_bfbaae4493589d9f388265e737a177c8=panqa100; wordpresspass_bfbaae4493589d9f388265e737a177c8=c68a8c4eca4899017c58668eacc05 fc2 Content-Type: application/x-www-form-urlencoded Content-Length: 462 user_id=1&action=editpost&post_author=1&post_id=1&post_title=hello+world%21& post_category%5b%5d=1&advanced_view=1&comment_status=open&post_password=&exc erpt=&content=hello+world.%3cbr+%2f%3e&use_instant_preview=1&post_pingback=1 &prev_status=publish&submit=save&referredby=http%3a%2f%2fpanqa100.specifiedb log.com%2fwp-admin%2f&post_status=publish&trackback_url=&post_name=helloworld&post_author_override=1&mm=3&jj=27&aa=2009&hh=23&mn=14&ss=42&metakeyinp ut=&metavalue=http/1.1 specifiedblog.com specifiedblog.com post_title post-author username@hostname# show application specifiedblog_blog_posting specifiedblog_blog_posting { category collaboration; subcategory web-posting; technology browser-based; decoder http; signature { s1 { and-condition { a1 { or-condition { o1 { context http-req-host-header; pattern specifiedblog\.com; method POST; } } } a2 { or-condition { o2 { context http-req-params; pattern post_title; method POST; } } } a3 { or-condition { o3 { context http-req-params; pattern post_author; method POST; } } } } } } } Palo Alto Networks 157

Objects > Application Groups 153 87. Name Applications 31 Add / Objects > Application Filters Add Networking networking Technology 158 Palo Alto Networks

Objects > Services any TCP UDP HTTP HTTPS 160 88. Name Shared Protocol Destination Port Source Port 63 TCP UDP 0 65535 (port1-port2) 0 65535 (port1-port2) Palo Alto Networks 159

Objects > Services Groups 159 89. Name Service 63 Add Service 159 162 7 7 7 confidential Confidential CONFIDENTIAL PAN-OS PAN-OS 90..? 0 1 (abc)? * 0 (abc)* + 1 (abc)+ or ((bif) (scr) (exe)) bif scr exe - [c-z] c z c z [ ] [abz]: a b z 160 Palo Alto Networks

90. ^ [^abz] a b z { } / {10-20} 10 20 - \ \ &amp & & &amp.*((confidential) (CONFIDENTIAL)) Confidential CONFIDENTIAL.* confidential.*((proprietary &amp Confidential) (Proprietary and Confidential)) Proprietary & Confidential Proprietary and Confidential Confidential.*(Press Release).*((Draft) (DRAFT) (draft)) draft Press Release.*(Trinidad) Trinidad URL Objects > Custom URL Categories URL URL URL URL URL Allow Block Continue Override Alert URL URL URL URL URL www.example.com * *.example.com 76 142 Palo Alto Networks 161

URL URL 141 URL 91. URL Name Shared Sites URL 31 URL Sites Add URL Import URL Objects > Custom Signatures > Data Patterns Data Patterns 146 92. Name Shared Weight Custom Patterns 31 1 255 Alert Block CC# 0-255 SSN# 123-45-6789 0-255 255 SSN# 123456789 0-255 255 Add 162 Palo Alto Networks

Objects > Custom Signatures > Spyware Objects > Custom Signatures > Vulnerability Phone Home HTTP SMTP IMAP FTP POP3 SMB MSSQL MSRPC RTSP SSH SSL Telnet Unknown-TCP Unknown-UDP Custom Signatures 93. - Configuration Threat ID Name Shared Comment Severity Default Action Direction Affected System CVE Vendor Bugtraq Reference 15000-18000 41000-45000 Alert Drop Packets Reset Both Reset Client Reset Server Block IP (CVE) bugtraq CVE ACC Palo Alto Networks 163

93. - Signature Standard Signature Combination Signature Standard Add Standard Comment Ordered Condition Match Scope Add AND Condition Add OR Condition Add Condition Method Context Pattern Move Up Move Down Move Up Move Down Combination Combination Signatures Add AND Condition Add OR Condition Add Condition Method Context Pattern Move Up Move Down Move Up Move Down Time Attribute Number of Hits (1-3600) (1-1000) Aggregation Criteria IP IP IP Objects > Security Profile Groups URL 124 164 Palo Alto Networks

94. Name Shared Profiles 31 URL / 146 Objects > Log Forwarding Panorama / SNMP syslog, 124 95. Name Shared Traffic Settings Panorama SNMP Trap Email Syslog 31 Panorama Panorama 28 SNMP syslog / 54 SNMP 56 56 Syslog Palo Alto Networks 165

95. Panorama SNMP Trap Email Syslog Panorama Critical High Medium URL Low Informational SNMP syslog / Objects > Schedules 124 96. Name Shared Recurrence Daily Weekly Non-recurring 31 Daily Weekly Non-Recurring Add 24 (HH:MM) Add 24 (HH:MM) Add 166 Palo Alto Networks

6 169 171 178 181 Botnet 183 PDF 185 185 186 186 187 188 190 Palo Alto Networks 167

Dashboard Dashboard 10 Refresh 1 min 2 mins 5 mins Manual 97. Top Applications Top High Risk Applications General Information Interface Status Threat Logs Config Logs Data Filtering Logs URL Filtering Logs System Logs Resource Information Logged In Admins ACC Risk Factor High Availability Top Applications PAN-OS URL 10 ID ID URL URL 10 Web CLI 60 URL 60 10 Config installed CPU IP Web CLI 1 5 (HA) HA HA 67 HA 168 Palo Alto Networks

ACC Application Command Center (ACC) ACC 1 5 1. ACC Go a. b. Time Frame c. Sort By d. Top N 16. 2. 3. Set Filter OK Palo Alto Networks 169

4. 5. Applications URL Filtering Threat 98. Applications URL Filtering Threats Data Filtering HIP Applications Technology Risk URL URL URL URL URL URL ID Threats / HIP HIP 170 Palo Alto Networks

6. 17. Monitor > App Scope Monitor App-Scope Palo Alto Networks 171

99. Summary Change Monitor Threat Monitor Threat Map Network Monitor Traffic Map 172 173 174 174 176 177 18 18. 172 Palo Alto Networks

19 19 24 19. 100. Palo Alto Networks 173

100. None 20 20 6 10 20. 174 Palo Alto Networks

101. 21 21. Palo Alto Networks 175

/ Zoom Out 102. 22 22 7 22. 176 Palo Alto Networks

103. None 23 23. Palo Alto Networks 177

104. Monitor > Logs URL (HIP) 41 Monitor 10.0.0.252 Host Web Browsing AND Add Log Filter (AND/OR) Add Close Apply Filter 178 Palo Alto Networks

Expression in Last 60 seconds Clear Filter Save Filter OK Save Filter OK 1 min 30 seconds 10 seconds Manual Rows 10 Resolve Hostname IP 24. Addresses IP IP IP Palo Alto Networks 179

105. Traffic Threat URL Filtering Data Filtering Configuration System HIP allow deny drop ICMP Count Type dropanydeny not-applicable URL allow block Count Type virus spywarename URL Category keylogger URL 137 URL URL URL 141 URL 146 OK 77 IP Web CLI GlobalProtect 223 180 Palo Alto Networks

Botnet Monitor > Session Browser Session Browser 178 Botnet Botnet Botnet botnet URL DNS 30 Internet (IRC) botnet 1 5 botnet 1 5 24 24 Monitor > Botnet botnet Botnet Configuration 106. Botnet HTTP IRC Enable Malware URL visit botnet URL URL Use of dynamic DNS botnet DNA Browsing to IP domains IP URL Browsing to recently registered domains 30 Executable files from unknown sites URL TCP UDP Sessions per Hour Destinations per Hour Minimum Bytes Maximum Bytes IRC Palo Alto Networks 181

Botnet Botnet Monitor > Botnet > Report Setting botnet botnet 181 Botnet IP Run Now Botnet botnet Botnet Report Setting Export to PDF Export to CSV 107. Botnet 24 # Rows Scheduled Query Negate Botnet Run Now Add Connector (AND/OR) Attribute Operator Value 182 Palo Alto Networks

PDF PDF Monitor > PDF Reports PDF 5 50 25. PDF Palo Alto Networks 183

PDF PDF New Manage PDF Summary Reports 26. PDF 18 Save OK PDF PDF Summary Report 184 Palo Alto Networks

Monitor > PDF Reports > User Activity New 108. Name User Time frame 31 IP IPv4 IPv6 Edit Run Monitor > PDF Reports > Report Groups PDF 109. Report Group Name Title Page Custom Title Report selection 31 Add Palo Alto Networks 185

Monitor > PDF Reports > Email Scheduler 185 56 2:00 AM 110. Name Report Group Recurrence Email Profile Override Recipient email(s) 31 185 56 Monitor 50 Monitor Select CSV Export to CSV PDF Export to PDF PDF 186 Palo Alto Networks

Monitor > Manage Custom Reports Reports Add Load Template 111. Name Database Time Frame Sort By Group By Scheduled Columns Query and Query Builder 31 Custom amount amount Reports Available Selected Add Connector (and/or) Attribute Operator = Value Traffic Log 24 untrust Negate 24 untrust Palo Alto Networks 187

Palo Alto Networks Web (ACC) ACC 27. ACC Monitor Reports 188 Palo Alto Networks

unknown-tcp S 28. 133 156 Palo Alto Networks App-ID Palo Alto Networks App-ID TCP UDP IP 133 App-ID Palo Alto Networks App-ID IP Palo Alto Networks Internet Palo Alto Networks Internet URL http://www.paloaltonetworks.com/researchcenter/tools/ (PCAP) support@paloaltonetworks.com Palo Alto Networks 189

ACCunknown Incomplete Insufficient-Data Monitor > Packet Capture PAN-OS Clear All Settings 112. Filtering Manage Filters Filtering Pre-Parse Match Manage Filters Add Id Ingress Interface Source IP Destination IP Src Port Dest Port Proto Non-IP IP IP IP IP IP IPv6 IPv6 ON 190 Palo Alto Networks

112. Capture Files Capturing Capture Settings Add Stage drop firewall receive transmit File Packet Count Byte Count Palo Alto Networks 191

192 Palo Alto Networks

7 195 199 User-ID Agent 203 (User-ID) Palo Alto Networks User-ID IP User-ID LDAP User-ID User-ID User-ID Agent Active Directory (AD) Microsoft Windows Microsoft Exchange Palo Alto Networks 193

Microsoft Windows Windows Management Instrumentation (WMI) Microsoft Windows XML API User-ID XML over SSL User-ID HTTP Web Web NTLM Web Microsoft Agent Microsoft Active Directory Novell edirectory LDAP LDAP over SSL (LDAPS) User-ID User-ID Agent User-ID Agent PAN-OS User-ID Agent User-ID Agent 10 Microsoft Windows Server Agent User-ID Agent 194 Palo Alto Networks

User-ID Agent Agent User-ID Agent WMI NetBios PAN-OS TS Microsoft LDAP LDAP LDAP (User-ID Agent) Palo Alto Networks IP User-ID Agent IP IP Active Directory IP Active Directory IP edirectory IP edirectory User-ID Agent Windows Management Instrumentation (WMI) (NetBIOS) PC IP 20 IP IP Palo Alto Networks 195

User-ID Agent (API) IP User-ID Agent LDAP LDAP User-ID Agent LDAP NAT IP IP NAT User-ID Agent TS User-ID Agent IP 196 199 User-ID Agent 203 User-ID Agent IP Web NT LAN (NTLM) Web Web Web HTTP Web web form Web NTLM Internet Explorer Firefox NTLM Web HTTP IP Device > User Identification User-ID Agents IP 196 Palo Alto Networks

Terminal Services 203 Group Mappings Settings Captive Portal 196 113. User-ID Agent User-ID Agents Name Virtual System IP Address Port Use as LDAP Proxy Use for NTLM Authentication Disabled Terminal Services Agent Name Virtual system Host Port Alternative IP Addresses User-ID Agent 31 User-ID Agent Windows PC IP User-ID Agent User-ID Agent LDAP User-ID Agent Active Directory NTLM TS 31 TS Windows PC IP IP User-ID Agent IP IP IP Palo Alto Networks 197

113. User-ID Agent Group Mapping Settings Name Virtual system Server Profile 31 LDAP Search Filter LDAP Object Class objectclass=group objectclass=group Group Name Active Directory CN Group Member Active Directory member Search Filter LDAP Object Class Active Directory objectclass user User Name Active Directory samaccountname Group Include List Available Groups Included Captive Portal Settings Enable Captive Portal Location Idle Timer Timer Redirect Host Server Certificate Client Certificate Authentication Profile 5-1440 5 60-10080 1440 HTTP NTLM HTTP SSL 198 Palo Alto Networks

User-ID Agent 113. User-ID Agent NTLM Authentication Mode NTLM Attempts NTLM Timeout NTLM Reversion Time User- ID Agent NTLM cookie cookie Cookie Enable Timeout Enable 60-10080 1440 Roaming IP cookie Roaming cookie 3 116 85 3 User-ID Agent User-ID Agent Active Directory edirectory IP Palo Alto Networks User-ID Agent Windows PC IP User-ID Agent ISP User-ID Agent User-ID Agent Windows XP Vista 32 64 Windows 7 32 64 Windows 2003 Server 32 64 Windows 2008 Server 32 64 Palo Alto Networks 199

User-ID Agent 32 64 PC 196 User-ID Agent 137 User-ID Agent User-ID Agent User-ID Agent 1. Start > All Programs > Palo Alto Networks > User-ID Agent 29. User-ID Agent 200 Palo Alto Networks

User-ID Agent Agent Status User-ID Agent Connected Devices User-ID Agent Connected Servers User-ID Agent User-ID Agent 1. Start > All Programs > Palo Alto Networks > User Identification Agent 2. Setup 30. 3. Edit Authentication Active Directory WMI NetBIOS edirectory Server Monitor Windows 1 10 Novell edirectory 30 Client Probing WMI Enable WMI Probing NetBIOS Enable NetBIOS Probing 20 0 Palo Alto Networks 201

User-ID Agent WMI Pan Agent PC Windows NetBIOS PC Windows 139 Cache ID 45 Agent Service ID ID XML API TCP 5007 5006 API edirectory Search Base dc=domain1, dc=example, dc=com Bind Distinguished Name LDAP cn=admin, ou=it, dc=domain1, dc=example, dc=com Bind Password Search Filter LDAP objectclass=person Search Interval User-ID Agent 1-36000 30 Server Domain Prefix Use SSL SSL edirectory SSL Verify Server Certificate SSL edirectory Enable Group Cache User-ID Agent 4. Save User-ID Agent OK User-ID Agent User-ID Agent Cancel DNS Discover User-ID Agnet Servers Add Edit IP Microsoft Active Directory Microsoft Exchange Novell edirectory 202 Palo Alto Networks

Include/exclude lists of configured networks Add Edit Auto Discover DNS User-ID Agent IP Monitoring User-ID Agent Logs User-ID Agent User-ID Agent PC Control Panel Add or Remove Programs User Identification Agent PC config.xml User-ID Agent TS IP TS TCP/UDP TS TS TCP/UDP TCP/UDP TS TCP/UDP ID 196 TS Microsoft Terminal Services 2003 Microsoft Terminal Services 2008 Citrix Metaframe Presentation Server 4.0 Citrix Metaframe Presentation Server 4.5, Citrix XenApp 5, 6 TS 1. 2. Palo Alto Networks 203

3. TS TS TS TS TS 4. TS 5. Terminal Server Agent TS 1. Start TS 2. Terminal Server Agent 31. Terminal Server Agent - TS Palo Alto Networks Device IP IP Connection Status Connected DisconnectedConnecting TS Connection List 3. TS Enable Device Access Control List IP Add Remove Save 204 Palo Alto Networks

4. Configure 32. Terminal Server Agent - Configure 5. Save 114. Terminal Server Agent System Source Port Allocation Range System Reserved Source Ports Listening Port UDP TCP - 1025-5000 - Palo Alto Networks 5009 Palo Alto Networks 205

114. Terminal Server Agent Source Port Allocation Range Reserved Source Ports Port Allocation Start Size Per User Port Allocation Maximum Size Per User Fail port binding when available ports are used up 20000-39999 TS 2000-3000,3500,4000-5000. - TS 200 TS TS 200 Port Allocation Start Size Per User TS System Source Port Allocation Range ID 6. Monitor 33. Terminal Server Agent - Monitor 206 Palo Alto Networks

7. 115. Terminal Server Agent User Name Ports Range Ports Count 8. Refresh Ports Count Ports Count Refresh Interval TS 20400-20799, 20500-20599 Port Allocation Start Size Per User Port Allocation Maximum Size Per User 114 116. Terminal Server Agent Configure Monitor Restart Service Show Logs Debug Exit Help Configuration Monitor Terminal Server Agent TS None Error Information Debug Verbose TS TS TS Add/Remove Programs Terminal Server Agent Palo Alto Networks 207

208 Palo Alto Networks

8 IPSec (VPN) IP (IPSec) VPN VPN IPSec 211 IPSec IKE 212 IPSec VPN 218 VPN Palo Alto Networks IPSec 209

(VPN) (LAN) IP (IPSec) VPN TCP/IP IPSec IPSec VPN Secure Socket Layer (SSL) VPN VPN VPN 9 GlobalProtect IPSec IPSec Firewall Switch Router Internet Router Switch Firewall IPSec tunnel Local network Local network 34. IPSec VPN Palo Alto Networks Palo Alto Networks VPN IP VPN VPN VPN IP VPN VPN ID 2 ID 215 IPSec IPSec IP IP IP IP IP IPSec IPSec (SA) (SPI) IP IPSec SA 210 IPSec Palo Alto Networks

IPSec IKE IPSec VPN SSL-VPN IPSec VPN 223 GlobalProtect SSL-VPN IPSec VPN Palo Alto Networks SSL-VPN Web SSL Web SSL-VPN IPSec VPN VPN VPN VPN 10 IPSec IPSec IPSec IKE IPSec VPN Internet (IKE) IPSec IKE IKE IPSec IP ID IP PKI Palo Alto Networks IKE IKE IKE Diffie-Hellman Palo Alto Networks IPSec 211

IPSec VPN IPSec IKE IKE IKE 1 IKE IKE SA IKE 2 1 SA IPSec IPSec SA IPSec IKE IPSec IKE SA IKE SA Diffie-Hellman (DH) Group IKE DH Encryption Hash Algorithm Lifetime IPSec SA Encapsulating Security Payload (ESP) Authentication Header (AH) Perfect Forward Security (PFS) Diffie-Hellman (DH) group IPSec DH Lifetime IPSec IKE 215 IPSec 217 IPSec IPSec VPN IPSec VPN 218 VPN 82 98 97 IPSec VPN 1. 2. IKE IKE 214 IKE 212 IPSec Palo Alto Networks

IPSec VPN 3. IKE SA VPN IKEv1 Phase-1 215 IPSec IKEv1 Phase-2 217 IPSec 4. IPSec VPN 215 IPSec 5. IPSec 217 6. (RIP) (OSPF) 98 7. 124 Outgoing traffic entering the tunnel Incoming traffic egressing the tunnel VPN VPN VPN VPN IKE IPSec IKE IPsec Palo Alto Networks IPSec 213

IPSec VPN IKE Network > Network Profiles > IKE Gateways IKE Gateways IKE 117. IKE Name Interface Local IP Address Peer Type Peer IP Address Pre-Shared Key 31 IP IP Static IP Show advanced Phase 1 options Local Identification (FQDN) ID FQDN IP Peer Identification FQDN ID FQDN IP Exchange Mode IKE Crypto Profile Passive Mode IKE NAT Traversal IKE UDP UDP NAT IPSec VPN NAT NAT Dead Peer Detection 2-100 2-100 ICMP ping IKE auto 214 IPSec Palo Alto Networks

IPSec VPN IPSec Network > IPSec Tunnels IPSec Tunnels IPSec VPN 118. IPSec General Name Tunnel Interface 31 New 95 Type Auto Key Manual Key Proxy ID Proxy ID Local Remote Auto key Auto Key IKE Gateway IKE 214 IKE IPSec Crypto Profile New 217 IPSec Manual Key Local SPI (SPI) SPI IPSec IPSec Interface Local Address IP Remote SPI (SPI) Protocol ESP AH Authentication SHA1 SHA256 SHA384 SHA512 MD5 None Key/Confirm Key Encryption 3des aes128 aes192 aes256 null [ ] Key/Confirm Key IP ip_address/mask 10.1.2.1/24 IP ip_address/mask 10.1.1.1/24 Palo Alto Networks IPSec 215

IPSec VPN 118. IPSec Proxy IDs IPSec VPN IPSec VPN any TCP / UDP TCP TCP UDP UDP Number ID IPSec VPN 1 / IPSec IP IP IPSec 1 IP IP IPSec ID IPSec ID IKE Network > Network Profiles > IKE Crypto IKE Crypto Profiles IPSec SA (IKEv1 Phase-1) VPN 210 119. IKE DH Group Authentication Encryption Lifetime Diffie-Hellman (DH) Add group14 group2 Add md5 sha1 sha256 sha384 sha512 sha1 Encapsulating Security Payload (ESP) Add aes256 aes192 aes128 3des aes256 aes192 aes128 3des 216 IPSec Palo Alto Networks

IPSec VPN IPSec Network > Network Profiles > IPSec Crypto IPSec Crypto Profiles IPSec SA (IKEv1 Phase-2) VPN 210 120. IPSec Name IPSec DH Group Lifetime Lifesize 31 ESP Encryption Add ESP aes256 aes192 aes128 3des Authentication Add ESP md5 sha1 sha256 sha384 sha512 none AH Authentication Add AH md5 sha1 sha256 sha384 sha512 DH 1 Network > Network Profiles > Monitor IPSec IPSec Tunnels IP (PBF) IP IP wait-recover PBF fail-over Palo Alto Networks IPSec 217

VPN 121. Name Action Interval Threshold 31 wait-recover fail-over IPSec 2-10 3 2-100 5 IPSec Network > IPSec Tunnels IPSec VPN IPSec Tunnels Tunnel Status IPSec SA IPSec SA IKE Gateway Status IKE 1 SA IKE 1 SA Tunnel Interface Status "UP" "DOWN" VPN VPN 219 220 VPN 221 VPN 218 IPSec Palo Alto Networks

VPN IP 61.1.1.1 ethernet1/1 ISP HQ 10.100.0.0/16 ethernet1/5 (IP 10.100.0.1) server HQ IP 202.101.1.1 ethernet1/2 ISP-branch branch PC 192.168.20.0/24 ethernet1/10 branch-office branch ethernet1/2 branch-office ISP-branch PC Internet Headquarters firewall Branch office firewall eth1/5 10.100.0.1/16 Zone: server Virtual router: HQ eth1/1 61.1.1.1 Zone: ISP Virtual router: HQ Internet eth1/2 202.101.1.1 Zone: ISP-branch Virtual router: branch 192.168.20.0/24 PC network eth1/10 192.168.20.1/24 Zone: branch-office Virtual router: branch 10.100.0.0/16 Server farm 35. VPN - branch-vpn tunnel.1 branch-vpn 172.254.254.1/24 IP 192.168.20.0/24 tunnel.1 branch-vpn server Palo Alto Networks IPSec 219

VPN central-vpn tunnel.2 central-vpn 172.254.254.20/ 24 IP 10.100.0.0/16 tunnel.2 branch central-vpn Headquarters firewall Branch office firewall 10.100.0.0/16 Server farm eth1/5 10.100.0.1/16 Zone: server Virtual router: HQ eth1/1 61.1.1.1 Zone: ISP Virtual router: HQ Internet Tunnel interface: tunnel.1 172.254.254.1/24 Zone: branch-vpn Virtual router: HQ eth1/2 202.101.1.1 Zone: ISP-branch Virtual router: branch Tunnel interface: tunnel.2 172.254.254.20/24 Zone: central-vpn Virtual router: branch 192.168.20.0/24 PC network eth1/10 192.168.20.1/24 Zone: branch-office Virtual router: branch VPN 36. VPN - IKE branch-1-gw Peer-address 202.101.1.1 Local-address ethernet1/1 Peer-ID FQDN branch1.my.domain Authentication pre-shared-key newvpn Protocol IPSec branch-1-vpn ike-gateway-profile branch-1-gw ipsec-crypto-profile Tunnel interface tunnel.1 10.100.0.1 192.168.20.0/24 220 IPSec Palo Alto Networks

VPN IKE central-gw Peer-address 61.1.1.1 Local-address ethernet1/2 Local-ID FQDN branch1.my.domain Authentication pre-shared-key newvpn Protocol IPSec central -vpn ike-gateway-profile central-gw ipsec-crypto-profile Tunnel interface tunnel.2 branch-1-gw 202.101.1.1 peer-address local-id peer-id IKE VPN proxy-id VPN VPN VPN 220 VPN VPN 1. 2. ping 202.101.1.1 61.1.1.1 ping 3. ping (ethernet1/5) ping 4. ping (ethernet1/10) ping 5. CLI test vpn ike-sa gateway central-gw show vpn ike-sa gateway central-gw IKE 1 SA Palo Alto Networks IPSec 221

VPN 6. CLI show vpn ike-sa gateway branch-1-gw IKE 1 SA 7. CLI test vpn ipsec-sa tunnel central-vpn show vpn ipsec-sa tunnel central-vpn IKE 2 SA 8. CLI show vpn ipsec-sa tunnel branch-1-vpn IKE 2 SA 9. ethernet1/5 IP 192.168.20.0/24 10. PC traceroute 11. PC ping CLI show vpn flow 12. syslog IKE debug ike pcap PCAP IKE 222 IPSec Palo Alto Networks

9 GlobalProtect GlobalProtect 224 GlobalProtect 232 GlobalProtect GlobalProtect GlobalProtect Palo Alto Networks (HIP) HIP GlobalProtect Palo Alto Networks GlobalProtect Palo Alto Networks GlobalProtect 1. SSL GlobalProtect GlobalProtect 2. (DNS) 3. SSL Palo Alto Networks GlobalProtect 223

GlobalProtect 4. IPSec SSL IPSec IPSec 5. HIP GlobalProtect HIP HIP HIP HIP HIP HIP HIP HIP (CA) HIP HIP HIP HIP (ACC) GlobalProtect GlobalProtect SSL (CA) CA CA CA CA CA CA GlobalProtect CA CA CA 44 48 GlobalProtect GlobalProtect 1. HIP 225 HIP 2. HIP 227 HIP 3. 228 GlobalProtect 4. 230 GlobalProtect 5. HIP 124 6. GlobalProtect 233 GlobalProtect 7. 178 224 GlobalProtect Palo Alto Networks

GlobalProtect HIP Objects > GlobalProtect > HIP Objects GlobalProtect HIP HIP HIP 122. HIP General Name Shared Host Info Domain OS Client Versions Patch Management Patch Management Criteria Vendor Firewall Firewall HIP 31 GlobalProtect (OS) OS HIP Is Enabled (yes) (no) Is Installed Severity Check Patches Add Add Add OK Patch Management Is Enabled (yes) (no) Is Installed Vendor and Product Add Add OK Firewall Exclude Vendor Palo Alto Networks GlobalProtect 225

GlobalProtect 122. HIP Antivirus Antivirus Anti-Spyware Anti-Spyware Disk Backup Disk Backup Disk Encryption Disk Encryption Real-time Protection Is Installed Virus Definition Version Within Not Within Product Version Last Scan Time Within Not Within Vendor and Product Add Add OK Antivirus Exclude Vendor Real-time Protection Is Installed Virus Definition Version Within Not Within Product Version Last Scan Time Within Not Within Vendor and Product Add Add OK Anti-Spyware Exclude Vendor Is Installed Last Backup Time Within Not Within Vendor and Product Add Add OK Disk Backup Exclude Vendor 226 GlobalProtect Palo Alto Networks

GlobalProtect 122. HIP Criteria Vendor Custom Checks Process List Registry Key Plist HIP Objects > GlobalProtect > HIP Profiles Is Installed Encrypted Locations Add Encrypted Locations State OK Disk Encryption Add Add OK Disk Encryption Add Add Plist MacOS plist HIP 225 HIP GlobalProtect HIP HIP HIP 123. HIP Name Shared Match 31 HIP HIP Add Match Criteria HIP AND OR NOT HIP Palo Alto Networks GlobalProtect 227

GlobalProtect GlobalProtect Network > GlobalProtect > Portals GlobalProtect 124. GlobalProtect Name Location Authentication Profile Client Certificate Server Certificate Client Certificate Profile Custom Login Page Custom Help Page Interface IP Address Client Configuration General subtab settings 31 44 GlobalProtect SSL GlobalProtect Web IP Add General Configs On demand Use single sign-on GlobalProtect Windows GlobalProtect Third Party VPN Clients Add VPN GlobalProtect Internal Host Detection GlobalProtect IP GlobalProtect Gateways DNS IP Address IP Hostname IP Source User 228 GlobalProtect Palo Alto Networks

GlobalProtect 124. GlobalProtect Gateways Agent Cutoff Time 0 Internal Gateways HIP External Gateways Enable advanced view GlobalProtect UI User can save password Passcode/Confirm Passcode Agent User Override disabled with-comment GlobalProtect with-passcode GlobalProtect with-ticket GlobalProtect GlobalProtect GlobalProtect GlobalProtect Agent User Override Timeout Max Agent User Overrides GlobalProtect Display Welcome Page Welcome Page Import None Display Welcome Page Allow user to manually rediscover network location Allow user to manually resubmit host information HIP Client Upgrade (prompt) (transparent) Palo Alto Networks GlobalProtect 229

GlobalProtect 124. GlobalProtect Data Collection Root CA GlobalProtect Network > GlobalProtect > Gateways GlobalProtect Max Wait Time Exclude Categories Add Add OK Custom Checks Registry Key (Windows) Add Plist (Mac) Add plist Process List Add GlobalProtect CA CA Add CA 125. GlobalProtect Name Location Server Certificate Authentication Profile Client Certificate 31 44 230 GlobalProtect Palo Alto Networks

GlobalProtect 125. GlobalProtect Tunnel Mode Timeout Configuration Gateway Address Client Configuration Inheritance Source Primary DNS Secondary DNS Primary WINS Secondary WINS Check inheritance status IP Pool Tunnel Interface Max Users Enable IPSec IPSec IPSec SSL-VPN Enable 3rd Party VPN Support IPSec GlobalProtect (X-Auth) VPN X-Auth GlobalProtect VPN VPN Login Lifetime Inactivity Logout Interface IP Address / HA IP DHCP PPPoE DNS GlobalProtect Inheritance Source DNS WINS DNS IP Windows Internet (WINS) IP Add IP IP IP IP IP / IP 192.168.0.0/16 192.168.0.10 Palo Alto Networks GlobalProtect 231

GlobalProtect 125. GlobalProtect DNS Suffix Access Route HIP Notification HIP Notification Add Move Up Move Down Remove Add VPN VPN Internet Internet Add Add Enable Shown Notification As Rich HTML HIP GlobalProtect Devices > GlobalProtect Client GlobalProtect Client GlobalProtect GlobalProtect GlobalProtect 1. Download Close 2. Activate 3. Upload Activate from File OK 4. Remove 232 GlobalProtect Palo Alto Networks

GlobalProtect GlobalProtect GlobalProtect PanGP GlobalProtect GlobalProtect PanGP 32 64 1. > > Palo Alto Networks > GlobalProtect > GlobalProtect Settings 37. GlobalProtect - Settings 2. GlobalProtect Remember Me 3. GlobalProtect IP 4. Apply GlobalProtect GlobalProtect Status tab Details tab IP Host State tab HIP Palo Alto Networks GlobalProtect 233

GlobalProtect Troubleshooting Network Configurations Routing Table GlobalProtect Sockets Logs GlobalProtect PanGP PanGP Start Stop 234 GlobalProtect Palo Alto Networks

10 (QoS) QoS 238 QoS 239 QoS 242 QoS QoS QoS QoS QoS QoS QoS Aggregate Ethernet QoS QoS QoS Network QoS 236 QoS QoS QoS 238 QoS QoS Policies Policies QoS 239 QoS Palo Alto Networks 235

QoS QoS QoS QoS 4 QoS http://www.paloaltonetworks.com QoS Network > QoS QoS 126. QoS Physical Interface Interface Name Maximum Egress Turn on QoS feature on this interface Default Profile: Clear Text Tunnel Interface Tunneled Traffic Clear Text Traffic Guaranteed Egress Maximum Egress (Mbps) QoS QoS QoS 238 QoS Tunneled Traffic Clear Text Traffic Detail Configuration (Mbps) 236 Palo Alto Networks

QoS 126. QoS Groups Group Configuration 45 Mbps T1 T1 QoS 45 Mbps Clear Text Add Name Source Interface Source Subnet any QoS Profile QoS QoS 238 QoS QoS Move Up Move Down Tunneled Traffic Add Tunnel Interface QoS Profile QoS Remove Palo Alto Networks 237

QoS QoS Network > Network Profiles > QoS Profiles QoS QoS QoS 236 QoS QoS 239 QoS 127. QoS Profile Name Egress Guaranteed Egress Max Classes 31 (Mbps) (Mbps) QoS Class QoS QoS QoS 4 Priority Egress Max (Mbps) Egress Guaranteed (Mbps) 238 Palo Alto Networks

QoS QoS Policies > QoS QoS QoS 4 QoS 236 QoS 238 QoS Virtual System Go Filter Rules Source Zone / Destination Zone Filter by Zone Panorama QoS Add Rule Clone Rule Clone Rule 128. QoS General Name Tag Source 31 Add Source Zone any 2 3 97 Palo Alto Networks 239

QoS 128. QoS Source Address Source User Negate Destination IPv4 IPv6 select Available / Add Selected Search Available Add IP <ip_address>/<mask> Selected Remove any New Address 153 150 QoS Destination Zone any 2 3 97 Destination Address Negate Application Application IPv4 IPv6 select Available / Add Selected Search Available Add IP <ip_address>/<mask> Selected Remove any New Address 153 150 QoS 153 158 240 Palo Alto Networks

QoS 128. QoS Service/ URL Category Service URL Category Other Settings Class Schedule TCP / UDP any application-default Palo Alto Networks Select Add Service Service Group 159 160 QoS URL any URL QoS Add 161 URL QoS OK QoS QoS 238 QoS QoS Palo Alto Networks 241

QoS QoS Network > QoS QoS Policies QoS QoS 38. QoS QoS QoS Bandwidth Session Browser / Application View QoS / 242 Palo Alto Networks

11 Panorama Panorama 244 Panorama 245 Panorama 245 Panorama 246 SSL 246 Panorama 247 248 HA Panorama 251 Panorama Palo Alto Networks Panorama 243

Panorama VMware Panorama VMware Server VMware ESX(i) 4.x 3.5 (OVF) VMware ESX(i) 4.x 3.5 2GHz CPU VMware Server VMware Server VMware ESX(i) 2-4 GB RAM 10 10 4 GB VMware vsphere Client 4.x VMware Infrastructure Client 3.5 Panorama https://support.paloaltonetworks.com Panorama Panorama Panorama zip Panorama Panorama Panorama 1. Panorama zip panorama-esx.ovf 2. VMware vsphere Client VMware 3. File > Deploy OVF Template 4. Panorama panorama-esx.ovf Next 5. Next 6. Panorama Next 7. Panorama Next 8. Thick provisioned format Next 9. Finish 10. Panorama Power On Panorama 244 Panorama Palo Alto Networks

Panorama Panorama Panorama 1. admin admin CLI CLI 2. IP 显示系统信息 3. CLI 配置 4. set deviceconfig system ip-address <Panorama-IP> netmask <netmask> default-gateway <gateway-ip> dns-setting servers primary <DNS-IP> <Panorama-IP> IP <netmask> <gateway-ip> IP <DNS-IP> (DNS) IP 5. commit exit 6. (<target-ip>) ping host <target-ip> ping Internet Ping Panorama Panorama 1. Web https://<panorama IP address> Palo Alto Networks 2. Name Password admin Login 3. Panorama > Administrators > admin 4. Old Password admin 5. New Password 15 Confirm New Password 6. OK 7. 58 Panorama Palo Alto Networks Panorama 245

SSL 8. Panorama 255 9. 28 Panorama IP SSL Panorama SSL SSL Panorama 1. Panorama > 2. Generate Import 3. OK 4. Commit Panorama Panorama 10 GB VMware Server 950 GB ESX ESXi 2TB 1. VMware Panorama 2. Edit Settings 3. Add Add Hardware wizard 4. Hard Disk Next 5. Create a new virtual disk Next 6. Virtual Disk Type SCSI Next 7. Location Specify a datastore Browse 8. Finish RAID RAID 10 246 Panorama Palo Alto Networks

9. Panorama Panorama Panorama 10 GB Panorama > Setup > Storage Partition Setup Panorama Panorama NFS Panorama Setup Storage Partition Setup Panorama 129. Internal NFS v3 Panorama NFS Server NFS (FQDN) IP Log Directory Protocol NFS UDP TCP Port NFS Read Size NFS 256-32768 Write Size NFS 256-32768 Copy On Setup Panorama NFS Test Logging Partition NFS Palo Alto Networks Panorama 247

HA HA Panorama > High Availability Panorama HA Panorama Panorama Panorama Preemption HA 4.0 3.1 HA Panorama Panorama HA Panorama Network File System NFS NFS Local Logging Panorama HA 130. Panorama HA Setup Enable HA Peer HA IP Address Enable Encryption Monitor Hold Time (ms) HA Control Link HA1 IP Panorama Panorama HA 28769/tcp 49160/tcp 49960/tcp 49969/tcp (ms) 1000-60000 ms 3000 ms 248 Panorama Palo Alto Networks

HA 130. Panorama HA Election Settings Priority Preemptive Preemption Hold Time (min) Promotion Hold Time (ms) Hello Interval (ms) Heartbeat Interval (ms) Monitor Fail Hold Up Time (ms) Additional Master Hold Up Time (ms) Path Monitoring Enabled Failure Condition Path Groups Primary Secondary Panorama 1-60 1 0-60000 ms 2000 8000-60000 ms 8000 Panorama ICMP Ping HA 1000-60000 ms 1000 Panorama 0 ms 7000 ms ICMP Ping Panorama IP Add Name Enabled Failure Condition Ping interval ICMP 1000-60000 ms 5000 Destination IPs Delete HA HP NFS Panorama NFS NFS 2 S1 S2 S2 Palo Alto Networks Panorama 249

HA NFS S2 1. S1 2. S2 a. Panorama > High Availability b. Priority Secondary Primary c. NFS 3. CLI request high-availability convert-to-primary S1 HA S2 NFS convert-to-primary HA (S1) NFS S2 4. S2 S2 NFS 250 Panorama Palo Alto Networks

12 Panorama Panorama Panorama Web 252 Panorama 254 255 256 257 258 259 260 261 261 262 Panorama Palo Alto Networks Panorama 251

Panorama Web Panorama Web Panorama Panorama Web 1. Web https://<panorama IP address> Palo Alto Networks 2. Login Panorama Panorama Web Palo Alto Networks Panorama Panorama 1. Panorama IP 28 2. Panorama 255 Panorama Panorama Panorama 131. Panorama Dashboard ACC Monitor Objects Policies Panorama 10 169 188 186 259 259 Panorama Panorama 252 Panorama Palo Alto Networks

Panorama Panorama Panorama Devices Panorama 132. Panorama Setup Config Audit Managed Devices Device Groups Admin Roles Administrators High Availability Certificates Log Settings Server Profiles Panorama DNS NTP 28 30 Panorama 254 Panorama 255 Panorama 41 Panorama 42 Administrators Panorama (HA) 248 HA Web Panorama 58 Panorama 77 (SNMP) Syslog 51 Panorama 54 SNMP 56 Syslog 56 46 RADIUS 47 LDAP 47 Kerberos Active Directory. Authentication Profile Authentication Sequence 58 Netflow Panorama 44 Panorama 48 Palo Alto Networks Panorama 253

132. Panorama Client Certificate Profile Access Domain Scheduled Config Export Software Dynamic Updates Support Deployment Panorama 49 255 (FTP) 261 Panorama 262 Panorama Panorama 40 Palo Alto Networks 78 260 Panorama > Managed Devices Managed Devices HA VSYS Panorama HA HA Panorama Panorama 4.0 3.1 4.0 4.1 SSL TCP 3978 Panorama 1. Panorama Managed Devices Managed Devices 2. Group by 3. Add/Remove Devices 4. Add 5. 254 Panorama Palo Alto Networks

6. OK Managed Devices 7. a. Add/Remove Devices b. Delete c. OK Panorama > Device Groups / Panorama Panorama Device Groups 133. Device Group Name Devices Master Device 31 Add Panorama ID Panorama > Access Domain Access Domain RADIUS (VSA) RADIUS RADIUS Palo Alto Networks Panorama 255

134. Name Device Groups Device Context 31 Add Panorama 121 Panorama Panorama deny all allow Panorama Panorama Target Install on all but specified devices 256 Panorama Palo Alto Networks

39. Panorama Panorama Panorama Panorama Panorama any default Panorama Objects Device Device Panorama SNMP syslogradius LDAP Kerberos Location device-group-test Location 135. Panorama Panorama Location Panorama Panorama SNMP Syslog (RADIUS) (LDAP) Kerberos Palo Alto Networks Panorama 257

135. Device Groups Panorama 255 Policies Objects Device Groups Shared Panorama Location Panorama Panorama Location Shared Objects Shared Panorama Context Panorama Panorama 255 Web Panorama 40. 258 Panorama Palo Alto Networks

Panorama > Managed Devices Commit all Panorama IP Connected Panorama Panorama 4.1 PAN-OS 4.0 allow Managed Devices Last Commit All State Panorama 15 Panorama Panorama Panorama ACC Monitor Panorama ACC Monitor > PDF Reports > User Activity Report Panorama Panorama 185 Panorama > Config Audit Panorama Managed Devices 41 Palo Alto Networks Panorama 259

Commit All 41. Managed Devices Diff All 5 OK Panorama Panorama > Deployment Deployment 136. Panorama Deployment Software SSL VPN Client GlobalProtect Client Dynamic Updates Licenses SSL VPN GlobalProtect 40 Refresh Software SSL VPN GlobalProtect Refresh Palo Alto Networks Release Notes Activate Palo Alto Networks 260 Panorama Palo Alto Networks

Download Downloaded Install Upload PC Install from File Activate from File OK Delete Panorama > Setup Panorama Panorama Setup Panorama 100 28 Panorama Panorama > Managed Devices Backups Manage Load Commit Panorama > Scheduled Config Export Panorama Scheduled Config Export gzip FTP XML 137. Name Enable Scheduled export start time (daily) Hostname Port 31 24 HH:MM FTP IP Palo Alto Networks Panorama 261

Panorama 137. Passive Mode FTP Username Password Confirm Password Panorama Panorama > Software Panorama Palo Alto Networks Panorama Panorama Refresh Palo Alto Networks Release Notes 1. a. Download Downloaded b. Install Panorama 2. 262 Panorama Palo Alto Networks

13 WildFire WildFire WildFire 263 WildFire 264 WildFire WildFire WildFire EXE DLL Palo Alto Networks Palo Alto Networks HTTP (GZIP) EXE DLL WildFire WildFire WildFire WildFire WildFire 1. Device > Setup WildFire 264 WildFire 2. forward continue-andforward 143 3. 124 4. WildFire 264 WildFire WildFire 266 WildFire Palo Alto Networks WildFire 263

WildFire WildFire Device > Setup > WildFire WildFire WildFire 138. WildFire General Settings WildFire Server Maximum File Size (MB) Session Information Settings Settings WildFire URL default-cloud WildFire WildFire 1-10 MB 2 MB WildFire Source IP IP Source Port Destination IP IP Destination Port Vsys Application User URL URL Filename WildFire WildFire https://wildfire.paloaltonetworks.com Palo Alto Networks WildFire WildFire WildFire Upload File 264 WildFire Palo Alto Networks

WildFire 42. WildFire WildFire WildFire Settings 139. WildFire Password Time Zone Email Notifications Current Password New Password/Confirm Password WildFire WildFire WildFire Malware Both None Palo Alto Networks WildFire 265

WildFire WildFire WildFire Reports 43. WildFire Reports 266 WildFire Palo Alto Networks

A IP URL URL HTML 269 269 270 URL 271 271 272 Web 272 URL 273 SSL VPN 274 SSL 77 <html> <head> <meta http-equiv=content-type content="text/html; charset=windows-1252"> <meta name=generator content="microsoft Word 11 (filtered)"> <title>this is a test</title> <style> <!-- /* Font Definitions */ Palo Alto Networks 267

@font-face {font-family:"microsoft Sans Serif"; panose-1:2 11 6 4 2 2 2 2 2 4;} /* Style Definitions */ p.msonormal, li.msonormal, div.msonormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"times New Roman";} h4 {margin-top:12.0pt; margin-right:0in; margin-bottom:3.0pt; margin-left:0in; page-break-after:avoid; font-size:14.0pt; font-family:"times New Roman";} p.sanserifname, li.sanserifname, div.sanserifname {margin:0in; margin-bottom:.0001pt; text-autospace:none; font-size:10.0pt; font-family:"microsoft Sans Serif"; font-weight:bold;} p.boldnormal, li.boldnormal, div.boldnormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"times New Roman"; font-weight:bold;} span.heading10 {color:black font-weight:bold;} p.subheading1, li.subheading1, div.subheading1 {margin-top:12.0pt; margin-right:0in; margin-bottom:3.0pt; margin-left:0in; page-break-after:avoid; font-size:12.0pt; font-family:"times New Roman"; font-weight:bold;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.section1 {page:section1;} --> </style> </head> <body lang=en-us> <div class=section1> <p class=msonormal>this is a test.</p> </div> </body> </html> 268 Palo Alto Networks

<html> <head> <title>application Blocked</title> <style> #content{border:3px solid#aaa;backgroundcolor:#fff;margin:40;padding:40;font-family:tahoma,helvetica,arial,sansserif;font-size:12px;} h1{font-size:20px;font-weight:bold;color:#196390;} b{font-weight:bold;color:#196390;} </style> </head> <body bgcolor="#e7e8e9"> <div id="content"> <h1>application Blocked</h1> <p>access to the application you were trying to use has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.</p> <p><b>user:</b> <user/> </p> <p><b>application:</b> <appname/> </p> </div> </body> </html> <html> <head> <meta http-equiv=content-type content="text/html; charset=windows-1252"> <meta name=generator content="microsoft Word 11 (filtered)"> <title>this is a test</title> <style> <!-- /* Font Definitions */ @font-face {font-family:"microsoft Sans Serif"; panose-1:2 11 6 4 2 2 2 2 2 4;} /* Style Definitions */ p.msonormal, li.msonormal, div.msonormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"times New Roman";} h4 {margin-top:12.0pt; margin-right:0in; margin-bottom:3.0pt; margin-left:0in; page-break-after:avoid; font-size:14.0pt; font-family:"times New Roman";} p.sanserifname, li.sanserifname, div.sanserifname {margin:0in; margin-bottom:.0001pt; text-autospace:none; font-size:10.0pt; font-family:"microsoft Sans Serif"; font-weight:bold;} p.boldnormal, li.boldnormal, div.boldnormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"times New Roman"; font-weight:bold;} Palo Alto Networks 269

span.heading10 {color:black font-weight:bold;} p.subheading1, li.subheading1, div.subheading1 {margin-top:12.0pt; margin-right:0in; margin-bottom:3.0pt; margin-left:0in; page-break-after:avoid; font-size:12.0pt; font-family:"times New Roman"; font-weight:bold;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.section1 {page:section1;} --> </style> </head> <body lang=en-us> <div class=section1> <p class=msonormal>this is a test.</p> </div> </body> </html> URL <html> <head> <title>web Page Blocked</title> <style> #content{border:3px solid#aaa;backgroundcolor:#fff;margin:40;padding:40;font-family:tahoma,helvetica,arial,sansserif;font-size:12px;} h1{font-size:20px;font-weight:bold;color:#196390;} b{font-weight:bold;color:#196390;} </style> </head> <body bgcolor="#e7e8e9"> <div id="content"> <h1>web Page Blocked</h1> <p>access to the web page you were trying to visit has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.</p> <p><b>user:</b> <user/> </p> <p><b>url:</b> <url/> </p> <p><b>category:</b> <category/> </p> </div> </body> </html> 270 Palo Alto Networks

<application-type> <category> <entry name="networking" id="1"> <subcategory> <entry name="remote-access" id="1"/> <entry name="proxy" id="2"/> <entry name="encrypted-tunnel" id="3"/> <entry name="routing" id="4"/> <entry name="infrastructure" id="5"/> <entry name="ip-protocol" id="6"/> </subcategory> </entry> <entry name="collaboration" id="2"> <subcategory> <entry name="email" id="7"/> <entry name="instant-messaging" id="8"/> <entry name="social-networking" id="9"/> <entry name="internet-conferencing" id="10"/> <entry name="voip-video" id="11"/> </subcategory> </entry> <entry name="media" id="3"> <subcategory> <entry name="video" id="12"/> <entry name="gaming" id="13"/> <entry name="audio-streaming" id="14"/> </subcategory> </entry> <entry name="business-systems" id="4"> <subcategory> <entry name="auth-service" id="15"/> <entry name="database"id="16"/> <entry name="erp-crm" id="17"/> <entry name="general-business" id="18"/> <entry name="management" id="19"/> <entry name="office-programs" id="20"/> <entry name="software-update" id="21"/> <entry name="storage-backup" id="22"/> </subcategory> </entry> <entry name="general-internet" id="5"> <subcategory> <entry name="file-sharing" id="23"/> <entry name="internet-utility" id="24"/> </subcategory> </entry> </category> <technology> <entry name="network-protocol" id="1"/> <entry name="client-server" id="2"/> <entry name="peer-to-peer" id="3"/> <entry name="web-browser" id="4"/> </technology> </application-type> <h1>ssl Inspection</h1> <p>in accordance with company security policy, the SSL encrypted connection you have initiated will be temporarily unencrypted so that it can be inspected for viruses, spyware, and other malware.</p> <p>after the connection is inspected it will be re-encrypted and sent to its destination. No data will be stored or made available for other purposes.</p> <p><b>ip:</b> <url/> </p> <p><b>category:</b> <category/> </p> Palo Alto Networks 271

Web <h1 ALIGN=CENTER>Captive Portal</h1> <h2 ALIGN=LEFT>In accordance with company security policy, you have to authenticate before accessing the network.</h2> <pan_form/> URL <html> <head> <title>web Page Blocked</title> <style> #content{border:3px solid#aaa;backgroundcolor:#fff;margin:40;padding:40;font-family:tahoma,helvetica,arial,sansserif;font-size:12px;} h1{font-size:20px;font-weight:bold;color:#196390;} b{font-weight:bold;color:#196390;} form td, form input { font-size:11px; font-weight:bold; } #formtable { height: 100%; width: 100%; } #formtd { vertical-align:middle; } #formdiv { margin-left:auto; margin-right:auto; } </style> <script type="text/javascript"> function pwdcheck() { if(document.getelementbyid("pwd")) { document.getelementbyid("continuetext").innerhtml = "If you require access to this page, have an administrator enter the override password here:"; } } </script> </head> <body bgcolor="#e7e8e9"> <div id="content"> <h1>web Page Blocked</h1> <p>access to the web page you were trying to visit has been blocked in accordance with company policy.please contact your system administrator if you believe this is in error.</p> <p><b>user:</b> <user/> </p> <p><b>url:</b> <url/> </p> <p><b>category:</b> <category/> </p> <hr> <p id="continuetext">if you feel this page has been incorrectly blocked, you may click Continue to proceed to the page.however, this action will be logged.</p> <div id="formdiv"> <pan_form/> </div> <a href="#" onclick="history.back();return false;">return to previous page</ a> </div> </body> </html> 272 Palo Alto Networks

SSL VPN <HTML> <HEAD> <TITLE>Palo Alto Networks - SSL VPN</TITLE> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <link rel="stylesheet" type="text/css" href="/styles/ falcon_content.css?v=@@version"> <style> td { font-family:verdana, Arial, Helvetica, sans-serif; font-weight:bold; color:black; /*#FFFFFF; */ }.msg { background-color:#ffff99; border-width:2px; border-color:#ff0000; border-style:solid; padding-left:20px; padding-right:20px; max-height:150px; height:expression( this.scrollheight > 150?"150px" :"auto" ); /* sets max-height for IE */ overflow:auto; }.alert {font-weight:bold;color:red;} </style> </HEAD> <BODY bgcolor="#f2f6fa"> <table style="background-color:white; width:100%; height:45px; borderbottom:2px solid #888888;"> <tr style="background-image:url(/images/logo_pan_158.gif); background-repeat:no-repeat"> <td align="left"> </td> </tr> </table> <div align="center"> <h1>palo Alto Networks - SSL VPN Portal</h1> </div> <div id="formdiv"> <pan_form/> </div> </BODY> </HTML> Palo Alto Networks 273

SSL <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <html> <head> <title>certificate Error</title> <style> #content{border:3px solid#aaa;backgroundcolor:#fff;margin:40;padding:40;font-family:tahoma,helvetica,arial,sansserif;font-size:12px;} h1{font-size:20px;font-weight:bold;color:#196390;} b{font-weight:bold;color:#196390;} </style> </head> <body bgcolor="#e7e8e9"> <div id="content"> <h1>certificate Error</h1> <p>there is an issue with the SSL certificate of the server you are trying to contact.</p> <p><b>certificate Name:</b> <certname/> </p> <p><b>ip:</b> <url/> </p> <p><b>issuer:</b> <issuer/> </p> <p><b>status:</b> <status/> </p> <p><b>reason:</b> <reason/> </p> </div> </body> </html> 274 Palo Alto Networks

B Palo Alto Networks 277 277 business-system auth-service database erp-crm general-business infrastructure office-program software-update storage-backup collaboration instant-messaging internet-conferencing internet-utility Palo Alto Networks 275

social-networking voip-video web-posting general-internet file-sharing internet-utility media audio-streaming gaming photo-video networking audio-streaming encrypted-tunnel infrastructure ip-protocol proxy remote-access routing unknown 276 Palo Alto Networks

140. network-protocol client-server peer-to-peer browser-based IP - Web 141. Transfers Files Evasive Excessive Bandwidth Used by Malware Prone to Misuse Widely Used Tunnels Other Applications Continue Scanning for Other Applications 1 Mbps 1000000 Palo Alto Networks 277

278 Palo Alto Networks

C 140-2 (FIPS 140-2) FIPS FIPS Set FIPS Mode PAN-OS Command Line Interface Reference Guide FIPS TLS 1.0 Device > Setup > Management FIPS FIPS FIPS IPSec 2048 SSH 2048 RSA Telnet TFTP HTTP (HA) PAP Kerberos Palo Alto Networks 279

280 Palo Alto Networks

D (GPL) $5 Palo Alto Networks Open Source Request 232 E. Java Drive Sunnyvale, CA 282 283 BSD 284 GNU 287 GNU 291 MIT/X11 292 OpenSSH 295 PSF 295 PHP 296 Zlib Palo Alto Networks 281

Larry Wall Perl v4.0 CrackUnix Password Cracker CrackLibUnix Password Checking Alec David Edward Muffett 1. 2. 3. a) Usenet uunet.uu.net b) c) d) 4. a) b) c) d) 282 Palo Alto Networks

BSD 5. 6. 7. BSD BSD Julian Steward Thai Open Source Software Center Ltd The Regents of the University of California Nick Mathewson Niels Provos Dug Song Todd C. Miller University of Cambridge Sony Computer Science Laboratories Inc. 1. 2. / 3. Palo Alto Networks 283

GNU GNU 1991 6 2 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA GNU GNU (1) (2) / 0. / 1. 284 Palo Alto Networks

GNU 2. 1 a) b) c) 3. 1 2 2 a) 1 2 b) 1 2 c) b 4. Palo Alto Networks 285

GNU 5. 6. 7. / 8. / 9. / 10. 11. / 12. / 286 Palo Alto Networks

GNU GNU 1999 2 2.1 1991, 1999 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA [ GPL (Lesser GPL) GNU (GNU Library Public License) 2 2.1 ] GNU (1) (2) / GNU GNU GNU Palo Alto Networks 287

GNU GNU C GNU GNU/ Linux / / 1. 2. 1 * a) * b) * c) * d) 2d 288 Palo Alto Networks

GNU 3. GNU GNU 2 2 GNU GNU 4. 1 2 2 1 2 5. 6 6 6 6 6. * a) 1 2 / * b) (1) (2) Palo Alto Networks 289

GNU * c) 6a * d) * e) 7. * a) * b) 8. 9. 10. 11. / 12. / 290 Palo Alto Networks

MIT/X11 MIT/X11 13. / 14. 15. / 16. / 2001-2002 Daniel Veillard 2001-2002 Thomas Broyer Charlie Bozeman Daniel Veillard 1998 Bjorn Reese Daniel Stenberg 2000 Gary Pennington Daniel Veillard 2001 Bjorn Reese <breese@users.sourceforge.net> 2001, 2002, 2003 Python 2004-2008 Paramjit Oberoi <param.cs.wisc.edu> 2007 Tim Lauridsen <tla@rasmil.dk> / Palo Alto Networks 291

OpenSSH OpenSSH OpenSSH BSD OpenSSH GPL 1) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland RFC ssh Secure Shell [Tatu ] GNU [ OpenSSH -RSA OpenSSL -IDEA -DES OpenSSL -GMP OpenSSL BN -Zlib -make-ssh-known-hosts -TSS -MD5 OpenSSL -RC4 OpenSSL ARC4 -Blowfish OpenSSL [ ] Internet http://www.cs.hut.fi/crypto / 292 Palo Alto Networks

OpenSSH / 2) deattack.c 32 CRC CORE SDI S.A. BSD ssh - 1998 CORE SDI S.A., Buenos Aires, Argentina CORE SDI S.A. Ariel Futoransky <futo@core-sdi.com> <http://www.core-sdi.com> 3) ssh-keyscan David Mazieres BSD 1995, 1996 by David Mazieres <dm@lcs.mit.edu> OpenBSD Project 4) Vincent Rijmen Antoon Bosselaers Paulo Barreto Rijndael @3.0 2000 12 Rijndael ANSI C AES @ Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> @ Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> @ Paulo Barreto <paulo.barreto@terra.com.br> 5) ssh 3 BSD University of California Berkeley 1983, 1990, 1992, 1993, 1995 The Regents of the University of California. 1. 2. / 3. Palo Alto Networks 293

OpenSSH THE REGENTS THE REGENTS 6) 2 BSD -Markus Friedl -Theo de Raadt -Niels Provos -Dug Song -Aaron Campbell -Damien Miller -Kevin Steves -Daniel Kouril -Wesley Griffin -Per Allansson -Nils Nordman -Simon Wilkinson 1. 2. / 294 Palo Alto Networks

PSF PSF 1. Python PSF Python 2.3 2. PSF Python 2.3 / Python 2.3 PSF PSF 2001, 2002, 2003 Python Software Foundation 3. Python 2.3 Python 2.3 4. PSF Python 2.3 PSF PSF Python 2.3 5. PSF Python 2.3 Python 2.3 6. 7. PSF PSF 8. Python 2.3 PHP PHP 3.01 1999-2009 The PHP Group 1. 2. / 3. PHP group@php.net 4. group@php.net PHP PHPFoo PHP PHP Foo phpfoo PHP 5. PHP Group / PHP Group PHP Group Palo Alto Networks 295

Zlib 6. <http://www.php.net/ software/> PHP PHP PHP PHP Group group@php.net PHP Group PHP Group PHP <http://www.php.net> PHP <http://www.zend.com> Zend Zlib 1995-2005 Jean-loup Gailly Mark Adler 1. 2. 3. Jean-loup Gailly jloup@gzip.org Mark Adler madler@alumni.caltech.edu 296 Palo Alto Networks

A Active Directory User-ID Agent 200 User-ID Agent 200 User-ID Agent 199 User-ID Agent 203 Aggregate Ethernet 91 91 Aggregate 91 App-ID 189 ARP VLAN 87, 93 3 89 3 93 AS BGP 99 99 Authentication Header (AH) 212 137, 164 165 124 124 (SA) 210 137 164 137, 164 97 96 96 NAT 128 124, 125 58, Panorama 244 B BGP 98 105 99 105 101 botnet 181 181 BrightCloud 142 168 22 249 30, 33 186 WildFire 266 185 186 PDF 183 50 186 171 185, 259 187 188 PDF 183 186, 187 171 168 169 187 / 61, HA 249 261 214 24 22, Web 24 297 Palo Alto Networks

2 84 3 88 82 (REST) 17 IKE 211 (DF) 118 80 80 2 81 3 81 PPPoE 81 81 80 260 C CPU 168 CRL 36 DoS 135 NAT 128 149 131 134 122 252, 256 121 NAT 126 124 130 73, 74, 75 256 121 QoS 239 148 256 162 123 256 256 181 181 178 255 (DAD) 87, 89 101 102 35 31 28, 31, 38 (TLS) 47 247 Panorama 247 D DHCP 112 112 112, 236 112 Diffie-Hellman (DH) group 212, 216 DNS 113 DNS 114 114 DoS 147 135 147 GlobalProtect 223 203 GlobalProtect 233 GlobalProtect 233 195 30, 33 30, 33 51 261 58 23 85 2 81 2 83 84 83 84, 95 3 81 3 77 94, 95 85 88 85 88 150 150 298 Palo Alto Networks

149 150 149 150, 150 186 56 56, 58 165 164, 166 261 262 DOS 118 URL 34 40 40 214 214 148 Panorama 257 100 110 29, 73, 76 E Encapsulating Security Payload (ESP) 212 F FIPS 279 flood 115 flood 117, 238 FTP, 51 138 138 267 23 16 User-ID Agent 196 15 WildFire 264 Web 21 29 139 139 41, 43 Panorama 255, 159 Kerberos 48 LDAP 47 RADIUS 46 syslog 56 (QoS) 235 160, 160 G GlobalProtect 223 223 223 223 224 233 228 230 224 233 223 232 77 botnet 181 61 96 61 67 96 Panorama 248 67 72 67 66 PAN-OS 40 Panorama 248 / 61 / 61 16 252, 256 255 75 3 77 75 Palo Alto Networks 299

77 218 CLI 17 Panorama 17 28, 38 Web 17 17 30, 33, 41, 41, 41 41 43, 253, 42, 41 13 124 164 151, 158 151 H HA 96 HA1 HA2 67 HTML 267 180, HA 249 30, 33 181 94, 95 28, 30, 33 22 J ICMP flood 117 110 IKE AH 212 211 DH 212 216 214 ESP 212 210, 211 216 212 214 211 IKE 211 115, 214 IPSec AH 212 DH 212 217 ESP 212 217 215 212 211 IPv6 116 IPv6 150 (PBF) 130 130 217 116, 118 216, 217 212 60 217 Panorama 252 67 214 41 41 Aggregate 91 83, 168 2 84, 95 2 83 3 88 3 85 96 95 Aggregate Ethernet 91, 92 82 116 138 179 57 57 50 53 57 57 57 117 300 Palo Alto Networks

(Dos) 147 K Kerberos 41 48 (OVF) 244 281 botnet 181 GlobalProtect 232 L LDAP 47 41 LSA 99 84, 90, 96 168 84, 90, 96, HA 71, 25 140, 141, HA 249 BGP 105 98 98 OSPF 103 RIP 102 M MD5 105 MIB 36, 55 GlobalProtect 223 223 GlobalProtect 228 60 35 20, 35, QoS 236 N NAT 126 129 128 127 Netflow 58 58 NFS 247 247 Panorama 248 247 NIS 113 NSSA (not so stub area) 104 NT LAN (NTLM) 135, 196 NTP 113 168 O OCSP 36 OSPF 98 103 103 101 P Panorama ACC 252 243, 244 252 257 252 252 255 60 248, 252, 256 252 259 252 Panorama 252 IP 29 261 259 29 261, 262 254 244 252, 253 252 252 43, 253 PAN-OS 168 39, 43, 255 PAN-OS, 39 passive link state 71 Palo Alto Networks 301

PDF 183 184, 186 184 184 Perfect Forward Security (PFS) 212 PPPoE 81 81 86 proxy DNS 114 95 81 81 38 30, 33 261 180 52, 53, 54 50 38, 259 137, 164 165 flood 115 138, 138, 139 139 137 217 IKE 216 IKE 216 IPSec 217 IPSec 217 116 116 140, 141 QoS 235, 238 116, 238 164 146 217 URL 141 115 143, 164 115 101, 164 VPN 218 Q QoS 126 239 235 238 238, 239 236 235 235, 238 126 236 238 163 163 163 134 44 198 134, 136 Web 77, 272 78 116, 238 97 NAT 128 124, 125 R RADIUS 46 44 41 random early drop 117 RFC 1583 Compatibility 103 RIP 98 102 102 101 routing 100 98 ACC 169 FTP 51 178 URL 180 56 51 302 Palo Alto Networks

52, 53, 54 164 54 50 HIP 180 HIP 53 179 50, 53 50 52 54 50 50 51 56, 58 51 SNMP 54 syslog 56 169 165 165 168 40 39, 43, 255, 261, 262 Panorama 262 S SNMP 54 MIB 55 MIB 36 37 SNMP 54 165 SSL 131 131 164 130, 132 SSL VPN 45 232 235 44 Web 77 SYN flood 117 syslog 56 165 27 254 255, HA 249 258 258 255 258 41 GlobalProtect 224 41 IKE 211 LDAP 41 RADIUS 41 48 28, 38 44 Kerberos 48 LDAP 47 RADIUS 46 44 49 49 38, 259 40 Panorama 261, 262 PAN-OS 39, 43, 255 40 40 28 28, 38 VPN 218 40, 28, 38 180 190 180 APP-ID 189 190 138, 139, 140, 141 190 35 35 ACC 170 ACC HIP 170 Palo Alto Networks 303

50, 180 146 162 170 147 146 147 146, 148 162 160 147 160, 151 84, 90, 96 60 84, 90, 96 SSL VPN 232 VPN 211 IPSec 211 215 218 218 217 215, QoS 236 T TS 203 203 203 207 204 23 Panorama 259 23 37 142 URL 161 165 180 164 W UDP flood 117 Web 24 23 21 24 23 25 WildFire 266 263 264 263 264 264 265 WINS 113 VLAN 2 92 92 VMware ESX(i) 244 VPN 210 IPSec IKE 212 SSL 235 211 218 VPN 211 211 IKE 211 212, 215 211 URL ACC 170 51, 180 141 142 78, 272 170 142 34 78 User-ID Agent Active Directory, 199 193 196 198 Active Directory 200 Active Directory 200 Active Directory 203 vsphere 244 GlobalProtect 223 223 GlobalProtect 230 304 Palo Alto Networks

80 115 28, 38 94 29 ACC 170 40 170 166 180 164 50 188 App-ID 189 189 143, 164 143 269 X XML API 17 180 50 77 101 77 77, 267 GlobalProtect portal help 77 GlobalProtect portal login 77 49, 77 77, 272 SSL 77 SSL 77, 274 URL 78, 272 77, 269 77 77, 269 117, 118 22 38, 58 281 100 110 98 100, 101, 110 101 112 73, 75, 76 76 73 75 75 73 73, 74 73 74 29 29 74 80 82 91 90 Y 168 92 13 168 171 176 174, 175, 177 173 172 ACC 170 133 188 153 158 158 40 151 277 153, 275 139 151 152 154, 277 152 269 153, 275 139 164 Palo Alto Networks 305

170 (ACC) 169 133 133, 158 23 SSL VPN 45 43 28 117 28, 38 (SSM) 112 142 URL 143 Z 43, 253 42 44 115 CRL 36 227 225 60 255 187 163 163 163 185 151 153 Aggregate 91 160 255, 143 142 URL 142 (SPT) 112 59 59 GlobalProtect 224 58 CA 58 OCSP 36 Panorama 60 60 Web 58 (CA) CRL 36 GlobalProtect 224 CA 58 OCSP 36 57, 160 25 78, 78 78 TS 203 / 61 / 61, 28, 38 (HIP) ACC 170 HIP 53 180 306 Palo Alto Networks