Palo Alto Networks Getting Started Guide

Similar documents
飞鱼星多WAN防火墙路由器用户手册

admin_guide.book

湖北省政府采购中心

D-link用户手册.doc

Symantec™ Sygate Enterprise Protection 防护代理安装使用指南

ch09.PDF

SiteView技术白皮书

CA Nimsoft Monitor Snap 快速入门指南

(UTM???U_935_938_955_958_959 V )

项目采购需求编写模板

Secoway SVN3000技术建议书V1

UDP 8.2 TCP/IP OSI OSI 3 OSI TCP/IP IP TCP/IP TCP/IP Transport Control Protocol TCP User Datagram Protocol UDP TCP TCP/IP IP TCP TCP/IP TC

温州市政府分散采购

C3_ppt.PDF

一、选择题

Palo Alto Networks, Inc Palo Alto Networks Palo Alto Networks PAN-OS Panorama Palo Alto Networks, Inc. P/N

<4D F736F F F696E74202D20A1B6CFEEC4BFD2BB20B3F5CAB6BCC6CBE3BBFACDF8C2E7A1B7C8CECEF1C8FD20CAECCFA A1A24950D0ADD2E9BACD4950B5D8D6B72E707074>

目 录 简 介.3 ` 体 系 结 构...4 数 据 层...5 数 据 连 接 器...6 Tableau Server 组 件...7 网 关 / 负 载 平 衡 器...8 客 户 端 :Web 浏 览 器 和 移 动 应 用 程 序...8 客 户 端 :Tableau Desktop..

My Net N900 Central Router User Manual

1 产 品 简 介 特 性 包 装 产 品 外 观 电 脑 系 统 要 求 硬 件 安 装 软 件 安 装 软 件 操 作 IP

ext-web-auth-wlc.pdf

目 录 第 五 部 分 第 六 部 分 第 七 部 分 第 八 部 分 投 标 邀 请 投 标 人 须 知 附 表 评 标 方 法 和 评 分 细 则 项 目 需 求 和 技 术 方 案 要 求 1

《计算机网络》实验指导书

目 彔 1. 准 备 工 作 登 彔 设 置 功 能 说 明 实 时 监 控 基 本 控 制 功 能 设 置 画 质 调 节 彔 像 与 抓 拍

User Group SMTP


附件:技术测评需求

Basic System Administration

<4D F736F F D D352DBED6D3F2CDF8D7E9BDA8D3EBB9DCC0EDCFEEC4BFBDCCB3CCD5FDCEC42E646F63>

RG-NBS5816XS交换机RGOS 10.4(3)版本WEB管理手册

專業式報告

Web 服 务 器 网 上 银 行 服 务 器 邮 件 服 务 器 置 于 停 火 区 (DMZ), 通 过 病 毒 防 御 网 关 入 侵 检 测 及 防 火 墙 连 接 到 Internet 上, 办 公 网 也 通 过 VPN 防 火 墙 连 接 到 Internet 上 二 金 融 网 络

QVM330 多阜寬頻路由器

Cisco WebEx Meetings Server 2.6 版常见问题解答

13 根 据 各 种 网 络 商 务 信 息 对 不 同 用 户 所 产 生 的 使 用 效 用, 网 络 商 务 信 息 大 致 可 分 为 四 级, 其 中 占 比 重 最 大 的 是 ( A ) A 第 一 级 免 费 信 息 B 第 二 级 低 收 费 信 息 C 第 三 级 标 准 收 费

GPRS IP MODEM快速安装说明

SVN3000逐点答夊集

中科曙光云盘系统

网康科技•互联网控制网关

D E 答 案 :C 3. 工 作 站 A 配 置 的 IP 地 址 为 /28. 工 作 站 B 配 置 的 IP 地 址 为 /28. 两 个 工 作 站 之 间 有 直 通 线 连 接, 两 台

杭 州 顺 网 科 技 股 份 有 限 公 司 拟 实 施 股 权 收 购 涉 及 江 苏 国 瑞 信 安 科 技 有 限 公 司 股 权 评 估 项 目 资 产 评 估 报 告 目 录 杭 州 顺 网 科 技 股 份 有 限 公 司 拟 实 施 股 权 收 购 涉 及 的 江 苏 国 瑞 信 安

1. ( B ) IT (A) (B) (C) (D) 2. ( A ) (A) (B) (C) (D) 3. ( B ) (A) GPS (B) GIS (C) ETC (D) CAI 4. ( D ) (A) (B) (C) (D) 5. ( B ) (Stored Program) (A) H

目 录 目 录 平 台 概 述 技 术 架 构 技 术 特 点 基 于 统 一 平 台 的 多 产 品 线 支 撑 先 进 性 安 全 性 开 放 性 高 性 能 和

ClientHelpSymantec™ Endpoint Protection 及 Symantec Network Access Control 客户端指南

信息安全保障参考文件

上海市教育考试院关于印发新修订的

ESET Smart Security

研究生平台使用指导书.doc

第3章 计算机网络体系结构

ebook177-1

Microsoft Word T-REC-Y C.doc

9 Internet 10 Internet

VP8053产品概述

AVG AntiVirus User Manual

穨CAS1042中文手冊.doc

功 能 和 优 势 业 界 知 名 的 保 修 服 务 - MLD 侦 听 : 将 IPv6 组 播 流 量 转 发 到 合 适 的 接 口 ; 避 免 IPv6 组 播 流 量 泛 洪 网 络 - IPv6 ACL/QoS: 支 持 ACL 和 IPv6 网 络 流 量 QoS - IPv6 就

Microsoft Word - 選擇_無解答2_.doc

<4D F736F F D20D2F8D0D043444D41CEDECFDFBDD3C8EB41544DBBFAC1AACDF8D3A6D3C3BDE2BEF6B7BDB0B82DD0DEB8C4B0E62E646F63>

AXIS P7224 Video Encoder Blade – Installation Guide

SAPIDO GR-1733 無線寬頻分享器

Azure_s

ebook140-8

epub 61-2

A API Application Programming Interface 见 应 用 程 序 编 程 接 口 ARP Address Resolution Protocol 地 址 解 析 协 议 为 IP 地 址 到 对 应 的 硬 件 地 址 之 间 提 供 动 态 映 射 阿 里 云 内


LTM Management Console

ESET Cyber Security Pro

北京市工商局网络安全系统解决方案

國際認證介紹.PPT

LSR-120 Router

PPP Intranet Chapter 3 Chapter IaaS PaaS SaaS

C ONTENTS 目 录 热 点 舆 情 消 息 海 外 来 风 56 Win10 周 年 更 新 再 出 BUG: 竟 没 有 关 机 按 钮 57 谷 歌 为 MacOS 开 发 的 恶 意 软 件 嗅 探 器 即 将 完 成 58 数 据 安 全 公 司 Imperva 财 报 不 佳? 被

<4D F736F F D20C9CFBAA3CAD0BCC6CBE3BBFAB5C8BCB6BFBCCAD4C8FDBCB6BFBCCAD4B4F3B8D95FBDA8D2E9B8E55F5F E646F63>

注意事项:

网工新答案

第 1 章 概 述 1.1 计 算 机 网 络 在 信 息 时 代 中 的 作 用 1.2 计 算 机 网 络 的 发 展 过 程 *1.2.1 分 组 交 换 的 产 生 *1.2.2 因 特 网 时 代 *1.2.3 关 于 因 特 网 的 标 准 化 工 作 计 算 机 网 络 在

StoneOS_WebUI_用户手册

Chapter #

untitled

FreeRouter V2 完全手册

untitled

第1章 QBASIC语言概述

1. 二 進 制 數 值 ( ) 2 轉 換 為 十 六 進 制 時, 其 值 為 何? (A) ( 69 ) 16 (B) ( 39 ) 16 (C) ( 7 A ) 16 (D) ( 8 A ) 在 電 腦 術 語 中 常 用 的 UPS, 其 主 要 功 能

目 录 1. 概 述 总 体 方 案 方 案 概 述 软 件 部 署 架 构 技 术 原 理 访 问 场 景 典 型 设 备 ipad 配 置 使 用 示 例 详 细

Windows Server2003終端機服務 (M )

INTRODUCTION 1. 简 介 2. 关 于 这 本 指 南 2

Palo Alto 新世代 AP 防火牆


产品手册

版 權 2014 贊 雲 科 技 股 份 有 限 公 司 版 權 保 護 聲 明 未 經 贊 雲 科 技 股 份 有 限 公 司 書 面 許 可, 本 檔 任 何 部 分 的 內 容 不 得 被 複 製 或 抄 襲 用 於 任 何 目 的 本 檔 的 內 容 在 未 經 通 知 的 情 形 下 可

<B1B1BEA9B9E2BBB7D0C2CDF8BFC6BCBCB9C9B7DDD3D0CFDEB9ABCBBEB4B43F3F12FB6CB293>

Transcription:

Palo Alto Networks PAN-OS 5.0

Palo Alto Networks 3300 Olcott Street Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/ Palo Alto Networks Palo Alto Networks https://live.paloaltonetworks.com https://support.paloaltonetworks.com Panorama Panorama Palo Alto Networks, Inc. www.paloaltonetworks.com 2013 Palo Alto Networks. Palo Alto NetworksPAN-OS Panorama Palo Alto Networks, Inc. P/N 810-000146 Rev. B ii

.........................................3............................................................... 4...................................................................... 4...................................................................... 5......................................................... 7....................................................................... 10 Palo Alto Networks........................................................ 10......................................................................... 11..................................................................... 12..................................................................... 15..................................................................... 16......................................................................... 16......................................................................... 17..................................................................... 18........................................................................... 19............................................................... 20................................................................. 20............................................................. 22 SNMP............................................................ 29...............................................31................................................................... 32....................................................................... 32 (NAT)........................................................... 34................................................................... 34....................................................................... 40......................................................................... 40................................................................... 41 NAT........................................................................ 43 IP IP.......................................... 44......................................... 45.................................................... 46................................................................... 47................................................................... 47................................................................... 51..................................................................... 51 i

............................................. 53.................................................................... 54........................................... 55.................................................................... 56................................................................. 56................................................................... 56.................................................................... 57............................................................ 63.............................................................. 64..................................................................... 64................................................................. 66.................................................. 67..................................................................... 69..................................................................... 73 WildFire...................................................................... 75 URL.................................................................... 77............................................... 81.................................................................. 82..................................................................... 82................................................................... 83....................................................................... 84.............................................................. 85 IP........................................................... 86................................................................ 94 User-ID..................................................................... 96................................................. 99 HA........................................................................ 100 HA......................................................................... 100 HA.............................................................. 101............................................................. 101................................................................ 102 / HA............................................................. 103............................................................................ 104 /................................................................. 106................................................................ 111.................................................................... 112 ii

1 3

Palo Alto Networks (MGT) MGT Web MGT MGT Palo Alto Networks Panorama Palo Alto Networks Panorama Panorama Panorama (ACC) Web Panorama Panorama Palo Alto Networks 13 4

IP 192.168.1.1 / admin/admin MGT 1 MGT IP DNS 2 (9600-8-N-1) PA-500 login RJ-45 MGT https://192.168.1.1 IP 192.168.1.0 192.168.1.2 URL 3 (admin/admin) 4 MGT 1. Device > > [ ] IP 2. auto-negotiate 3. Telnet HTTP 4. 5 1. Device > > [ ] 2. 3. 4. 5

6 DNS DNS DNS ISP 1. Device > > [ ] 2. DNS IP Secondary DNS Server 3. pool.ntp.org NTP NTP IP Secondary DNS Server 4. 7 1. Device > 2. 3. 4. 8 Web IP Commit 90 9 1. 2. RJ-45 MGT 10 SSH PuTTY IP SSH 11 Palo Alto Networks MGT 7 MGT 10 MGT CLI ping DNS Palo Alto Networks admin@pa-200> ping host updates.paloaltonetworks.com PING updates.paloaltonetworks.com (67.192.236.252) 56(84) bytes of data. 64 bytes from 67.192.236.252 : icmp_seq=1 ttl=243 time=40.5 ms 64 bytes from 67.192.236.252 : icmp_seq=1 ttl=243 time=53.6 ms 64 bytes from 67.192.236.252 : icmp_seq=1 ttl=243 time=79.5 ms Ctrl+C ping 6

MGT DNS 2 1 IP 2 Web Web (https) IP https://<ip > 3 Ethernet 1/1 Ethernet 1/2 1. Policies > 2. Network > 3. Network > 4. Network > ethernet1/1 ethernet1/2 5. Commit 7

4 1. Network > 1 2. Layer3 3. Zone 4. [Zone] L3-trust 5. IPv4 [IP] IP 192.168.1.254/24 6. > 7. allow_ping Web CLI MGT HTTPHTTPSSSH Telnet Ping 8. 5 MGT 1. Device > > > 2. Select 3. Use default 4. IP 5. DNSPalo Alto Networks URL WildFire 6. 7. Commit 8

6 NAT 1. Network > Layer3 IP IPv4 IPv6 ) l3-untrust 2. Palo Alto Networks DNS Policies > l3-trust l3-untrust 3. IP NAT Policies > NAT l3-trust l3-untrust NAT 43 NAT 4. Commit 7 DNS Palo Alto Networks 10 CLI ping MGT ping ping admin@pa-200> ping source 192.168.1.254 host updates.paloaltonetworks.com PING updates.paloaltonetworks.com (67.192.236.252) from 192.168.1.254 : 56(84) bytes of data. 64 bytes from 67.192.236.252: icmp_seq=1 ttl=242 time=56.7 ms 64 bytes from 67.192.236.252: icmp_seq=2 ttl=242 time=47.7 ms 64 bytes from 67.192.236.252: icmp_seq=3 ttl=242 time=47.6 ms ^C Ctrl+C ping 9

PAN-OS Palo Alto Networks Palo Alto Networks 1 Web Web (https) IP https://<ip > 2 Dashboard [ ] 3 Palo Alto Networks https://support.paloaltonetworks.com 4 Palo Alto Networks Palo Alto Networks My Devices [ ] Register Hardware Device 10

67 URL URL URL PAN-DB BrightCloud URL 77 URL PA-2000 PA-3000 PA-4000 PA-5000 PA-500PA-200 VM WildFire WildFire WildFire WildFire WildFire WildFire API WildFire 75 WildFire GlobalProtect / VPN GlobalProtect / GlobalProtect Palo Alto Networks 9 1 Palo Alto Networks 2 Web Device > 3 1. 2. 3. WildFire 11

Palo Alto Networks URL Palo Alto Networks WildFire / Global Protect GlobalProtect (HIP) GlobalProtect GlobalProtect GlobalProtect BrightCloud URL BrightCloud URL BrightCloud BrightCloud URL PAN-DB WildFire WildFire 24 48 WildFire WildFire API 100 Palo Alto Networks (https://support.paloaltonetworks.com) 12

1 2 Web Device > BrightCloud PAN-DB URL PAN-DB 3 PA-200PA-500 PA-2000 20 PA-3000 PA-4000 PA-5000 VM 2 13

4 1. 2. WildFire 15 30 3. WildFire 4. 5. 6. 7. Commit 14

Palo Alto Networks PAN-OS 1 Web Device > 2 3 Palo Alto Networks (https://support.paloaltonetworks.com) [ ] 4 1. 2. Device > > [ ] 15

Palo Alto Networks Web CLI / XML API Web / 16

SSL SSH CLI / Web WebUI LDAPKerberos RADIUS Palo Alto Networks 3 RADIUS RADIUS (VSA) Palo Alto Networks Radius (VSA) 17

1 1. Device > 2. Web UI / XML API Web CLI XML API 3. CLI superreaderdeviceadmin devicereader vsysadmin vsysreader None CLI 4. 2 Device > Device > [ ] 3 1. Device > 2. 3. Role 1 4. 5. 4 1. Commit 18

SNMP / SNMP PA-4000 NetFlow Palo Alto Networks 3 NetFlow 19

Palo Alto Networks App-ID (ACC) ACC ACC App-ID App-ID ACC ACC URL ACC Palo Alto Networks URL URL Palo Alto Networks 3 20

Monitor > Widget Dashboard 21

Monitor > / 23 28 22

SNMP SNMP 24 / 25 SNMP 26 Splunk ArcSight CSV (FTP) (SCP) Palo Alto Networks 3 Palo Alto Networks Panorama Panorama 27 Panorama MGT MGT 5 Palo Alto Networks 3 23

1 1. Device > > 2. 3. 4. (SMTP) 1-31 SMTP [ ] SMTP IP 5. 2 3 1. 2. Commit 24

SNMP (SNMP) SNMP SNMP SNMP SNMP 29 SNMP SNMP 1 SNMP 1. Device > > SNMP 2. 3. 4. SNMP V2c V3 5. SNMP SNMP V2c V3 SNMP V2c Server SNMP 1-31 SNMP SNMP IP SNMP SNMP V3 Server SNMP 1-31 SNMP SNMP IP SNMP EngineID ID 0x 5 64 ID MIB OID 1.3.6.1.6.3.10.2.1.1.0 GET ID SNMP authnopriv (SHA-1) SNMP authpriv SHA (AES 128) 6. 25

SNMP 2 SNMP MGT SNMP Device > > [ ] SNMP SNMP SNMP SNMP 7 3 Commit 90 4 SNMP PAN-OS MIB SNMP SNMP PAN-OS HIP PAN-OS Palo Alto Networks 26

1 1. Device > > Syslog 2. 3. 4. Server IP (FQDN) Port 514 (PRI) PRI 5. 6. 2 Device > 3 Commit 90 Panorama Panorama Panorama Panorama Palo Alto Networks 13 Panorama Panorama 28 27

SNMP / Panorama Objects > Objects > URL DoS DoS LAN WildFire [ ] DoS [ ] URL WildFire [ ] (Device > > (Device > > 28

HA LDAP RADIUS / SNMP Palo Alto Networks SNMP (MIB) MIB SNMP SNMP / Palo Alto Networks SNMP GET SNMP SET SNMP 1 SNMP PAN-OS MIB SNMP SNMP 2 MIB PAN-OS MIB (OID) MIB PAN-COMMON-MIB OID 1.3.6.1.4.1.25461.2.1.2.3.1.0 3 SNMP OID SNMP 29

SNMP 4 5 Web SNMP SNMP GET SNMP SNMP 1. Device > > > SNMP 2. 3. SNMP SNMP SNMP SNMP 4. 5. Commit SNMP SNMP PA-500 30

2 NAT 31

Palo Alto Networks DMZ DMZ (NAT) Palo Alto Networks VPN Layer 2 Layer 3 Palo Alto Networks 32

LAN (VLAN) IP VLAN "default-vwire" 1 2 / 3 Layer 2 Layer 2 VLAN Layer 2 VLAN VLAN Layer 2 Layer 2 / VLAN Layer 3 Layer 3 IP Layer 3 IP Layer 3 VLAN VLAN IP Layer 3 BGPOSPF RIP Layer 3 OSPF BGP 33

(NAT) IP (NAT) PAN-OS NAT / / NAT NAT NAT / NAT NAT NAT / Palo Alto Networks IP 34

31 NAT NAT App-ID App-ID 35

DMZ IP IP URL HIP GlobalProtect 255 IP FQDN NAT IP NAT IP NAT IP NAT IP User-ID User-ID 81 URL HTTP HTTPS URL URL /.exe / SSL URL PAN-DB BrightCloud URL Layer 4TCP UDP DNS TCP 53 DNS 57 (HIP) (QoS) 36

Palo Alto Networks / DNS Monitor > 37

IP URL IP IP / IPv4 IPv6 IP FQDN IP IP XML API IP IP / Palo Alto Networks 3 PAN-OS / http https HTTP TCP 80 8080 HTTPS TCP 443 TCP/UDP Objects > 47 53 Palo Alto Networks 5 38

URL 47 64 39

Layer 3 IP Layer 3 L3 Ethernet1/3 IP 208.80.56.100/24 VR1 0.0.0.0/0 208.80.56.1/24 L3 Ethernet1/4 IP 192.168.1.4/24 VR1 DMZ L3 Ethernet1/13 IP 10.1.1.1/24 VR1 40

Layer 3 Layer 2 Palo Alto Networks 4 Ethernet 1/1 Ethernet 1/2 3 1. 1. Ethernet1/3 2. Layer3 3. Zone [Zone] [ ] 4. a VR1 b 0.0.0.0/0 c IP IP 208.80.56.1/24 d 5. IP IPv4 [IP] IP 208.80.56.100/24 6. ping > Ping 7. 41

2 IP IP NAT 43 NAT 1. Network > Ethernet1/4 2. Layer3 3. Zone [Zone] 4. 1 [ ] VR1 5. IP IPv4 [IP] IP 192.168.1.4/24 6. ping 1-6 7. 3 DMZ 1. 2. Layer3 Ethernet1/13 DMZ 3. Zone [Zone] [DMZ] 4. 1 [ ] VR1 5. IP IPv4 [IP] IP 10.1.1.1/24 6. ping 1-6 7. 4 Commit 5 6 Web Network > [ ] Dashboard Widget 42

NAT NAT NAT 192.168.1.0 NAT 208.80.56.100 44 IP IP DMZ 10.1.1.11 DMZ NAT 208.80.56.11 NAT DMZ NAT U-Turn NAT 45 DMZ IP IP IP IP IP NAT 46 43

NAT IP IP IP IP IP NAT NAT 1. IP 1. Web Objects > 2. 3. IP IP 208.80.56.100/24 4. 2 NAT 1. Policies > NAT 2. 3. 4. IP 1 5. NAT 3 Commit 44

NAT DMZ DNS IP IP IP DMZ NAT DMZ U-TURN NAT 1. 1. Web Objects > 2. 3. IP IP 208.80.56.11/24 4. 2 NAT 1. Policies > NAT 2. NAT 3. 4. 5. DMZ IP 10.1.1.11 6. NAT 3 Commit 45

NAT IP NAT NAT 10.1.1.11 208.80.56.11 IP DMZ NAT NAT 1. IP 1. Web Objects > 2. 3. IP DMZ IP 10.1.1.11/24 4. 2 NAT 1. Policies > NAT 2. NAT 3. DMZ 4. 5. Static IP 6. 7. NAT 3 Commit 46

NAT (QoS) (PBF) 53 Palo Alto Networks 5 47

1. rule1 1. Policies > 2. 3. [ ] 4. [ ] 5. /URL http https 6. a b URL 7. 2 DMZ DMZ DMZ IP IP NAT ) NAT 1. Policies > 2. 3. [ ] 4. [DMZ] 5. /URL application-default 6. [ ] 7. 48

3 DMZ IP DMZ DMZ IP 1. 2. [ ] 3. [DMZ] 4. IP (208.80.56.11/24) DMZ 5. 6. application-default 7. 4 DMZ DMZ 1. 2. DMZ 3. [ ] 4. DMZ DMZ 5. 6. a b c [ ] 49

5 DMZ Microsoft Update DMZ 1. 2. DMZ 3. [ ] 4. Microsoft (ms-updates) dns 5. application-default 6. 7. 6 Commit 50

. CLI test security-policy-match source <IP_address> destination <IP_address> destination port <port_number> protocol <protocol_number> CLI IP IP 208.90.56.11 DMZ Microsoft test security-policy-match source 208.80.56.11 destination 176.9.45.70 destination-port 80 protocol 6 "Updates-DMZ to Internet" { from dmz; source any; source-region any; to untrust; destination any; destination-region any; user any; category any; application/service[ dns/tcp/any/53 dns/udp/any/53 dns/udp/any/5353 ms-update/tcp/any/80 ms-update/tcp/any/443]; action allow; terminal yes; (ACC) Palo Alto Networks App-ID / Facebook Facebook Facebook Facebook Facebook Facebook 51

ACC ACC User-ID / Monitor > ACC URL /URL URL URL alertcontinueoverride block 52

3 Palo Alto Networks 53

Palo Alto Networks URL (DoS) (App-ID) / (User-ID) WildFire WildFire 24-48 WildFire 30 SSL SSH / SSL URL URL (App-ID) SSH SSH SSH X11 SSH SCP SFTP SSHSSH URL Wildfire 54

Palo Alto Networks Applipedia Palo Alto Networks Threat Vault Palo Alto Networks ID [ ] Palo Alto Networks 64 HTTP URL SSL SSH 63 40 47 55

URL URL URL PAN-DB BrightCloud Palo Alto Networks PAN-DB [PAN-DB URL ] WildFire WildFire WildFire WildFire WildFire WildFire WildFire REST API Palo Alto Networks Device > Palo Alto Networks 10 56

64 DoS Palo Alto Networks PDF HTML JavaScript SMTPIMAP POP3 FTPHTTP SMB Palo Alto Networks WildFire WildFire WildFire (C2) Palo Alto Networks PAN-OS 5.0 DNS DNS DNS 57

URL Palo Alto Networks PAN-DB URL PAN-OS 5.0 BrightCloud PAN-DB Palo Alto Networks URL PAN-DB URL Palo Alto Networks PAN-DB BrightCloud BrightCloud DB URL URL PAN-DB BrightCloud URL/IP PAN-DB URL (PAN-DB) PAN-DB URL 58

/ alert block continue forward WildFire continue-and-forward WildFire 59

Wildfire WildFire Palo Alto Networks WildFire WildFire API WildFire WildFire WildFire WildFire WildFire PAN-OS 5.0 WildFire Device > [WildFire] 30 WildFire WildFire 1530 60 WildFire WildFire WildFire WildFire Monitor > > WildFire WildFire API Palo Alto Networks WildFire WildFire API WildFire WildFire API WildFire 100 WildFire 1000 WildFire 60

Word Excel FTP CC# SSN# SSN# SSN# Regex 9 3 001-772 666SSN 0 987-00-4320 SSN 2-6 American Express 34 37 15 Visa 4 13 16 61

DoS SSNCC# 1 (SSN) SSN# 3 SSN x = Word 10 3 10 x 3 = 30 10 30 30 60 SSN# 2 SSN# = 3 = 20 20 3 20 x 3 = 60 20 1 x 20 = 20 80 80 (DoS) DoS / IP Palo Alto Networks DoS Flood / Bot DoS DoS DoS DoS SYNUDP ICMP Flood DoS DoS DoS DoS Palo Alto Networks 62

(pps) Palo Alto Networks URL SSH SSH SSH X11 SCP SFTP SSHSSL App-ID URL SSL ProxySSL SSH Palo Alto Networks / KB SSL SSL Dropbox Microsoft Lync URL URL 63

WildFire URL SSL SSH CA / Proxy SSL SSL CA CA PKI 64

1 2 3 CA CA CA Proxy CA CA SSL 66 1. Device > > 2. 3. my-fwd-trust 4. 192.168.2.1 IP FQDN IP 5. 6. (CA) CA 7. 8. my-ssl-cert 9. 1. 2. my-fwd-untrust 3. 192.168.2.1 4. 5. 6. my-ssl-fw-untrust 7. 8. CA 65

SSL SSL 1 1. Policies > 2. 2 1. Decrypt_All_Traffic 2. 3. DMZ 4. trust 5. untrust 6. URL URL SSL IP SSL Proxy 7. SSL Proxy 8. none SSL ProxySSL SSH Palo Alto Networks 9. 3 4 Commit my-ssl-cert CA Active Directory SSL www.eicar.org HTTPS eicar 66

Palo Alto Networks Objects > > / [ ] / / 1 Device > 2 1. Device > 2. Palo Alto Networks 3 1. Device > 2. 3. 10 10 4. HA / HA 67

/ / HA / HA MGT / / HA MGT / / / 4 1. Policies > 2. 5 Commit 68

.doc.docx 1 1. Objects > > 2. DF_Profile1 3. 2 1. Device > > ID 2. ID 3. Monitor > > 69

3 SSN 987-654-4320 1. Objects > > 2. SS 3. SSN# 3 62 4. Regex SSN_Custom 20 Word 4 1. FTPSMTP SSL Microsoft Outlook Web App Outlook Web App Microsoft PAN-OS outlook-web PAN-OS 69 2. doc docx doc docx 70

5 1. both 2. 35 5 1 5 3 SSN = 15 1 20 = 35 3. 50 50 SSN / 1 20 20 15 3 45 20 45 65 50 6 1. Policies > 2. DF_Profile1 47 7 Commit 71

8 SSN 1. HTTP.doc.docx 2. Microsoft Word 3. HTTP HTTPS 4. Monitoring > > 5. reset-both Microsoft Outlook Web App outlook-web SSN 72

.exe 1 1. Objects > > 2. Block_EXE.exe 2 1. 2. BlockEXE 3. web-browsing 4. exe 5. download 6. continue [ ] 7. 3 1. Policies > 47 2. 3. Block_EXE 4 Commit 73

5 PC.exe Continue 6 Device > Palo Alto Networks A HTML WildFire HTTPS 69 Microsoft Sharepoint sharepoint-base sharepoint-document any 74

WildFire WildFire WildFire WILDFIRE 1 1. Palo Alto Networks My Devices 2. My Devices 10 Palo Alto Networks 2 WildFire 1. Device > > WildFire 2. WildFire WildFire WildFire Monitor > > WildFire 75

WILDFIRE 3 WildFire Palo Alto Networks WildFire WildFire 73 Objects > > forward continue-and-forward WildFire Win32 (PE) exedll scr PE Win32 PE 73 WildFire Palo Alto Networks Upload File Upload Device API Palo Alto Networks WildFire WildFire API WildFire WildFire API WildFire 100 WildFire 1000 WildFire API 4 WildFire 1. WildFire Settings 2. WildFire 5 WildFire WildFire 1. WildFire 2. WildFire WildFire Palo Alto Networks WildFire WildFire WildFire API WildFire API 76

URL Palo Alto Networks URL (PAN-DB) BrightCloud PAN-DB URL 1 URL 1. PAN-DB 2. Device > PAN-DB URL Filtering 2 3 PAN-DB URL PAN-DB 1. PAN-DB URL Filtering Device > 2. 3. PAN-DB URL PAN-DB BrightCloud BrightCloud BrightCloud URL Filtering PAN-DB BrightCloud URL PAN-DB PAN-DB URL Filtering URL 4 URL 1. Objects > > URL 2. Block_Shopping 3. URL BrightCloud 77

PAN-DB URL 5 URL BrightCloud URL URL PAN-DB 6 URL URL URL 7 1. Device > > ID 2. URL 3. 15 URL 60 60 4. [ ] IP block URL continue continue alert 8 1. shopping 2. block 78

PAN-DB URL 9 1. Policies > 2. 3. URL Block_Shopping 4. 10 Commit 11 URL URL URL 12 Device > Palo Alto Networks A HTML PAN-DB URL URL (PAN-DB) BrightCloud URL URL 79

80

4 (User-ID) Palo Alto Networks IP Palo Alto Networks User-ID User-ID 81

User-ID Palo Alto Networks IP Palo Alto Networks Microsoft Active Directory LDAP Novell edirectory Citrix Metaframe Presentation Server XenApp Microsoft Terminal Services LDAP IP Microsoft Exchange Server Novell edirectory Windows User-ID LDAP LDAP LDAP Microsoft Active Directory (AD)Novell edirectory Sun ONE 82

IP User-ID Windows Microsoft Exchange Servers Novell edirectory AD Kerberos Exchange AD Microsoft Windows Windows Management Instrumentation (WMI) NetBIOS IP 20 IP Microsoft Terminal Server Citrix IP IP Windows/Citrix Palo Alto Networks GlobalProtect GlobalProtect Palo Alto Networks 9 User-ID IP Linux HTTP HTTPS NT LAN (NTLM) RADIUS LDAPKerberos VPN 802.1x PAN-OS XML REST API 83

IP 84

LDAP 1. LDAP 1. Device > > LDAP 2. 3. 4. LDAP Server 1-31 IP LDAP = LDAP 389LDAP over SSL 636 Port LDAP 5. LDAP - Active Directory NetBIOS FQDN acme acme.com - 6. LDAP LDAP 7. LDAP 8. DN LDAP DN (UPN) administrator@acme.local LDAP cn=administrator,cn=users,dc=acme,dc=local 9. LDAP SSL SSL 85

2 LDAP User-ID 1. Device > > 2. 1 3. 4. LDAP 5. 3 Commit IP IP Exchange edirectory Windows 86 User-ID Linux 88 IP Microsoft Terminal Server Citrix Metaframe Presentation Server XenApp Palo Alto Networks 7 XML REST API PAN-OS XML REST API User-ID Palo Alto Networks User-ID IP User-ID User-ID IP 86

Palo Alto Networks 7 Active Directory User-ID User-ID IP 1. Active Directory Windows 2008 User-ID COM Windows 2003 WMI CIMV2 NTLM User-ID NTLM NTLM Windows AD vsys1 2 IP 100 Microsoft Active DirectoryMicrosoft Exchange Novell edirectory 1. Device > > 2. 3. 4. 5. 6. DNS Exchange edirectory 7. Palo Alto Networks User-ID DC 5 87

IP 3 Windows Exchange WMI 1. domain\username 4 WMI NetBIOS Windows User-ID 2. 3. IP 4. Windows Windows 5 1. User-ID 2. Commit 6 IP ignore-user 1. CLI 2. set user-id-collector ignore-user <value> <value> set user-id-collector ignore-user SPAdmin SPInstall TFSReport 3. 7 1. CLI show user server-monitor state all 2. Web Device > > IP User-ID IP Linux / HTTP HTTPS 88

NTLM NTLM NTLM IE NTLM Firefox Chrome NTLM NTLM Windows RADIUSLDAP Kerberos CA Mac OS Linux URL HTTP 401 URL Layer 2 HTTP HTTPS HTTP 302 Layer 3 Layer 3 Cookies IP LAN IP NTLM 89

User-ID Layer 3 Windows Palo Alto Networks 7 User-ID User-ID USER-ID 1. Exchange MGT Window User-ID 2 DNS Ping FQDN admin@pa-200> ping host dc1.acme.com 3 Layer 3 1. a Network > b 2. Layer 3 41 1 > 3. DNS A Layer 3 IP ntlmhost 90

USER-ID 4 IP CA CA CA 1. CA Device > > > RootCA 2. DNS CA IP Layer 3 IP 3. CA CA Active Directory (GPO) 5 NTLM NTLM RADIUS RADIUS AD samaccountname LogonAttribute 1. LDAPKerberos RADIUS Device > Palo Alto Networks 3 Device > Palo Alto Networks 3 2. Device > Palo Alto Networks 3 91

USER-ID 6 CRL OCSP Palo Alto Networks 3 1. 2. Base64 CA 3. CA CA a Device > > > b CA c CA d Base64 (PEM) e f CA 4. a Device > > > b c CA 3 CA 7 NTLM User-ID DNS DNS 1. Device > > Palo Alto Networks User-ID 2. NTLM NTLM 3. User-ID NTLM NTLM 4. 87 IP 1 Active Directory NTLM 92

USER-ID 8 1. Device > > 2. 3. 4. SSL 4 5. Layer 3 IP 3 6. NTLM NTLM - LDAPKerberosRADIUS 5-6 7. 8. Commit 93

/ User-ID IP 1. User-ID 1. Network > 2. User-ID [ ] 3. 2 / 1. User-ID a Policies > b c / 2. 47 94

3 1. Policies > 2. 3. /URL 47 4. - no-captive-portal - web-form - browser-challenge NTLM HTTP 4 1. Commit 95

User-ID User-ID User-ID 1. CLI show user group-mapping statistics 2 User-ID CLI show user ip-user-mapping-mp all IP Vsys From User Timeout (sec) -------------------------------------------------------------- 192.168.201.1 vsys1 UIA acme\george 210 192.168.201.11 vsys1 UIA acme\duane 210 192.168.201.50 vsys1 UIA acme\betsy 210 192.168.201.10 vsys1 UIA acme\administrator 210 192.168.201.100 vsys1 AD acme\administrator 748 Total:5 users *: WMI probe succeeded 3 User-ID test security-policy-match duane test security-policy-match application worldofwarcraft source-user acme\duane source any destination any destination-port any protocol 6 "deny worldofwarcraft" { from corporate; source any; source-region any; to internet; destination any; destination-region any; user acme\duane; category any; application/service worldofwarcraft; action deny; terminal no; } 96

User-ID 4 1. Mac OS Ping Ping 2. 3. 4. test cp-policy-match test cp-policy-match from corporate to internet source 192.168.201.10 destination 8.8.8.8 Matched rule:'captive portal' action:web-form 5 Monitor > 97

User-ID 6 Monitor > 98

5 (HA) HA / HA / 99

HA HA Palo Alto Networks HA HA HA IP HA (ACC) HA Panorama Palo Alto Networks ( ( ( HA HA / Layer 2 Layer 3 / HA / / PA-200 VM / HA HA IPSec HA / Layer 3 / / / 100

HA HA HA HA HA (HA1) (HA2) HA HA HA1 HA2 PA-3000 PA-4000 PA-5000 HA HA HA PA-200PA-500 PA-2000 HA1 HA2 HA1 Hello HA User-ID HA1 Layer 3 IP TCP 28769 28 TCP SSH HA2 HA IPSec ARP HA2 HA2 HA2 Layer 2 ether 0x7261HA IP 99 UDP 29281 HA / HA3 HA1 HA2 HA1 HA2 HA HA IP HA HA HA1 HA2 HA1 HA1 Palo Alto Networks HA HA 101

HA Hello Hello Hello Hello HA ICMP ping ping 1000 HA IP ICMP ping IP Ping 200 10 ping IP IP IP HA PA-3000 PA-5000 102

/ HA / HA Palo Alto Networks PAN-OS PAN-OS URL vsys HA HA HA1 IP HA1 IP HA Layer 3 HA2 HA2 IP HA2 Layer 3HA2 IP HA1 HA 103

HA (PeerA) (PeerB) HA HA / PeerA PeerB HA ID ID MAC MAC 00-1B-17:00: xx: yy 00-1B-17 ID00xxHA IDyy ID Gratuitous ARP Layer 2 MAC HA1 HA2 HA HA HA1 HA HA1 HA1 HA1 HA1 HA1 HA1 HA1 HA1 HA1 HA1 HA1 HA1 104

PeerA PeerB (PeerA) HA1 IP (PeerB) HA1 IP HA HA IP HA2 /Layer 2 Layer3 (PeerA) IP HA2 /Layer 2 Layer3 (PeerB) IP PeerB PeerA PeerA 100 PeerB 110 ICMP ping IP ping ping / PeerB IP ping ping 105

/ / / 1 HA HA HA1 HA2 HA HA2 HA1 HA HA1 2 ping ping 1. Device > > [ ] 2. Ping 3 HA HA HA 4 1. Network > 2. 3. HA 4. 106

/ 4 HA IP 1. > > (HA1) 2. HA1 IP HA1 IP 5 1. HA a Network > > b HA HA c Device > > HA 2. > > (HA1) 3. 6 1. Device > > HA1 2. HA1 IP 107

/ 7 (HA2) HA2 1. Device > > (HA2) 2. 3. HA IP UDP 4. IP UDP IP 8 HA 5. 6. HA2 Keep-alive HA HA2 10000 ms / HA2 HA2 HA 7. HA2 IP 1. Device > > 2. Hello 108

/ 9 1. Device > > 2. HA1 MAC 3. 10 HA HA HA 1. Device > > 2. 109

/ 11 HA 1. Device > > 2. HA 3. ID ID HA HA ID 4. 5. 6. HA IP IP HA HA1 IP 7. HA IP 12 Commit 13 HA 2 12 14 / HA 1. Dashboard Widget 2. 110

/ 1 1. Device > > 2. 3. 2 1. 2. 3 ping IP 1. Device > > VLAN 2. IP / 4 5 Commit 111

/ HA 1 Device > > 2 Dashboard Widget 3 1. Device > > 2. Dashboard Widget 112