JWK - Jackall's IT Wiki

Sécurité, Système, Réseau

Outils pour utilisateurs

Outils du site


paloalto_pa500

Palo Alto PA-500

<note>This page is still WIP
Stay tuned</note>

Intro

Palo Alto PA-500 is a Next Gener*ation Firewall Mostly, Next generation name com from the Application level filtering process.

Default access

Web interface

MGT interface is configured by default with the following address : 192.168.1.1/24 ( Adobe flash needed…)

  https://192.168.1.1

Serial access

  • VT100 Term
  • 9600 bauds
  • Data 8 bits
  • stop bit 1
  • parity No
  • flow control no

Default login/password

  • admin/admin

Mode

There are 3 main configuration mode for the PA-500

Virtual Wire

PA-500 acts as a tap between two zones.

The default configuration have a virtual wire on port 1 and 2.

Layer 2 mode

Mode où le PA fait office de FW layer 2. The appliance act as a standard Layer 2 firewall

On configure 2 interface en mode layer 2 In Network > interface section then we select the wanted interfaces

Each Interface can be associated with a zone (trusted untrusted etc…)

Then in Network >vlans we can associate a vlan on each interface.

<note important>Configuration Commit may stop communication</note>

Mode Layer 3

Where the PA-500 acts as a classic router firewall performing Nat VPN, etc…

Filtering

In Policies > Security

  • Name of th rul / description / TAG
  • Source Zone / IP source /Net source
  • Dest Zone / IP dest /Net dest
  • Users /profiles
  • Applications
  • URL
  • Action
  • QoS

<note warning> Configuration have to be commited through the commit button </note>

Log

Les journaux se trouvent dans l'onglet monitor. Logs are available in monitor tab.

user ID

User ID is one of the key fonctionnality of Palo Alto appliance. It allow you to create filtering rules based on user identity (as opposed to user IP address only).

<note important>I tested this fonctionnality only in Active directory environnement</note>

The best way to make User ID work is to install an agent on a Active diricetory domain controller or even better a member server

Once the agent is setup

  • Liste à puceYou need to configure agent with due credentials so that it can see login events.
  • Verify in Services console that the service use the correct password.
  • Manually add domain controller server in discovery section

search?q=Security%20PaloAlto%20PA-500%20Appliance%20Firewall%20EN&amp;btnI=lucky

paloalto_pa500.txt · Dernière modification: 2018/02/18 16:01 (modification externe)