Description
Palo Alto Networks integrated platform makes it easy to manage network and cloud security along with endpoint protection and a wide range of security services.This book is an end-to-end guide to configure firewalls and deploy them in your network infrastructure. You will see how to quickly set up, configure and understand the technology, and troubleshoot any issues that may occur. This book will serve as your go-to reference for everything from setting up to troubleshooting complex issues. You will learn your way around the web interface and command-line structure, understand how the technology works so you can confidently predict the expected behavior, and successfully troubleshoot any anomalies you may encounter. Finally, you will see how to deploy firewalls in a cloud environment, and special or unique considerations when setting them to protect resources.By the end of this book, for your configuration setup you will instinctively know how to approach challenges, find the resources you need, and solve most issues efficiently. Spis treści:PrefaceWho this book is forWhat this book coversTo get the most out of this bookGet in touchUnderstanding the Core TechnologiesTechnical requirementsUnderstanding the zone-based firewallExpected behavior when determining zonesUnderstanding App-ID and Content-IDHow App-ID gives more controlHow Content-ID makes things safeThe management and data planeAuthenticating and authorizing users with User-IDSummarySetting Up a New DeviceTechnical requirementsGaining access to the user interfaceConnecting to the web interface and CLIAdding licenses and setting up dynamic updatesCreating a new accountRegistering a new deviceActivating licensesActivating licenses via the customer support portalActivating licenses via the web interfaceDownloading and scheduling dynamic updatesDynamic updates cheat sheetUpgrading the firewallUnderstanding the partitionsUpgrade considerationsWhich features are required?Is the code train mature?When is an upgrade required and when is it optional?Upgrading via the CLIUpgrading via the web interfaceUpgrade cheat sheetHardening the management interfaceLimiting access via an access listAccessing internet resources from offline managementAdmin accountsDynamic accountsRole-based administratorsPassword securityExternal authenticationUnderstanding the interface typesVWireThe Layer 3 interfaceVirtual routerThe Layer 2 interface and VLANsThe loopback interfaceThe tunnel interfaceSubinterfacesHA interfacesAE interfacesTap interfacesThe Decryption Port Mirror interfaceSummaryBuilding Strong PoliciesTechnical requirementsUnderstanding and preparing security profilesThe Antivirus profileThe Anti-Spyware profileThe Vulnerability Protection profileURL Filtering profileCustom URL categoriesConfiguring the URL Filtering profileURL filtering prioritiesThe File Blocking profileThe WildFire Analysis profileCustom objectsThe Custom Spyware/Vulnerability objectsThe custom data patternSecurity profile groupsUnderstanding and building security rulesDropping bad trafficAction optionsAllowing applicationsApplication dependenciesApplication-default versus manual service portsControlling logging and schedulesAddress objectsTagsPolicy OptimizerThe Apps Seen columnCreating NAT rulesInbound NATOutbound NATHide NAT or one-to-many NATOne-to-one NATU-turn or hairpin NATSummaryTaking Control of SessionsTechnical requirementsControlling the bandwidth with quality-of-service policiesDSCP and ToS headersQoS enforcement in the firewallCreating QoS profilesCreating QoS policiesLeveraging SSL decryption to look inside encrypted sessionsSSH proxySSL forward proxySSL Inbound InspectionForwarding sessions to an external deviceRedirecting sessions over different paths using policy-based forwardingRedirecting critical trafficLoad balancingEqual cost multipath as an alternativeSummaryServices and Operational ModesTechnical requirementsApplying a DHCP client and DHCP serverDHCP clientDHCP server and relayConfiguring a DNS proxySetting up High AvailabilityActive/Passive modeActive/Active modeClusteringFirewall statesHigh Availability interfacesSetting up Active/Passive modeSetting up Active/Active modeHA1 encryptionEnabling virtual systemsCreating a new VSYSInter-VSYS routingCreating a shared gatewayManaging certificatesSummaryIdentifying Users and Controlling AccessTechnical requirementsUser-ID basicsPreparing Active Directory and setting up the agentsWMI probesUser-ID agentTerminal Server AgentAgentless User-IDConfiguring group mappingThe Cloud Identity EngineConfiguring Azure enterprise applicationsSetting up a captive portalAuthenticating usersConfiguring the captive portalUsing an API for User-IDUser credential detectionSummaryManaging Firewalls through PanoramaTechnical requirementsSetting up PanoramaInitial Panorama configurationPanorama loggingDevice groupsAdding managed devicesPreparing device groupsCreating policies and objectsImportant things to know when creating objects in device groupsSetting up templates and template stacksPanorama managementDevice deploymentMigrating unmanaged to managed devicesPanorama HATips and tricksSummaryUpgrading Firewalls and PanoramaTechnical requirementsDocumenting the key aspectsUpgrade considerationsPreparing for the upgradeThe upgrade processUpgrading a single Panorama instanceUpgrading a Panorama HA clusterUpgrading log collectors (or firewalls) through PanoramaUpgrading a single firewallUpgrading a firewall clusterAfter the upgradeThe rollback procedureThe downgrade procedureSpecial case for upgrading older hardwareSummaryLogging and ReportingTechnical requirementsLog storageConfiguring log collectors and log collector groupsCortex Data Lake logging serviceExternal loggingConfiguring log forwardingSystem logsSession logsReportingPre-defined reportsCustom reportsThe Application Command CenterFiltering logsSummaryVirtual Private NetworksTechnical requirementsSetting up the VPNConfiguring the IPSec site-to-site VPNConfiguring GlobalProtectSetting up the portalSetting up the gatewayHIP objects and profilesSummaryAdvanced ProtectionTechnical requirementsCustom applications and threatsApplication overrideSignature-based custom applicationsCustom threatsZone protection and DoS protectionSystem protection settingsConfiguring zone protectionConfiguring DoS protectionSummaryTroubleshooting Common Session IssuesTechnical requirementsUsing the tools at our disposalLog filesPacket capturesBotnet reportsInterpreting session detailsUsing the troubleshooting toolUsing maintenance mode to resolve and recover from system issuesSummaryA Deep Dive into TroubleshootingTechnical requirementsUnderstanding global countersUnderstanding bad countersAnalyzing session flowsPreparationExecutionCleanupA practical exampleDebugging processesCLI troubleshooting commands cheat sheetSummaryCloud-Based Firewall DeploymentTechnical requirementsLicensing a cloud firewallDeploying a firewall in Azure from the MarketplaceBootstrapping a firewallCreating a new storage accountCreating a bootstrap file shareThe init-cfg.txt fileThe bootstrap.xml fileBootstrapping a firewall on AzurePutting the firewall in-lineAdding a new public IP addressAdding the Untrust subnet to an NSGCreating a server subnetSetting up routingForcing internal hosts to route over the firewallSetting up a load balancerSummarySupporting ToolsTechnical requirementsIntegrating Palo Alto Networks with SplunkMonitoring with Pan(w)achromeThreat intelligence with MineMeldExploring the APISummaryOther Books You May EnjoyShare your thoughtsIndex
szafka na balkon, listwa na blat kuchenny, praktiker gliwice, gałka z zamkiem, izolacja tarasów, prysznic w podlodze, wyciszony róż dulux, farba podkładowa, otwarcie castoramy stalowa wola, złącze ciesielskie kątowe, pudrowy roz farba, nóżki pod meble, klej uszczelniajacy, puszka podtynkowa głęboka, drzwi łazienkowe 70, listwa ścienna mdf, daszek nad drzwi wejściowe, lina 10mm, afelandra jak pielęgnować, komplet tarasowy, opaski antypoślizgowe na koła
yyyyy
