Difference between revisions of "PAN-OS"

Revision as of 10:15, 16 April 2020

PAN-OS is software running on Palo Alto firewalls.^[1] providing Firewall capabilities, QoS, URL Filtering, packet inspection and threat prevention (WildFire).

Threat prevention (WildFire). Features: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-90.html
PAN-OS daemons: RASMGR, SSLMGR, SATD, IDE, Route and IKE
PAN-OS authentication methods: Kerberos, RADIUS, LDAP, SAML 2.0, client certificates, biometric sign-in, and a local user database

PAN-OS CLI

configure
commit
show
show system info
show system state
show system disk-space files
less mp-log authd.log
show routing route
show running nat-policy (See also: https://en.wikiversity.org/wiki/Cisco_Networking/CCENT/Network_Services#NAT_Configuration)
show running security-policy
show jobs id x
edit rulebase security
edit rulebase nat

VPN

PVST+ commands

Troubleshooting

ping host <destination-ip-address>
ping source <ip-address-on-dataplane> host <destination-ip-address>
show netstat statistics yes

Panorama

show log-collector preference-list
show logging-status device <firewall-serial-number>

Logs

Wildfire

show wildfire wf-vm-pe-utilization
show wildfire wf-vm-doc-utilization
show wildfire wf-vm-elinkda-utilization
show wildfire wf-vm-archive-utilization
show wildfire global sample-device-lookup sha256 equal <SHA_256>.
show wildfire local sample-processed {time [last-12-hrs | last-15-minutes | last-1-hr | last-24-hrs | last-30-days | last-7-days | last-calender-day | last-calender-month] \ count <number_of_samples>}.

Rules

set rulebase security rules YOUR_RULES_NAMES from Untrust to Trust source any destination any application any service any action allow
move rulebase security rules YOUR_RULE_NAME top
move rulebase security rules YOUR_RULE_NAME before YOUR_OTHER_RULE_NAME
delete rulebase security rules YOUR_RULE_NAME

NAT (Valid actions: top, bottom, before, after)

set rulebase nat rules YOUR_RULE_NAME source-translation dynamic-ip-and-port interface-address interface ethernet1/2
move rulebase nat rules YOUR_RULE_NAME top
delete rulebase nat rules YOUR_RULE_NAME

Activities

Basic

Review additional PAN-OS examples: https://www.thegeekstuff.com/2019/06/paloalto-cli-security-nat-policy/
Create a backup of your configuration: https://docs.paloaltonetworks.com/content/techdocs/en_US/pan-os/9-0/pan-os-admin/firewall-administration/manage-configuration-backups.html
Read PAN-OS 9.0 Administration guide:
- https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/9-0/pan-os-admin/pan-os-admin.pdf
- https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin
Read PAN-OS 9.0 New features guide: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html such as Rule Changes Archive ^[2]
Read PAN-OS Release Notes
Review PAN-OS CLI Quick Start: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-cli-quick-start/cli-cheat-sheets.html
Read Palo Alto basics of Palo Alto traffic monitoring filtering: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSlCAK

Intermediate

Create a IPSec VPN access in tunnel mode (transport mode not supported): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK
Configure MFA: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/configure-multi-factor-authentication.html
Configure syslog monitoring https://www.manageengine.com/products/firewall/help/configure-paloalto-firewalls.html

DMZ, Port knocking, Bastion host, Firewall Software: iptables ufw firewalld nftables firewall-cmd ipfw (FreeBSD) PF (OpenBSD), netsh advfirewall, PAN-OS, WAF, pfsense, VyOS, Cisco ASA, DMZ, F5, URL Filtering, port forwarding, macOS application firewall, Windows firewall, Fortigate, ngrok, Network ACL
PAN-OS (Palo Alto): PAN-OS Releases, show vpn, GlobalProtect, GlobalProtect logs, WildFire, show log, show session all, MDM, match, PAN-OS reports, HIP, Zone
Cisco IOS, PAN-OS, Junos OS, FortiOS
Terraform PAN-OS: https://www.terraform.io/docs/providers/panos/index.html

Manual: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin.html

Draft - Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. https://en.wikiversity.org/wiki/Draft:Firewall/Palo_Alto_PA-Series/PAN-OS

[1] ttps://docs.paloaltonetworks.com/pan-os

[2] ttps://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/management-features/rule-changes-archive.html

[1]

[2]

@@ Line 58: / Line 58: @@
 * <code>move rulebase nat rules YOUR_RULE_NAME top</code>
 * <code>delete rulebase nat rules YOUR_RULE_NAME</code>
-==Manage Configuration Backups==
-The candidate configuration is a copy of the running configuration plus any inactive changes that you made after the
-last commit. Backing up versions of the running or candidate configuration enables you to later restore
-those versions on the firewall.
-===Back Up a Configuration===
-Creating configuration backups enables you to later Restore a Configuration. This is useful when you want
-to revert the firewall to all the settings of an earlier configuration because you can perform the restoration
-as a single operation instead of manually reconfiguring each setting in the current configuration.
-Note: When you edit a setting and click OK, the firewall updates the candidate configuration but
-does not save a backup snapshot.
-'''<u>STEP 1</u>'''
-Save a local backup snapshot of the candidate configuration if it contains changes that you
-want to preserve in the event the firewall reboots.
-These are changes you are not ready to commit—for example, changes you cannot finish in the current
-login session.
-Perform one of the following tasks based on whether you want to overwrite the default snapshot
-(.snapshot.xml) or create a snapshot with a custom name:
-. Overwrite the default snapshot—Click '''Save''' at the top of the web interface.
-. Create a custom-named snapshot:
-*Select '''Device > Setup > Operations''' and Save named configuration snapshot.
-*Enter a Name for the snapshot or select an existing snapshot to overwrite.
-*Click '''OK''' and '''Close'''.
-'''<u>STEP 2</u>'''
-Export a candidate configuration, a running configuration, or the firewall state information to a
-host external to the firewall.
-Select '''Device > Setup > Operations''' and click an export option:
-'''Export named configuration snapshot''' —Export the current running configuration, a named candidate
-configuration snapshot, or a previously imported configuration (candidate or running). The firewall
-exports the configuration as an XML file with the Name you specify.
-'''Export configuration version''' —Select a Version of the running configuration to export as an XML file.
-The firewall creates a version whenever you commit configuration changes.
-'''Export device state''' —Export the firewall state information as a bundle. Besides the running
-configuration, the state information includes device group and template settings pushed from
-Panorama. If the firewall is a GlobalProtect portal, the information also includes certificate
-information, a list of satellites, and satellite authentication information. If you replace a firewall or
-portal, you can restore the exported information on the replacement by importing the state bundle.
-===Restore a Configuration===
-This is useful when you want to revert all firewall settings used in an earlier configuration;
-you can perform this restoration as a single operation instead of manually reconfiguring each setting in the
-current configuration.
-The firewall automatically saves a new version of the running configuration whenever you commit changes
-and you can restore any of those versions. However, you must manually save a candidate configuration to
-later restore it.
-. Restore the current running configuration.
-This operation undoes all the changes you made to the candidate configuration since the last commit.
-* Select '''Device > Setup > Operations''' and Revert to running configuration.
-* Click '''Yes''' to confirm the operation.
-. Restore the default snapshot of the candidate configuration.
-This is the snapshot that you create or overwrite when you click '''Save''' at the top right of the web
-interface.
-*Select '''Device > Setup > Operations''' and Revert to last saved configuration.
-*Click '''Yes''' to confirm the operation.
-*(Optional) Click Commit to overwrite the running configuration with the snapshot.
-. Restore a previous version of the running configuration that is stored on the firewall.
-The firewall creates a version whenever you commit configuration changes.
-*Select ''''Device > Setup > Operations'''' and Load configuration version.
-*Select a configuration Version and click '''OK.'''
-*(Optional) Click Commit to overwrite the running configuration with the version you just restored.
-. Restore one of the following:
-. Current running configuration (named running-config.xml)
-. Custom-named version of the running configuration that you previously imported
-. Custom-named candidate configuration snapshot (instead of the default snapshot)
-*'''Select Device > Setup > Operations''' and click Load named configuration snapshot.
-*Select the snapshot '''Name''' and click '''OK.'''
-*(Optional) Click Commit to overwrite the running configuration with the snapshot.
-. Restore a running or candidate configuration that you previously exported to an external host.
-*Select '''Device > Setup > Operations''', click Import named configuration snapshot, Browse to the configuration file on the external host, and click OK.
-*Click '''Load named configuration snapshot,''' select the Name of the configuration file you just imported, and click '''OK.'''
-*(Optional) Click Commit to overwrite the running configuration with the snapshot you just imported.
-. Restore state information that you exported from a firewall.
-Besides the running configuration, the state information includes device group and template settings
-pushed from Panorama. If the firewall is a GlobalProtect portal, the information also includes certificate
-information, a list of satellites, and satellite authentication information. If you replace a firewall or portal,
-you can restore the information on the replacement by importing the state bundle.
-Import state information:
-*Select '''Device > Setup > Operations,''' click '''Import device state,''' Browse to the state bundle, and click '''OK.'''
-*(Optional) Click Commit to apply the imported state information to the running configuration.
 == Activities ==

Difference between revisions of "PAN-OS"

Revision as of 10:15, 16 April 2020

Contents

PAN-OS CLI

Rules

Activities

Basic

Intermediate

See also

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools