Palo Alto Networks : Firewall Loopback interfaces

In a dual-homed network infrastructure, loopback interfaces are a very valuable configuration option on Palo Alto firewalls. Cisco folk may be more familiar with the use of loopback interfaces, so this article gives a very quick look at some of the uses of a loopback interface in a Palo Alto firewall deployment. The most usedul … Continue reading Palo Alto Networks : Firewall Loopback interfaces

Advertisements

Lessons learned : Global Protect + User ID w/ Palo Alto Networks firewall

Scenario : A palo alto firewall has been successfully setup to use global protect, along with LDAP authentication. Also, USER-ID has been setup internally,with firewall policies written to include username / groups. This allows the firewall administrator to deploy consistent firewall policies to both internal and VPN users, based on active directory groups Problem: After a … Continue reading Lessons learned : Global Protect + User ID w/ Palo Alto Networks firewall

Palo Alto Networks : Implementing Conditional Advertising in BGP

Palo Alto networks have an interesting feature in their BGP module called "Conditional Adv" - this is found in the Network > Virtual Routers > default > BGP > Conditional Adv tab of the GUI. There are no concrete examples in their KB of how to implement this, so here is a rundown of why and … Continue reading Palo Alto Networks : Implementing Conditional Advertising in BGP

Connecting to a Palo Alto Network GlobalProtect Gateway from Linux

Please note: this software has only been officially tested on Ubuntu and CentOS distributions. The VPN software uses community based vpnc software, please direct support questions about the actual client to your distribution's support channels. The following documentation is based on Ubuntu 12.04 LTS - Install the following packages on your system: * network-manager-vpnc * … Continue reading Connecting to a Palo Alto Network GlobalProtect Gateway from Linux

Palo Alto Networks: Ignite 2012 User Conference Notes

Following are several links to articles containing my notes taken during the Palo Alto Networks Ignite User Conference 2012 PaloAlto Ignite 2012 notes: IPv6 Security PaloAlto Ignite 2012 notes: USER-ID PaloAlto Ignite 2012 notes: App-ID Nugget Post: Study Material Links for Palo Alto CNSE exam PS a couple more photos here

PaloAlto Ignite 2012 notes: IPv6 Security

This article is part of a series which depicts some of the notes I took during several sessions in the Palo Alto Networks Ignite conference in Las Vegas. IPv6 Security Notes - Ensure that the IPv6  Firewalling option has been enabled under device > settings otherwise the PaloAlto will just route IPv6 traffic. Post PAN-OS v5 will … Continue reading PaloAlto Ignite 2012 notes: IPv6 Security

PaloAlto Ignite 2012 notes: App-ID

This article is part of a series which depicts some of the notes I took during several sessions in the Palo Alto Networks Ignite conference in Las Vegas. APP-ID - The below flowchart depicts the life of a session. At each subsequent stage, more information is gathered regarding the session for further granularity in the … Continue reading PaloAlto Ignite 2012 notes: App-ID