Palo Alto Networks®PAN-OS® Getting Started GuidePAN-OS 6.0
6 Getting Started GuideSet Up Management Access to the Firewall Integrate the Firewall into Your Management NetworkStep 4 Configure the interface. 1
96 Getting Started GuideConfigure an Active/Passive Pair Set Up High AvailabilityConfigure an Active/Passive PairThe following procedure shows how t
Getting Started Guide 97Set Up High Availability Configure an Active/Passive Pair Step 4 Set up the control link connection.This example shows an in-
98 Getting Started GuideConfigure an Active/Passive Pair Set Up High AvailabilityStep 7 Set up the data link connection (HA2) and the backup HA2 con
Getting Started Guide 99Set Up High Availability Configure an Active/Passive Pair Step 9 Set the device priority and enable preemption.This setting i
100 Getting Started GuideConfigure an Active/Passive Pair Set Up High AvailabilityStep 12 Enable HA. 1. Select Device > High Availability > Ge
Getting Started Guide 101Set Up High Availability Configure an Active/Passive Pair On the passive device: The state of the local device should displa
102 Getting Started GuideDefine the Failover Conditions Set Up High AvailabilityDefine the Failover ConditionsConfigure the Failover Triggers Step 1
Getting Started Guide 103Set Up High Availability Verify Failover Verify Failover To test that your HA configuration works properly trigger a manual
104 Getting Started GuideVerify Failover Set Up High Availability
Getting Started Guide 7Integrate the Firewall into Your Management Network Set Up Management Access to the Firewall Step 5 Because the firewall uses
8 Getting Started GuideSet Up Management Access to the Firewall Integrate the Firewall into Your Management NetworkStep 6 Configure an external-faci
Getting Started Guide 9Integrate the Firewall into Your Management Network Activate Firewall Services Activate Firewall ServicesBefore you can begin
10 Getting Started GuideActivate Firewall Services Integrate the Firewall into Your Management Network Threat Prevention—Provides antivirus, anti-s
Getting Started Guide 11Integrate the Firewall into Your Management Network Activate Firewall Services Manage Content UpdatesIn order to stay ahead o
12 Getting Started GuideActivate Firewall Services Integrate the Firewall into Your Management NetworkStep 2 Check for the latest updates.Click Chec
Getting Started Guide 13Integrate the Firewall into Your Management Network Activate Firewall Services Install Software UpdatesWhen installing a new
14 Getting Started GuideActivate Firewall Services Integrate the Firewall into Your Management NetworkStep 3 Download the update.Note If your firewa
Getting Started Guide 15Integrate the Firewall into Your Management Network Add Firewall Administrators Add Firewall AdministratorsBy default, every
iiContact InformationCorporate Headquarters:Palo Alto Networks4401 Great America ParkwaySanta Clara, CA 95054-1211http://www.paloaltonetworks.com/cont
16 Getting Started GuideAdd Firewall Administrators Integrate the Firewall into Your Management Network Local administrator account with SSL-based
Getting Started Guide 17Integrate the Firewall into Your Management Network Add Firewall Administrators Create a Local AdministratorStep 1 If you pla
18 Getting Started GuideAdd Firewall Administrators Integrate the Firewall into Your Management NetworkStep 2 (Optional) Set requirements for local
Getting Started Guide 19Integrate the Firewall into Your Management Network Monitor the Firewall Monitor the FirewallAnother thing to consider during
20 Getting Started GuideMonitor the Firewall Integrate the Firewall into Your Management NetworkView Local Log DataAll Palo Alto Networks next-gener
Getting Started Guide 21Integrate the Firewall into Your Management Network Monitor the Firewall Display Log Data on the DashboardYou can also monito
22 Getting Started GuideMonitor the Firewall Integrate the Firewall into Your Management NetworkForward Logs to External ServicesDepending on the ty
Getting Started Guide 23Integrate the Firewall into Your Management Network Monitor the Firewall Set Up Email AlertsSet Up SNMP Trap DestinationsSimp
24 Getting Started GuideMonitor the Firewall Integrate the Firewall into Your Management NetworkYou can also use SNMP to monitor the firewall. In th
Getting Started Guide 25Integrate the Firewall into Your Management Network Monitor the Firewall Define Syslog ServersSyslog is a standard log transp
Getting Started Guide iiiTable of ContentsIntegrate the Firewall into Your Management Network . . . . . . . . . . . . . . . . . .1Set Up Management A
26 Getting Started GuideMonitor the Firewall Integrate the Firewall into Your Management NetworkThere are five log types that PAN-OS can export to a
Getting Started Guide 27Integrate the Firewall into Your Management Network Monitor the Firewall Forward Logs to PanoramaBefore you can forward log f
28 Getting Started GuideMonitor the Firewall Integrate the Firewall into Your Management Network Config Logs—Enable forwarding of Config logs by sp
Getting Started Guide 29Integrate the Firewall into Your Management Network Monitor the Firewall Monitor the Firewall Using SNMPAll Palo Alto Network
30 Getting Started GuideMonitor the Firewall Integrate the Firewall into Your Management NetworkStep 3 Enable the SNMP manager to interpret firewall
Getting Started Guide 31Create the Security PerimeterThe following topics provide basic steps for configuring the firewall interfaces, defining zones,
32 Getting Started GuideSecurity Perimeter Overview Create the Security PerimeterSecurity Perimeter OverviewTraffic must pass through the firewall i
Getting Started Guide 33Create the Security Perimeter Security Perimeter Overview Virtual Wire DeploymentsIn a virtual wire deployment, the firewall
34 Getting Started GuideSecurity Perimeter Overview Create the Security PerimeterAbout Network Address Translation (NAT)When you use private IP addr
Getting Started Guide 35Create the Security Perimeter Security Perimeter Overview Field Description Required FieldsNameA label that supports up to 31
iv Getting Started Guide Table of ContentsProtect Your Network Against Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Enable Wi
36 Getting Started GuideSecurity Perimeter Overview Create the Security PerimeterURL CategoryUsing the URL Category as match criteria allows you to
Getting Started Guide 37Create the Security Perimeter Security Perimeter Overview Policy Best PracticesThe task of safely enabling Internet access an
38 Getting Started GuideSecurity Perimeter Overview Create the Security PerimeterSome examples of address and application policy objects are shown i
Getting Started Guide 39Create the Security Perimeter Security Perimeter Overview for information on using the default profiles in your security poli
40 Getting Started GuideSet Up Interfaces and Zones Create the Security PerimeterSet Up Interfaces and ZonesThe following sections provide informati
Getting Started Guide 41Create the Security Perimeter Set Up Interfaces and Zones Configure Interfaces and ZonesAfter you plan your zones and the cor
42 Getting Started GuideSet Up Interfaces and Zones Create the Security PerimeterStep 3 Configure the interface that connects to your internal netwo
Getting Started Guide 43Create the Security Perimeter Configure NAT Policies Configure NAT PoliciesBased on the example topology we used to create th
44 Getting Started GuideConfigure NAT Policies Create the Security PerimeterTranslate Internal Client IP Addresses to your Public IP AddressWhen a c
Getting Started Guide 45Create the Security Perimeter Configure NAT Policies Enable Clients on the Internal Network to Access your Public ServersWhen
Getting Started Guide 1Integrate the Firewall into Your Management NetworkThe following topics describe how to perform the initial configuration steps
46 Getting Started GuideConfigure NAT Policies Create the Security PerimeterEnable Bi-Directional Address Translation for your Public-Facing Servers
Getting Started Guide 47Create the Security Perimeter Configure NAT Policies Step 2 Create the NAT policy. 1. Select Policies > NAT and click Add
48 Getting Started GuideSet Up Basic Security Policies Create the Security PerimeterSet Up Basic Security PoliciesPolicies allow you to enforce rule
Getting Started Guide 49Create the Security Perimeter Set Up Basic Security Policies Define Basic Security Rules Step 1 Permit Internet access for al
50 Getting Started GuideSet Up Basic Security Policies Create the Security PerimeterStep 3 Restrict access from the Internet to the servers on the D
Getting Started Guide 51Create the Security Perimeter Set Up Basic Security Policies Test Your Security PoliciesTo verify that you have set up your b
52 Getting Started GuideSet Up Basic Security Policies Create the Security PerimeterMonitor the Traffic on Your NetworkNow that you have a basic sec
Getting Started Guide 53Create the Security Perimeter Set Up Basic Security Policies In the ACC, review the most used applications and the high-ris
54 Getting Started GuideSet Up Basic Security Policies Create the Security Perimeter
Getting Started Guide 55Protect Your Network Against ThreatsThe Palo Alto Networks next-generation firewall has unique threat prevention capabilities
2 Getting Started GuideSet Up Management Access to the Firewall Integrate the Firewall into Your Management NetworkSet Up Management Access to the F
56 Getting Started GuideEnable WildFire Protect Your Network Against ThreatsEnable WildFireThe WildFire service is included as part of the base prod
Getting Started Guide 57Protect Your Network Against Threats Enable WildFire For more information on WildFire, refer to the Palo Alto Networks WildFi
58 Getting Started GuideScan Traffic for Threats Protect Your Network Against ThreatsScan Traffic for ThreatsSecurity profiles provide threat protec
Getting Started Guide 59Protect Your Network Against Threats Scan Traffic for Threats Step 3 Schedule signature updates.Best Practice for Updates:Per
60 Getting Started GuideScan Traffic for Threats Protect Your Network Against ThreatsSet Up File BlockingFile blocking profiles allow you to identif
Getting Started Guide 61Protect Your Network Against Threats Scan Traffic for Threats Step 2 Configure the file blocking options. 1. Click Add to def
62 Getting Started GuideScan Traffic for Threats Protect Your Network Against ThreatsStep 5 To test the file blocking configuration, access a client
Getting Started Guide 63Protect Your Network Against Threats Control Access to Web Content Control Access to Web ContentURL filtering provides visibi
64 Getting Started GuideControl Access to Web Content Protect Your Network Against ThreatsStep 4 Define how to control access to web content. If you
Getting Started Guide 65Protect Your Network Against Threats Control Access to Web Content For More InformationFor more details on URL filtering, ref
Getting Started Guide 3Integrate the Firewall into Your Management Network Set Up Management Access to the Firewall Set Up Network Access to the Fire
66 Getting Started GuideControl Access to Web Content Protect Your Network Against Threats
Getting Started Guide 67Configure User IdentificationUser Identification (User-ID) is a Palo Alto Networks next-generation firewall feature that allow
68 Getting Started GuideUser Identification Overview Configure User IdentificationUser Identification OverviewUser-ID seamlessly integrates Palo Alt
Getting Started Guide 69Configure User Identification User Identification Overview About User MappingHaving the names of the users and groups is only
70 Getting Started GuideUser Identification Overview Configure User IdentificationPortal policy requires user authentication, either transparently v
Getting Started Guide 71Configure User Identification Enable User Identification Enable User IdentificationTo enable policy enforcement based on user
72 Getting Started GuideEnable User Identification Configure User IdentificationMap Users to GroupsStep 1 Create an LDAP Server Profile that specifi
Getting Started Guide 73Configure User Identification Enable User Identification Map IP Addresses to UsersThe tasks you need to perform to map IP add
74 Getting Started GuideEnable User Identification Configure User IdentificationConfigure User MappingIn most cases, the majority of your network us
Getting Started Guide 75Configure User Identification Enable User Identification Step 2 Define the servers the firewall should monitor to collect IP
4 Getting Started GuideSet Up Management Access to the Firewall Integrate the Firewall into Your Management NetworkStep 6 Configure DNS, time and da
76 Getting Started GuideEnable User Identification Configure User IdentificationMap IP Addresses to User Names Using Captive PortalIf the firewall r
Getting Started Guide 77Configure User Identification Enable User Identification Captive Portal ModesThe Captive Portal mode defines how web requests
78 Getting Started GuideEnable User Identification Configure User IdentificationConfigure Captive PortalThe following procedure shows how to configu
Getting Started Guide 79Configure User Identification Enable User Identification Step 4 (Redirect mode only) To transparently redirect users without
80 Getting Started GuideEnable User Identification Configure User IdentificationStep 6 (Optional) Set up client certificate authentication. Note tha
Getting Started Guide 81Configure User Identification Enable User Identification Step 8 Configure the Captive Portal settings. 1. Select Device >
82 Getting Started GuideEnable User- and Group-Based Policy Configure User IdentificationEnable User- and Group-Based PolicyIn order to enable secur
Getting Started Guide 83Configure User Identification Enable User- and Group-Based Policy Step 3 Create your Captive Portal Policies.1. Select Polic
84 Getting Started GuideVerify the User-ID Configuration Configure User IdentificationVerify the User-ID ConfigurationAfter you configure User Ident
Getting Started Guide 85Configure User Identification Verify the User-ID Configuration Step 4 Test your Captive Portal configuration. 1. From the s
Getting Started Guide 5Integrate the Firewall into Your Management Network Set Up Management Access to the Firewall Set Up Network Access for Externa
86 Getting Started GuideVerify the User-ID Configuration Configure User IdentificationStep 6 Verify that user names are displayed in reports (Monito
Getting Started Guide 87Set Up High AvailabilityHigh availability (HA) is a configuration in which two firewalls are placed in a group to prevent a si
88 Getting Started GuideHA Overview Set Up High AvailabilityHA OverviewOn Palo Alto Networks firewalls, you can set up two devices as an HA pair. HA
Getting Started Guide 89Set Up High Availability HA Overview On devices with dedicated HA ports (HA1 and HA2) such as the PA-3000 Series, PA-4000 Ser
90 Getting Started GuideHA Overview Set Up High AvailabilityFailover TriggersWhen a failure occurs on the active device and the passive device takes
Getting Started Guide 91Set Up High Availability HA Overview Timers Description PA-7050PA-5000 SeriesPA-4000 SeriesPA-3000 SeriesPA-2000 SeriesPA-500
92 Getting Started GuideHA Overview Set Up High AvailabilityAdditional master hold up timeThis time interval is applied to the same event as Monitor
Getting Started Guide 93Set Up High Availability Prerequisites for Active/Passive HA Prerequisites for Active/Passive HATo set up high availability o
94 Getting Started GuideConfiguration Guidelines Set Up High AvailabilityConfiguration GuidelinesTo set up an active (PeerA) passive (PeerB) pair in
Getting Started Guide 95Set Up High Availability Configuration Guidelines Independent Configuration SettingsPeerA PeerBControl Link IP address of the
Kommentare zu diesen Handbüchern