Difference between revisions of "PAN-OS"

From wikieduonline
Jump to navigation Jump to search
(→‎Activities: * Review additional PAN-OS examples: https://www.thegeekstuff.com/2019/06/paloalto-cli-security-nat-policy/)
Line 68: Line 68:
 
== Activities ==
 
== Activities ==
 
Basic
 
Basic
 +
* Review additional PAN-OS examples: https://www.thegeekstuff.com/2019/06/paloalto-cli-security-nat-policy/
 
* Create a backup of your configuration: https://docs.paloaltonetworks.com/content/techdocs/en_US/pan-os/9-0/pan-os-admin/firewall-administration/manage-configuration-backups.html
 
* Create a backup of your configuration: https://docs.paloaltonetworks.com/content/techdocs/en_US/pan-os/9-0/pan-os-admin/firewall-administration/manage-configuration-backups.html
 
* Read PAN-OS 9.0 Administration guide:
 
* Read PAN-OS 9.0 Administration guide:

Revision as of 05:57, 9 December 2019

PAN-OS is software running on Palo Alto firewalls.[1] providing Firewall capabilities, QoS, URL Filtering, packet inspection and threat prevention (WildFire).

PAN-OS CLI

VPN

  • show vpn flow
  • show vpn gateway
  • show vpn ike-sa
  • show vpn ipsec-sa
  • show vpn tunnel

PVST+ commands

Troubleshooting

  • ping host <destination-ip-address>
  • ping source <ip-address-on-dataplane> host <destination-ip-address>
  • show netstat statistics yes

Panorama

  • show log-collector preference-list
  • show logging-status device <firewall-serial-number>

Wildfire

  • show wildfire wf-vm-pe-utilization
  • show wildfire wf-vm-doc-utilization
  • show wildfire wf-vm-elinkda-utilization
  • show wildfire wf-vm-archive-utilization
  • show wildfire global sample-device-lookup sha256 equal <SHA_256>.
  • show wildfire local sample-processed {time [last-12-hrs | last-15-minutes | last-1-hr | last-24-hrs | last-30-days | last-7-days | last-calender-day | last-calender-month] \ count <number_of_samples>}.

Rules

  • set rulebase security rules YOUR_RULES_NAMES from Untrust to Trust source any destination any application any service any action allow
  • move rulebase security rules YOUR_RULE_NAME top
  • move rulebase security rules YOUR_RULE_NAME before YOUR_OTHER_RULE_NAME
  • delete rulebase security rules YOUR_RULE_NAME

NAT (Valid actions: top, bottom, before, after)

  • set rulebase nat rules YOUR_RULE_NAME source-translation dynamic-ip-and-port interface-address interface ethernet1/2
  • move rulebase nat rules YOUR_RULE_NAME top
  • delete rulebase nat rules YOUR_RULE_NAME

PAN-OS Releases

  • PAN-OS 9.0 (Release Notes: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-release-notes.html)
    • Easy transition your legacy rulebase to a best practice application-based rulebase
    • Strict Enforcement of Standard Ports
    • Real-Time Enforcement and Expanded Capacities for DAGs
    • Panorama can now manage up to 5,000 firewall
    • Multi-Category and Risk-Based URL Filtering
    • DNS Security Service
    • Policy Match and Connectivity Tests from the Web Interface
    • HTTP/2 Inspection
    • Consolidated Deployment for GlobalProtect Portals and Gateways
  • PAN-OS 8.0 End-of-life on October 31, 2019

Activities

Basic

Intermediate

See also


Draft - Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. https://en.wikiversity.org/wiki/Draft:Firewall/Palo_Alto_PA-Series/PAN-OS

Advertising: