PAN-OS
Revision as of 08:09, 8 December 2019 by Welcome (talk | contribs) (Created page with "PAN-OS is software running on Palo Alto firewalls.<ref>https://docs.paloaltonetworks.com/pan-os</ref> providing Firewall capabilities, QoS, UR...")
PAN-OS is software running on Palo Alto firewalls.[1] providing Firewall capabilities, QoS, URL Filtering, packet inspection and threat prevention (WildFire).
- Threat prevention (Wildfire). Features: https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-90.html
PAN-OS CLI
show system info
show system disk-space files
less mp-log authd.log
show routing route
show running nat-policy
(See also: https://en.wikiversity.org/wiki/Cisco_Networking/CCENT/Network_Services#NAT_Configuration)
/PVST+/ commands
Troubleshooting
ping host <destination-ip-address>
ping source <ip-address-on-dataplane> host <destination-ip-address>
show netstat statistics yes
Panorama
show log-collector preference-list
show logging-status device <firewall-serial-number>
Wildfire
show wildfire wf-vm-pe-utilization
show wildfire wf-vm-doc-utilization
show wildfire wf-vm-elinkda-utilization
show wildfire wf-vm-archive-utilization
show wildfire global sample-device-lookup sha256 equal <SHA_256>.
show wildfire local sample-processed {time [last-12-hrs | last-15-minutes | last-1-hr | last-24-hrs | last-30-days | last-7-days | last-calender-day | last-calender-month] \ count <number_of_samples>}.
PAN-OS Releases
- PAN-OS 9.0 (Release Notes: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-release-notes.html)
- Easy transition your legacy rulebase to a best practice application-based rulebase
- Strict Enforcement of Standard Ports
- Real-Time Enforcement and Expanded Capacities for DAGs
- Panorama can now manage up to 5,000 firewall
- Multi-Category and Risk-Based URL Filtering
- DNS Security Service
- Policy Match and Connectivity Tests from the Web Interface
- HTTP/2 Inspection
- Consolidated Deployment for GlobalProtect Portals and Gateways
- PAN-OS 8.0 End-of-life on October 31, 2019
Activities
Basic
- Create a backup of your configuration: https://docs.paloaltonetworks.com/content/techdocs/en_US/pan-os/9-0/pan-os-admin/firewall-administration/manage-configuration-backups.html
- Read PAN-OS 9.0 Administration guide:
- Read PAN-OS 9.0 New features guide: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html such as Rule Changes Archive [2]
- Read PAN-OS 7.1 Release Notes: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-release-notes/pan-os-7-1-release-information/features-introduced-in-pan-os-7-1
- Review PAN-OS CLI Quick Start: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-cli-quick-start/cli-cheat-sheets.html
Intermediate
- Create a IPSec VPN access in tunnel mode (transport mode not supported): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK
- Configure MFA: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/configure-multi-factor-authentication.html
See also
Advertising: