Ultimate Test Drive NGFW Workshop Guide 2.1.pdf

1. Last Update: 20140512 Workshop Guide Ultimate Test Drive Next Generation Firewall (NGFW) PAN-OS 5.0.10/UTD 2.1CS http://www.paloaltonetworks.com © 2014 Palo Alto Networks. Proprietary and Confidential

2. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 2 Table of Contents Activity 0 – Login to UTD Workshop ................................................................................. 5 Task 1 – Login to your Ultimate Test Drive Class Environment .................................................................... 5 Task 2 – Login to the student desktop ......................................................................................................... 7 Task 3 – Login to UTD Virtual Firewall ........................................................................................................ 10 Activity 1 – Enabling Social Media .................................................................................. 12 Task 0 – Check connectivity to Facebook ................................................................................................... 12 Task 1 – Modify an existing Security Policy to allow Facebook .................................................................. 12 Task 2 – Review Traffic Logs ....................................................................................................................... 13 Activity 2 – Controlling Evasive Applications ................................................................... 14 Task 1– Attempt to use an non-‐approved web application ....................................................................... 14 Task 2– Attempt to use an anonymizer site ............................................................................................... 15 Task 3– Attempt to download and install evasive application ................................................................... 15 Task 4– Review URL log .............................................................................................................................. 16 Activity 3 – Applications on Non-‐standard Ports ............................................................. 17 Task 1 – Create a new Security Policy ........................................................................................................ 17 Task 2 – Check application connectivity ..................................................................................................... 18 Task 3 – Modify Security Policy .................................................................................................................. 18 Task 4 – Re-‐check applications on non-‐standard ports .............................................................................. 19 Activity 4 – Decryption ................................................................................................... 20 Task 0 – Check connectivity to LinkedIn ..................................................................................................... 20 Task 1 – Modify existing Security Policy ..................................................................................................... 21 Task 2 – Add a new Decryption Policy ........................................................................................................ 21 Task 3 – Log into LinkedIn .......................................................................................................................... 22 Task 4 – Review Traffic Logs ....................................................................................................................... 22 Activity 5 – Modern Malware Protection ........................................................................ 24 Task 1 – Enable file forwarding to WildFire Service ................................................................................... 24 Task 2 – Modify Security Policy with File Blocking Profile .......................................................................... 24 Task 3 – Test WildFire Modern Malware Protection .................................................................................. 25 Task 4 – Wildfire Portal Review .................................................................................................................. 26

3. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 3 Activity 6 – URL Filtering ................................................................................................ 28 Task 0 – Check connectivity ....................................................................................................................... 28 Task 1 – Modify a URL filter ....................................................................................................................... 28 Task 2 – Apply the URL filter to a Security Policy ....................................................................................... 29 Task 3 – Review URL Filtering Logs ............................................................................................................. 29 Activity 7 –Event Reporting ............................................................................................ 31 Task 1 – Running pre-‐defined reports ........................................................................................................ 31 Task 2 – Setting up custom reports ............................................................................................................ 31 Task 3 – SE “Demo Box” review ................................................................................................................. 31 Appendix-‐1: Alternative Login Method to Student Desktop ............................................ 33 Login to the student desktop using Java Console (Java client required) .................................................... 33 Login to the student desktop with RDP client ............................................................................................ 35 Appendix-‐2: Support for Non-‐US keyboard ..................................................................... 38

4. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 4 How to use this Guide: The activities outlined in this Ultimate Test Drive guide are meant to contain all the information necessary to navigate the Palo Alto Networks graphical user interface (GUI). This guide is meant to be used in conjunction with the information and guidance provided by your facilitator. Once these activities are completed: You should be able to: 1. Navigate the Palo Alto Networks GUI 2. Review portions of the firewall configuration 3. Change the configuration to affect the behavior of traffic across the firewall This workshop covers only basic topics and is not a substitute for the training classes conducted by Palo Alto Networks’ Authorized Training Centers (ATC). Please contact your partner or regional sales manager for more training information. Terminology: “Tab” refers to the 5 tabs along the top of each screen in the GUI. “Node” refers to the options associated with each “Tab” found in the left-‐hand column on each screen. *NOTE* Unless specified, the “Chrome” web browser will be used to perform any tasks outlined in the following Activities. (Chrome is pre-‐installed on the student desktop of the workshop PC.)

5. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 5 Activity 0 – Login to UTD Workshop In this activity you will: • Login to the Ultimate Test Drive Workshop from your laptop • Test student desktop connectivity to the firewall • Review the workshop network Task 1 – Login to your Ultimate Test Drive Class Environment Step 1: First, make sure your laptop is installed with a modern browser that supports HTML 5.0. We recommend using the latest version of Firefox, Chrome and Internet Explorer. We also recommend you install the latest Java client for your browser. Step 2: Go to class URL. Enter your email address and the Passphrase. (If you have an invitation email, you can find the Class URL and Passphrase in the invitation email. Or the instructor will provide you with the class URL and Passphrase.) Step 3: Complete the Registration form and click “Register and Login” at the bottom. Step 4: Depends on your browser of choice, you will be asked to install a plugin, please click yes to allow the plugin to be installed and continue the login process.

6. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 6 Step 5: Once you login, the environment will be automatically created for you. Click on “Start Using This Environment” when the Environment is ready. Step 6: The UTD NGFW Environment consists of two core components: a “Student Desktop” and a “VM-‐ Series Virtual Firewall”.

7. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 7 Task 2 – Login to the student desktop Step 1: Click on the “Student Desktop” tab on top to connect to the Student Desktop. Step 2: You will be connected to the “Student Desktop” through your browser. Step 3: Click on the blue arrow on the top left hand corner to collapse the navigation bar. This will make more room for the “Student Desktop”.

8. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 8 Step 4: If the “Student Desktop” resolution is too high or too low for your laptop display, you can adjust the resolution on the upper right hand corner. [Note: The default connection to the “Student Desktop” uses RDP over HTML5 protocol through the browser. In case of your browser does not support HTML5 or you find that the student desktop is too small to use in the browser, please refer to Appendix-‐1 : Alternative Login Method to connect to the student desktop using Java or RDP client. ] Optional Step 5: If you encounter connection issue with the “Student Desktop”, click on “Reconnect” to re-‐ establish the connection.

9. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 9 Optional Step 6: If re-‐connection to the “Student Desktop” remains unsuccessful, please verify your laptop connectivity using the following link. Note that Java client is required on your browser for this test site to function. https://use.cloudshare.com/test.mvc This test site will validate the RDP-‐based and Java-‐based connections to your browser. Click “Allow” to allow the “Java Applet” to be installed and run on your browser. Optional Step 7: If the connectivity test passed, please close the browser and retry from Task-‐1 Step-‐1. If the connectivity test failed, please inform the instructor for further assistance.

10. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 10 Task 3 – Login to UTD Virtual Firewall Step 1: Click on the “UTD-‐NGFW-‐PAVM-‐CS” bookmark in the Chrome browser, login to the firewall using the following name and password: Name: student Password: utd135 Step 2: You are now login to the firewall and should see the main dashboard. “student” -‐> <-‐ “utd135”

11. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 11 Step 3: Open a new tab in Chrome browser window and confirm Internet connectivity to some URL (e.g. http://www.cnn.com) Step 4: Here is a quick look at how the student desktop and the virtual firewall are connected.

12. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 12 Activity 1 – Enabling Social Media Background: Every organization is trying to determine how to exert controls over social media applications – allowing them all is high risk while blocking them all can be business crippling. Policy considerations include who can use social media, what are the risks of data loss/data transfer, and how to eliminate the propagation of malware. PAN-‐OS features to be used: • App-‐ID and function control • Logging and reporting for verification In this activity you will: • Modify the existing firewall configuration to control the behavior of the Facebook app • Review Traffic logs to confirm activity Task 0 – Check connectivity to Facebook Step 1: On your session desktop, open a browser and enter the URL: http://www.facebook.com ü Question: What is the response seen in the browser window? Ø Answer: You should get blocked and see a screen that looks like this: Task 1 – Modify an existing Security Policy to allow Facebook Step 1: Click on the “Policies” tab à “Security” node Step 2: Click on the rule name “UTD-‐Policy-‐03” à a “Security Policy Rule” pop-‐up will appear Step 3: Click on the “Application” tab (within the pop-‐up)

13. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 13 Step 4: Click “Add” and type “facebook” and select “facebook-‐base” from the list Step 5: Click “Ok” in the pop-‐up window Step 6: Click “Enable” (in the bottom bar of the GUI) Step 7: Click “Commit” (in the upper right hand corner of the GUI) Step 8: Click “Ok” in the pop-‐up window [NOTE: There will be a pop-‐up window with messages regarding the Commit. Any warning messages can be safely ignored.] Step 9: Click “Close” in the pop-‐up window once the Commit has completed Step 10: Open a new browser tab and surf to http://www.facebook.com. (You may get a warning message that you can ignore.) Step 11: Log into facebook using the account: Username/Email: ultimatetestdrive@gmail.com Password: paloalto123 Note: If you have trouble passing the @ symbol to the VM please follow the directions in the Appendix for accessing the on-‐screen keyboard. Task 2 – Review Traffic Logs Step 1: Click on the “Monitor” tab and the “Traffic” node (under the “Logs” section) will be selected Step 2: Type into the query box (directly above the “Receive Time” column) the search string: (app eq facebook) Then hit the Enter key or click the icon: Questions: ü How many log entries are associated with the traffic you just generated? ü What was the action associated with the log entries? ü What was the port number associated with the log entries? End of Activity 1

14. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 14 Activity 2 – Controlling Evasive Applications Background: Evasive applications are found on almost every network. Some are purposely evasive, making every effort to avoid controls and hide. Examples include Ultrasurf, Tor and P2P. Policy considerations for controlling applications include protection from RIAA threats, data loss – either inadvertent or otherwise – and malware propagation. PAN-‐OS features to be used: • App-‐ID and URL filters to prevent evasive applications • Logging and reporting for verification In this activity you will: • Use Application and URL Filter to control Proxy sites • Review the logs Task 1– Attempt to use an non-‐approved web application Step 1: Open a new browser tab and go to http://drive.google.com. Ø You should get blocked and see a screen that looks like this: Google-‐drive-‐web application is not explicitly allowed by the firewall so it is blocked. To get around the firewall some users may try to use an anonymizer sites to by-‐pass the firewall

15. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 15 Task 2– Attempt to use an anonymizer site Step 1: Open a new browser tab and go to one of these anonymizer sites: http://www.anonymouse.org and http://www.hidemyass.com . Step 2: You should see the anonymizer site being blocked: The block-‐page indicates that site access is blocked based on URL category. Task 3– Attempt to download and install evasive application Step 1: To circumvent the firewalls, some students may try to download and install an evasive application such as ToR. Step 2: Attempt to download ToR from the web site https://www.torproject.org in the browser. You should see that it has been block too.

16. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 16 Task 4– Review URL log Step 1: Click on the “Monitor” tab and the “URL Filtering” node (under the “Logs” section) Step 2: You can click on any entry under the “URL” column and it will automatically enter the filtering string in the search bar Then hit the Enter key or click the icon: Questions: ü Can you determine what policy is blocking google-‐drive? ü Can you determine what policy is blocking the anonymizer sites? ü What is the application used to access the anonymizer sites? ü What is the application used to access the Tor download sites? End of Activity 2

17. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 17 Activity 3 – Applications on Non-‐standard Ports Background: Many applications can use, either by default or through user control, a non-‐standard port. Often times, the use of non-‐standard ports is done as a means of evading controls. Tech savvy users are accessing their home PC from work by directing SSH to a non-‐standard port. The Verizon Data Breach Report released in March of 2012 shows that the list of hacking-‐related pathways in in 2012 tells a very similar story to years past. There were 855 breaches analyzed, 812 (95%) were attributed to hacking some type and 715 (88%) of those 812 were remote access tool related. More simply translated, 84% of the 855 breaches were attributable to remote access tool exploitation. Policy considerations include which applications and users should be allowed to use these applications. PAN-‐OS features to be used: • Logging and reporting to show SSH, Telnet, RDP on non-‐standard ports • App-‐ID, groups function and service (port) • User-‐ID (groups) • Logging and reporting for verification In this activity you will: • Add a new Security Policy for the IT organization • Re-‐order the Policies Task 1 – Create a new Security Policy Step 1: Click on the “Policies” tab then the “Security” node Step 2: Click “Add” in the lower left-‐hand corner Step 3: Name the Policy “IT-‐usage” Step 4: Click on the “Source” tab Step 5: Click “Add” in the “Source Zone” box and select “Trust” Step 6: Click on the “Destination” tab and click “Add” in the “Destination Zone” box and select “Untrust” Step 7: Click on the “Application” tab and click “Add” à type “IT-‐apps” and select it Step 8: Click “Ok” (Optional) Step 8-‐1: “IT-‐apps” is a predefine application group that includes SSH, MS-‐RDP and other applications. Go to the “Object” tab and “Application Groups” node to review what applications are included in this application group.

18. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 18 Step 9: Click and drag the Policy “IT-‐usage” so it is above the “UTD-‐Policy-‐05” rule. Step 10: Click “Commit” (in the upper right hand corner of the web browser) Step 11: Click “Ok” in the pop-‐up window Step 12: Click “Close” once the commit has completed Task 2 – Check application connectivity Step 1: Find the PUTTY application on the Java Applet desktop Ø If PUTTY is not an application on the desktop, Click “Start” Ø In the search bar, type in “Putty” and click on “Putty.exe” Ø Select the first one on the list Step 2: Connect using SSH to “shell.cjb.net” on port 443 Question: ü Did you get a login prompt? Ø Yes – you should see a login prompt that looks like this: Step 3: Close Connection and click the “Monitor” tab à “Traffic” log Step 4: Search for application SSH on port 443 Questions: ü What query string did you type into the search box? ü Was the application allowed? Task 3 – Modify Security Policy Step 1: Click on the “Policies” tab à “Security” Step 2: Click on the “IT-‐usage” Security Policy created in Task 1

19. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 19 Step 3: Click on the “Service/URL Category” tab and click on the pull down menu above the “Service” box, selecting “application-‐default” and then click “Ok”. [Note: Please ask the instructor to explain what “application-‐default” in the service box means.] Step 4: Click “Commit” (in the upper right hand corner of the web browser) Step 5: Click “Ok” in the pop-‐up window Step 6: Click “Close” once the commit has completed Task 4 – Re-‐check applications on non-‐standard ports Step 1: Find the PUTTY application on the student desktop Step 2: Connect using SSH to shell.cjb.net on port 443 using putty. Did you get a login prompt? Ø You should not get the login prompt Step 3: Close Connection and click the “Monitor” tab à “Traffic” log Step 4: Search for application SSH on port 443 Questions: ü What query string did you type into the search box? ü Was the application allowed? End of Activity 3

20. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 20 Activity 4 – Decryption Background: More and more traffic is decrypted with SSL by default, making it difficult to allow and scan that traffic, yet blindly allowing it is high risk. Using policy based SSL decryption will allow you to enable encrypted applications, apply policy, then re-‐encrypt and send the traffic to its final destination. Policy considerations include which applications to decrypt, protection from malware propagation and data/file transfer. PAN-‐OS features to be used: • App-‐ID • SSL decryption • Logging and reporting for verification • User-‐ID (Challenge Task) In this activity you will: • Modify existing Security Policy to allow Linkedin application for the Exec Team • Add new Decryption Policy to decrypt SSL traffic Task 0 – Check connectivity to LinkedIn Step 1: On your Java Applet session desktop, open a browser and enter the URL: http://www.linkedin.com ü Question: What is the response seen in the browser window? Ø Answer: You should get blocked and see a screen that looks like this:

21. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 21 Task 1 – Modify existing Security Policy Step 1: Click on the “Policies” tab à “Security” node will be selected Step 2: Click on the rule “UTD-‐Policy-‐04” à a “Security Policy Rule” pop-‐up will appear Step 3: Click on the “Application” tab (within the pop-‐up) Step 4: Click “Add” and type “linkedin-‐base” à select it Step 5: Click “Ok” Step 6: Click “Enable” (in the lower bar of the GUI) NOTE: You don’t need to click “Commit” until after the next Task Task 2 – Add a new Decryption Policy Step 1: Click on the “Policies” tab then the “Decryption” node Step 2: Click “Add” in the lower left-‐hand corner Step 3: In the “Decryption Policy Rule” pop-‐up: name the Policy “UTD-‐Decryption-‐02” Step 4: Click on the “Source” tab Step 5: Click “Add” in the box labeled “Source Zone” and select “Trust” Step 6: Click on the “Destination” tab Step 7: Click “Add” in the box labeled “Destination Zone” and select “Untrust” Step 8: Click on the “Options” tab and select Action “decrypt” – leave the default Type selection as “SSL Forward Proxy” Step 9: Click “Ok” Step 10: Click “Commit” (in the upper right hand corner of the web browser) Step 11: Click “Ok” in the pop-‐up window Step 12: Click “Close” once the commit has completed

22. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 22 Task 3 – Log into LinkedIn Step 1: Open a new browser tab and enter http://www.linkedin.com NOTE: Click to confirm any security warning. You should see a confirmation page that indicate SSL Inspection is enabled. Step 2: Log into LinkedIn with the following credentials: Email address: ultimatetestdrive@gmail.com Password: paloalto123 Note: If you have trouble passing the @ symbol to the VM please follow the directions in the Appendix for accessing the on-‐screen keyboard. Step 3: Attempt to post a status update. Question: ü Did your post update block by the firewall? ü You should see the following block page and note the application that is being blocked. Task 4 – Review Traffic Logs Step 1: Click on the “Monitor” tab and the “Traffic” node (under the “Logs” section) will be selected Step 2: Type into the query box (directly above the “Receive Time” column) the search string: ( app eq linkedin ) and ( port.dst eq 443 ) Then hit the Enter key or click the icon: Questions: ü How many log entries are associated with the traffic you just generated?

23. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 23 Then click the Details icon next to the top log entry: Questions: ü Did the log entry show the traffic was decrypted? End of Activity 4

24. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 24 Activity 5 – Modern Malware Protection Background: Modern malware is at the heart of many of today's most sophisticated network attacks, and is increasingly customized to avoid traditional security solutions. WildFire exposes targeted and unknown malware through direct observation in a virtual environment, while the next-‐generation firewall ensures full visibility and control of all traffic including tunneled, evasive, encrypted and even unknown traffic. Policy considerations include which applications to apply the WildFire file blocking/upload profile. PAN-‐OS features to be used: • Profiles: Virus, Spyware, file blocking & WildFire • WildFire portal • Logging and reporting for verification In this activity you will: • Modify existing file blocking policy to use the Wildfire service • Add the modified file blocking policy to other Security Policy Task 1 – Enable file forwarding to WildFire Service Step 1: Click on the “Objects” tab à “File Blocking” node (found in the Security Profiles section) Step 2: Click on the Profile name “UTD-‐File-‐Blocking-‐01” Step 3: In the pop-‐up window find the name “File-‐Block-‐01” and change the Action from “alert” to “forward” Step 4: Click “Ok” – this now allows the File Blocking Profile to forward files to WildFire Modern Malware Protection services Task 2 – Modify Security Policy with File Blocking Profile Step 1: Click on the “Policies” tab à “Security” node Step 2: Click on the rule name “UTD-‐Policy-‐01” à a “Security Policy Rule” pop-‐up will appear Step 3: Click on the “Actions” tab (within the pop-‐up) Step 4: In the “Profile Setting” section, select the pull-‐down menu next to “File Blocking” Step 5: Select “UTD-‐File-‐Blocking-‐01” Step 6: Click “Ok”

25. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 25 Optional Step 7: Click on the rule name “UTD-‐Policy-‐04” à a “Security Policy Rule” pop-‐up will appear Optional Step 8: Click on the “Actions” tab (within the pop-‐up) Optional Step 9: In the “Profile Setting” section, select the pull-‐down menu next to “Profile Type” and select “Profiles” Optional Step 10: Select the pull-‐down menu next to “File Blocking” and select “UTD-‐File-‐Blocking-‐01” Question: ü Should you apply any other Security Profiles to this Security Rule? Optional Step 11: Click “Ok” Optional Step 12: If this policy is not enabled, click “Enable” at the bottom of the policy screen to enable the policy Step 13: Click “Commit” (in the upper right hand corner of the web browser) Step 14: Click “Ok” in the pop-‐up window Step 15: Click “Close” once the commit has completed Task 3 – Test WildFire Modern Malware Protection Step 1: To download a WildFire test sample file, open the browser and go to http://wildfire.paloaltonetworks.com/publicapi/test/pe Step 2: The browser will automatically download a “wildfire-‐test-‐pe-‐file.exe” sample file. Check your “Download” folder to confirm the download. [Note that this sample changes every time it is downloaded and it should by-‐pass most Antivirus scans.] Step 3: To view that the sample file has been sent to WildFire, go back to the firewall GUI, click on the “Monitor” tab then the “WildFile” node (under the “Logs” section) and review the log entry for the file being uploaded to the WildFire service. [Note: It may take about 10 mins for the Wildfire log to appear. It is a good time to take a short break before you continue. Please do not skip ahead to the next task.] Step 4: Click the Details icon next to the top log entry. Look at “Action” under “General” to determine if upload to WildFire was successful. Step 5: Click the “View WildFire Report” to go to the WildFire portal and continue with the next task.

26. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 26 Task 4 – Wildfire Portal Review Step 1: Open a browser window and enter the URL: http://wildfire.paloaltonetworks.com Step 2: Login using the following credentials Username: ngfw.utd@gmail.com Password: utd135 [Note: If you have trouble entering the @ symbol due to keyboard issue, please follow the directions in the Appendix-‐2 for accessing other international keyboards or the on-‐screen keyboard.] Once logged in, you will be presented with a report if you have clicked on “View WildFire Report” in Task 3 Steps 6. Step 3: Click on “VirusTotal Information” on the report, and it will bring you to the VirusTotal home page. Since this malware has never been seen before, VirusTotal will show a “File Not Found” message.

27. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 27 Step 4: Scroll through the rest of the WildFire report, pay special attention to the “Behavioral Summary” and “Host Activity” section. Step 5: Go to the WildFire dashboard to review other features from the WildFire portal. https://wildfire.paloaltonetworks.com/wildfire/dashboard End of Activity 5

28. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 28 Activity 6 – URL Filtering Application control and URL filtering complement each other, providing you with the ability to deliver varied levels of control that are appropriate for your security profile. Policy considerations include URL category access; which users can or cannot access the URL category, and prevention of malware propagation. PAN-‐OS features to be used: • URL filtering category match • Logging and reporting for verification In this activity you will: • Modify the behavior of URL filtering functionality Task 0 – Check connectivity Step 1: Open http://www.gambling.com in browser – you should be able to open this page with the base workshop configuration Task 1 – Modify a URL filter Step 1: Click on the “Objects” tab then the “URL Filtering” node (found in the Security Profiles section) Step 2: Click on the Profile name “UTD-‐URL-‐filter-‐01” Step 3: Find the Category “gambling” and change the Action from “allow” to “continue” Step 4: Click “Ok”

29. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 29 Task 2 – Apply the URL filter to a Security Policy Step 1: Click on the “Policies” tab then the “Security” node Step 2: Click on the rule “UTD-‐Policy-‐01” à a “Security Policy Rule” pop-‐up will appear Step 3: Click on the “Actions” tab (within the pop-‐up) Step 4: In the “Profile Setting” section, select the pull-‐down menu next to “URL Filtering” Step 5: Select “UTD-‐URL-‐filter-‐01” and then click “Ok” Step 6: Click “Commit” (in the upper right hand corner of the web browser) Step 7: Click “Ok” in the pop-‐up window Step 8: Click “Close” once the commit has completed Step 9: Open a new browser tab (on the workshop PC desktop) and enter the URL http://www.gambling.com The Web page is blocked but the block page will have an option to continue to open the page Step 10: Click “Continue” to open the web page Task 3 – Review URL Filtering Logs Step 1: Click on the “Monitor” tab à “URL Filtering” node (under the “Logs” section) Questions: ü How many log entries are associated with the traffic you just generated?

30. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 30 ü What was the action associated with the log entries? ü What was the port number associated with the log entries? Step 2: Click the Details icon next to the top log entry: Questions: ü Can you see the full URL? ü Which direction is the traffic: “client-‐to-‐server” or “server-‐to-‐client”? End of Activity 6

31. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 31 Activity 7 –Event Reporting Informative reports are very important to network and security administrators to monitor and identify potential network problems and attacks. Comprehensive built-‐in reporting features in the firewall can provide visibility into network without requiring a complex logging infrastructure. PAN-‐OS features to be used: • Reporting (pre-‐defined) o Top applications, threats, URL categories, Etc. • Manage custom reports o Create a custom report using traffic stats logs Task 1 – Running pre-‐defined reports Step 1: Click on the “Monitor” tab then the “Reports” node (last node on the list) Step 2: On the right-‐hand side of the browser window, a list of pre-‐defined reports grouped by Application, Traffic, Threat, URL Filtering, and PDF summary. Click on any of those reports (in any group) and a default view of the last 24 hours of traffic will display. Task 2 – Setting up custom reports Step 1: Click on the “Monitor” tab then the “Manage Custom Reports” node (second from last) Step 2: Click “Add” (in the lower left) and name the report “Traffic Stats” (in the “Custom Report” pop-‐up) Step 3: Use the following information to create this report: ü Database ....................................... Application Statistics ü Time Frame ................................... Last 24 Hrs ü Selected Columns ......................... App Category, App Sub Category, Risk of App, Sessions ü Sort By ........................................... Sessions : Top 10 Step 4: Click “Run Now” (at the top of the pop-‐up) Step 5: Click “Ok” when done reviewing the results Task 3 – SE “Demo Box” review The facilitator will log into the Palo Alto Networks’ SE Demo Box to review a fully populated firewall. End of Activity 7

32. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 32 Request a free evaluation/AVR Report and you’ll get entered into today’s PA 200 drawing! Ask you Palo Alto Networks Sales Representative or Palo Alto Networks Partner for more information

33. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 33 Appendix-‐1: Alternative Login Method to Student Desktop This appendix shows you how to login to the student desktop using other connectivity method. Please complete the procedures outlined in Activity-‐0: Task-‐1 to login to the UTD Workshop before you continue. There are two other methods that you can use to login to the student desktop: -‐ Use “Console” feature in workshop (Java client required) -‐ Use RDP client if it is installed on the laptop Both methods are described below and you can select the one that best fit what you have installed on your laptop. Note that RDP protocol may not be supported on all networks so please verify that RDP is supported at your location. Login to the student desktop using Java Console (Java client required) Step 1: Click on the “Student Desktop” after login to the UTD workshop Step 2: Click on the Console link on “switch to Console’. This will run the Java client.

34. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 34 Step 3: Allow to Java to run VncViewer application. You may need to click “Run” a few times. Step 2: Click on the “Don’t Block” on the Java Security Warning message. Step 3: After allowing the Java client to run, you will see the student desktop display. Click the “Send Ctrl-‐ Alt-‐Del” to open the login window and use the Username and Password as indicated on your browser, not the one indicated below. You should be login to the student desktop after entering the login name and password.

35. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 35 Login to the student desktop with RDP client If you have RDP client installed on your laptop, you have the option to connect directly to the student desktop over RDP. Step 1: Click on the “Virtual Machines” tap to the top to view all the Virtual Machines in the environment. Step 2: Click on the “More details” in the “VM-‐Series Virtual Firewall”. Note: Not the one under “Student Desktop”. Step 3: Copy the URL in External Address under VM Details of the “VM-‐Series Virtual Firewall. You can click on the blue icon next to the address to copy it to the clipboard.

36. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 36 Step 4: Open the RDP client on your laptop and paste URL to the host or PC field. (Note: Not the URL as shown below.) Step 5: On the browser, click on the “More details” link on the “Student Desktop”, then click on the “show password” link under Credentials. Use the password to login to the student desktop. Step 6: Use the username and password to login to the student desktop.

37. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 37 Step 7: Click “Connect” on the certificate error message. Step 8: You should be connected to the student desktop after that.

38. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 38 Appendix-‐2: Support for Non-‐US keyboards If you are using a Non-‐US keyboard and have difficulties entering any characters and special keys, you can add a keyboard to the student desktop to support what you have or use the on-‐screen keyboard. This appendix shows you how to add, select an international keyboards or use the on-‐screen keyboard. By default, the “English (United Sates)” and “French (France)” keyboards are added to the student desktop. Click on the bottom left corner to switch between them.

39. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 39 Add new international keyboard To add other keyboards, go to Start > Control Panel. Click on “Change Keyboards or other input methods” Click on change keyboard Click “Add” to add a new international keyboard. Then switch to the new keyboard per the instruction on the previous page.

40. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 40 Use the on-‐screen keyboard To use the on-‐screen keyboard. Step 1: Click on Start -‐>All Programs Step 2: Click “Accessories”

41. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 41 Step 3: Click “Ease of Access” and then “On-‐Screen Keyboard” Step 4: You should now see the windows On-‐Screen Keyboard. To pass keys inside the VM image that do not work on your keyboard, simply select the key using a mouse.

42. Ultimate Test Drive -‐ NGFW UTD 2.1CS Page 42 Equipment Setup Firewall VM-‐Series Interface: Int Type: IP Address: Connects to Zone: Ethernet 1/1 L3 172.16.1.1 "Untrust" Ethernet 1/2 L3 192.168.11.1 "Trust" Ethernet 1/3 Ethernet 1/4 Management -‐ 10.30.11.1

Ultimate Test Drive NGFW Workshop Guide 2.1.pdf

Estás leyendo una previsualización.

Eche un vistazo a continuación

Ultimate Test Drive NGFW Workshop Guide 2.1.pdf

Más Contenido Relacionado

Más reciente (20)

Destacado (20)