Overview of Palo Alto Firewall

Comments · 335 Views

In this blig i will discuss about,
1. Introduction of firewall
2. Features and Benefits
3. User Identification of firewall
and much more..

Introduction :

This chapter provides an overview of the firewall:

• “Firewall Overview” in the next section

• “Features and Benefits” 

• “Management Interfaces”

The Palo Alto Networks firewall allows you to specify security policies based on accurate identification of each application seeking access to your network. Unlike traditional firewalls that identify applications only by protocol and port number, the firewall uses packet inspection and a library of application signatures to distinguish between applications that have the same protocol and port, and to identify potentially malicious applications that use non-standard ports.

For example, you can define security policies for specific applications, rather than rely on a single policy for all port 80 connections. For each identified application, you can specify a security policy to block or allow traffic based on the source and destination zones and addresses (IPv4 and IPv6). Each security policy can also specify security profiles to protect against viruses, spyware, and other threats.

 

Become a Palo Alto Certified professional by learning this HKR Palo Alto Training !

 

Features and Benefits :

The firewall provides granular control over the traffic allowed to access your network. The primary features and benefits include:

• Application-based policy enforcement—Access control by application is far more effective when application identification is based on more than just protocol and port number. High risk applications can be blocked, as well as high risk behavior, such as filesharing. Traffic encrypted with the s Layer (SSL) protocol can be decrypted and inspected.

• User Identification (User-ID)—User-ID allows administrators to configure and enforce firewall policies based on users and user groups, instead of or in addition to network zones and addresses. The firewall can communicate with many directory servers, such as Microsoft Active Directory, eDirectory, SunOne, OpenLDAP, and most other LDAP based directory servers to provide user and group information to the firewall. This information can then be used to provide an invaluable method of providing secure application enablement that can be defined per user or group. For example, the administrator could allow one organization to use a web-based application, but no other organizations in the company would be able to use that application. You can also configure granular control of certain components of an application based on users and groups.

 Threat prevention—Threat prevention services that protect the network from viruses, worms, spyware, and other malicious traffic can be varied by application and traffic source.

• URL filtering—Outbound connections can be filtered to prevent access to inappropriate web sites.

 

• Traffic visibility—Extensive reports, logs, and notification mechanisms provide detailed visibility into network application traffic and security events. The Application Command Center (ACC) in the web interface identifies the applications with the most traffic and the highest security risk.

• Networking versatility and speed—The firewall can augment or replace your existing firewall, and can be installed transparently in any network or configured to support a switched or routed environment. Multi-gigabit speeds and a single-pass architecture provide all services with little or no impact on network latency.

• GlobalProtect—GlobalProtect provides security for client systems, such as laptops, that are used in the field by allowing easy and secure login from anywhere in the world.

• Fail-safe operation—High availability support provides automatic failover in the event of any hardware or software disruption.

• Malware analysis and reporting—WildFire provides detailed analysis and reporting on malware that traverses the firewall.

• VM-Series Firewall—Provides a virtual instance of PAN-OS positioned for use in a virtualized data center environment and particularly well suited for private and public cloud deployments. Installs on any x86 device that is capable of running VMware ESXi, without the need to deploy Palo Alto Networks hardware.

• Management and Panorama—Each firewall is managed through an intuitive web interface or a command-line interface (CLI), or all devices can be centrally managed through the Panorama centralized management system, which has a web interface very similar to the device web interface.

Management Interfaces :

The firewall supports the following management interfaces. Refer to “Supported Browsers” on page 27 for a list of supported browsers.

• Web interface—Configuration and monitoring over HTTP or HTTPS from a web browser.

• CLI—Text-based configuration and monitoring over Telnet, Secure Shell (SSH), or the console port (refer to the PAN-OS Command Line Interface Reference Guide).

• Panorama—Palo Alto Networks product that provides web-based management, reporting, and logging for multiple firewalls. The Panorama interface is similar to the device web interface, with additional management functions included. Refer to “Setting Up Panorama”  for instructions on installing Panorama and “Central Device Management Using Panorama”  for information on using Panorama.

• Simple Network Management Protocol (SNMP)—Palo Alto Networks products support SNMPv2c and SNMPv3, read-only access over SNMP, and support for TRAPS.

• Syslog—Provides message generation for one or more remote syslog servers.

Comments