Pan-edu-101 - Lab Manual Pan-os 6 0 - Rev c

Firewall Installation, Configuration, and Management: Essentials I Lab Manual PAN-OS 6.0 PAN-EDU-101 Rev C.200

Palo Alto Networks, Inc. www.paloaltonetworks.com 2007-2014 Palo Alto Networks. All rights reserved. Palo Alto Networks, PAN-OS, and Panorama are trademarks of Palo Alto Networks, Inc. All other trademarks are the property of their respective owners.

Convention Meaning Example

Boldface Names of commands, keywords, and selectable items in the web interface

Click Security to open the Security Rule Page

Italics Name of parameters, files, directories, or Uniform Resource Locators (URLs)

The address of the Palo Alto Networks home page is http://www.paloaltonetworks.com

courier font Coding examples and text that you enter at a command prompt

Enter the following command: a:\setup

Click Click the left mouse button Click Administrators under the Device tab.

Right-click Click the right mouse button Right-click on the number of a rule you want to copy, and select Clone Rule.

........................................................................................................

.....................................................................................................................

................................................................................................................

.......................................................................................................................

!" ..........................................................................................

#$%#" ......................................................................... &! ................................................................................................................................................................................ "

#$% .......................................................................................................................................................... "

#'% !(!")*......................................................................... +! ................................................................................................................................................................................ &

#$% .......................................................................................................................................................... &

#,%-,(!" .............................................................................................. $.! ..............................................................................................................................................................................

#$% ........................................................................................................................................................

#/%0 1 ....................................................................................................................... $'! .................................................................................................................................................................... '

#$% ........................................................................................................................................................ '

!' .................................................................................................................................................................... (

#$% ........................................................................................................................................................ )

*+ ............................................................................................................................................................................ )

#2%(0 1 ................................................................................................................ $2! .............................................................................................................................................................................. ,

#$% ........................................................................................................................................................ -

*+ ............................................................................................................................................................................ -

#%1- ................................................................................................................ $! .............................................................................................................................................................................. .

#$% ........................................................................................................................................................ "

*+ ............................................................................................................................................................................ "

.................................................................................................................................. $+/0%1*+2 ......................................................................................................................... &

/'0%3 .................................................................................................................................. '

/(0*(3 ..................................................................................................................................... '(

/)0% ............................................................................................................................................................. '-

/,03% ...................................................................................................................................................... (-

/- ................................................................................................................................................ )(

( 3! ........................................................................................................................... //0/.................................................................................................................. ).

/'0%3 .................................................................................................................................. ).

/(0*(3 ..................................................................................................................................... )"

/)0% ............................................................................................................................................................. )"

/,03% ...................................................................................................................................................... )"

/- ................................................................................................................................................ )"

*+4+5 +5

6

++5+7$ /

+ %8

+$5

+89++ 8

999

+

:6843++;!!

!

DHCP- enabled Network

Internet

+6

'

+9!

' !88#*?

( '

- 8

#*?

) 9

"

!"# !%+6

3/4

3

;+9

/4% ;%

%/4

%9+8

+

9

%8

>+%5#84586-81

A/*%3*% 3 8

++

$%&

3! 640170$.$01!

New Administrator Role name Policy Admins New Administrator Account name ip-admin New Administrator Account password paloalto New password for the admin account paloalto

#

!"#%'

(

)&

>8

++5

' 3%

+/4

%8%/4&' -" B') 4

192.168.1.100/24 %8%+

/4%

( 3++/4

) :/4%.

, +88

*- :+6BBCMGT_port_IP_addressD %

8%/4&' -" B')

. +

" * %8

adminadmin +

& 398 4%

&&'(

39199

39!"

' pre-101-labs 4 ( 398

) 398

+&&

, 39199

- 39 !"

. 39:

" 398

& 398

' 394(!"

$

' !640170$.$01! 398

'' 398

'( 39(9>+% 398

89(

') '

/4%&' -" %3@

+8 +8

E 3@&' -" B')+

E :+6BB&' -"

E *'

adminadmin $

', 39193

'- 396

Policy Admins ;7 + 397+6

#

45

1

6-

7+

398

!

'. 3919

'" 39 3paloalto 398

'& 39 36

ip-admin B3 paloalto # !3:

!6-

398

( 39(9>+% 398

89(

( :+>+%5+

?58>+%38

%5 3

(' >58

(( *+9'

>+%adminpaloalto

$$

!,#%&&'(%+6

3!F

3+

-

;1:32 %

598

99

3=+ 3

=

6++'

8++

++

$%&

Interface to use for tap interface Ethernet1/3

Interfaces to use for virtual wire Ethernet1/3 Ethernet1/4 Name for the tap zone tap-zone Name for the virtual wire zones vwire-zone-3

vwire-zone-4 Name for the virtual wire object student-vwire

$

!,#%&&

.

%8>+%

' 39=6

vwire-zone-3 !+%969-B

' 5$

( 396

+

Allow All Out +

!F 39?0,

! !-

1 +

F 3970,

!-

+

!-

=73("- +

! ! -

+

! !

*! ! "

) 398

2%), 39%+6

+

Deny and Log Inbound +

!F 3970,

! !-

1 +

F 39?0,

!-

+

39-+5

=73("- +

! ! -

+

! ! 1-

*! ! "

$#

- 398

. /9+1-" !

&

" +++ ;++

>+

& 3"$!

3"#!

4#9"9?!!%+

),

399

' 39% 6

Known-Good 39 6

!

!

!

0

"

0"

398

2 )

( !6-91

%)

) 4>+%969-

, 396

+

General Internet +

!F 39?0,

! !-

1 +

F 3970,

!-

+

39804

=73("- +

! ! 0!

+

! !

*! ! "

398

)2 &&

- 3969-

. 39Deny and Log Outbound6

+

Deny and Log Outbound +

!F 39?0,

! !-

1 +

F 3970,

!-

+

39-+5

=73("- +

! ! -

+

! ! 1-

*! ! "

398

" #!6

B

B 1-"

B 1-"

/9!+

& 39(9>+% 398

+

/&% 73

+++ +"

))(9L;++

!

+?+9 +++

' + !"#! +++

$

( 4#9"9?!!+

;"#""$"+

) !"#!5 !&!

, 395++9

&

73)- #>+%9193

. ?'$(91

" 39"'$(+5898

& 39(9>+% 398

+

' :+ !"$!

I95+9

)1

2) 391-"91+

' 39 91+

*

( 4>+%99B

) 3956

Proxies "- !C-

398

, 39>+I?!6

Web-Based-File-Sharing "- !!0"

?"- !0

398

- 399

. 39KnownBad6

Known-Bad

39 6

6C

;0:00"

398

+)

" 3969-

& 39:5080:6

+

Block-Known-Bad +

!F 390,

! !-

1 +

F 3970,

!-

+

3980:

=73("- +

! ! -

+

! ! 1-

*! ! "

398

"!6

+

Allow and Log Outbound +

!F 39?0,

! !-

1 +

F 3970,

!-

+

39-+5

=73("- +

! ! -

+

! !

*! ! "

398

#++ ;

+9 3

996

E I9GI

E *:

E *%+

/9+

' 39(9>+% 398

+

/&% 73( 3%85++9++9

"#!

) 3"#!&!

, 39((+33

33

- 39

. 39C+5

" )&*(33

!8#6%2%+6

3!

3!

!!4!

4

8

! $6

*#*+*(= %89

+

9+(

I9#*6

o

o $+

o 9

*8++989

*( %

35++9

8+

5 ++,+

89+9

/9+

:8+

;+ 3

') %

81+28+

5?

$%&

Custom Technology sites to track

www.slashdot.org www.cnet.com www.phys.org www.zdnet.com

Location of files for testing antivirus

1. Browse to http://www.eicar.org 2. Click Anti-Malware Testfile. 3. Click Download 4. Download any of the files using http only.

Do not use the SSL links.

Government site for testing URL Filtering www.cia.gov

Procedure for testing file blocking 1. Navigate to the web site http://www.opera.com 2. Download the installer to your local system

4 ;+

JGIK

:8

!8#6%26+'

+

&+$*

4>+%99(973("-B

' 39#*6

TechSites ! 39#*6

www.slashdot.org www.cnet.com www.zdnet.com

3983#*3

&+$&)&

( 399-6!973"B

) 39#*?6

student-url-filtering 3B 39

399

!("-5"" !

(+

!("-

56

,"

$

H)("-

398#*?

!

& )&

, 399-6!9B

- 396

student-antivirus +

93 3965(+5

!

*-

*

398

& 6)&

. 399-6!90-B

" 396

student-antispyware 3+ 396

#6rule-1 6!

!639+5 !

398

396

#6rule-2 6!

!639+5("

398

398

*73)&0&

& 399-6!9:5"

39+96

Name student-file-block Rules list 396

#6blockexe ?6 exe

6!5

398+9

)&)

3969-B

"

' 39"

6

+

!6!

!0

! !0-

#*? !00!"

?I9 !0!05

398

( 39(9>+% 398

+

)&

) :+ !!(

, 390#?!

- ;+3

. 3919

" +J

K 1!!* ++

#

', 39(9>+% 398

+

)&'- :+

'. 390#?!

'" 3919

'& +J

K 8+98

( ##9"9?>+%

+9

( ,8733+

+$*)&

(' :+++

(( %>+%89#9"973" H#*

+

() +

%+8+!(& +9

3++

*73)&0&

(, :+ !!!

(- :+

(. 39#9"91"5

&)&

(" #>+%99-6!

(& 396

student-profile-group !0

! !0-

#*? !00!"

?I9 !0!05

398

)&)

) 3969-

) 39"

6

+

!

4 ! 0!0"

398

)' 39(9>+% 398

+

$

)( 39#9#"(3

)) 396

Top Threats by Day + !-10?

? !'/

!+ !(?$.

4+ !4 $.

!3 (8

6

?=(4

?"-

("-

(

MI I$6

36!

+6!3

:6!D

H6Allow and Log Outbound 39

398

), 39 3934

)- + 39C61#

9

). 39(9>+% 398

+9(

$

!9#2%+6

3!!*

35

;+

+!!*

1 8 !"$!2

;59 :

*(*(+ !8

!!*

++

!888+

6

!!(+

3+#*

+

$%&Self-signed Certificate name student-ssl-cert Common Name of the SSL Certificate 192.168.2.1

Decryption Policies no-decrypt-traffic decrypt-all-traffic

4 ;++ 5+

++ %

+

+93H!

:09JKJK

!962

/&& :+

' 390#?!

( 3919

) =+J8

!!*+K

, 4'

4%9#9"9? !!*

&6&

- 3919(!#"9(!

. 39+6

3 student-ssl-cert 3 192.168.2.1 3 39+5

39 398

" 3900 39+5

?(!7(! 398

2)

& 39691-

39!!*56

+

no-decrypt-traffic +

!F 39?0,

1+

F 3970,

73("-+

#*3 39#*6

00

"

!0

+

!0-

!6C-

398

39!!*6

+

decrypt-all-traffic +

!F 39?0,

1+

F 3970,

73("-+

#*3 H-+59

+

!-

!6C-

398

' 3 996

( 39(9>+% 398

+93

2) :+

' 390#?!

( 3919

) =+J8

!!*+K 5++

!!*

, % +9

- %>+%85#9"9?

+8!!*

. 39+ "1 H

1-+599

" :+ !"(!$!

& #*+5+JK

/9#* ?56

6 !"$!

6 !!

6 !.!

%>+%89#9"9?!!

!))(+1 port.dst eq 443 )

' !$.

( %+8!!*12+

5#*

) 6BB+9"(!.!5

, #/DD*

- %#*3895

73("-

. ?5+9 73("-

" 39+"1 H

1-+5#9

& ?5+9 73("-

' 39+"1 H

1-+5#9

!

Module 1 Scenario Administration and ManagementModule 2 Scenario Interface ConfigurationModule 3 Scenario Layer 3 ConfigurationModule 4 Scenario AppIDModule 5 Scenario ContentIDModule 6 Scenario Decryption