Firewall Installation, Configuration, and Management: Essentials I Lab Manual PAN-OS 6.0 PAN-EDU-101 Rev C.200
Oct 03, 2015
Firewall Installation, Configuration, and Management: Essentials I Lab Manual PAN-OS 6.0 PAN-EDU-101 Rev C.200
Palo Alto Networks, Inc. www.paloaltonetworks.com 2007-2014 Palo Alto Networks. All rights reserved. Palo Alto Networks, PAN-OS, and Panorama are trademarks of Palo Alto Networks, Inc. All other trademarks are the property of their respective owners.
Convention Meaning Example
Boldface Names of commands, keywords, and selectable items in the web interface
Click Security to open the Security Rule Page
Italics Name of parameters, files, directories, or Uniform Resource Locators (URLs)
The address of the Palo Alto Networks home page is http://www.paloaltonetworks.com
courier font Coding examples and text that you enter at a command prompt
Enter the following command: a:\setup
Click Click the left mouse button Click Administrators under the Device tab.
Right-click Click the right mouse button Right-click on the number of a rule you want to copy, and select Clone Rule.
........................................................................................................
.....................................................................................................................
................................................................................................................
.......................................................................................................................
!" ..........................................................................................
#$%#" ......................................................................... &! ................................................................................................................................................................................ "
#$% .......................................................................................................................................................... "
#'% !(!")*......................................................................... +! ................................................................................................................................................................................ &
#$% .......................................................................................................................................................... &
#,%-,(!" .............................................................................................. $.! ..............................................................................................................................................................................
#$% ........................................................................................................................................................
#/%0 1 ....................................................................................................................... $'! .................................................................................................................................................................... '
#$% ........................................................................................................................................................ '
!' .................................................................................................................................................................... (
#$% ........................................................................................................................................................ )
*+ ............................................................................................................................................................................ )
#2%(0 1 ................................................................................................................ $2! .............................................................................................................................................................................. ,
#$% ........................................................................................................................................................ -
*+ ............................................................................................................................................................................ -
#%1- ................................................................................................................ $! .............................................................................................................................................................................. .
#$% ........................................................................................................................................................ "
*+ ............................................................................................................................................................................ "
.................................................................................................................................. $+/0%1*+2 ......................................................................................................................... &
/'0%3 .................................................................................................................................. '
/(0*(3 ..................................................................................................................................... '(
/)0% ............................................................................................................................................................. '-
/,03% ...................................................................................................................................................... (-
/- ................................................................................................................................................ )(
( 3! ........................................................................................................................... //0/.................................................................................................................. ).
/'0%3 .................................................................................................................................. ).
/(0*(3 ..................................................................................................................................... )"
/)0% ............................................................................................................................................................. )"
/,03% ...................................................................................................................................................... )"
/- ................................................................................................................................................ )"
*+4+5 +5
6
++5+7$ /
+ %8
+$5
+89++ 8
999
+
:6843++;!!
!
DHCP- enabled Network
Internet
+6
'
+9!
' !88#*?
( '
- 8
#*?
) 9
"
!"# !%+6
3/4
3
;+9
/4% ;%
%/4
%9+8
+
9
%8
>+%5#84586-81
A/*%3*% 3 8
++
$%&
3! 640170$.$01!
New Administrator Role name Policy Admins New Administrator Account name ip-admin New Administrator Account password paloalto New password for the admin account paloalto
#
!"#%'
(
)&
>8
++5
' 3%
+/4
%8%/4&' -" B') 4
192.168.1.100/24 %8%+
/4%
( 3++/4
) :/4%.
, +88
*- :+6BBCMGT_port_IP_addressD %
8%/4&' -" B')
. +
" * %8
adminadmin +
& 398 4%
&&'(
39199
39!"
' pre-101-labs 4 ( 398
) 398
+&&
, 39199
- 39 !"
. 39:
" 398
& 398
' 394(!"
$
' !640170$.$01! 398
'' 398
'( 39(9>+% 398
89(
') '
/4%&' -" %3@
+8 +8
E 3@&' -" B')+
E :+6BB&' -"
E *'
adminadmin $
', 39193
'- 396
Policy Admins ;7 + 397+6
#
45
1
6-
7+
398
!
'. 3919
'" 39 3paloalto 398
'& 39 36
ip-admin B3 paloalto # !3:
!6-
398
( 39(9>+% 398
89(
( :+>+%5+
?58>+%38
%5 3
(' >58
(( *+9'
>+%adminpaloalto
$$
!,#%&&'(%+6
3!F
3+
-
;1:32 %
598
99
3=+ 3
=
6++'
8++
++
$%&
Interface to use for tap interface Ethernet1/3
Interfaces to use for virtual wire Ethernet1/3 Ethernet1/4 Name for the tap zone tap-zone Name for the virtual wire zones vwire-zone-3
vwire-zone-4 Name for the virtual wire object student-vwire
$
!,#%&&
.
%8>+%
' 39=6
vwire-zone-3 !+%969-B
' 5$
( 396
+
Allow All Out +
!F 39?0,
! !-
1 +
F 3970,
!-
+
!-
=73("- +
! ! -
+
! !
*! ! "
) 398
2%), 39%+6
+
Deny and Log Inbound +
!F 3970,
! !-
1 +
F 39?0,
!-
+
39-+5
=73("- +
! ! -
+
! ! 1-
*! ! "
$#
- 398
. /9+1-" !
&
" +++ ;++
>+
& 3"$!
3"#!
4#9"9?!!%+
),
399
' 39% 6
Known-Good 39 6
!
!
!
0
"
0"
398
2 )
( !6-91
%)
) 4>+%969-
, 396
+
General Internet +
!F 39?0,
! !-
1 +
F 3970,
!-
+
39804
=73("- +
! ! 0!
+
! !
*! ! "
398
)2 &&
- 3969-
. 39Deny and Log Outbound6
+
Deny and Log Outbound +
!F 39?0,
! !-
1 +
F 3970,
!-
+
39-+5
=73("- +
! ! -
+
! ! 1-
*! ! "
398
" #!6
B
B 1-"
B 1-"
/9!+
& 39(9>+% 398
+
/&% 73
+++ +"
))(9L;++
!
+?+9 +++
' + !"#! +++
$
( 4#9"9?!!+
;"#""$"+
) !"#!5 !&!
, 395++9
&
73)- #>+%9193
. ?'$(91
" 39"'$(+5898
& 39(9>+% 398
+
' :+ !"$!
I95+9
)1
2) 391-"91+
' 39 91+
*
( 4>+%99B
) 3956
Proxies "- !C-
398
, 39>+I?!6
Web-Based-File-Sharing "- !!0"
?"- !0
398
- 399
. 39KnownBad6
Known-Bad
39 6
6C
;0:00"
398
+)
" 3969-
& 39:5080:6
+
Block-Known-Bad +
!F 390,
! !-
1 +
F 3970,
!-
+
3980:
=73("- +
! ! -
+
! ! 1-
*! ! "
398
"!6
+
Allow and Log Outbound +
!F 39?0,
! !-
1 +
F 3970,
!-
+
39-+5
=73("- +
! ! -
+
! !
*! ! "
398
#++ ;
+9 3
996
E I9GI
E *:
E *%+
/9+
' 39(9>+% 398
+
/&% 73( 3%85++9++9
"#!
) 3"#!&!
, 39((+33
33
- 39
. 39C+5
" )&*(33
!8#6%2%+6
3!
3!
!!4!
4
8
! $6
*#*+*(= %89
+
9+(
I9#*6
o
o $+
o 9
*8++989
*( %
35++9
8+
5 ++,+
89+9
/9+
:8+
;+ 3
') %
81+28+
5?
$%&
Custom Technology sites to track
www.slashdot.org www.cnet.com www.phys.org www.zdnet.com
Location of files for testing antivirus
1. Browse to http://www.eicar.org 2. Click Anti-Malware Testfile. 3. Click Download 4. Download any of the files using http only.
Do not use the SSL links.
Government site for testing URL Filtering www.cia.gov
Procedure for testing file blocking 1. Navigate to the web site http://www.opera.com 2. Download the installer to your local system
4 ;+
JGIK
:8
!8#6%26+'
+
&+$*
4>+%99(973("-B
' 39#*6
TechSites ! 39#*6
www.slashdot.org www.cnet.com www.zdnet.com
3983#*3
&+$&)&
( 399-6!973"B
) 39#*?6
student-url-filtering 3B 39
399
!("-5"" !
(+
!("-
56
,"
$
H)("-
398#*?
!
& )&
, 399-6!9B
- 396
student-antivirus +
93 3965(+5
!
*-
*
398
& 6)&
. 399-6!90-B
" 396
student-antispyware 3+ 396
#6rule-1 6!
!639+5 !
398
396
#6rule-2 6!
!639+5("
398
398
*73)&0&
& 399-6!9:5"
39+96
Name student-file-block Rules list 396
#6blockexe ?6 exe
6!5
398+9
)&)
3969-B
"
' 39"
6
+
!6!
!0
! !0-
#*? !00!"
?I9 !0!05
398
( 39(9>+% 398
+
)&
) :+ !!(
, 390#?!
- ;+3
. 3919
" +J
K 1!!* ++
#
', 39(9>+% 398
+
)&'- :+
'. 390#?!
'" 3919
'& +J
K 8+98
( ##9"9?>+%
+9
( ,8733+
+$*)&
(' :+++
(( %>+%89#9"973" H#*
+
() +
%+8+!(& +9
3++
*73)&0&
(, :+ !!!
(- :+
(. 39#9"91"5
&)&
(" #>+%99-6!
(& 396
student-profile-group !0
! !0-
#*? !00!"
?I9 !0!05
398
)&)
) 3969-
) 39"
6
+
!
4 ! 0!0"
398
)' 39(9>+% 398
+
$
)( 39#9#"(3
)) 396
Top Threats by Day + !-10?
? !'/
!+ !(?$.
4+ !4 $.
!3 (8
6
?=(4
?"-
("-
(
MI I$6
36!
+6!3
:6!D
H6Allow and Log Outbound 39
398
), 39 3934
)- + 39C61#
9
). 39(9>+% 398
+9(
$
!9#2%+6
3!!*
35
;+
+!!*
1 8 !"$!2
;59 :
*(*(+ !8
!!*
++
!888+
6
!!(+
3+#*
+
$%&Self-signed Certificate name student-ssl-cert Common Name of the SSL Certificate 192.168.2.1
Decryption Policies no-decrypt-traffic decrypt-all-traffic
4 ;++ 5+
++ %
+
+93H!
:09JKJK
!962
/&& :+
' 390#?!
( 3919
) =+J8
!!*+K
, 4'
4%9#9"9? !!*
&6&
- 3919(!#"9(!
. 39+6
3 student-ssl-cert 3 192.168.2.1 3 39+5
39 398
" 3900 39+5
?(!7(! 398
2)
& 39691-
39!!*56
+
no-decrypt-traffic +
!F 39?0,
1+
F 3970,
73("-+
#*3 39#*6
00
"
!0
+
!0-
!6C-
398
39!!*6
+
decrypt-all-traffic +
!F 39?0,
1+
F 3970,
73("-+
#*3 H-+59
+
!-
!6C-
398
' 3 996
( 39(9>+% 398
+93
2) :+
' 390#?!
( 3919
) =+J8
!!*+K 5++
!!*
, % +9
- %>+%85#9"9?
+8!!*
. 39+ "1 H
1-+599
" :+ !"(!$!
& #*+5+JK
/9#* ?56
6 !"$!
6 !!
6 !.!
%>+%89#9"9?!!
!))(+1 port.dst eq 443 )
' !$.
( %+8!!*12+
5#*
) 6BB+9"(!.!5
, #/DD*
- %#*3895
73("-
. ?5+9 73("-
" 39+"1 H
1-+5#9
& ?5+9 73("-
' 39+"1 H
1-+5#9
!
Module 1 Scenario Administration and ManagementModule 2 Scenario Interface ConfigurationModule 3 Scenario Layer 3 ConfigurationModule 4 Scenario AppIDModule 5 Scenario ContentIDModule 6 Scenario Decryption