You are on page 1of 62

Laporan Preventive Maintenance Firewall PA-5220

(Pheasant & Starling)


Periode Februari – Maret 2019
PT. Bank Rakyat Indonesia, Tbk

© 2019 PT. IP Network Solusindo. Hak Cipta dilindungi oleh undang-undang. Dokumen ini mengandung
informasi yang rahasia dan hanya diperuntukkan bagi PT. Bank Rakyat Indonesia, Tbk dan PT. IP Network
Solusindo.

Page 1 of 62
Document Changes & Approval

Laporan Preventive Maintenance Firewall PA-5220 (Pheasant &


TITLE
Starling) Periode Februari – Maret 2019
OWNER Abdul Rochim
REV.
Rev Date Description Changed By Checked By

Pihak Pertama : PT Bank Rakyat Indonesia. Tbk

Title Name Sign Date

Kepala Bagian OST Tri Danarto

Jr. System Engineer Fatra P

Pihak Kedua : PT IP Network Solusindo

Title Name Sign Date

Service Delivery Manager Doris Taneo

Senior Security Engineer Abdul Rochim

Page 2 of 62
Daftar Isi
1. Executive Summary ............................................................................................................................. 6
1.1 Latar Belakang Pekerjaan .............................................................................................................. 6
1.2 Ruang Lingkup Pekerjaan .............................................................................................................. 6
2. Informasi Perangkat Paloalto BRI Sudirman ....................................................................................... 7
2.1 Serial Number Perangkat .............................................................................................................. 7
2.2 Topologi Firewall Pheasant Starling DC GTI .................................................................................. 8
3. Palo Alto Networks PA-5220 Pheasant ............................................................................................... 9
3.1 General Info .................................................................................................................................. 9
3.2 System Resources ....................................................................................................................... 10
3.3 HA Status (Active-Active Cluster) ................................................................................................ 10
3.4 Alarm Logs................................................................................................................................... 11
3.5 Interface Status (Virtual Wire) .................................................................................................... 12
3.5.1 Interface Ethernet1/1 .......................................................................................................... 13
3.5.2 Interface Ethernet1/2 .......................................................................................................... 14
3.5.3 Interface Ethernet1/5 .......................................................................................................... 15
3.5.4 Interface Ethernet1/6 .......................................................................................................... 16
3.5.5 Interface Ethernet1/7 .......................................................................................................... 17
3.5.6 Interface Ethernet1/8 .......................................................................................................... 18
3.5.7 Interface Ethernet1/9 .......................................................................................................... 19
3.5.8 Interface Ethernet1/10 ........................................................................................................ 20
3.5.9 Interface Ethernet1/11 ........................................................................................................ 21
3.5.10 Interface Ethernet1/12 ...................................................................................................... 22
3.5.11 Interface Ethernet 1/13 ..................................................................................................... 23
3.5.12 Interface Ethernet 1/14 ..................................................................................................... 24
3.5.13 Interface Ethernet 1/16 ..................................................................................................... 25
3.5.14 Interface Ethernet 1/17 ..................................................................................................... 26
3.5.15 Interface Ethernet 1/19 ..................................................................................................... 27
3.5.16 Interface Ethernet 1/20 ..................................................................................................... 28
3.6 Address Book .............................................................................................................................. 29
3.7 Address Group ............................................................................................................................ 29
3.8 Service Object ............................................................................................................................. 30
3.9 Service Group .............................................................................................................................. 30
3.10 Security Policy ........................................................................................................................... 31

Page 3 of 62
3.11 Disk Space ................................................................................................................................. 31
3.12 System Environment ................................................................................................................. 32
3.13 Monitoring Throughput ............................................................................................................ 33
3.14 Monitoring License ................................................................................................................... 33
3.15 Monitoring Support .................................................................................................................. 34
4. Palo Alto Networks PA-5220 Starling ................................................................................................ 35
4.1 General Info ................................................................................................................................ 35
4.2 System Resources ....................................................................................................................... 36
4.3 HA Status (Active-Active Cluster) ................................................................................................ 36
4.4 Alarm Logs................................................................................................................................... 37
4.5 Interface Status (Virtual Wire) .................................................................................................... 38
4.5.1 Interface Ethernet1/1 .......................................................................................................... 39
4.5.2 Interface Ethernet1/2 .......................................................................................................... 40
4.5.3 Interface Ethernet1/5 .......................................................................................................... 41
4.5.4 Interface Ethernet1/6 .......................................................................................................... 42
4.5.5 Interface Ethernet1/7 .......................................................................................................... 43
4.5.6 Interface Ethernet1/8 .......................................................................................................... 44
4.5.7 Interface Ethernet1/9 .......................................................................................................... 45
4.5.8 Interface Ethernet1/10 ........................................................................................................ 46
4.5.9 Interface Ethernet1/11 ........................................................................................................ 47
4.5.10 Interface Ethernet1/12 ...................................................................................................... 48
4.5.11 Interface Ethernet 1/13 ..................................................................................................... 49
4.5.12 Interface Ethernet 1/14 ..................................................................................................... 50
4.5.13 Interface Ethernet 1/16 ..................................................................................................... 51
4.5.14 Interface Ethernet 1/17 ..................................................................................................... 52
4.5.15 Interface Ethernet 1/19 ..................................................................................................... 53
4.5.16 Interface Ethernet 1/20 ..................................................................................................... 54
4.6 Address Book .............................................................................................................................. 55
4.7 Address Group ............................................................................................................................ 55
4.8 Service Object ............................................................................................................................. 56
4.9 Service Group .............................................................................................................................. 56
4.10 Security Policy ........................................................................................................................... 57
4.11 Disk Space ................................................................................................................................. 57
4.12 System Environment ................................................................................................................. 58

Page 4 of 62
4.13 Monitoring Throughput ............................................................................................................ 59
4.14 Monitoring License ................................................................................................................... 59
4.15 Monitoring Support .................................................................................................................. 59
5. Tabel Kesimpulan .............................................................................................................................. 60
6. Saran ................................................................................................................................................. 62

Page 5 of 62
1. Executive Summary
1.1 Latar Belakang Pekerjaan
Pembuatan dokumen ini bertujuan untuk memberikan laporan mengenai hasil Preventive
Maintenance Perangkat Firewall Paloalto 5220 yang telah diinstalasi di Bank Rakyat Indonesia

1.2 Ruang Lingkup Pekerjaan


Dokumen ini mencakup laporan Preventive Maintenance perbulan, yang dilakukan mulai
tanggal 7 Februari 2018 sampai dengan tanggal 6 Maret 2019.

Pengecekan Perangkat Paloalto meliputi :

No Pengecekan Perangkat

1 Pemeriksaan berkala perbulan pada perangkat untuk


memastikan kinerja perangkat, dalam hal ini paloalto seri 5220

2 Pengecekan environment perangkat (power supply, interface,


fan dan temperature)

3 Pengecekan utilisasi perangkat

4 Backup Konfigurasi perangkat pada saat dilakukan Preventive


Maintenance

5 Melakukan Pengecekan pada konfigurasi existing

6 Melakukan update OS apabila ada rekomendasi dari TAC


Support Paloalto

Page 6 of 62
2. Informasi Perangkat Paloalto BRI Sudirman
2.1 Serial Number Perangkat
PAN OS
No Platform Serial Number Hostname Lokasi
Version
1 PA-5220 013201008161 STARLING DC BRI GTI 8.1.3
2 PA-5220 013201008075 PHEASANT DC BRI GTI 8.1.3

Tabel 1. Serial Number Perangkat

Page 7 of 62
2.2 Topologi Firewall Pheasant Starling DC GTI

Gambar 1. Topologi Firewall Pheasant Starling DC GTI

Page 8 of 62
3. Palo Alto Networks PA-5220 Pheasant
3.1 General Info
Hostname : PHEASANT
IP Address : 172.18.151.137
Model : PA-5220
SN : 013201008075
Software version : 8.1.3
Application version : 8136-5363
Threat Version : 8136-5363

Uptime : 214 Days

STATUS : OK

Page 9 of 62
3.2 System Resources
Management CPU utilization : 1%
Data Plane CPU utilization : 19%
Session count : 230866
Session capacity : 4194302

STATUS : OK, in capacity

3.3 HA Status (Active-Active Cluster)


STATUS : OK

Page 10 of 62
3.4 Alarm Logs
STATUS : OK (Tidak Ada Alarm)

Page 11 of 62
3.5 Interface Status (Virtual Wire)
Interface Traffic :
Interface ethernet1/1, ethernet1/2, ethernet1/5, ethernet1/6, ethernet1/7, ethernet1/8,
ethernet1/9, ethernet1/10, Ethernet 1/11, kethernet1/12, ethernet1/13, ethernet 1/14, ethernet
1/16, ethernet 1/17 status link up semua.

Interface HA:
interface ethernet1/19 & ethernet1/20 status link up

STATUS : OK

Page 12 of 62
3.5.1 Interface Ethernet1/1

STATUS : OK (No CRC error found)

Page 13 of 62
3.5.2 Interface Ethernet1/2

STATUS : OK (No CRC error found)

Page 14 of 62
3.5.3 Interface Ethernet1/5

STATUS : OK (No CRC error found)

Page 15 of 62
3.5.4 Interface Ethernet1/6

STATUS : OK (No CRC error found)

Page 16 of 62
3.5.5 Interface Ethernet1/7

STATUS : OK (No CRC error found)

Page 17 of 62
3.5.6 Interface Ethernet1/8

STATUS : OK (No CRC error found)

Page 18 of 62
3.5.7 Interface Ethernet1/9

STATUS : OK (No CRC error found)

Page 19 of 62
3.5.8 Interface Ethernet1/10

STATUS : OK (No CRC error found)

Page 20 of 62
3.5.9 Interface Ethernet1/11

STATUS : OK (No CRC error found)

Page 21 of 62
3.5.10 Interface Ethernet1/12

STATUS : OK (No CRC error found)

Page 22 of 62
3.5.11 Interface Ethernet 1/13

STATUS : OK (No CRC error found)

Page 23 of 62
3.5.12 Interface Ethernet 1/14

STATUS : OK (No CRC error found)

Page 24 of 62
3.5.13 Interface Ethernet 1/16

STATUS : OK (No CRC error found)

Page 25 of 62
3.5.14 Interface Ethernet 1/17

STATUS : OK (No CRC error found)

Page 26 of 62
3.5.15 Interface Ethernet 1/19

STATUS : OK (No CRC error found)

Page 27 of 62
3.5.16 Interface Ethernet 1/20

STATUS : OK (No CRC error found)

Page 28 of 62
3.6 Address Book
Jumlah address book yang ada saat ini adalah 10368 dari total address book maksimum perangkat
40000
Existing Address Book : 10368
Capacity : 40000

STATUS : OK

3.7 Address Group


Jumlah address group yang ada saat ini adalah 111 dari total address group maksimum perangkat
4000
Existing Address Group : 111
Capacity : 4000

STATUS : OK

Page 29 of 62
3.8 Service Object
Jumlah service object yang ada saat ini adalah 1225 dari total service object maksimum perangkat
2000
Existing Service Object : 1225
Capacity : 2000

STATUS : OK

3.9 Service Group


Jumlah service group yang ada saat ini adalah 5 dari total maksimum service group perangkat 250
Existing Service Group : 5
Capacity : 250

STATUS : OK

Page 30 of 62
3.10 Security Policy
Jumlah Policy yang ada saat ini adalah 4318 dari total policy maksimum perangkat 20000
Existing Security rules : 4318
Capacity : 20000

STATUS : OK

3.11 Disk Space


STATUS : OK

Page 31 of 62
3.12 System Environment
Status Power Supply, Fan dan Suhu OK (No Alarm)
STATUS : OK

Page 32 of 62
3.13 Monitoring Throughput
Throughput : 572629
Capacity : 18 Gbps (App-ID Firewall Throughput)

STATUS : OK

3.14 Monitoring License


License Threat Prevention berakhir sampai dengan 27 Agustus 2018 & License PAN-DB URL
Filtering berakhir sampai dengan 19 Agustus 2019.

STATUS : OK

Page 33 of 62
3.15 Monitoring Support
Support dari PaloAlto berakhir sampai dengan 16 Agustus 2019.

STATUS : OK

Page 34 of 62
4. Palo Alto Networks PA-5220 Starling
4.1 General Info
Hostname : STARLING
IP Address : 172.18.151.138
Model : PA-5220
SN : 013201008161
Software version : 8.1.3
Application version : 8127-5316
Threat Version : 8127-5316
Uptime : 214 days

STATUS : OK

Page 35 of 62
4.2 System Resources
Management CPU utilization : 2%
Data Plane CPU utilization : 19%
Session count : 216963
Session capacity : 4194302

STATUS : OK, in capacity

4.3 HA Status (Active-Active Cluster)


STATUS : OK

Page 36 of 62
4.4 Alarm Logs
STATUS : OK (Tidak Ada Alarm)

Page 37 of 62
4.5 Interface Status (Virtual Wire)
Interface Traffic :
Interface ethernet1/1, ethernet1/2, ethernet1/5. ethernet1/6, ethernet1/7, ethernet1/8,
ethernet1/9, ethernet1/10, Ethernet 1/11 ethernet1/12, ethernet1/13, ethernet 1/14, ethernet 1/16,
ethernet 1/17 status link up semua.

Interface HA:
interface ethernet1/19 & ethernet1/20 status link up

STATUS : OK

Page 38 of 62
4.5.1 Interface Ethernet1/1

STATUS : OK (No CRC error found)

Page 39 of 62
4.5.2 Interface Ethernet1/2

STATUS : OK (No CRC error found)

Page 40 of 62
4.5.3 Interface Ethernet1/5

STATUS : OK (No CRC error found)

Page 41 of 62
4.5.4 Interface Ethernet1/6

STATUS : OK (No CRC error found)

Page 42 of 62
4.5.5 Interface Ethernet1/7

STATUS : OK (No CRC error found)

Page 43 of 62
4.5.6 Interface Ethernet1/8

STATUS : OK (No CRC error found)

Page 44 of 62
4.5.7 Interface Ethernet1/9

STATUS : OK (No CRC error found)

Page 45 of 62
4.5.8 Interface Ethernet1/10

STATUS : OK (No CRC error found)

Page 46 of 62
4.5.9 Interface Ethernet1/11

STATUS : OK (No CRC error found)

Page 47 of 62
4.5.10 Interface Ethernet1/12

STATUS : OK (No CRC error found)

Page 48 of 62
4.5.11 Interface Ethernet 1/13

STATUS : OK (No CRC error found)

Page 49 of 62
4.5.12 Interface Ethernet 1/14

STATUS : OK (No CRC error found)

Page 50 of 62
4.5.13 Interface Ethernet 1/16

STATUS : OK (No CRC error found)

Page 51 of 62
4.5.14 Interface Ethernet 1/17

STATUS : OK (No CRC error found)

Page 52 of 62
4.5.15 Interface Ethernet 1/19

STATUS : OK (No CRC error found)

Page 53 of 62
4.5.16 Interface Ethernet 1/20

STATUS : OK (No CRC error found)

Page 54 of 62
4.6 Address Book
Jumlah address book yang ada saat ini adalah 10368 dari total address book maksimum perangkat
40000
Existing Address Book : 10368
Capacity : 40000

STATUS : OK

4.7 Address Group


Jumlah address group yang ada saat ini adalah 111 dari total address group maksimum perangkat
4000
Existing Address Group : 111
Capacity : 4000

STATUS : OK

Page 55 of 62
4.8 Service Object
Jumlah service object yang ada saat ini adalah 1225 dari total service object maksimum perangkat
2000
Existing Service Object : 1225
Capacity : 2000

STATUS : OK

4.9 Service Group


Jumlah service group yang ada saat ini adalah 5 dari total maksimum service group perangkat 250
Existing Service Group : 5
Capacity : 250

STATUS : OK

Page 56 of 62
4.10 Security Policy
Jumlah Policy yang ada saat ini adalah 4318 dari total policy maksimum perangkat 20000
Existing Security rules : 4318
Capacity : 20000

STATUS : OK

4.11 Disk Space


STATUS : OK

Page 57 of 62
4.12 System Environment
Status Power Supply, Fan dan Suhu OK (No Alarm)
STATUS : OK

Page 58 of 62
4.13 Monitoring Throughput
Throughput : 470580 Kbps
Capacity : 18 Gbps (App-ID Firewall Throughput)

STATUS : OK

4.14 Monitoring License


License Threat Prevention berakhir sampai dengan 27 Agustus 2018 & License PAN-DB URL
Filtering berakhir sampai dengan 19 Agustus 2019.

STATUS : OK

4.15 Monitoring Support


Support dari Paloalto berakhir sampai dengan 16 Agustus 2019.

STATUS : OK

Page 59 of 62
5. Tabel Kesimpulan
Berdasarkan hasil pengecekan maintenance ini, system yang ada saat ini berjalan baik.

No Fitur Pheasant Starling Status

Hostname : .PHEASANT Hostname : STARLING

IP Address : 172.18.151.137 IP Address : 172.18.151.138

Model : PA-5220 SN : Model : PA-5220 SN :


013201008075 013201008161
1 General Info OK
Software version : 8.1.3 Software version : 8.1.3

Application version : 8136-5363 Application version : 8127-5316

Threat Version : 8136-5363 Threat Version : 8127-5316

Uptime : 214 days Uptime : 214 days

Management CPU utilization : 1 % Management CPU utilization : 2 %

Data Plane CPU utilization : 19 % Data Plane CPU utilization : 19 %


System
2 Resources
OK
Session count : 230866 Session count : 216963

Session capacity : 4194302 Session capacity : 4194302

HA Status : OK Status : OK OK

3 Status

Alarm
4 Tidak Ada alarm Tidak Ada Alarm OK
Logs

Interface Traffic : Interface ethernet1/1, Interface Traffic : Interface ethernet1/1,


Ethernet1/2, Ethernet1/5, ethernet1/6, Ethernet1/2, Ethernet1/5, ethernet1/6,
ethernet1/7. ethernet1/8, ethernet1/9, ethernet1/7. ethernet1/8, ethernet1/9,
Interface ethernet1/10, ethernet1/11, ethernet1/10, ethernet1/11,
5 ethernet1/12, ethernet1/13, ethernet1/12, ethernet1/13,
OK
Status
ethernet1/14, ethernet1/16, ethernet1/14, ethernet1/16,
Ethernet1/17 link up semua. Ethernet1/17 link up semua.

Interface HA: interface ethernet1/19 & Interface HA: interface ethernet1/19 &
ethernet1/20 status link up ethernet1/20 status link up

Existing Address Book : 10368 Existing Address Book : 10368


6 Address Book OK
Capacity : 40000 Capacity : 40000

7 OK

Page 60 of 62
Existing Address Group : 111 Existing Address Group : 111
Address
Group Capacity : 4000 Capacity : 4000

Service Existing Service Object : 1225 Existing Service Object : 1225


8 OK
Object
Capacity : 2000 Capacity : 2000

Existing Service Group : 5 Existing Service Group : 5


9 Service Group OK
Capacity : 250 Capacity : 250

Security Existing Security rules : 4316 Existing Security rules : 4316


10 OK
Policy Capacity : 20000 Capacity : 20000

11 Disk Space Status : OK Status : OK OK

System
12 Status : OK Status : OK OK
Environment

Throughput : 572629 Kbps Throughput : 470580 Kbps


Monitoring
13 Capacity : 18 Gbps Capacity : 18 Gbps ( OK
Throughput
(App-ID Firewall Throughput) App-ID Firewall Throughput)

License Threat Prevention berakhir License Threat Prevention berakhir


Monitoring sampai dengan 19 Agustus 2019 & sampai dengan 19 Agustus 2019 &
14 License PAN-DB URL Filtering berakhir License PAN-DB URL Filtering berakhir
OK
License
sampai dengan 19 Agustus 2019. sampai dengan 19 Agustus 2019

Monitoring Support dari Paloalto berakhir Support dari Paloalto berakhir


15 OK
Support sampai dengan 16 Agustus 2019. sampai dengan 16 Agustus 2019.

Software Software
Release Date : 2018 Release Date : 2018
Software and
End-of-life-date: - End-of-life-date: -
Hardware
16 OK
End of Life Hardware Hardware
Dates End-of-life-date: for the Series 5220 End-of-life-date: for the Series 5220
there has been no information from there has been no information from
PAN PAN

Page 61 of 62
6. Saran
1. Untuk fitur threat prevention disarankan untuk di apply pada setiap policy/security rule
yang ada.
2. Policy app-override disarankan untuk dilepas/di non aktifkan

Page 62 of 62