Академический Документы
Профессиональный Документы
Культура Документы
Some of our readers had requested for a post with some of the common
questions and answers for the Palo Alto Firewall, after reading our post on
PA Firewall. Following are some of the questions normally asked for PA
interview. Please use the comment section if you have any questions to
add .
PA follows Single pass parallel processing while UTM follows Multi pass
architecture process
———————————————————-
Single Pass : The single pass software performs operations once per
packet. As a packet is processed, networking functions, policy lookup,
application identification and decoding, and signature matching for any
and all threats and content are all performed just once. Instead of using
separate engines and signature sets (requiring multi-pass scanning) and
instead of using file proxies (requiring file download prior to scanning), the
single pass software in next-generation firewalls scans content once and
in a stream-based fashion to avoid latency introduction.
1. Tap Mode : Tap mode allows you to passively monitor traffic flow
across network by way of tap or switch SPAN/mirror port
———————————————————-
Configured under Network tab -> Network Profiles -> Zone protection.
In firewall rule,
In NAT rule,
———————————————————-
Control Link : The HA1 links used to exchange hellos, heartbeats, and
HA state information, and management plane sync for routing, User-ID
information and synchronize configuration . The HA1 should be layar 3
interface which require an IP address
Backup Links: Provide redundancy for the HA1 and the HA2 links. In-
band ports are used as backup links for both HA1 and HA2. The HA backup
links IP address must be on different subnet from primary HA links.
ICMP
———————————————————-
->if the active device does not respond to heartbeat polls (Loss of three
consecutive heartbeats over period of 1000 milliseconds)
8. which command to check the firewall policy matching for particular destination ?
>test nat-policy-match
———————————————————-
> debug dataplane packet-diag set capture stage receive file rx.pcap
> debug dataplane packet-diag set capture stage transmit file tx.pcap
> debug dataplane packet-diag set capture stage drop file dp.pcap
> debug dataplane packet-diag set capture stage firewall file fw.pcap
> debug dataplane packet-diag set capture on
Device group allows you to group firewalls which is require similar set of
policy , such as firewalls that manage a group of branch offices or
individual departments in a company. Panorama treats each group as a
single unit when applying policies. A firewall can belong to only one device
group. The Objects and Policies are only part of Device Group.
Device Template :
Device Templates enable you to deploy a common base configuration like
Network and device specific settings to multiple firewalls that require
similar settings.
This is available in Device and Network tabs on Panorama
Antivirus Profiles
Anti-Spyware Profiles
4.
7.
10.
13.
Question 13. Why Use Splunk With My Palo Alto Networks Products?
Answer :
Palo Alto Networks products provide exceptional levels of visibility into
network traffic and malicious activity, both in the network and on the
endpoint. Combining this visibility with Splunk allows a customer to make
correlations and perform analytics around different kinds of data. These
correlations can be between different kinds of Palo Alto Networks data, for
example, correlating Wildfire reports against traffic logs to detect infected
hosts, or correlating firewall logs with endpoint logs. But the real power of
Splunk is correlations and analytics across multiple sources of data and
multiple vendors, for example, correlating firewall logs with webserver logs,
or advanced endpoint security logs with Windows event logs