Академический Документы
Профессиональный Документы
Культура Документы
OVERVIEW:
To pass the PaloAlto Networks / Coursera Essentials I course you will need to complete
the course project assignment, which is based on the course lab activities. The course
project submission is a compilation of your summarizations of each lab activity
combined with one final activity that is outlined on the following pages. You will then
submit your complete project document and proceed to evaluate on of your classmate’s
project document submissions.
REQUIREMENTS:
• Create a project document (Word or Acrobat file formats) that you will submit to
the Course Project / Peer Review area in Module 4 of the course.
• Save the document with your full name and the words ‘Essentials Project I’ in the
document file name. Example: “Mary Smith Essentials Project I”
• As you complete each Module’s lab activity you are required to summarize the
activity as directed in the lab instructions. Include each of your lab
summarizations in your course project document. Be sure you label each lab
summary by the lab title.
• When you have completed all of the other course requirements perform the
activities outlined below, and add your screen captures to your project
document.
• Submit your completed project document to the Module 4 Project Peer Review
content area and proceed with the Peer Review requirements outlined below.
Student Project
Student Project
NETLAB Academy Edition, NETLAB Professional Edition, and NETLAB+ are registered trademarks of Network Development Group,
Inc.
VMware is a registered trademark of VMware, Inc. Cisco, IOS, Cisco IOS, Networking Academy, CCNA, and CCNP are registered
trademarks of Cisco Systems, Inc. EMC2 is a registered trademark of EMC Corporation.
Table of Contents
1. Task Preparation ..................................................................................................... 7
2. Create Zones and associate the Zones to Interfaces .............................................. 8
3. Create a Security Policy Rule .................................................................................. 9
4. Create a NAT Policy ................................................................................................. 9
Introduction
In this project, you will configure the firewall for a zero - trust environment.
There are 4 sections near the end of this project that require
Student Input. You must complete the Student Input sections
to receive full credit for this project.
Objective
Project Topology
Project Settings
The information in the table below will be needed in order to complete the lab. The
task sections below provide details on the use of this information.
1. Task Preparation
1.2. From the web interface, Load named configuration snapshot underneath the
Configuration Management section.
1.3.In the Load Named Configuration window, select 210-cse-lab-01 from the Name
drop-down box and click OK.
1.5.Click the Commit link located at the top-right of the web interface.
1.7. You will see warnings about no zones being configured, that is expected you will
create the zones later in the project.
1.8. The commit process takes changes made to the firewall and copies them to the
running configuration, which will activate all configuration changes since the
last commit.
2.3. In the Zone window, type outside in the Name field, then click the OK button.
2.4. Click on the Add button at the bottom-left of the center section.
2.5. In the Zone window, type inside in the Name field, then click the OK button.
2.6. Click the Add button at the bottom-left of the center section.
2.7. In the Zone window, type dmz in the Name field, then click the OK button.
2.8. You have now created a zone for each interface. This will keep the traffic
between each interface in each zone. Now you will associate each zone with an
interface.
2.11. In the Ethernet Interface window, select the outside zone for the ethernet1/1
interface and click on the OK button.
2.13. In the Ethernet interface window, select the inside zone for the ethernet1/2
interface and click on the OK button.
2.15. In the Ethernet Interface window, select the dmz zone for the ethernet1/3
interface and click the OK button
3.2. Click the Add button on the bottom-right of the center section.
3.3. In the Security Policy Rule window, in the Name field, type Allow-Inside-Out.
3.4. In the Security Policy Rule window, click on the Source tab.
3.5. On the Source Tab, click the Add button in the Source Zone section and select
the inside zone for the Source Zone. Then, click on the Destination tab.
3.6. On the Destination Tab, click the Add button in the Destination Zone section and
select the outside zone for the Destination Zone. Then, click on the Application
tab.
3.7. On the Application tab, make sure that the Any checkbox is checked. Click on
the Service/URL Category tab.
3.8. Make sure the drop-down above the Service section has application-default
selected, then click on the Actions tab.
3.9. On the Actions tab, make sure Log at Session End is checked. Then, on under the
Profile Setting, select Profiles from the drop-down. For the Antivirus,
Vulnerability Protection, Anti-Spyware, URL Filtering, and WildFire Analysis
select the default Profiles.
Student Input:
3.10. Provide a screen shot of the Security Policy Rule Actions configuration. Click
the OK button.
3.12. With the interzone-default policy selected, click on the Override button at the
bottom.
3.13. This brings up the Security Policy Rule – predefined window, click on the
Actions tab.
3.14. Select the Log at Session End check box and click the OK button.
Student Input:
3.15. Provide a screen shot of the Security Policy Rule – predefined action tab > log
at session end check box selection.
4.2 Click the Add button at the bottom-left to add a new NAT Policy.
4.3 In the NAT Policy Rule window, type Inside-Nat-Out in the Name field, then click
on the Original Packet tab.
4.4 On the Original Packet tab, click the Add button at the bottom of the Source
Zone Section, select the inside interface, then in the Destination Zone drop-
down, select the outside zone, and then click on the Translated Packet tab.
4.5 On the Translated Packet tab, select Dynamic IP And Port on the Translation
Type drop-down, then select Interface Address on the Address Type drop-down,
then select ethernet1/1 for the Interface drop-down, and then select
203.0.113.20/24 on the IP Address drop-down.
Student Input:
4.6 Provide a screen shot of the NAT Policy Rule Translated Packet tab configuration.
Click the OK button.
4.7 Click the Commit link located at the top-right of the web interface.
4.8 In the Commit window, click Commit to proceed with committing the changes.
4.9 When the commit operation successfully completes, click Close to continue.
4.10 Open the Internet Explorer web browser from the task bar.
4.11 In the address bar, navigate to www.facebook.com. You will be able to access
facebook.
4.12 Close Internet Explorer and return to the Palo Alto Web Interface.
4.14 In the filter text box, clear the current filter by click on the red x.
Student Input:
4.16 Provide a screen shot of the log entries allowing Facebook.