Preface

Mastering Palo Alto Networks covers all aspects of configuring and maintaining Palo Alto Networks firewalls and Panorama management systems. We start with setting up a new system from the factory default settings and learning how the technology works, and move on to building advanced configurations and leveraging next-generation features to safeguard the network and its users. Plenty of tricks, gotchas, and advanced commands are revealed to help administrators gain a firm hold on their deployments.

Who this book is for

This book is for admins at any level of expertise. Anyone who is new to Palo Alto Networks will find their way around the basic configurations and will be able to set up a complex configuration after finishing this book. Expert admins will pick up solid tips and tricks to make their config and methodologies even better.

What this book covers

Chapter 1, Understanding the Core Technologies, introduces PAN-OS functions and explains the core next-generation firewall features.

Chapter 2, Setting Up a New Device, provides everything that’s needed to get a fresh device or VM up and running.

Chapter 3, Building Strong Policies, explains how to create and optimize rules to their maximum potential.

Chapter 4, Taking Control of Sessions, demonstrates how shaping and redirecting sessions over alternate links can optimize bandwidth usage. It also covers how to apply decryption to inspect encrypted sessions.

Chapter 5, Services and Operational Modes, covers configuring supportive services such as DHCP and DNS proxy and explains how to increase resilience with logical instances and high availability.

Chapter 6, Identifying Users and Controlling Access, explains how to leverage User-ID to control user access regardless of their IP address and physical location.

Chapter 7, Managing Firewalls through Panorama, demonstrates setting up the Panorama central management system, building shared policies, and system configuration.

Chapter 8, Upgrading Firewalls and Panorama, provides a straightforward and complete process to upgrade any system.

Chapter 9, Logging and Reporting, demonstrates how to configure log collectors and log forwarding, and explains how to customize and schedule reports

Chapter 10, VPN and Advanced Protection, shows how to set up site-to-site and user VPNs, as well as how to configure DDoS protection and custom signatures.

Chapter 11, Troubleshooting Common Session Issues, guides you through basic troubleshooting steps and session details.

Chapter 12, A Deep Dive into Troubleshooting, explains advanced troubleshooting techniques, leveraging flow analysis and global counters.

Chapter 13, Supporting Tools, discusses integrating with third-party tools to gain advanced visibility and control.

To get the most out of this book

To follow all the topics we will be covering, it will be helpful if you have access to an up-to-date firewall and Panorama in a lab environment. Being able to spin up test devices that can serve as domain controllers, authentication servers, clients, Docker hosts, and generic web servers will be helpful with some of the more involved chapters. It will also allow you to test your new skills before implementing them in a production environment. Basic networking and system administration skills are needed.

You will need an SSH- and TTY-capable client such as PuTTY or Terminal to access the command line and console interfaces.

If you are using the digital version of this book, we advise you to type the code yourself or access the code via the GitHub repository (link available in the next section). Doing so will help you avoid any potential errors related to the copy/pasting of code.

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

1. Log in or register at www.packt.com.
2. Select the Support tab.
3. Click on Code Downloads.
4. Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

• WinRAR/7-Zip for Windows
• Zipeg/iZip/UnRarX for Mac
• 7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Mastering-Palo-Alto-Networks. In case there’s an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Code in Action

Code in Action videos for this book can be viewed at https://bit.ly/2DhrTBp

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781789956375_ColorImages.pdf

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Before you can create a VWire interface, you first need to set two interfaces to the Virtual Wire type and assign each of them a different zone."

Any command-line input or output is written as follows:

configure

set deviceconfig system type static

set deviceconfig system ip-address <IP>

set deviceconfig system netmask <x.x.x.x>

set deviceconfig system default-gateway <IP>

set deviceconfig system dns-setting servers primary <IP>

set deviceconfig system dns-setting servers secondary <IP>

commit

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "If you already have an account, log in and click on Register a Device from the home page"

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at customercare@packtpub.com.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packt.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.