Securing Remote Access in Palo Alto Networks
eBook - ePub

Securing Remote Access in Palo Alto Networks

  1. 336 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Securing Remote Access in Palo Alto Networks

Book details
Book preview
Table of contents
Citations

About This Book

Explore everything you need to know to set up secure remote access, harden your firewall deployment, and protect against phishingKey Features• Learn the ins and outs of log forwarding and troubleshooting issues• Set up GlobalProtect satellite connections, configure site-to-site VPNs, and troubleshoot LSVPN issues• Gain an in-depth understanding of user credential detection to prevent data leaks Book DescriptionThis book builds on the content found in Mastering Palo Alto Networks, focusing on the different methods of establishing remote connectivity, automating log actions, and protecting against phishing attacks through user credential detection. Complete with step-by-step instructions, practical examples, and troubleshooting tips, you will gain a solid understanding of how to configure and deploy Palo Alto Networks remote access products. As you advance, you will learn how to design, deploy, and troubleshoot large-scale end-to-end user VPNs. Later, you will explore new features and discover how to incorporate them into your environment. By the end of this Palo Alto Networks book, you will have mastered the skills needed to design and configure SASE-compliant remote connectivity and prevent credential theft with credential detection.What you will learn• Understand how log forwarding is configured on the firewall• Focus on effectively enabling remote access• Explore alternative ways for connecting users and remote networks• Protect against phishing with credential detection• Understand how to troubleshoot complex issues confidently• Strengthen the security posture of your firewallsWho this book is forThis book is for anyone who wants to learn more about remote access for users and remote locations by using GlobalProtect and Prisma access and by deploying Large Scale VPN. Basic knowledge of Palo Alto Networks, network protocols, and network design will be helpful, which is why reading Mastering Palo Alto Networks is recommended first to help you make the most of this book.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Securing Remote Access in Palo Alto Networks by Tom Piens in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2021
ISBN
9781801076111
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Section 1: Leveraging the Cloud and Enabling Remote Access

In this section, we will configure and troubleshoot remote connectivity through direct access and the cloud. 
The following chapters will be covered in this section:
  • Chapter 1, Centralizing logs
  • Chapter 2, Configuring Advanced GlobalProtect Features
  • Chapter 3, Setting up site-to-site VPNs and Large Scale VPNs
  • Chapter 4, Configuring Prisma Access

Chapter 1: Centralizing Logs

In this chapter, we will take a closer look at how to forward firewall logs to an external system and discuss some of the benefits. Logs can be forwarded to an external Security Incident and Event Management System (SIEM) and can be used to create a range of alerts whenever an interesting event occurs. You will learn how to set up the configuration and apply best practices when dealing with log forwarding. We will then review how logs can be forwarded to Panorama and log collectors, as well as how to leverage alternative log protocols such as syslog. We will also cover how to troubleshoot forwarding issues and how to apply filters to forwarding profiles to specify which log events are forwarded.
In this chapter, we are going to cover the following main topics:
  • Understanding log forwarding profiles and best practices
  • Learning about Panorama and log collectors
  • Forwarding logs to syslog, SMTP, and other options
  • Exploring log forwarding profiles
  • Troubleshooting logs and log forwarding

Technical requirements

For this chapter, you will need to have a Palo Alto Networks firewall set up and connected to a management network. It will be helpful if you are able to spin up a syslog server and email relay to reproduce the log forwarding settings we are about to configure. If you can set up or repurpose a Panorama instance, you will be able to follow along with some of the threat correlation examples.
Check out the following link to see the Code in Action video:https://bit.ly/3oTeYZW

Understanding log forwarding profiles and best practices

In this section, you will learn the steps required to ensure logs are forwarded to an external system. You will also learn how to apply filters so that only specific types of events are forwarded, as well as how to ensure Log forwarding configuration is applied automatically. First, we will look at where and how logs are stored.

Allocating log storage

All NGFW firewalls and Panorama Systems are built from a Linux operating system running proprietary PAN-OS on top. Log files for the system daemons reside in the root partition. They are only accessible via the command line and are included in a Tech Support file for troubleshooting. All logs related to PAN-OS live in the /opt/panlogs partition. Use the following command to review filesystem usage statistics:
reaper@PA-VM> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 4.2G 2.5G 64% /
none 3.5G 92K 3.5G 1% /dev
/dev/sda5 16G 2.9G 13G 20% /opt/pancfg
/dev/sda6 8.0G 1.4G 6.3G 18% /opt/panrepo
tmpfs 2.8G 2.4G 420M 86% /dev/shm
cgroup_root 3.5G 0 3.5G 0% /cgroup
/dev/sda8 21G 598M 20G 3% /opt/panlogs
In this example, /dev/sda8 is a partition on the local disk that's used to store logs. Some of the larger hardware platforms may have a secondary hard disk for logging, and on VM firewalls, an additional disk can be installed post-deployment.
The available disk space needs to be shared by all the different log databases, so it is worth reviewing how much space is allocated to each database and tweaking the quotas and expiration periods to optimize them for retention. You can review the current quotas with the following command:
reaper@PA-VM> show system logdb-quota
Quotas:
system: 4.00%, 0.629 GB Expiration-period: 0 days
config: 4.00%, 0.629 GB Expiration-period: 0 days
alarm: 3.00%, 0.472 GB Expiration-period: 0 days
traffic: 29.00%, 4.559 GB Expiration-period: 0 days
threat: 15.00%, 2.358 GB Expiration-period: 0 days
...snipped for brevity...
Disk usage:
traffic: Logs and Indexes: 211M Current Retention: 46 days
threat: Logs and Indexes: 24K Current Retention: 0 days
system: Logs and Indexes: 11M Current Retention: 46 days
config: Logs and Indexes: 21M Current Retention: 46 days
...snipped for brevity...
As you can see, the traffic logs are only assigned 29% of the totally available log space on this particular firewall.
These quotas can be adjusted via the web interface by going to Device > Setup > Management > Logging and Reporting Settings, as shown in the followi...

Table of contents

  1. Securing Remote Access in Palo Alto Networks
  2. Contributors
  3. Preface
  4. Section 1: Leveraging the Cloud and Enabling Remote Access
  5. Chapter 1: Centralizing Logs
  6. Chapter 2: Configuring Advanced GlobalProtect Features
  7. Chapter 3: Setting up Site-to-Site VPNs and Large-Scale VPNs
  8. Chapter 4: Configuring Prisma Access
  9. Section 2: Tools, Troubleshooting, and Best Practices
  10. Chapter 5: Enabling Features to Improve Your Security Posture
  11. Chapter 6: Anti-Phishing with User Credential Detection
  12. Chapter 7: Practical Troubleshooting and Best Practices Tools
  13. Other Books You May Enjoy