Showing posts with label Palo Alto. Show all posts
Showing posts with label Palo Alto. Show all posts

Friday, January 26, 2018

Sophos Update Error - Troubleshooting with Palo Alto Firewall

Our Sophos Management Server is installed behind a Palo Alto firewall, which is used to centrally update and manage all internal Sophos clients.

After new installation of this Sophos Management Server, we found update from Internet always failed. The Palo Alto firewall rule was configured to use FQDN addresses as destination. Based on Sophos support site,
"The Sophos Update Manager (SUM) server uses port 80 (http) and requires access to the following eight addresses:

Monday, January 1, 2018

Install and Configure Palo Alto VM in Vmware Workstation / ESXi

Palo Alto Networks has developed Virtualized Firewalls VM series to run in virtual environment. Here is the list for supported hypervisors from its website:
The VM-Series supports the exact same next-generation firewall and advanced threat prevention features available in our physical form factor appliances, allowing you to safely enable applications flowing into, and across your private, public and hybrid cloud computing environments.Automation features such as VM monitoring, dynamic address groups and a REST-based API allow you to proactively monitor VM changes dynamically feeding that context into security policies, thereby eliminating the policy lag that may occur when your VMs change.The VM-Series supports the following hypervisors:
  • VMWare ESXi and NSX
  • Citrix SDX,
  • KVM (Centos/RHEL)
  • Ubuntu
  • Amazon Web Services

There are four models for different requirements:
  • VM-100
  • VM-200
  • VM-300
  • VM-1000-HV

Wednesday, February 10, 2016

Palo Alto Study Notes: Firewall Configuration Essentials I (101) PAN-OS v.6.1

To view Firewall Configuration Essentials 101 Course, please login to the Palo Alto Networks Learning Center.


1. Palo Alto Networks Platforms

The PA-500, PA-200, and VM-Series firewalls do not support virtual systems. High Availability and Aggregated interfaces are also only supported on higher models of the product.

Monday, October 1, 2012

Palo Alto for NGFW facts from Checkpoint view

Compare Palo Alto with Checkpoint from Checkpoint website based on NSS Labs results:

Palo AltoCheck Point
NSS Labs Results - Protects Against HTML Evasions*33%100%
NSS Labs Results - Overall Protection**93%98%
File Sharing Applications170531
Total Applications1,5114,733
Application Social Network Widgets0240,000+
URL Filtering20 million on box100 million cloud based
Data Loss Prevention9 file types and regular expression match532 file types plus file attributes, document templates, dictionaries, keywords and scripting language match
Anti-Bot< 1 million protections (signatures/ DNS/ URLs/ IPs)250 million addresses analyzed for bot discovery
Reputation based protectionUnique multi-tier detection engine (reputation, signatures, mail activity and behavior based) with real-time security intelligence through ThreatCloud

* NSS Labs NGFW Test, 2012
** NSS Labs IPS Test, 2012

Palo Alto Networks ignores Standard OSI Model - focused on the application layer

PAN is focused on the
application layer

The seven layers of the Open Systems Interconnection model divide networking and security into discrete manageable components. The SANS Institute and other leading security organizations realize that we must comprehend all layers to deliver complete security.
Palo Alto Networks' focus on the application layer can lead to more security exposures for their customers. Check Point's balanced approach recognizes the importance of considering both the application and networks layers to assess all risks and deliver strong security.

It is only when we can see our networks as individual
components that we can adequately secure these levels.

SANS Institute