PAN-OS: Introduction

Monday, October 14, 2024

11:19 AM

Overview of PAN-OS
PAN-OS is the proprietary operating system that powers all Palo Alto Networks' Next-Generation Firewalls
(NGFW) and security appliances. As the heart of the Palo Alto ecosystem, PAN-OS delivers comprehensive,
unified security management by tightly integrating network security features such as firewalling, threat
prevention, URL filtering, application identification, and SSL decryption. With PAN-OS, organizations can
protect their networks with a holistic, next-generation approach that combines deep visibility, granular
control, and high-performance protection.

Core Capabilities of PAN-OS

PAN-OS is built on several foundational capabilities that provide superior security for enterprises:

App-ID: PAN-OS classifies all traffic by identifying the actual application, rather than relying on traditional port-
based security. This capability allows for granular control over which applications can run on the network,
regardless of port, encryption, or protocol.

User-ID: User-ID maps network traffic to specific users and devices, integrating with directories like Active
Directory or LDAP. This mapping allows for policies to be applied based on user identity, adding a layer of user-
based security to network traffic management.

Content-ID: Content-ID is responsible for inspecting traffic for malware, malicious payloads, and sensitive
content. By leveraging databases and cloud intelligence, it blocks both known and zero-day threats while
controlling unauthorized file transfers and data leakage.
SSL Decryption: PAN-OS supports SSL/TLS decryption to provide visibility into encrypted traffic. This ensures
that even traffic hidden within SSL tunnels is inspected for malware, unauthorized applications, or data leaks.

Threat Prevention: The OS incorporates advanced threat detection techniques such as intrusion prevention,
antivirus, and anti-spyware mechanisms, offering real-time protection against both known and unknown
threats.

GlobalProtect Integration: PAN-OS integrates with GlobalProtect to provide consistent security policies across
endpoints. Whether users are remote, mobile, or on-premises, GlobalProtect extends the firewall's capabilities
to any device.

High Availability and Scalability: PAN-OS supports features like active/active and active/passive high
availability (HA), making it highly resilient and ensuring continuous security operations in case of hardware or
software failure.

Why PAN-OS is Essential for Cybersecurity

PAN-OS serves as the backbone for implementing a Zero Trust architecture within organizations. By verifying
each application, user, and piece of content, PAN-OS enforces comprehensive security policies across the
entire network. It effectively reduces the attack surface, prevents lateral movement of threats, and ensures
that no malicious activity goes undetected. Furthermore, its integration with threat intelligence services like
WildFire and Cortex ensures that organizations are protected from even the most advanced threats.

Key Benefits of PAN-OS:

Unified Security: Combines multiple layers of security into a single, integrated system for comprehensive
protection.
Granular Control: Offers fine-tuned security policies based on applications, users, and content, allowing
precise management of network traffic.
Scalability: PAN-OS scales easily from small businesses to large enterprises, providing consistent security no
matter the network size.
Real-Time Threat Intelligence: Integrates with global threat intelligence services to continuously update
defenses and prevent new, sophisticated attacks.

Basic Configs Next-Generation Firewalls (NGFWs)

Monday, October 14, 2024
12:41 PM

Specifications:
 Model Range:
 PA-220, PA-800 Series: Ideal for branch offices or small to mid-sized enterprises.
 PA-3200 Series: Mid-sized enterprises with higher throughput needs.
 PA-5200 Series, PA-7000 Series: Large data centers, cloud providers, and enterprises requiring
high-performance and scalability.
 Key Capabilities:
 App-ID: Application-based traffic control.
  Threat Prevention: Anti-malware, Anti-virus, Anti-spyware.
 SSL Decryption: Inspect encrypted traffic.
 Content-ID: URL filtering, file blocking, and data filtering.
 User-ID: Policy enforcement based on user identity.
Use Cases:
 Perimeter Security: Protect enterprise networks from external threats.
 Internal Segmentation: Separate critical data environments from less secure zones.
 Remote Access Security: Leverage GlobalProtect for remote users.
 Data Center Protection: Deploy in high-availability clusters for maximum uptime.

Navigation:
 Web Interface:
 Dashboard: Overview of system status, traffic summary, interface health.
 ACC (Application Command Center): Displays top applications, threats, and user activities.
 Monitor Tab: View and filter logs:
 Traffic Logs: Inspect allowed and denied traffic.
 Threat Logs: Analyze detected threats, including malware and exploits.
 URL Filtering Logs: Track web browsing activities.
 Policies Tab:
 Security Policies: Create and edit access control rules.
 NAT Policies: Configure source and destination NAT rules.
 Objects Tab:
 Addresses: Define IP addresses or address groups.
 Applications: Manage custom and predefined application definitions.
 Services: Configure ports and protocols for policies.
 Network Tab:
 Interfaces: Configure physical, logical, and virtual interfaces (Layer 2, Layer 3, TAP,
Virtual Wire).
 Zones: Define security zones and assign interfaces.
 Virtual Routers: Set up routing (static, OSPF, BGP).
 CLI Navigation:
 Use the CLI for advanced configurations and troubleshooting:
 show system info: Display device details like uptime and version.
 show session all: View active sessions.
 show running config: Display the running configuration.
 Configuration Mode:
 Access by typing configure and use commands like set or delete.
 Use commit after making changes to apply configurations.
Comprehensive CLI Cheatsheet:
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-cli-quick-start/cli-cheat-sheets

Basic Configuration:
 Initial Setup:
1. Connect to the firewall via the management interface (depends how you configure the IP
address) or via Console if you have not configured the mgmt interface yet.
2. Configure a static IP, DNS, and default gateway for management connectivity.
GUI:

CLI:
3. Set Up Zones: Define security zones (inside, outside, DMZ).

4. Configure Interfaces:
 Assign physical interfaces to zones and set IP addresses.
 Choose interface types: Layer 2 (switching), Layer 3 (routing), or Virtual Wire (transparent).

Steps to edit an interface

Set the interface type + assign it to a Security Zone

Add an IPv4 address

Step 4. Add a name for the IP address so its easily identifiable ( can be just the IP address )
Step 5. The IP address with the subnet X.X.X.X/X format
5. Virtual Routers and Routing:
 Create a new Virtual Router (optional to specify the routing protocols) Network -> Virtual
Routers -> Add
 1. Set up a name and 2. add the L3 interfaces (Optional: set up a routing protocol)

 Setting up a Static route (configuring the default route in this case)

 Configuring OSPF (Dynamic routing) - Network -> Virtual Router -> VR instance -> OSPF

6. Setting up a DHCP server

 Netowrk -> DHCP -> DHCP server -> Add -> Set Interface -> Lease time -> Add IP range
7. Configuring Management Profiles (to allow ICMP,HTTP/S, SSH management services)
 Network -> Interfaces -> "Interface" -> Advanced Tab -> Managemant profile (Create a new
profile or select from existing)