Configuring Your Initial Security Policy On A Palo Alto Firewall | PART 7
ฝัง
- เผยแพร่เมื่อ 9 พ.ค. 2023
- Full Palo Alto 0-60 Playlist: 👉🏻
• 🔥 Firewall Frenzy: Unl...
Watch the previous video in the playlist: • Configuring Source NAT...
Watch the next video in the playlist: • How To Configure SSL F...
I'm Keith Barker, a 2x CCIE (Cisco Certified Internetwork Expert).
I'm am your guy if you are:
👉 New to IT and don't know where to start
👉Currently in IT, and want to learn more advanced ideas
👉 Anyone who wants to learn about the basics of technology in general
I believe that anyone can improve their situation by gaining new skills, especially in information technology.
New videos weekly!
🆓 Free Packet Tracer Labs download: thekeithbarker.com
Enjoy, Like, and Subscribe. 😃
Free TH-cam Playlists from Keith:
▶ Cisco CCNA 200-301 ogit.online/sloth
🔐 Cisco CCNA 200-301 Security ogit.online/200-301_Security
💻 Cisco CCNA 200-301 IPv4 Subnetting ogit.online/subnet
💬 Join our Discord server (free) ogit.online/Join_OGIT_on_Discord
🏪 Keith Barker Amazon Affiliate Store www.amazon.com/shop/keithbarker
🏫 Keith’s Content at CBT Nuggets ogit.online/Keith-CBT
Hello, I am very excited with these videos where you show the basic configurations of Palo Alto equipment, it would be very interesting if in your next videos you can show how Palo Alto makes an SLR and BPA so that we can understand how these other services work.
Excellent what you are doing
Thank you Erick Manuel Barrios!
hey Keith it would be really helpful if you can create a tutorial for the Prisma cloud and thanks for the content you share its really great
Thank you for the suggestion Tushar Sharma❗
Sir I have a question about how to make a bootable drive
Currently studying for the CCNA. It seems from these videos that your PA 440 has essentially become your edge router. Is this standard in enterprise environments?
Yep - probably the best way to go nowadays. PA-440 is a very capable device, no need for an edge router on top of it.
This question is one video early, but your comment about decryption got me thinking - I'm assuming the firewall can only decrypt traffic it has direct access to, ie: a corporate VPN, for example, or some other corporate encryption method. What if a user, from their work computer, fires up a personal VPN product like Nord VPN that the firewall does not have access to in terms of the encryption method and the encryption/decryption keys. Would the Palo Alto firewall still be able to decrypt and see the actual payload of the packets? If not, would the firewall discard the traffic since it can't inspect it? Thanks Keith! 👍
Thank you for the question James Long.
To limit this, the following steps may be taken:
deny the tunneling protocol(s) you don't want to allow (there are several)
deny traffic to/from categories/sites/IPs associated with malicious intent/purpose, including anonymizers, proxies, TOR exit points, etc
only allow sanctioned apps (at the application layer, the firewall understands and can identify thousands of them)
require user id, and use that as part of security policy so all traffic must associated with a user, or else it is not allowed
use decryption for outbound HTTPS traffic so you can see the payload and really know what applications and functions are being carried
Hope that helps.
Ahh its Mr. Keith from CBT Nuggets 😅 How are you doing sir 😁?
Hello AKMagic12! Doing great, thank you.
@@KeithBarker You have been the most instructor that I truly loved his energy and style of; fun, make-it-simple, make-it-interesting.
Your style made me love networking more and made me VERY curious about it more. Thank you for your contribution to the community sir, and please keep up your incredible energetic style ☺️❤️
Cheers!
I owe my passing Cisco exams + Palo Alto... to you
Congratulations @idm8885❗
So great to hear, way to get it done. Best wishes on your continued success.