8/16/2019 palo alto 201 notes

1/1

paloalto

security policies based on a more accurate identification of each application seeking access to your network.

firewall uses packet inspection and a library of application signatures to disti

nguish between applications that have the same protocol and portand to identify potentially malicious applications that use nonstandard ports.

Single pass parallel processing -SP3 Engine

Control plane - configuraiton, logging, report(separate process), ram , harddrivedata plane - signature , ips, virus, spyware, ssn , security processing, network processing

-----------2ND PDF

inital connection via - mgmt and serial192.168.1.1

set deviceconfig system ip --- netmask... gateway ..dns-settingcomit

management can be use - for updates

Applicaiton command center - ACC

PAGER 7-In PAN-OS 7.0, you can configure DNS Proxy Objects to have the firewall act as a

 DNS proxy. Configure a DNS Proxy Object if you want advanced DNS functions such as split DNS, DNS proxy overrides, DNS proxy rules, static entries, or DNS inheritance.

split DNS - http://www.isaserver.org/articles-tutorials/installation-planning/You_Need_to_Create_a_Split_DNS.html

active - running configuration (not like cisco)

when you change - current - candidate configuration -- click ok-updated but notapplied-- select commit to save -- than fw take effect