Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
PAN OS
version 7.1
Management Interface.
Last Login Time and Failed Login Attempts.
Task Manager
Alarms
Commit Change
Lock Configurations
Save Candidate Configuration
Management Interface
Palo Alto Networks next-generation firewalls support the following management interfaces.
Web interface Configuration and monitoring over HTTP or HTTPS from a web browser.
CLI Text-based configuration and monitoring over Telnet, Secure Shell (SSH), or the
reporting, and logging for multiple firewalls. The Panorama web interface is similar to the
firewall web interface but with additional management function
firewall configuration, operational status, reports, and packet captures from the firewall.
There is an API browser available on the firewall at https://\<firewall>/api, where \<firewall>
is the host name or IP address of the firewall.
Task Manager
Click Tasks at the bottom of the web interface to display the operations that you, other
administrators, or PAN-OS initiated since the last firewall reboot (for example, manual
commits or automatic FQDN refreshes). For each task, the Task Manager provides the
following information and actions :
ALARM
An alarm is a firewall-generated message indicating that the number of events of a particular
type (for example, encryption and decryption failures) has exceeded the threshold configured
for that event type (see Define Alarm Settings). When generating an alarm, the firewall
creates an Alarm log and opens the System Alarms dialog to display the alarm. After closing
the dialog, you can reopen it anytime by clicking Alarms ( ) at the bottom of the web interface.
To prevent the firewall from automatically opening the dialog for a particular alarm, select
Unacknowledged Alarms and click Acknowledge to move the alarms to the Acknowledged
Alarms list.
Commit Changes
Click Commit at the top right of the web interface to commit, validate, or preview your
changes to the firewall configuration. Committing applies the candidate configuration to the
running configuration, which activates all configuration changes since the last commit. To
save, revert, import, export, or load configurations, select Device > Setup > Operations.
The firewall queues commit requests so that you can initiate a new commit while a previous
commit is in progress. The firewall performs the commits in the order they are initiated but
prioritizes commits that the firewall initiates automatically, such as FQDN refreshes. If the
queue already has the maximum number of administrator-initiated commits (which varies by
platform), you must wait for the firewall to finish processing a pending commit before
initiating a new commit. Use the Task Manager to cancel commits or see details
In the Commit dialog, click Advanced to display the following options:
Lock Configuration
The web interface supports multiple concurrent administrator sessions by enabling an
administrator to lock the candidate or running configuration so that other administrators
cannot change the configuration until the lock is removed. At the top right of the web
interface, a locked padlock (
) indicates that one or more locks are set (with the number
either padlock opens the Locks dialog, which provides the following options and fields.
B. Dashboard
The Dashboard widgets show general firewall or Panorama information, such as the software
version, the operational status of each interface, resource utilization, and up to 10 entries in
the threat, configuration, and system logs. Log entries from the last 60 minutes are displayed.
All of the available widgets are displayed by default, but each administrator can remove and
add individual widgets, as needed. Click Refresh ( ) to update the dashboard or an individual
widget. To change the automatic refresh interval, select an interval (1 min, 2 mins, 5 mins, or
Manual). To add a widget to the Dashboard, select a category and then the widget name from
the Widgets drop-down. To delete a widget, click Delete ( ) in the title bar of the widget.
C. ACC
The Application Command Center (ACC) is an analytical tool that provides actionable
intelligence on activity within your network. The ACC uses the firewall logs for graphically
depicting traffic trends on your network. The graphical representation allows you to interact
with the data and visualize the relationships between events on the network including
network usage patterns, traffic patterns, and suspicious activity and anomalies.
ACC Views
Network Activity This tab displays an overview of traffic and user activity on your network.
It focuses on the top applications being used, the top users who generate traffic with a drill
down into the bytes, content, threats or URLs accessed by the user, and the most used
security rules against which traffic matches occur. In addition, you can also view network
activity by source or destination zone, region, or IP address, by ingress or egress interfaces,
and by host information such as the operating systems of the devices most commonly used
on the network.
Threat Activity This tab displays an overview of the threats on the network. It focuses on
the top threatsvulnerabilities, spyware, viruses, hosts visiting malicious domains or URLs,
top WildFire submissions by file type and application, and applications that use nonstandard ports. The Compromised Hosts widget, supplements detection with better
visualization techniques. It uses the information from the correlated events tab (Automated
Correlation Engine > Correlated Events) to present an aggregated view of compromised hosts
on your network by source users or IP addresses, sorted on severity.
Blocked Activity This tab focuses on traffic that was prevented from coming into the
network. The widgets in this tab allow you to view activity denied by application name, user
name, threat name, content (files and data), and the top security rules with a deny action
that blocked traffic.
ACC Widgets
The widgets on each tab are interactive. You can set filters and drill down into the view to
customize the view to focus on the information you need.
ACC Actions
To customize and refine the ACC display, you can add and delete tabs, add and delete widgets,
set local and global filters, and interact with the widgets.
Set a global filter from a table Select an attribute from a table in any widget and apply
the attribute as a global filter.
Add a widget filter to a global filter Hover over the attribute and click the arrow icon
to the right of the attribute. This option allows you to elevate a local filter used in a
widget, and apply the attribute globally to update the display across all the tabs on
the ACC.
Define a global filter Define a filter using the Global Filters pane on the ACC.
D. Policies
Policy Types
Policies > Security
Policies > NAT
Policies > QoS
Policies > DoS Protection
Policy Types
Policies allow you to control firewall operation by enforcing rules and automatically taking
action. The following types of policies are supported:
Basic security policies to block or allow a network session based on the application,
the source and destination zones and addresses, and optionally the service (port and
protocol). Zones identify the physical or logical interfaces that send or receive the
traffic. Refer to
Policies > Security Network Address Translation (NAT) policies to translate addresses
and ports, as needed. Refer to Policies > NAT. Policy-based forwarding policies to
override the routing table and specify an egress interface for traffic. Refer to Policies
> Policy Based Forwarding
Decryption policies to specify traffic decryption for security policies. Each policy can
specify the categories of URLs for the traffic you want to decrypt. SSH decryption is
used to identify and control SSH tunneling in addition to SSH shell access. Refer to
Policies > Decryption
Override policies to override the application definitions provided by the firewall. Refer
to Policies > Application Override .Quality of Service (QoS) policies to determine how
traffic is classified for treatment when it passes through an interface with QoS
enabled. Refer to Policies > QoS.
Captive portal policies to request authentication of unidentified users. Refer to
Policies > Captive Portal. Denial of service (DoS) policies to protect against DoS attacks
and take protective action in response to rule matches. Refer to Policies > DoS
Protection.
General Select the General tab to configure a name and description for the security
policy.
Source Select the Source tab to define the source zone or source address from which
the traffic originates.
User Select the User tab to enforce policy for individual users or a group of users. If you
are using GlobalProtect with host information profile (HIP) enabled, you can also base the
policy on information collected by GlobalProtect. For example, the user access level can
be determined HIP that notifies the firewall about the user's local configuration. The HIP
information can be used for granular access control based on the security programs that
are running on the host, registry values, and many other checks such as whether the host
has antivirus software installed.
Destination Select the Destination tab to define the destination zone or destination
address for the traffic.
Application Select the Application tab to have the policy action occur based on an
application or application group. An administrator can also use an existing App-ID
signature and customize it to detect proprietary applications or to detect specific
attributes of an existing application. Custom applications are defined in Objects >
Applications
Service/URL Category Select the Service/URL Category tab to specify a specific TCP
and/or UDP port number or a URL category as match criteria in the policy.
ActionSelect the Action tab to determine the action that will be taken based on traffic
that matches the defined policy attributes.
General Tab
Policies > NAT > General
Select the General tab to configure a name and description for the NAT or NPTv6 policy. You can configure
a tag to allow you to sort or filter policies when many policies exist. Select the type of NAT policy you are
creating, which affects which fields are available on the Original Packet and Translated Packet tabs.
.
General Tab
Select the General tab to configure a name and description for the DoS policy. A tag can also be
configured to allow you to sort or filter policies when a large number of policies exist.
Source Tab
Select the Source tab to define the source zone or source address that defines the incoming source
traffic to which the DoS policy will be applied.
Destination Tab
Select The Destination tab to define the destination zone or destination address that defines the
destination traffic to which the policy will be applied.
Options/Protection Tab
Select the Options/Protection tab to configure additional options for the DoS policy, such as the type
of service (http or https), the action to take, and whether or not to trigger a log forward for matched
traffic. You can also define a schedule for when the policy will be active and select an aggregate or
classified DoS profile that defines more attributes for DoS protection.