SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.

Slides:



Advertisements
Similar presentations
Presumed Asbestos Training Programme. Introduction Getting Started The Interface Top Tool Bar Creating a New Site Type I Survey Type II Survey Type III.
Advertisements

Welcome to WebCRD.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
DSL-2730B, DSL-2740B, DSL-2750B.
DNR-322L & DNR-326.
DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.
BlackBoard Online Submission Annual Assessment Updates
DVG-N5402SP.
User Responsibility A “How To” Guide for SecurityCenter.
Thick v Thin Access Points Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Vulnerability Types And How to Use Them.
Submitting Book Chapters via Manuscript Central A Short Guide for Wiley-VCH Authors.
DWR-113 FAQ’s 3G WiFi Router.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
MagicInfo Pro Server Software All control, content, and scheduling is performed within the MagicInfo Pro Server software previously installed. Before.
Getting started on informaworld™ How do I register my institution with informaworld™? How is my institution’s online access activated? What do I do if.
Introduction to our On-Line Self Service Center at
Malware Hunter How To Guide for SecurityCenter Continuous View™
AQS Web Quick Reference Guide Changing Raw Data Values Using Maintenance 1. From Main Menu, click Maintenance, Sample Values, Raw Data 2. Enter monitor.
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Confidential Configuring Attendant Console.
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
General Systems Information ALEPH v20.01 Library Staff Training © South Dakota Library Network, 2013 ©Ex Libris (USA), 2011 Modified for SDLN Version
Installing and Using Active Directory Written by Marc Zacharko.
1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID Scientific Atlanta Configuration Module 2.3.
Using Assets with Dashboards A Guide. About this Guide This guide shows how to create, export, and load a dashboard that requires an asset This guide.
Pack Company Procedures. Accepting a HIP request from a supplier Allocating the Component Providers Sending the instruction through to the Component Providers.
IFORM ACCOUNT MAINTENANCE ICT4D SESSION 4. IFORMBUILDER WEBSITE REQUIREMENTS To access the iFormBuilder website, you need the following items: -Reliable.
Training by the Office of Library and Information Services Contact for more information: karen.gardner- or
0 eCPIC Admin Training: OMB Submission Packages and Annual Submissions These training materials are owned by the Federal Government. They can be used or.
) Main Menu: You can access all aspects of the database from this screen 2) Contacts: You can access the “contact database management” side of.
CSC350: Learning Management Systems COMSATS Institute of Information Technology (Virtual Campus)
Table of Contents TopicSlide Administrator Login 2 Administrator Navigations 3 Managing AlternativeDr.com Blogs 4 Managing Dr. Lloyd May Blogs 5 Managing.
GEtServices Purchasing Units & Materials Training For Suppliers Request.
DHP Agenda: How to Access Web Interface of the DHP-1320 on Access Point Mode How to Access Web Interface of the DHP-1320 on Router Mode How to Change.
How to Deploy and Configure the Smart Net Total Care CSPC Collector
Add Additional Parent Accounts Ascend SMS User Guide.
Envision Tutorial Horner APG, LLC July 18, Introduction The Cscape Remote Viewer allows remote interaction with the user interface on Horner OCS.
Online Submission and Management Information -- Authors AMS Annual Conference / AMS WMC Click on play to begin show.
CheckPoint Reporting System for Seismic Surveys Setting Up for Multiple Users December 2012 Mid Point Geo Limited PO Box 7437 Reading Berkshire RG27 7HQ,
How to Setup Scan to on most Sharp Models.
SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.
Using Find / Update in SecurityCenter Reports A “How To” Guide for SecurityCenter.
Apple Remote Desktop Hey! I got some new software for my school. For free. For what?
Folio3 IPhone Training Session 2 Testing App on device Presenter: Imam Raza.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring Windows Server 2008 Printing.
Top-performing urban school district in Florida Introduction to TIDE 1.
Associate ® Administration An Associate administrator has the ability to change the parameters for both the author and for the typist. There can be enterprise.
What’s New in Fireware v WatchGuard Training.
2012 TELPAS Online Testing & Data Collection. Disclaimer  These slides have been prepared by the Student Assessment Division of the Texas Education Agency.
Remote Access Using a Netgear DG834 Router 1http://
Fab25 User Training Cerium Labs LabCollector - LIMS Lynette Ballast.
Online Submission and Management Information -- Authors
Configuring DHCP Relay Configuration Example
Configuring ALSMS Remote Navigation
Student Registration/ Personal Needs Profile
SelectedWorks Profiles Workshop:
New Mexico Emergency Operations Center (NMEOC) Basic ETeam Training
Applying for a contractor’s license online
Online Testing System Assessment Viewing Application (AVA)
Orders & Shipment Tracking
Student Travel Reimbursement
Chapter 8: Monitoring the Network
Web File Sharing.
Applying for a contractor’s license online
Online Testing System Assessment Viewing Application (AVA)
RPM: Monitoring data entry process A step-by-step guide for Cluster Leads 1/18/2019.
Online Testing System Assessment Viewing Application (AVA)
Chapter 10: Advanced Cisco Adaptive Security Appliance
Student Registration/ Personal Needs Profile
Presentation transcript:

SecurityCenter & Palo Alto Configuration Guide

About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when using SecurityCenter, Nessus, and Log Correlation Engine (LCE). Covered in this Guide: o Audit Scanning o Log Configuration on PAN-OS (Palo Alto Firewalls) o Netflow Configuration (PAN-OS & LCE) o LCE Normalized Logs o SecurityCenter Dashboard & Reporting

Audit Scanning SecurityCenter & PAN-OS

PAN-OS Configuration Tasks Create a service account for SecurityCenter to use. Allow SecurityCenter to connect to management interface. Set up SNMP allowed by local security policies.

Service Account Login to PAN-OS and navigate to the Device tab. On the left hand side, in the menu items, select Administrators Click the “ADD” button at the bottom of the screen Fill out the fields accordingly

PAN-OS Management Interface Login to PAN-OS and navigate to the Device tab. On the left hand side, in the menu items, select “Setup” & Management Tab Click on the icon located in the “Management Interface Settings” Configure HTTPS/Ping/SNMP management services. Assign the Permitted IP Addresses as necessary

SNMP Configuration Login to PAN-OS and navigate to the Device tab. On the left hand side, in the menu items, select “Setup” & Operations Tab Click the icon to enter SNMP Configuration. Configure the SNMP Settings according to local security policy.

SecurityCenter Configuration Tasks Import Audit File Create Credentials Create Scan Policy

Import Audit File Login to SecurityCenter and select Support > Audit Files Click the button. Provide a name and description for the Audit File setting. Browse the audit file location and select the appropriate file. Click submit to save the file.

Create Credentials Login to SecurityCenter and select Support > Credentials Click the button. SNMP credentials are added here. The API credentials are part of the scan policy.

Create Scan Policy Login to SecurityCenter and select Support > Scan Policies Click the button. Configure the basic settings as needed. Note: Netstat port scanners are not necessary. Select the audit file previously uploaded. Enable plugin & along with other plugins as necessary. Configure PAN-OS settings in Preferences

Log Configuration PAN-OS (Palo Alto Firewalls)

Log Configuration Setting The PAN-OS log configuration settings are in 4 places. Device > Server Profiles Device > Log Settings Objects > Log Forwarding Policies o All policies are configurable o Permit Policies o Deny Policies

Device > Server Profiles Configure the LCE as the Syslog Server. Login to PAN-OS and navigate to the Device tab. On the left hand side, in the menu items, select Server Profiles > Syslog Create the syslog profile Set the IP, port, log level

Device > Log Settings Set up LCE to collect device level syslog events. Login to PAN-OS and navigate to the Device tab. On the left hand side, in the menu items, select Log Settings System = Severity Setting Select the syslog server profile for each severity level.

Objects > Log Forwarding Log Forwarding is for security policies to use to forward logs. This can be for traffic based events and deny traffic events. Login to PAN-OS and navigate to the Objects tab. On the left hand side, in the menu items, select Log Forwarding Configure the setting as desired.

Policies Login to PAN-OS and navigate to the Policies tab. Note: In this example we will use “Security” policies, but the same concept applies to all types On the left hand side, in the menu items, select Security. Double click a Permit policy o Check Log at Session Start|End o Select the Log Forwarding Service Double click a Deny policy o Check Log at Session Start|End o Select the Log Forwarding Service

Netflow Configuration PAN-OS & LCE

PAN-OS Settings Configure the LCE as the Syslog Server. Login to PAN-OS and navigate to the Device tab. o On the left hand side, in the menu items, select Server Profiles > Netflow Server o Apply the applicable server settings o Ex: : 9995 Navigate to the Network tab. o On the left hand side, select Interfaces o Choose interface to capture network. o Apply Netflow profile

Netflow Client Download and install Netflow client o The lab was built with the following version: TenableNetFlowMonitor es6.x86_64.rpm Set the LCE Server in the config file o /opt/netflow_monitor/tfm.conf

LCE Policy Configuration Login to SecurityCenter as “admin” Select Resources > LCE Clients. Authorize the new client, then click Assign Policy Ensure the port is configured the same on the Palo Alto firewall More detailed Netflow policies are supported, but are beyond the scope of this guide.

Normalized Logs LCE

Normalized Logs The Tenable LCE team has normalized a series of log events to support Palo Alto. Paloalto-Allow_TCP_Start Paloalto-Allow_TCP_End Paloalto-Allow_UDP_Start Paloalto-Allow_UDP_End Paloalto-Allow_ICMP_Start Paloalto-Allow_ICMP_End Paloalto-Deny_TCP Paloalto-Deny_UDP Paloalto-Deny_ICMP Paloalto-Deny_TCP Paloalto-Deny_UDP Paloalto-Deny_ICMP Paloalto-Configuration_Edit Paloalto-Configuration_Delete Paloalto-Configuration_Commit Paloalto-System_General_Msg Paloalto-Threat_Spyware Paloalto-Threat_URL Paloalto-Threat_Vulnerability Paloalto-Threat_File Paloalto-Threat_Virus Paloalto-Authentication_Failed Paloalto- Authentication_Failed_Threshold_ Reached

Sample Normalized Events

Dashboard SecurityCenter

Dashboard (Published 17 Oct 2013)

Dashboard Components Palo Alto Status - Device Audit Vulnerabilities - This component displays a pass/fail indicator by check type. The Tenable_Palo_Alto_PAN-OS_Best_Practices.audit file has 5 check types, each focusing on a separate part of the configuration audit. Device: The firewall management and base operation settings Users: Lists local users in the device Security: Verifies the security setting of the configuration Update: Verifies the update server is configured Reports: The output from several report commands to display the report status Palo Alto Status - Netflow Summary - This component displays a summary of the top 10 TCP ports identified by Palo Alto native network collector. Palo Alto Status - Netflow By Port - This component displays the session count of the top 10 TCP ports identified by Palo Alto native network collector. Palo Alto Status - Top 10 Events - This component displays count of the top 10 Palo Alto syslog events. Palo Alto Status - Event Trend Summary - This component displays a trend line for the top 10 Palo Alto syslog events. Palo Alto Status - Event Indicator - This indicator component displays a series of Palo Alto syslog event indicators.

For Questions Contact Cody Dumont

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.