Archive for Palo Alto Networks

The Benefits of Palo Alto Networks Firewall Single Pass Parallel Processing (SP3) and Hardware Architecture

What makes Palo Alto Networks Next-Generation Firewall (NGFW) so different from its competitors is its Platform, Process and Architecture. Palo Alto Networks delivers all the next generation firewall features using the single platform, parallel processing and single management systems, unlike other vendors who use different modules or multiple management systems to offer NGFW features.

Palo Alto Networks Next-Generation Firewall’s main strength is its Single Pass Parallel Processing (SP3) Architecture, which comprises two key components:

  • Single Pass Software
  • Parallel Processing Hardware

 

Figure 1.   Palo Alto Networks Firewall Single Pass Parallel Processing Architecture

» Read more

Web & CLI Initial Configuration, Gateway IP, Management Services & Interface, DNS – NTP Setup, Accounts, Passwords, Firewall Registration & License Activation

The introduction of Next Generation Firewalls has changed the dimension of management and configuration of firewalls, most of the well-known Firewall vendors have done a major revamp, be it the traditional command line mode or the GUI mode.

Palo Alto Networks is no different to many of those vendors, yet it is unique in terms of its WebUI. It’s a whole new experience when you access the WebUI of Palo Alto Networks Next-Generation Firewalls.

In order to start with an implementation of the Palo Alto Networks Next-Generation Firewalls one needs to configure them. Palo Alto Networks Next-Generation Firewalls can be accessed by either an out-of-band management port labelled as MGT or a Serial Console port (similar to Cisco devices). By using the MGT port, one can separate the management functions of the firewall from the data processing functions. All initial configurations must be performed either on out-of-band management interface or by using a serial console port. The serial port has default values of 9600-N-1 and a standard roll over cable can be used to connect to a serial port.

 

Figure 1.   Palo Alto Networks Firewall PA-5020 Management & Console Port

» Read more

Tap Mode, Virtual Wire, Layer 2 & Layer 3 Deployment modes

Our previous article explained how Palo Alto Firewalls make use of Security Zones to process and enforce security policies. This article will explain the different configuration options for physical Ethernet and logical interfaces available on the Palo Alto Firewall.

It’s easy to mix and match the interface types and deployment options in real world deployments and this seems to be the strongest selling point of Palo Alto Networks Next-Generation Firewalls. Network segmentation becomes easier due to the flexibility offered by a single pair of Palo Alto appliances.

Below is a list of the configuration options available for Ethernet (physical) interfaces:

  • Tap Mode
  • Virtual Wire
  • Layer 2
  • Layer 3
  • Aggregate Interfaces
  • HA

Following are the Logical interface options available:

  • VLAN
  • Loopback
  • Tunnel
  • Decrypt Mirror

The various interface types offered by Palo Alto Networks Next-Generation Firewalls provide flexible deployment options.

» Read more

Thuê Lab Online

 

Nhằm hỗ trợ cho các bạn có nhu cầu thực hành trên các thiết bị của các hãng, HVAT Networks bắt đầu cung cấp dịch vụ cho thuê lab ảo, tùy biến theo nội dung yêu cầu của từng bạn.

1. Đối tượng:

  • Kỹ sư tích hợp hệ thống CNTT.
  • Quản trị hệ thống mạng trong doanh nghiệp.
  • Giảng viên đào tạo về lĩnh vực CNTT.
  • Sinh viên CNTT, muốn thực tập thực tế, để lựa chọn công việc phù hợp theo sở trường.
  • Thí sinh có nhu cầu ôn tập labs trước các kỳ thi lấy chứng chỉ Quốc tế.

2. Hình thức:

  • Hình thức 1: Thực hành lab trên mô hình được HVAT Networks dựng sẵn.
  • Hình thức 2: Thực hành lab trên mô hình được các bạn tự tạo.

3. OS hỗ trợ

  • Cisco ASA 8.0.2 (Singe and Multi Context)
  • Cisco ASA 8.4.2 (Support Multi Context)
  • Cisco ASA 9.1.15 (Support Multi Context)
  • Cisco ASAv
  • Cisco ACS
  • Cisco CDA
  • Cisco IPS
  • Cisco ISE
  • Cisco vWAAS
  • Cisco vWSA
  • Cisco CSR1000v
  • Cisco NX-OSv
  • Cisco IOL
  • Cisco vIOS
  • Cisco vIOS L2
  • Cisco vNAM
  • Cisco FirePower
  • Cisco vWLC
  • Cisco XRv
  • Juniper Networks M Series Router
  • Juniper Networks vMX Router
  • Juniper Networks vSRX Firewall
  • A10 Networks vThunder Virtual Appliance
  • Alcatel 7750 Virtual Service Router
  • Arista Networks Switches
  • Aruba Networks Security – Clearpass
  • Brocade Virtual ADX
  • Citrix Netscaler VPX Virtual
  • Checkpoint Firewall
  • Cumulus VX
  • Extreme Networks Virtual
  • F5 BIG-IP LM
  • Fortinet Virtual Firewall
  • HP Virtual Router
  • Mikrotik
  • Ostinato Traffic Generator
  • Palo Alto Virtual Firewall
  • S-Terra Firewall
  • VyOS
  • MS Windows 7
  • MS Windows XP
  • MS Windows Server 2008R2
  • MS Windows Server 2003 and 2003 R2
  • Various liveCD Linux images (eg. tinycore, damnsmalllinux, slax)

4. Chi phí:

  • Giá thuê: 200.000/ngày
  • Các bạn có thể gửi bài lab cho HVAT Networks để setup sẵn (nếu có).
  • Thời gian: 9:00AM đến 9:00PM.
  • Tất cả các ngày trong tuần.
  • Phù hợp cho nhóm lab.

5. Liên hệ:

  • Người liên hệ: Hồ Vũ Anh Tuấn
  • Điện thoại: 0909.01.3486
  • Skype hỗ trợ kỹ thuật: hvanhtuan

 

oOo ~(^_^)~ oOo