Alto MS Series User Manual Page 53
- Page / 108
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Getting Started Guide 49
Create the Security Perimeter Set Up Basic Security Policies
Define Basic Security Rules
Step 1 Permit Internet access for all users on the
enterprise network.
Zone: Trust to Untrust
Note By default, the firewall includes a security
rule named rule1 that allows all traffic
from Trust zone to Untrust zone. You can
either delete the rule or modify the rule to
reflect your zone-naming convention.
To safely enable applications that are required for day-to-day
business operations we will create a simple rule that allows access to
the Internet. To provide basic threat protection, we will attach the
default security profiles available on the firewall.
1. Select
Policies > Security and click Add.
2. Give the rule a descriptive name in the General tab.
3. In the
Source tab, set the Source Zone to Trust.
4. In the
Destination tab, Set the Destination Zone to Untrust.
Note To scan policy rules and visually identify the zones on each
rule, create a tag with the same name as the zone. For
example, to color code the Trust zone as green, select
Objects > Tags, click Add and Name the tag Trust, and
select the
Color green.
5. In the
Service/ URL Category tab, select service-http and
service-https.
6. In the
Actions tab, complete these tasks:
a. Set the
Action Setting to Allow.
b. Attach the default profiles for antivirus, anti-spyware,
vulnerability protection and URL filtering, under
Profile
Setting.
7. Verify that logging is enabled at the end of a session under
Options. Only traffic that matches a security rule will be logged.
Step 2 Permit users on the internal network to
access the servers in the DMZ.
Zone: Trust to DMZ
Note If using IP addresses for configuring
access to the servers in the DMZ, make
sure to always refer to the original IP
addresses in the packet (i.e. the pre-NAT
addresses), and the post-NAT zone.
1. Click
Add in the Policies > Security section.
2. Give the rule a descriptive name in the
General tab.
3. In the
Source tab, set the Source Zone to Trust.
4. In the
Destination tab, set the Destination Zone to DMZ.
5. In the
Service/ URL Category tab, make sure the Service is set
to
application-default.
6. In the
Actions tab, set the Action Setting to Allow.
7. Leave all the other options at the default values.
- Palo Alto Networks 1
- Contact Information 2
- About this Guide 2
- Table of Contents 3
- Table of Contents 4
- Management Network 5
- Perform Initial Configuration 6
- 4 Getting Started Guide 8
- 6 Getting Started Guide 10
- 8 Getting Started Guide 12
- Activate Firewall Services 13
- Manage Content Updates 15
- 12 Getting Started Guide 16
- Install Software Updates 17
- 14 Getting Started Guide 18
- Add Firewall Administrators 19
- How to Configure 20
- 18 Getting Started Guide 22
- Monitor the Firewall 23
- View Local Log Data 24
- View Reports 25
- Set Up Email Alerts 27
- Set Up SNMP Trap Destinations 27
- 24 Getting Started Guide 28
- Define Syslog Servers 29
- 26 Getting Started Guide 30
- Forward Logs to Panorama 31
- Enable Log Forwarding 31
- 28 Getting Started Guide 32
- Create the Security Perimeter 35
- Security Perimeter Overview 36
- Virtual Wire Deployments 37
- Layer 2 Deployments 37
- Layer 3 Deployments 37
- About Security Policies 38
- Optional 40
- Policy Best Practices 41
- About Policy Objects 41
- About Security Profiles 42
- Getting Started Guide 39 43
- Set Up Interfaces and Zones 44
- 42 Getting Started Guide 46
- Configure NAT Policies 47
- 44 Getting Started Guide 48
- 46 Getting Started Guide 50
- Create Security Rules 52
- 50 Getting Started Guide 54
- Test Your Security Policies 55
- Getting Started Guide 53 57
- Monitor > Logs 57
- Enable WildFire 59
- Scan Traffic for Threats 59
- Control Access to Web Content 59
- Set Up File Blocking 64
- Continue to 66
- 64 Getting Started Guide 68
- For More Information 69
- Configure User Identification 71
- User Identification Overview 72
- About User Mapping 73
- PAN-OS XMLAPI Usage Guide 74
- Enable User Identification 75
- 72 Getting Started Guide 76
- Map IP Addresses to Users 77
- Configure User Mapping 78
- Captive Portal Modes 81
- Configure Captive Portal 82
- 80 Getting Started Guide 84
- 82 Getting Started Guide 86
- Getting Started Guide 85 89
- Monitor > Logs) 89
- Set Up High Availability 91
- HA Overview 92
- Getting Started Guide 89 93
- Failover Triggers 94
- HA Timers 94
- 92 Getting Started Guide 96
- Getting Started Guide 93 97
- Configuration Guidelines 98
- 96 Getting Started Guide 100
- 98 Getting Started Guide 102
- 100 Getting Started Guide 104
- Click Commit 106
- Verify Failover 107
- Getting Started Guide 108
© 2020, manymanuals.com. All rights reserved. | 4.925 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals