Install SSL certificate on Palo Alto Networks or Cisco ASA Firewalls

Jun 2, 2019

Overview Firewalls require SSL certificates in one of the following scenarios: Secure management WebGUI access Provide SSL-based remote VPN Perform peer authentication to establish Site-To-Site VPN tunnels Administrator’s tasks include obtaining a certificate either through public or enterprise Certificate Authority, certificate renewal and ensuring that the private key is safe and backed up. This article …

Read More

Site-To-Site VPNs on Palo Alto Networks Firewalls

Apr 5, 2019

Palo Alto Networks firewalls provide site-to-site and remote access VPN functionality. This article covers overview and configuration of IPSec site-to-site tunnels which are compatible with equipment from other vendors. IPSec tunnel is established between two gateways over IP network and is transparent to end devices communicating over this tunnel. Transport network (usually Internet) between gateways …

Read More

Packet Flow And Order Of Operations in Pan OS

Mar 15, 2019

Order of operations in Palo Alto Networks firewalls consists of 6 stages: Ingress > Session Setup (Slowpath) > Existing Session (Fastpath) > Application Identification > Content Inspection > Egress Forwarding. Understanding how traffic is being processed within the firewall is important for writing security and NAT policies and troubleshooting. The following sections provide information about ...

Read More

Palo Alto Firewalls Configuration Management

Mar 10, 2019

Candidate and Running Config Palo Alto Firewalls are using commit-based configuration system, where the changes are not applied in the real-time as they are done via WebGUI or CLI. To apply the changes, an administrator needs either to enter commit command in CLI or to press Commit button in WebGUI. Configuration file is stored in ...

Read More