What are Labs?
The goal is to take part in the ongoing and open discussion of these challenges. We welcome suggestions for future Labs or if you are so inclined you can create your own Lab and share it with us via email@example.com
For access to live Palo Alto Networks boxes for lab practice purposes please go to: https://www.paloaltonetworks.com/services/education/cybersecurity-skills-practice-lab
This is a no charge service provided by Palo Alto Networks.
If you would like to be notified by email when new labs become available, sign up here.
User Identification is one of the most frequently asked for and effective features that can be used to control network traffic and provide a wealth of audit and forensic data. Having the ability to dynamically map users to network addresses in real-time can be a very powerful and versatile tool. This is especially true with the widespread use of DHCP and the ever-growing number of network-enabled devices. Palo Alto Networks firewalls offer User-ID features to dynamically map user identities with IP Addresses and provide user directory Group context.
There are numerous different ways the Palo Alto Networks firewall can gather username to IP mappings to determine which user is using which computer. The “syslog listener” is the newest method and it shifts from being a “pull” technique where the user-id agent actively goes out to retrieve the data from the sources to a “push” method where the sources send the data to the user-id agent automatically. This lab exercise will explore use cases and how to configure the user-id agent to leverage this new method for collecting user to ip address mappings.
Using Mine Meld for IoC Feed Aggregation
In order to prevent successful cyberattacks, many organizations collect indicators of compromise (IOCs) from various threat intelligence providers with the intent of creating new controls for their security devices. Unfortunately, legacy approaches to aggregation and enforcement are highly manual in nature, often creating complex workflows and extending the time needed to identify and validate which IOCs should be blocked.
Now security organizations can leverage MineMeld, an open-source application that streamlines the aggregation, enforcement and sharing of threat intelligence. This lab will walk you through the deployment and initial configuration of Mine Meld as a a dynamic data feed into your Palo Alto Networks firewall.
Using Destination NAT to Isolate Internet Facing Services
March 6, 2018
We all have network services that must be exposed to the internet for our world to function — DNS, mailRead More
Migration to App-ID Based Security Policy
February 2, 2018
Legacy firewall rules are created around the Network (IPs) and Transport (Ports) layers of the Open Systems Interconnection (OSI) model.Read More
Application-Based Quality of Service on Palo Alto Networks Firewalls
January 3, 2018
Quality of Service (QoS) on Palo Alto Networks firewalls represents a set of features used to prioritize and adjust qualityRead More
Troubleshooting with counters, test, and Flow Basic
December 1, 2017
There are a myriad of decision points the firewall makes on a session as it is processed adding complexity toRead More
Deploying SSL Decryption with a Palo Alto Networks Firewall
October 31, 2017
Network Security Systems, including firewalls, can be configured to control (permit or deny) encrypted traffic, but cannot decipher the contentsRead More
Enabling Zone and DoS Protection in Palo Alto Networks Firewalls
October 6, 2017
Denial of Service (DoS) and Distributed Denial of Service (DDoS) types of attack are attempts to disrupt network services byRead More
Automated Reporting in Palo Alto Firewalls
March 7, 2017
Your mission, should you choose to accept it, is to automate the generation and delivery of the various different reportsRead More