Sun Management - Rising Technologies


Teach a man to fish…

Solving IT and cyber challenges by providing problem-solution virtual labs for ongoing learning opportunities. These labs will focus on the key questions facing those in the information technology community and walk through how to solve challenges in the ever-changing technology software landscape.

What are Labs?

The goal is to take part in the ongoing and open discussion of these challenges. We welcome suggestions for future Labs or if you are so inclined you can create your own Lab and share it with us via

For access to live Palo Alto Networks boxes for lab practice purposes please go to:
This is a no charge service provided by Palo Alto Networks.

Sign up

If you would like to be notified by email when new labs become available, sign up here.

What are Labs? Sign up

Current Lab

Using “Syslog Listener” to Collect User-ID data

April 4, 2018

User Identification is one of the most frequently asked for and effective features that can be used to control network traffic and provide a wealth of audit and forensic data. Having the ability to dynamically map users to network addresses in real-time can be a very powerful and versatile tool. This is especially true with the widespread use of DHCP and the ever-growing number of network-enabled devices. Palo Alto Networks firewalls offer User-ID features to dynamically map user identities with IP Addresses and provide user directory Group context.

There are numerous different ways the Palo Alto Networks firewall can gather username to IP mappings to determine which user is using which computer. The “syslog listener” is the newest method and it shifts from being a “pull” technique where the user-id agent actively goes out to retrieve the data from the sources to  a “push” method where the sources send the data to the user-id agent automatically. This lab exercise will explore use cases and how to configure the user-id agent to leverage this new method for collecting user to ip address mappings.

Next Lab

Using Mine Meld for IoC Feed Aggregation

In order to prevent successful cyberattacks, many organizations collect indicators of compromise (IOCs) from various threat intelligence providers with the intent of creating new controls for their security devices. Unfortunately, legacy approaches to aggregation and enforcement are highly manual in nature, often creating complex workflows and extending the time needed to identify and validate which IOCs should be blocked.

Now security organizations can leverage MineMeld, an open-source application that streamlines the aggregation, enforcement and sharing of threat intelligence. This lab will walk you through the deployment and initial configuration of Mine Meld as a a dynamic data feed into your Palo Alto Networks firewall.

    Past Labs

  • Using Destination NAT to Isolate Internet Facing Services March 6, 2018

    We all have network services that must be exposed to the internet for our world to function — DNS, mailRead More

  • Migration to App-ID Based Security Policy February 2, 2018

    Legacy firewall rules are created around the Network (IPs) and Transport (Ports) layers of the Open Systems Interconnection (OSI) model.Read More

  • Application-Based Quality of Service on Palo Alto Networks Firewalls January 3, 2018

    Quality of Service (QoS) on Palo Alto Networks firewalls represents a set of features used to prioritize and adjust qualityRead More

  • Troubleshooting with counters, test, and Flow Basic December 1, 2017

    There are a myriad of decision points the firewall makes on a session as it is processed adding complexity toRead More

  • Deploying SSL Decryption with a Palo Alto Networks Firewall October 31, 2017

    Network Security Systems, including firewalls, can be configured to control (permit or deny) encrypted traffic, but cannot decipher the contentsRead More

  • Enabling Zone and DoS Protection in Palo Alto Networks Firewalls October 6, 2017

    Denial of Service (DoS) and Distributed Denial of Service (DDoS) types of attack are attempts to disrupt network services byRead More

  • Automated Reporting in Palo Alto Firewalls March 7, 2017

    Your mission, should you choose to accept it, is to automate the generation and delivery of the various different reportsRead More