https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/what-is-the-best-place-to-deploy-the-next-generation-firewall-so/m-p/204528#M6 <P>so could we use this solution via internet edge ?</P> Fri, 09 Mar 2018 10:24:15 GMT Fahadvu 2018-03-09T10:24:15Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/what-is-the-best-place-to-deploy-the-next-generation-firewall-so/m-p/198332#M4 <P>A Palo Alto Networks next-generation firewall must capture network traffic sent between endpoints and data center servers. <BR />&nbsp;</P> <P>To monitor internal network traffic, customers may:&nbsp;</P> <UL> <LI>Use existing inline Next-Generation Firewalls that monitor internal network traffic as sensors to collect network metadata for Logging Service and Cortex XDR (formerly Magnifier).</LI> <LI>Deploy a Next-Generation Firewall in inline L3 mode.&nbsp; This deployment will also offer the added benefit of improved network security because of internal segmentation, threat prevention, and visibility.</LI> <LI>Deploy another Next-Generation Firewall inline, in VWire mode.&nbsp; This way the Next-Generation Firewall supports multiple VWire interfaces, so the customer’s network does not need to be re-architected, but it will require downtime.</LI> <LI>Deploy another Next-Generation Firewall with multiple interfaces configured in TAP or SPAN ports or Network Packet Brokers to send the traffic to these Next-Generation Firewalls.</LI> <LI>Configure new or unused interfaces on a perimeter Next-Generation Firewall to receive collected traffic in TAP mode, if the firewall has extra interfaces and can handle the additional traffic. The customer would use a Network Packet Broker to aggregate the east-west traffic to the perimeter firewall.</LI> </UL> Tue, 26 Feb 2019 18:43:11 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/what-is-the-best-place-to-deploy-the-next-generation-firewall-so/m-p/198332#M4 kcross 2019-02-26T18:43:11Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/what-is-the-best-place-to-deploy-the-next-generation-firewall-so/m-p/204528#M6 <P>so could we use this solution via internet edge ?</P> Fri, 09 Mar 2018 10:24:15 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/what-is-the-best-place-to-deploy-the-next-generation-firewall-so/m-p/204528#M6 Fahadvu 2018-03-09T10:24:15Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/what-is-the-best-place-to-deploy-the-next-generation-firewall-so/m-p/204597#M7 <P>Hi,</P> <P>&nbsp;</P> <P>Cortex XDR is a security application cloud based solution relying on Palo Alto Application Frameworks which leverages&nbsp;Palo Alto Networks Logging Service.</P> <P>&nbsp;</P> <P>Logging Service receives data from Palo Alto Networks devices whether they are on premise or in the cloud as well as from Global Protect Cloud Service.</P> <P>&nbsp;</P> <P>To get the best out of it, Cortex XDR must see traffic between users and servers and traffic going from internal networks to Internet. Other traffic logs are&nbsp;a nice to have to collect as well but not mandatory.</P> <P>&nbsp;</P> <P>To answer your question, traffic generated at internet edge, which logs are&nbsp;sent to Logging Service, is one of the must-have traffic we recommend but not the only one as described above.</P> <P>&nbsp;</P> <P>I hope this answers your question.</P> <P>&nbsp;</P> <P>Regards,</P> <P>&nbsp;</P> <P>Bertrand</P> Thu, 04 Apr 2019 23:32:04 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/what-is-the-best-place-to-deploy-the-next-generation-firewall-so/m-p/204597#M7 Retired Member 2019-04-04T23:32:04Z