topic Re: PAN-OS 8.0 Blue team help (In a little over my head) in Advanced Threat Prevention Discussions

PAN-OS 8.0 Blue team help (In a little over my head)

Roydub83 — Fri, 15 Nov 2019 21:21:11 GMT

I joined my schools cyber defense team last week, and subsequently volunteered to manage the firewall (Palo Alto VM version 8.0.0). I was supposed to have until the 23rd to learn as much as I could. However, due to scheduling conflicts we were moved to tomorrow. So, I need some help.

Luckily it just so happened that on Veterans Day Palo Alto Networks opened up a massive learning lab for veterans (thank you!), and because I am a veteran I have been able to learn quite a bit. So I figure I will just follow the chapter on "best practices for securing administrative access" in the manual? Along with closing every port except 80 and 443 (which are required as part of the rules)

Should I disable SSH and PING? I don't have the time to learn the CLI commands and since I KNOW we will be getting attacked this just seems like a security risk.
The best practices says not to allow access over Telnet and HTTP. I don't plan on using Telnet, but does the firewall auto configure for HTTPS when you are signing in "locally?" Or will I need to create my own certificates?
1. My only firewall experience is pfSense which I am very comfortable with, but pfSense this is not lol.

Tomorrows event is a practice invitational (thank God). But the rules are the same as the actual competition that will take place in February. We cannot bring anything electronic into the room, only paperwork. However, if it is online and publicly available then we are free to use it (github etc)

Sorry for the long post, but I think it warranted a bit of an explanation. Thank you for any help

Re: PAN-OS 8.0 Blue team help (In a little over my head)

OtakarKlier — Fri, 15 Nov 2019 22:13:48 GMT

Hello,

First, thank you for your service! I only allow SSH, HTTPS, and PING for my management interface. The PING is for my monitoring solution so that I know if there are any layer3/4 issues. Even though you might not use the cli that often, there are times when troubleshooting that it is essential, yes allow it.

Check out the rest of the article and you can limit to specific source IP's. Meaning if you have a static or a DHCP reservation, it will only allow you and drop the rest :).

Hope that helps and feel free to ask as many questions as you like!

Cheers!

Re: PAN-OS 8.0 Blue team help (In a little over my head)

Roydub83 — Sat, 16 Nov 2019 04:05:19 GMT

Yes that helps very much.

I was assuming the SSH and PING settings were global and I get the idea of keeping them enabled. This is a pretty amazing firewall. We will see how two days worth of knowledge does lol.

Thank you again for your help