topic Re: Deep Packet inspection for Internal Vlan in General Topics

Deep Packet inspection for Internal Vlan

Mahmoud-Osama — Tue, 10 Nov 2020 20:26:56 GMT

Dear All,

First, I would like to thank the community for help us a lot of time. i have a question, is their feature in Palo Alto to inspect the internal traffic (IDS and IPS)?

Re: Deep Packet inspection for Internal Vlan

reaper — Tue, 10 Nov 2020 21:23:00 GMT

Yes, if you are unable reply the firewall "inline" (layer2 or vwire) you can still set up a TAP port, which acts as a sniffer port like an IDS

You can connect the tap to a span port on your switch and forward all traffic within a vlan to it for inspection

Do take into account the following things

- the span port must duplicate all inbound and outbound packets for.sessions to be 'complete'

- forward Ssl decryption is not possible, inbound inspection can be set up if you import the server certificate

- there needs to be a security rule from tapzone, to.tapzone, allow, with security profiles

- take into account additional.bandwith and other resource usage on both firewall and switch

Re: Deep Packet inspection for Internal Vlan

Mahmoud-Osama — Tue, 10 Nov 2020 21:43:43 GMT

@reaper thanks for your reply, really appreciate it.

Please, is IDP and IPS under

Object,

security profile!

am i correct ?

Re: Deep Packet inspection for Internal Vlan

OtakarKlier — Thu, 12 Nov 2020 23:12:48 GMT

Hello,

This is a combination of different settings. Lets say you want to inspect traffic between Zones A and B. Just create a security policy that allows the traffic to flow between those zones (specific applications, etc.). Then make sure you apply 'Profile Settings' for AntiVirus, AntiSpyware, Vulnerability protection, etc., just dont do internal URL Filtering, just eats up resources and creates a headache for you.

Hope that helps.