Superior protection with PAN-OS 8.0!

by ‎10-10-2017 06:45 AM - edited ‎10-10-2017 09:41 AM (3,120 Views)

The Palo Alto Networks firewall is a complex firewall.  I'm not saying it's a difficult firewall, but there's a ton you can do with it that you might not even know existed.  Along with performing mundane acts like blocking or allowing sessions, it can perform more complex tasks like Multi Factor Authentication, auto-quarantine endpoints, or dynamically create VPN tunnels, just to name a few examples. 

 

I like to compare it with how the human brain works and the myth that exists saying we only use a small percentage of our brain's capacity.BRAINsleep.gif

 

That said, it's not so surprising that certain features of this wonderful device are still unknown for many of our users.  

 

Then again, some of us are just lazy and use only 10% of our brain capacity ... but let's not go there because I'd like to believe most of us aren't that lazy!

 

Kim Wall, who is a System Engineer right here at Palo Alto Networks, wrote an interesting article with 3 different use cases that might and probably will protect your network even more.

 

Sure enough, in his article he discusses how, with PAN-OS 8.0, you can even have MFA upon applications that aren't even 2FA aware!

 

Picture1.png

 

For detailed multi-factor authentication configuration see the PAN-OS 8.0 Administrators Guide:

Configure Multi-Factor Authentication

 

Another use case Kim covers in his article is to automatically quarantine endpoints upon authentication failure and critical security events using Dynamic Address Groups which matches tag criteria and Log Forwarding Profiles!

 

2017-10-10_17-06-30.jpg

 

 

See the PAN-OS 8.0 Administrator’s Guide for detailed information on Dynamic Address Groups:

Use Dynamic Address Groups in Policy

 

Kim's third use case covers GlobalProtect Cloud Service, which offers a managed, scalable service to dynamically mesh remote sites with IPSec/SSL.

 

That said, I strongly recommend to check out Kim's article that has more details on all 3 use cases mentioned here :

Protecting ICS and SCADA Networks with PANOS 8.0

 

Cheers!

-Kiwi.

Ask Questions Get Answers Join the Live Community