bykiwi10-10-201706:45 AM - edited 10-10-201709:41 AM
The Palo Alto Networks firewall is a complex firewall. I'm not saying it's a difficult firewall, but there's a ton you can do with it that you might not even know existed. Along with performing mundane acts like blocking or allowing sessions, it can perform more complex tasks like Multi Factor Authentication, auto-quarantine endpoints, or dynamically create VPN tunnels, just to name a few examples.
I like to compare it with how the human brain works and the myth that exists saying we only use a small percentage of our brain's capacity.
That said, it's not so surprising that certain features of this wonderful device are still unknown for many of our users.
Then again, some of us are just lazy and use only 10% of our brain capacity ... but let's not go there because I'd like to believe most of us aren't that lazy!
Kim Wall, who is a System Engineer right here at Palo Alto Networks, wrote an interesting article with 3 different use cases that might and probably will protect your network even more.
Sure enough, in his article he discusses how, with PAN-OS 8.0, you can even have MFA upon applications that aren't even 2FA aware!
For detailed multi-factor authentication configuration see the PAN-OS 8.0 Administrators Guide:
Another use case Kim covers in his article is to automatically quarantine endpoints upon authentication failure and critical security events using Dynamic Address Groups which matches tag criteria and Log Forwarding Profiles!
See the PAN-OS 8.0 Administrator’s Guide for detailed information on Dynamic Address Groups: