What is the best place to deploy the Next-Generation Firewall so that it monitors internal traffic?

Reply
L1 Bithead

What is the best place to deploy the Next-Generation Firewall so that it monitors internal traffic?

A Palo Alto Networks next-generation firewall must capture network traffic sent between endpoints and data center servers.
 

To monitor internal network traffic, customers may: 

  • Use existing inline Next-Generation Firewalls that monitor internal network traffic as sensors to collect network metadata for Logging Service and Cortex XDR (formerly Magnifier).
  • Deploy a Next-Generation Firewall in inline L3 mode.  This deployment will also offer the added benefit of improved network security because of internal segmentation, threat prevention, and visibility.
  • Deploy another Next-Generation Firewall inline, in VWire mode.  This way the Next-Generation Firewall supports multiple VWire interfaces, so the customer’s network does not need to be re-architected, but it will require downtime.
  • Deploy another Next-Generation Firewall with multiple interfaces configured in TAP or SPAN ports or Network Packet Brokers to send the traffic to these Next-Generation Firewalls.
  • Configure new or unused interfaces on a perimeter Next-Generation Firewall to receive collected traffic in TAP mode, if the firewall has extra interfaces and can handle the additional traffic. The customer would use a Network Packet Broker to aggregate the east-west traffic to the perimeter firewall.
L1 Bithead

Re: What is the best place to deploy the Next-Generation Firewall so that it monitors internal traff

so could we use this solution via internet edge ?

Highlighted
L3 Networker

Re: What is the best place to deploy the Next-Generation Firewall so that it monitors internal traff

Hi,

 

Cortex XDR is a security application cloud based solution relying on Palo Alto Application Frameworks which leverages Palo Alto Networks Logging Service.

 

Logging Service receives data from Palo Alto Networks devices whether they are on premise or in the cloud as well as from Global Protect Cloud Service.

 

To get the best out of it, Cortex XDR must see traffic between users and servers and traffic going from internal networks to Internet. Other traffic logs are a nice to have to collect as well but not mandatory.

 

To answer your question, traffic generated at internet edge, which logs are sent to Logging Service, is one of the must-have traffic we recommend but not the only one as described above.

 

I hope this answers your question.

 

Regards,

 

Bertrand

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!