A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

Reply
Community Team Member

A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

A wrap of our summer question leads into fall or autumn, as your preference may be, wherein we ask:

 

What is your favorite Palo Alto Networks feature?

Did it help solve a problem you were facing?

 

As a former support engineer, I always like to hear when customers arrive at that a-ha moment of understanding or discovery, when the firewall does something simple and basic, or amazing and extraordinary, but always in time to solve a problem.

 

I'm looking forward to hearing which feature(s) of the firewall most tickle your fancy. I've got a few of my own... You first.

Stay Secure,
Joe
End of line
L7 Applicator

Re: A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

I've got a few.

 

Wildfire

While you surely can't rely on wildfire for everything, I get a large amount of alerts throughout the day from users downloading dumb things, or actively seeing SMTP traffic that I can make sure was actively blocked by our spam gateway. It's amazing how much stuff Wildfire catches that I act upon on a daily basis, and how much traffic it stops throughout the day so that it doesn't even get onto the users machine. (Pair this with Traps and you have a winning combination) 

 

DoS/Zone Protection:

It's amazing to me how easy this feature is to configure, but yet it's one of the least utilized features on the firewall when you actually start talking to other Palo Alto customers. Most people think this is some incredibly hard thing to configure, and really if you take your time it's stupid easy. 

 

URL Filtering:

This is a fairly simple thing, but I love it from a feature prospective. I can ensure that any known malicious URLs aren't visited, and get a report everyday of those that did manage to visit a malicious URL. This used to be something that you had to manage another appliance for, and now it just ties right into your firewalls so that you can manage it just like you would anything else. Again a stupid easy feature, but one where I'll see people with active licenses not understand how it functions and do things like not include a profile in the correct security policies so that it actually functions. 

L6 Presenter

Re: A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

Tha ability to have two default gateways.

 

we have dedicated pa’s for globalprotect and dedicated pa’s for internet access.

 

the globalprotect portal and gateway addresses can be within the external virtual router with an isp default gateway but the vpn tunnel interface can be within the internal virtual router and import a default gateway via ospf.

 

so... all vpn traffic not destined for the private network (we don’t allow split tunneling) is sent via the dedicated internet pa’s.

 

 

L7 Applicator

Re: A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

Too many to list! 

 

One of my favorites is the Unified Log Viewer.  It's so nice to be able to quickly determine the source of blocked traffic.  (Security policy?  Vulnerability Signature?  WildFire signature?  File Blocking?  Data Filtering?  Spyware?  DNS?  URL Category?  etc.)  

 

I'll use a query in the unified log viewer such as:

  (addr in x.x.x.x) and (action neq alert) and (action neq allow) and (app neq quic) and (app neq teredo)

 

You could easily substitute the app neq quic/teredo with a rule name for 'known' blocked applications.  I use (addr in x.x.x.x) because I'm interested to see what was blocked regardless of directionality.  This catches the "outbound FTP" application logs, but also the "inbound file download" via that outbound FTP connection.  

 

I highly recommend adding the Session ID column to the Unified Log Viewer output.  That way you can fan out from a blocked log by filtering for that session ID and seeing which parts were permitted vs denied.  

 

One example:  I had a problem with Windows Updates a while ago.  With a single query, the Unified Log Viewer surfaced a security policy that permitted windows updates but had a strict file blocking profile attached, which was blocking certain "required" file types from being downloaded.  

L2 Linker

Re: A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

Really it’s awesome product, I hope I don’t forget any of amazing features that Palo Alto Firewalls can provide to us.

#Visibility and control
# Users activity reports
# URL Filtering
# File Blocking

And more....
Just in one rule I can define and use all of this features.

#allow source user ( User-ID) to access a specific destination IP using a specific applications (App-ID) over some (Services or URL Category) and allow him only for downloading a specific file (File Blocking) like (zip, msi, exe etc..) for a period of time (Schedule ) and keeps the user activity logs at start or end and forward logs to my SIEM solution.
Fawaz El-Diasti
PCNSE 7, ACE PAN-OS 6.1, 7.0, 8.0
L2 Linker

Re: A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

I like the URL filtering category even though it has caused me some issues every now and then. The threat and wildfire submissions helped us track down some problematic packets a few times as well. I'd really live to dive more into the decryption and QoS features but haven't had time to learn how to properly implement them yet.

L3 Networker

Re: A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

Hi There, 

 

For troubleshooting the Palo's features are second to none. 

4 stages of the pcaps, flow basic and counters produces indisputable logs for an issue being a palo's fault or an upstream device. More often than not its the later :-) 

The techncial support file for a recap of what happened after an event is very useful for explaining why something occcurred. 

 

Cheers

 

Rob 

L2 Linker

Re: A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

A few ones:

#Credential Detection

#Unified Log view

#Tunnel Inspection 

Nig
L1 Bithead

Re: A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

The OFF button!

 

Twenty five years in the firewall and network game and I've never had so much frustruation and exasperation with any piece of kit as I have with these Palo Altos. I've used Fortigates, Watchguards, Sidewinders and even been known to roll me own using iptables and none of them have been as confusing and illogical as these boxes.

 

Three years experience with Palo Altos and I still don't grok them! Nothing more pleasing than to switch them off;-)

L4 Transporter

Re: A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

The USB port, so that I can charge my phone when working overtime fixing stuff....

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!