What is the best place to deploy the Next-Generation Firewall so that it monitors internal traffic?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

What is the best place to deploy the Next-Generation Firewall so that it monitors internal traffic?

L4 Transporter

A Palo Alto Networks next-generation firewall must capture network traffic sent between endpoints and data center servers.
 

To monitor internal network traffic, customers may: 

  • Use existing inline Next-Generation Firewalls that monitor internal network traffic as sensors to collect network metadata for Logging Service and Cortex XDR (formerly Magnifier).
  • Deploy a Next-Generation Firewall in inline L3 mode.  This deployment will also offer the added benefit of improved network security because of internal segmentation, threat prevention, and visibility.
  • Deploy another Next-Generation Firewall inline, in VWire mode.  This way the Next-Generation Firewall supports multiple VWire interfaces, so the customer’s network does not need to be re-architected, but it will require downtime.
  • Deploy another Next-Generation Firewall with multiple interfaces configured in TAP or SPAN ports or Network Packet Brokers to send the traffic to these Next-Generation Firewalls.
  • Configure new or unused interfaces on a perimeter Next-Generation Firewall to receive collected traffic in TAP mode, if the firewall has extra interfaces and can handle the additional traffic. The customer would use a Network Packet Broker to aggregate the east-west traffic to the perimeter firewall.
2 REPLIES 2

L1 Bithead

so could we use this solution via internet edge ?

Hi,

 

Cortex XDR is a security application cloud based solution relying on Palo Alto Application Frameworks which leverages Palo Alto Networks Logging Service.

 

Logging Service receives data from Palo Alto Networks devices whether they are on premise or in the cloud as well as from Global Protect Cloud Service.

 

To get the best out of it, Cortex XDR must see traffic between users and servers and traffic going from internal networks to Internet. Other traffic logs are a nice to have to collect as well but not mandatory.

 

To answer your question, traffic generated at internet edge, which logs are sent to Logging Service, is one of the must-have traffic we recommend but not the only one as described above.

 

I hope this answers your question.

 

Regards,

 

Bertrand

  • 9336 Views
  • 2 replies
  • 3 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!