12-05-2017 03:06 AM
Hello Brothers,
Plz i want make a POC with one of our clients, but i need to know what's th best practise for putting the PaloAlto in TAP mode !!
i mean:
1-what's the rule policy that i must create ?? must enable all security profile ?
2-must make dycryption rule ?
3-Wich elements i must focus on for the best practise and give the best report to the client ??
Plz help
NB:(technicaly i can deploy PA on TAP mode with no problem)
Thanks
12-06-2017 02:38 AM
Hi @hamza_ineos
1. you will want to set a policy from tap to tap, allow
This will ensure you allow all the packets to be received and APP-ID and scanning to take place on all the received sessions (if you select drop you will only see discarded packets with no further context)
2. decryption will only work for inbound connections since you are not able to insert te firewall into the stream (for inbound connections you can import the server certificate and will know the private key)
3. make sure you have all the security profiles enabled (best is to create all new profiles that mimic strict enforcement), and set all the desirable URL categories to 'alert' (as allow does not log). If you have a WildFire License fdon't forget to enable WildFire profiles in the AntiVirus profile
12-06-2017 02:38 AM
Hi @hamza_ineos
1. you will want to set a policy from tap to tap, allow
This will ensure you allow all the packets to be received and APP-ID and scanning to take place on all the received sessions (if you select drop you will only see discarded packets with no further context)
2. decryption will only work for inbound connections since you are not able to insert te firewall into the stream (for inbound connections you can import the server certificate and will know the private key)
3. make sure you have all the security profiles enabled (best is to create all new profiles that mimic strict enforcement), and set all the desirable URL categories to 'alert' (as allow does not log). If you have a WildFire License fdon't forget to enable WildFire profiles in the AntiVirus profile
12-06-2017 02:55 AM - edited 12-06-2017 03:12 AM
thanks for very much brother
ok also i need to know plz, after this POC, what's the very important things that i must looking at and talking about it with client in report side for exemple ??
12-06-2017 03:27 AM - edited 12-06-2017 03:55 AM
Hi @hamza_ineos
do you know how to run the Security Lifecycle Review? https://riskreport.paloaltonetworks.com/SLR
This will outline the most notable information found in your logs
You may want to reach out to your local sales team for assistance how to 'bring' this information to your customer most efficiently
12-06-2017 03:36 AM
ok thanks very much brother 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
