Best practise For TAP Mode
cancel
Showing results for 
Search instead for 
Did you mean: 

Best practise For TAP Mode

L2 Linker

Hello Brothers,

 

Plz i want make a POC with one of our clients, but i need to know what's th best practise for putting the PaloAlto in TAP mode !!

i mean:

1-what's the rule policy that i must create ?? must enable all security profile ?

2-must make dycryption rule ?

3-Wich elements i must focus on for the best practise and give the best report to the client ??

 

Plz help

NB:(technicaly i can deploy PA on TAP mode with no problem)

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

L7 Applicator

Hi @hamza_ineos

 

1. you will want to set a policy from tap to tap, allow

This will ensure you allow all the packets to be received and APP-ID and scanning to take place on all the received sessions (if you select drop you will only see discarded packets with no further context)

 

2. decryption will only work for inbound connections since you are not able to insert te firewall into the stream (for inbound connections you can import the server certificate and will know the private key)

 

3. make sure you have all the security profiles enabled (best is to create all new profiles that mimic strict enforcement), and set all the desirable URL categories to 'alert' (as allow does not log). If you have a WildFire License fdon't forget to enable WildFire profiles in the AntiVirus profile

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

View solution in original post

4 REPLIES 4

L7 Applicator

Hi @hamza_ineos

 

1. you will want to set a policy from tap to tap, allow

This will ensure you allow all the packets to be received and APP-ID and scanning to take place on all the received sessions (if you select drop you will only see discarded packets with no further context)

 

2. decryption will only work for inbound connections since you are not able to insert te firewall into the stream (for inbound connections you can import the server certificate and will know the private key)

 

3. make sure you have all the security profiles enabled (best is to create all new profiles that mimic strict enforcement), and set all the desirable URL categories to 'alert' (as allow does not log). If you have a WildFire License fdon't forget to enable WildFire profiles in the AntiVirus profile

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

View solution in original post

thanks for very much brother

ok also i need to know plz, after this POC, what's the very important things that i must looking at and talking about it with client in report side for exemple ??

Hi @hamza_ineos

 

do you know how to run the Security Lifecycle Review? https://riskreport.paloaltonetworks.com/SLR 

This will outline the most notable information found in your logs

 

You may want to reach out to your local sales team for assistance how to 'bring' this information to your customer most efficiently

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

ok thanks very much brother :)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!