11-10-2020 12:26 PM
Dear All,
First, I would like to thank the community for help us a lot of time. i have a question, is their feature in Palo Alto to inspect the internal traffic (IDS and IPS)?
11-10-2020 01:23 PM
Yes, if you are unable reply the firewall "inline" (layer2 or vwire) you can still set up a TAP port, which acts as a sniffer port like an IDS
You can connect the tap to a span port on your switch and forward all traffic within a vlan to it for inspection
Do take into account the following things
- the span port must duplicate all inbound and outbound packets for.sessions to be 'complete'
- forward Ssl decryption is not possible, inbound inspection can be set up if you import the server certificate
- there needs to be a security rule from tapzone, to.tapzone, allow, with security profiles
- take into account additional.bandwith and other resource usage on both firewall and switch
11-10-2020 01:43 PM
@reaper thanks for your reply, really appreciate it.
Please, is IDP and IPS under
Object,
security profile!
am i correct ?
11-12-2020 03:12 PM
Hello,
This is a combination of different settings. Lets say you want to inspect traffic between Zones A and B. Just create a security policy that allows the traffic to flow between those zones (specific applications, etc.). Then make sure you apply 'Profile Settings' for AntiVirus, AntiSpyware, Vulnerability protection, etc., just dont do internal URL Filtering, just eats up resources and creates a headache for you.
Hope that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
