Deep Packet inspection for Internal Vlan

Reply
Highlighted
L1 Bithead

Deep Packet inspection for Internal Vlan

Dear All, 

First, I would like to thank the community for help us a lot of time. i have a question, is their feature in Palo Alto to inspect the internal traffic (IDS and IPS)?

Highlighted
L7 Applicator

Yes, if you are unable reply the firewall "inline" (layer2 or vwire) you can still set up a TAP port, which acts as a sniffer port like an IDS

 

You can connect the tap to a span port on your switch and forward all traffic within a vlan to it for inspection

 

Do take into account the following things

- the span port must duplicate all inbound and outbound packets for.sessions to be 'complete'

- forward Ssl decryption is not possible, inbound inspection can be set up if you import the server certificate

- there needs to be a security rule from tapzone, to.tapzone, allow, with security profiles

- take into account additional.bandwith and other resource usage on both firewall and switch

 

 

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374
Highlighted
L1 Bithead

@reaper  thanks for your reply, really appreciate it.

Please, is IDP and IPS under

Object,

security profile!

am i correct ?

 

Highlighted
Cyber Elite

Hello,

This is a combination of different settings. Lets say you want to inspect traffic between Zones A and B. Just create a security policy that allows the traffic to flow between those zones (specific applications, etc.). Then make sure you apply 'Profile Settings' for AntiVirus, AntiSpyware, Vulnerability protection, etc., just dont do internal URL Filtering, just eats up resources and creates a headache for you.

 

Hope that helps.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!