Deep Packet inspection for Internal Vlan

cancel
Showing results for 
Search instead for 
Did you mean: 

Deep Packet inspection for Internal Vlan

L2 Linker

Dear All, 

First, I would like to thank the community for help us a lot of time. i have a question, is their feature in Palo Alto to inspect the internal traffic (IDS and IPS)?

3 REPLIES 3

Cyber Elite
Cyber Elite

Yes, if you are unable reply the firewall "inline" (layer2 or vwire) you can still set up a TAP port, which acts as a sniffer port like an IDS

 

You can connect the tap to a span port on your switch and forward all traffic within a vlan to it for inspection

 

Do take into account the following things

- the span port must duplicate all inbound and outbound packets for.sessions to be 'complete'

- forward Ssl decryption is not possible, inbound inspection can be set up if you import the server certificate

- there needs to be a security rule from tapzone, to.tapzone, allow, with security profiles

- take into account additional.bandwith and other resource usage on both firewall and switch

 

 

Tom Piens
PANgurus

@reaper  thanks for your reply, really appreciate it.

Please, is IDP and IPS under

Object,

security profile!

am i correct ?

 

Hello,

This is a combination of different settings. Lets say you want to inspect traffic between Zones A and B. Just create a security policy that allows the traffic to flow between those zones (specific applications, etc.). Then make sure you apply 'Profile Settings' for AntiVirus, AntiSpyware, Vulnerability protection, etc., just dont do internal URL Filtering, just eats up resources and creates a headache for you.

 

Hope that helps.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!