I'm new to the 5060 and I'd like to phase in some IPS functionality over the next week. This is a production system sitting in front of fairly busy site, so I'm a little nervous.... especially being totally new to the PAN OS.
What's the best approach in configuring some of the IPS features and applying them to my front-end traffic? Is there an easy way to apply this in a "transparent" mode so I can just see what it sees and then start to enforce blocking as needed from there?
Thanks in advance.
There is no simple answer as it differs from network to network. But as you are new to PAN-OS, so it will be great if you could put our box in tap mode, create policy with security profiles (vulnerability, anti-spyware, AV) enabled using "alert" as the action. Then you will see what "we" see and draft your necessary plan.
if you need to enforce something, I suggest you tu use vwire mode (transparent).
Putting PAN in vwire is quite simple but it's better if some Network Administrator can help you (to have no downtime in the network).
Create 2 policy (from trust to untrust and vice-versa) with IPS profile you desire but ALLOW all traffic to flow through.
Then, look at Threat Log and start the tuning process 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!