PAN-OS 8.0 Blue team help (In a little over my head)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PAN-OS 8.0 Blue team help (In a little over my head)

L0 Member

I joined my schools cyber defense team last week, and subsequently volunteered to manage the firewall (Palo Alto VM version 8.0.0). I was supposed to have until the 23rd to learn as much as I could. However, due to scheduling conflicts we were moved to tomorrow. So, I need some help.

 

Luckily it just so happened that on Veterans Day Palo Alto Networks opened up a massive learning lab for veterans (thank you!), and because I am a veteran I have been able to learn quite a bit. So I figure I will just follow the chapter on "best practices for securing administrative access" in the manual? Along with closing every port except 80 and 443 (which are required as part of the rules)

 

  1. Should I disable SSH and PING? I don't have the time to learn the CLI commands and since I KNOW we will be getting attacked this just seems like a security risk.
  2. The best practices says not to allow access over Telnet and HTTP. I don't plan on using Telnet, but does the firewall auto configure for HTTPS when you are signing in "locally?" Or will I need to create my own certificates?
    1. My only firewall experience is pfSense which I am very comfortable with, but pfSense this is not lol.

Tomorrows event is a practice invitational (thank God). But the rules are the same as the actual competition that will take place in February. We cannot bring anything electronic into the room, only paperwork. However, if it is online and publicly available then we are free to use it (github etc)

 

Sorry for the long post, but I think it warranted a bit of an explanation. Thank you for any help

 

 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hello,

First, thank you for your service! I only allow SSH, HTTPS, and PING for my management interface. The PING is for my monitoring solution so that I know if there are any layer3/4 issues. Even though you might not use the cli that often, there are times when troubleshooting that it is essential, yes allow it. 

 

Check out the rest of the article and you can limit to specific source IP's. Meaning if you have a static or a DHCP reservation, it will only allow you and drop the rest :).

 

Hope that helps and feel free to ask as many questions as you like!

 

Cheers!

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello,

First, thank you for your service! I only allow SSH, HTTPS, and PING for my management interface. The PING is for my monitoring solution so that I know if there are any layer3/4 issues. Even though you might not use the cli that often, there are times when troubleshooting that it is essential, yes allow it. 

 

Check out the rest of the article and you can limit to specific source IP's. Meaning if you have a static or a DHCP reservation, it will only allow you and drop the rest :).

 

Hope that helps and feel free to ask as many questions as you like!

 

Cheers!

Yes that helps very much.

I was assuming the SSH and PING settings were global and I get the idea of keeping them enabled. This is a pretty amazing firewall. We will see how two days worth of knowledge does lol.

 

Thank you again for your help

  • 1 accepted solution
  • 3637 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!