本文書では"次世代ファイアウォール トラブルシューティングセミナー (情報収集編) "(コースコード:JPN-001)でご紹介するリンクをまとめています。
はじめに:設定での注意点
運用上注意して頂きたいこと: ダイナミック更新の時間設定(1/3)
RECOMMENDED UPDATE INTERVAL AND TIMINGS FOR DYNAMIC UPDATES https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaECAS
運用上注意していただきたいこと:“Abnormal system memory usage detected, …”
Botnet Report Settings
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/monitor/monitor-botnet/managing-botnet-reports
Disable Predefined Reports
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/view-and-manage-reports/disable-predefined-reports
Tips & Tricks: Reducing Management Plane Load
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSvCAK
Tips & Tricks: Reducing Management Plane Load—Part 2 https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClU4CAK
運用上注意していただきたいこと:HAスプリット ブレイン抑止(2/2)
Configuration Guidelines for Active/Passive HA Active/Passive HAで推奨される設定のガイドライン
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/set-up-activepassive-ha/configuration-guidelines-for-activepassive-ha.html
スプリット ブレインに関連したナレッジ
DotW: What is Peer-Split-Brain?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSuCAK How To Avoid HA Split-Brain due to Missed Heartbeats https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClrpCAC
運用上注意していただきたいこと:ディスク容量不足による問題
Software Upgrade Problems on PA-200 Devices
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloMCAS How and When to Clear Disk Space on the Palo Alto Networks Device
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaJCAS Delete MP and DP logs on 6.1 and later without Root Access https://live.paloaltonetworks.com/t5/Internal-Knowledge-Base/Delete-MP-and-DP-logs-on-6-1-and-later-without-Root-Access/ta-p/70757
運用上注意していただきたいこと: URLフィルタリングのアスタリスク表現
Nested Wildcard(*) in URLs May Severely Affect Performance
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CluFCAS
障害発生時の情報収集
ケース スタディ
Case1
Kernel Panicの確認
http://www.sophia-it.com/content/カーネルパニック
https://en.wikipedia.org/wiki/Kernel_panic
解析結果
Hardware Reference
https://docs.paloaltonetworks.com/hardware
Case 2
TCP SYN Flood Attack
TCP/IP に係る既知の脆弱性に関する調査報告書 https://www.ipa.go.jp/security/vuln/vuln_TCPIP.html
4 stages captureの注意点
GETTING STARTED: PACKET CAPTURE
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTJCA0
Case 3
解析結果
Threat Prevention Deployment Tech Note https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOCCA0
Case 4
Step1
Dataplaneの負荷に関連したナレッジ How to Interpret: show running resource-monitor
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXwCAK TROUBLESHOOTING SLOWNESS WITH TRAFFIC, MANAGEMENT https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cld9CAC
Case 5
対応についての補足(Cont.)
Palo Alto Networks Support Software Release Guidance
https://live.paloaltonetworks.com/t5/Product-Updates-and-New-Feature/Palo-Alto-Networks-Support-Software-Release-Guidance/ta-p/154892/jump-to/first-unread-message
Case 7
High Availability
High Availability Active / Passive (v4.0.x)
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm0SCAS
Case 8
Step 1
Palo Alto Networks Firewall Session Overview
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVECA0
Step 3
Palo Alto Networks Firewall Troubleshooting Guide For ASCs(英語) https://live.paloaltonetworks.com/t5/ASC-Program-and-Administration/Palo-Alto-Networks-Firewall-Troubleshooting-Guide-for-ASCs/ta-p/207046
障害発生時の情報収集(パケット ドロップ)
参考:セッション
Palo Alto Networks Firewall Session Overview
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVECA0
確認事項 2(Cont.)
Understanding DoS Logs and Counters
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOKCA0
障害発生時の情報収集(Anti Virusシグニチャ誤検知)
Anti Virusの誤検知
アンチウイルス シグネチャ誤検知 (false positive) の対応方法 https://live.paloaltonetworks.com/t5/テクニカル ドキュメント/アンチウイルス-シグネチャ-誤検知-false-positive-の対応方法/ta-p/79747 How to submit an Anti-Virus false positive(英語版)
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm3aCAC
Step 3
Get-FileHash(PowerShellで使用可能) https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.utility/get-filehash
障害申告にあたって
Appendix. Tech Support File詳細
opt以下の主なファイル
Palo Alto Networks Firewall Troubleshooting Guide For ASCs(英語) https://live.paloaltonetworks.com/t5/ASC-Program-and-Administration/Palo-Alto-Networks-Firewall-Troubleshooting-Guide-for-ASCs/ta-p/207046
Appendix. Tech Support Fileとは別に採取するログ
Appendix. トラブルシューティングに有用なナレッジ
Palo Alto Networks Firewall ASC(認定サービスセンター)向け Troubleshooting Guide
Palo Alto Networks Firewall ASC(認定サービスセンター)向け Troubleshooting Guide Version 1.1a (PDF)(日本語)
https://www.paloaltonetworks.com/partners/nextwave-partner-portal/regional-content/japan-regional-content/partner-enablement/post-sales
Palo Alto Networks Firewall Troubleshooting Guide For ASCs(英語)
https://live.paloaltonetworks.com/t5/ASC-Program-and-Administration/Palo-Alto-Networks-Firewall-Troubleshooting-Guide-for-ASCs/ta-p/207046
Global Protect
Troubleshooting GlobalProtect
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkBCAS
GlobalProtect resource list
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfXCAS Basic GlobalProtect Configuration with On-Demand
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClH2CAK Basic GlobalProtect Configuration with User-logon
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHdCAK Basic GlobalProtect Configuration with Pre-logon
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEYCA0
Certificate config for GlobalProtect - (SSL/TLS, Client cert profiles, client/machine cert)
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFoCAK
SSL Decryption
How to Identify Root Cause for SSL Decryption Failure Issues
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloUCAS How to Implement and Test SSL Decryption
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEZCA0 SSL decryption resource list
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgHCAS
User-ID
Getting Started: User-ID
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK Best Practices for Securing User-ID Deployments
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVPCA0 User-ID resource list
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5bCAC
Appendix. Palo Alto Networks製品に関する情報収集方法
サポート情報の入手方法1/3
サポート サイト https://www.paloaltonetworks.jp/services/support テクニカル ドキュメント https://www.paloaltonetworks.com/documentation
ナレッジベース https://knowledgebase.paloaltonetworks.com/
ナレッジ(Live Community) https://live.paloaltonetworks.com/welcome
サポート情報の入手方法2/3
Japan Live Community https://live.paloaltonetworks.com/t5/Japan-Live-Community/ct-p/LiveJP
サポート情報の入手方法3/3
"次世代ファイアウォール トラブルシューティングセミナー (情報収集編) "(コースコード:JPN-001) リンク集 https://live.paloaltonetworks.com/t5/ナレッジドキュメント/quot-次世代ファイアウォール-トラブルシューティングセミナー-情報収集編-quot-コースコード-JPN-001-リンク集/ta-p/190548
他のセミナー、トレーニングなど1/3
UPCOMING EVENTS
https://events.paloaltonetworks.com/
他のセミナー、トレーニングなど2/3
NextWave パートナーポータル
https://www.paloaltonetworks.com/partners/nextwave-partner-portal/regional-content/japan-regional-content/partner-enablement
他のセミナー、トレーニングなど3/3
EDU-330 Firewall 10.0: トラブルシューティング
https://www.paloaltonetworks.com/content/dam/pan/en_US/partners/localized-content/japanese/edu-datasheet-330-10.0-FCS_final_JP.pdf
各種トレーニング
Home > サービス > 教育サービス > 概要
https://www.paloaltonetworks.jp/services/education
... View more
