Scribd Logo
Upload

Welcome to Scribd!

  • 17 views

    Paloalto FW Requirements

    Uploaded by

    Abrham Giday
    The document contains 12 tables that outline configuration setting requirements for a Palo Alto Networks firewall. The tables include settings for active/passive high availability, interface configurations, security zones, IKE and IPsec profiles, gateways, tunnels, GlobalProtect portal and gateway information, user identification sources, group mappings, and scheduled configuration exports. The majority of the fields in the tables are marked as TBD, as the specific requirements and values still need to be determined.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Paloalto FW Requirements

    Uploaded by

    Abrham Giday
    17 views5 pages
    The document contains 12 tables that outline configuration setting requirements for a Palo Alto Networks firewall. The tables include settings for active/passive high availability, interface configurations, security zones, IKE and IPsec profiles, gateways, tunnels, GlobalProtect portal and gateway information, user identification sources, group mappings, and scheduled configuration exports. The majority of the fields in the tables are marked as TBD, as the specific requirements and values still need to be determined.

    Original Title

    Paloalto fw requirements (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document contains 12 tables that outline configuration setting requirements for a Palo Alto Networks firewall. The tables include settings for active/passive high availability, interface configurations, security zones, IKE and IPsec profiles, gateways, tunnels, GlobalProtect portal and gateway information, user identification sources, group mappings, and scheduled configuration exports. The majority of the fields in the tables are marked as TBD, as the specific requirements and values still need to be determined.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    17 views5 pages

    Paloalto FW Requirements

    Uploaded by

    Abrham Giday
    The document contains 12 tables that outline configuration setting requirements for a Palo Alto Networks firewall. The tables include settings for active/passive high availability, interface configurations, security zones, IKE and IPsec profiles, gateways, tunnels, GlobalProtect portal and gateway information, user identification sources, group mappings, and scheduled configuration exports. The majority of the fields in the tables are marked as TBD, as the specific requirements and values still need to be determined.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 5

    PALOALTO FIREWALL CONFIGURATION SETTING REQUIREMENT TABLES

    Table 1: Active/Passive HA Firewall Deployment

    HA MoF-DC01-ACI-NGFW-01 MoF-DC01-ACI-NGFW-02

    HA1A IP HA1A IP
    ACTIVE
    TBD TBD

    HA1B HA1B
    PASSIVE
    TBD TBD

    HSCI IP HSCI IP
    ACTIVE
    TBD TBD

    ETH 1/24 ETH 1/24


    PASSIVE
    TBD TBD

    Table 2: Perimeter General Interface Settings

    Interface Type Mgmt IP Virtual VLAN vSys Zone


    Profile Router

    Ethernet1/1 L3 TBD TBD TBD TBD TBD TBD

    Ethernet1/2 L3 TBD TBD TBD TBD TBD TBD

    Ethernet1/3 L3 TBD TBD TBD TBD TBD TBD

    Ethernet1/4 L3 TBD TBD TBD TBD TBD TBD

    Ethernet1/5 L3 TBD TBD TBD TBD TBD TBD

    Ethernet1/6 L3 TBD TBD TBD TBD TBD TBD


    PALOALTO FIREWALL CONFIGURATION SETTING REQUIREMENT TABLES

    Ethernet1/7 L3 TBD TBD TBD TBD TBD TBD

    Ethernet x/x L3 TBD TBD TBD TBD TBD TBD

    Table 3: Perimeter Security Zones

    Zone Name Type Zone User-ID User Include User


    Protection Exclude

    Untrust<Customer TBD TBD TBD TBD TBD


    _Name-Corp>

    Trust TBD TBD TBD TBD TBD

    DMZ TBD TBD TBD TBD TBD

    Table 4: IKE Profiles

    IPSEC Settings Perimeter Settings BR01 Settings BR02 Settings DC Settings

    Name TBD TBD TBD TBD

    DH Group TBD TBD TBD TBD

    Authentication TBD TBD TBD TBD

    Encryption TBD TBD TBD TBD

    Key Lifetime TBD TBD TBD TBD

    IKEv2 TBD TBD TBD TBD


    PALOALTO FIREWALL CONFIGURATION SETTING REQUIREMENT TABLES

    Authentication

    Multiple

    Table 5: IPSec Profiles

    Perimter BR01 BR02 DC


    IPSec Settings
    Settings Settings Settings Settings

    Name TBD TBD TBD TBD

    IPSec Protocol TBD TBD TBD TBD

    Encryption (ESP protocol


    TBD TBD TBD TBD
    only)

    Authentication TBD TBD TBD TBD

    DH Group TBD TBD TBD TBD

    Lifetime TBD TBD TBD TBD

    Table 6: IKE Gateways

    Peer Pre-
    IKE Local Local Peer Local Peer
    Device Name Address Shared
    Versions Interface IP Address ID ID
    Type Key

    Perimeter
    PALOALTO FIREWALL CONFIGURATION SETTING REQUIREMENT TABLES

    Table 7: IPSEC Tunnels

    Tunnel
    Device Name Local Proxy Remote Proxy
    Interface

    Perimeter

    Table 8: GlobalProtect Portal Information

    Interface Auth Profile IP Address FQDN Agent Gateways /


    Profiles Agent Profile

    TBD TBD TBD TBD TBD TBD

    Table 9: GlobalProtect Gateway Information

    Interface Auth IP Address FQDN AgentClient DHCPTunnel


    Profile Profiles Pool Mode?

    TBD TBD TBD TBD TBD TBD TBD

    Table 10: User-ID Source Details

    User-ID Source Type IP Address Port Configured


    Interface

    LDAP UID Agent TBD 5007 Default (MGMT)


    PALOALTO FIREWALL CONFIGURATION SETTING REQUIREMENT TABLES

    Table 11: Group Mapping Profile Details

    Server Domain Group User Object


    User and Group Attributes
    Profile Setting Object class Class
    Group Include
    List

    LDAP TBD group person sAMAccountName TBD

    mail userPrincipalName

    Table 12: Scheduled Config Export Settings

    Name TBD

    Description

    Enabled? Yes

    Scheduled Start Time TBD

    Protocol SCP

    Hostname TBD

    Port 22

    Path TBD

    Username TBD

    Password TBD

    You might also like