CLOUD SECURITY FUNDAMENTALS V2

Lab 04: Denying International Attackers

Document Version: 2022-12-22

Copyright © 2022 Network Development Group, Inc.

www.netdevgroup.com

NETLAB+ is a registered trademark of Network Development Group, Inc.

Palo Alto Networks and the Palo Alto Networks logo are trademarks or registered trademarks of Palo Alto Networks, Inc.
Lab 4: Denying International Attackers

Contents
Introduction ........................................................................................................................ 3
Objective ............................................................................................................................. 3
Lab Topology ....................................................................................................................... 4
Lab Settings ......................................................................................................................... 5
1 Denying International Attackers ................................................................................. 6
1.0 Load Lab Configuration ....................................................................................... 6
1.1 Clone a Security Policy ...................................................................................... 11
1.2 Modify a Security Policy and Commit ............................................................... 12

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 2

Lab 4: Denying International Attackers

Introduction

In this lab, you will configure a security policy to block malicious incoming traffic
originating from three international locations of your choice.

Objective

In this lab, you will perform the following tasks:

 Clone a Security Policy

 Modify a Security Policy and Commit

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 3

Lab 4: Denying International Attackers

Lab Topology

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 4

Lab 4: Denying International Attackers

Lab Settings

The information in the table below will be needed in order to complete the lab. The
task sections below provide details on the use of this information.

Virtual Machine IP Address Account Password

(if needed) (if needed)

Client 192.168.1.20 lab-user Pal0Alt0!

DMZ 192.168.50.10 root Pal0Alt0!

Firewall 192.168.1.254 admin Pal0Alt0!

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 5

Lab 4: Denying International Attackers

1 Denying International Attackers

1.0 Load Lab Configuration

In this section, you will load the Firewall configuration file.

1. Click on the Client tab to access the Client PC.

2. Log in to the Client PC as username lab-user, password Pal0Alt0!.

3. Double-click the Chromium Web Browser icon located on the desktop.

4. In the Chromium address field, type https://192.168.1.254 and press Enter.

5. You will see a “Your connection is not private” message. Click on the ADVANCED
link.

If you experience the “Unable to connect” or “502 Bad Gateway”

message while attempting to connect to the specified IP above, please
wait an additional 1-3 minutes for the Firewall to fully initialize.
Refresh the page to continue.

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 6

Lab 4: Denying International Attackers

6. Click on Proceed to 192.168.1.254 (unsafe).

7. Log in to the Firewall web interface as username admin, password Pal0Alt0!.

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 7

Lab 4: Denying International Attackers

8. In the web interface, navigate to Device > Setup > Operations and click on Load
named configuration snapshot underneath the Configuration Management
section.

9. In the Load Named Configuration window, select pan-csf-lab-04.xml from the

Name dropdown box and click OK.

10. In the Loading Configuration window, a message will show Configuration is being
loaded. Please check the Task Manager for its status. You should reload the page
when the task is completed. Click Close to continue.

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 8

Lab 4: Denying International Attackers

11. Click the Tasks icon located at the bottom-right of the web interface.

12. In the Task Manager – All Tasks window, verify the Load type has successfully
completed. Click Close.

13. Click the Commit link located at the top-right of the web interface.

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 9

Lab 4: Denying International Attackers

14. In the Commit window, click Commit to proceed with committing the changes.

15. When the commit operation successfully completes, click Close to continue.

The commit process takes changes made to the Firewall and copies
them to the running configuration, which will activate all configuration
changes since the last commit.

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 10

Lab 4: Denying International Attackers

1.1 Clone a Security Policy

In this section, you will clone an existing Security Policy.

1. Navigate to Policies > Security.

2. Click on the number 1 to select the Allow-Inside-Out policy. Then, click the Clone
button.

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 11

Lab 4: Denying International Attackers

3. In the Clone window, select Move top from the Rule order dropdown. Then, click
the OK button.

Moving this rule to the top will allow it to be evaluated first, before
the rule that allows all traffic.

1.2 Modify a Security Policy and Commit

In this section, you will modify the cloned security policy to block malicious incoming
traffic originating from three international locations of your choice. Then, you will
commit your changes to the Firewall.

1. Click on the Allow-Inside-Out-1 Security Policy.

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 12

Lab 4: Denying International Attackers

2. On the Security Policy Rule window, type Block-International in the Name

field.

3. On the Security Policy Rule window, click on the Source tab. Then, click on the
inside zone and change it to the outside zone in the Source Zone section.

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 13

Lab 4: Denying International Attackers

4. On the Security Policy Rule window, click the Add button at the bottom of the
Source Address section to select three international locations of your choice. For
this lab, the first international location we chose to select is CU, which is the
country code for Cuba. Next, click the Add button again. The second
international location we chose to select is BS, which is the country code for the
Bahamas. Next, click the Add button again. The third international location we
chose to select is TD, which is the country code for Chad.

For the purpose of this lab, you will select three international locations
of your choosing. For this lab example, we chose to use CU for Cuba,
BS for Bahamas, and TD for Chad.

5. On the Security Policy Rule window, click the Actions tab. Then, select Deny in
the Action dropdown. Next, click the OK button.

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 14

Lab 4: Denying International Attackers

6. Click the Commit link located at the top-right of the web interface.

7. In the Commit window, click Commit to proceed with committing the changes.

8. When the commit operation successfully completes, click Close to continue.

Due to the nature of this lab environment, you are unable to originate
traffic from these international locations coming into your
environment to confirm this policy.

9. The lab is now complete; you may end the reservation.

12/22/2022 Copyright © 2022 Network Development Group, Inc. www.netdevgroup.com Page 15