Palo Alto Networks: Core Concepts and Product Ecosystem

Core Concepts of Palo Alto Networks

Strata

PA-Series: PA-220, PA-800, PA-3200, PA-5200, PA-7000

VM Series: VM-50, VM-100, VM-300, VM-500, VM-700

• Amazon Web Services
• Cisco ACI
• Citrix NetScaler SDX
• Google Cloud Platform
• Kernel-based Virtual Machine (KVM)
• Microsoft Azure and Microsoft Hyper-V
• OpenStack
• VMware ESXi, VMware NSX, and VMware vCloud Air

Panorama

• Policy Management
• Centralized Visibility
• Network Security Insights
• Automated Threat Response
• Network Security Management
• Enterprise-Level Reporting and Administration

Prisma (Cloud, SASE, SaaS, VM Series ML-Powered NGFWs)

• Cloud Security - Delivers complete security across the development lifecycle on any cloud.
• Prisma Cloud - Cloud Security Posture Management and Workload Protection (Uses API)
  • Alibaba Cloud
  • Amazon Web Services
  • Docker EE
  • Google Cloud Platform
  • IBM Cloud
  • Kubernetes
  • Microsoft Azure
  • Rancher
  • Red Hat OpenShift
  • VMware Tanzu

Prisma Access (SASE)

• Prisma Access delivers a Secure Access Service Edge (SASE) that provides globally distributed networking and security to all users and applications in the organization.

• SASE converges the capabilities of Wide Area Networks (WANs) with network security to support the needs of the digital enterprise.

Prisma SaaS

• Prisma SaaS (formerly known as Aperture) is a multi-mode CASB service that allows you to govern any sanctioned Software as a Service (SaaS) application use across all users in your organization and prevent risks from breaches and noncompliance.

Cortex Security Operations

• Product suite for security operations.
• Cortex product suite includes Cortex XDR, Cortex XSOAR, Cortex Data Lake, and AutoFocus.

  • Cortex XDR - Cortex XDR is the industry's first extended detection and response platform that runs on integrated endpoint, network, and cloud data to reduce noise and focus on real threats.

  • Cortex XSOAR - Cortex XSOAR is the industry's first extended Security Orchestration, Automation, and Response (SOAR) platform with native threat intelligence management.

  • Cortex Data Lake - Cortex Data Lake enables you to easily collect large volumes of log data so that innovative applications can gain insight from the organization's environment. (Used by Prisma Access, Panorama/NGFW, Cortex XDR, Traps)

Security Zones

• Zones designate a network segment in which all nodes—users, data centers, demilitarized zone (DMZ) servers, and remote users—share similar network security requirements.
• Zones act as a logical way to group physical and virtual interfaces.
• Tap, virtual wire, Layer 2, or Layer 3.
• An interface can be assigned only to a single zone, but a zone can contain multiple interfaces.

Security Policy

• Security policy rules are used to create a positive (allow list) and negative (block list) enforcement model for traffic flowing through the firewall.
• You can use multiple match conditions to create these Security policy rules. Traffic-matching criteria can include security zones, source and destination IP addresses, and source and destination devices—as well as information about the application (App-ID), source user (User-ID), service (port), HIP match, and URL. The content of allowed sessions can be scanned based on Security Profiles (Content-ID) to identify unwanted traffic content. These profiles allow for the detection of both known and unknown threats through signatures and inline Machine-Learned models.

Traffic Processing Sequence

• 
• Next-generation processing enables packet evaluation, application identification, policy decisions, and content scanning in a single, efficient processing pass. This is known as Single Pass Parallel Processing architecture, or SP3.

Deploy and Configure Core Concepts

Deploy and Configure Features and Subscriptions

Deploy and Configure Firewalls Using Panorama

Manage and Operate

Troubleshoot