Module 6: Creating and Managing Security Policy Rules
Day 2
\
Loggin us bit enable
all Denys on top of rulel
https://docs.paloaltonetworks.com/best-practices
Lab 6: Creating and Managing Security Policy Rules
You have the firewall deployed and connected to all the appropriate networks. The next step is to
begin creating Security Policy rules. You will start by creating rules that allow hosts in the
Users_Net zone to communicate with hosts in the Extranet zone. You will then create Security
Policy rules to allow hosts in the Users_Net zone to connect to hosts in the Internet zone.
You also need to allow hosts in the Extranet zone to communicate with hosts in the Internet
zone.
Lab Objectives
- Configure a Security Policy rule to allow access from Users_Net to Extranet
- Test access from client to Extranet servers
- View the Traffic log
- Examine Policy Rule Hit Count
- Reset rule hit counts
- Customize Policy tables
- Enable intrazone and interzone logging
- Create Security Policy rules to Internet Zone
Detailed Lab Steps
Use this section if you prefer detailed guidance to complete the objectives for this lab. We
strongly recommend that you use this section if you do not have extensive experience working
with Palo Alto Networks firewalls.
Apply a Baseline configuration to the Firewall
To start this lab exercise, you will load a preconfigured firewall configuration file.
1. In the firewall web interface, select Device > Setup > Operations.
2. Click Load named configuration snapshot.
3. Click the drop-down arrow next to the Name field and select edu-210-11.1a-06.xml.
Look for edu-210 in the filename because the drop-down list might contain lab
configuration files for other course numbers.
4. Click OK to close the Load Named configuration window.
5. Click Close to close the Loading configuration window.
6. Click the Commit button at the upper right of the web interface.
7. Leave the remaining settings unchanged and click Commit.
8. Wait until the Commit process is complete.
9. Click Close to continue.
Create a Security Policy Rule
You need to allow network traffic from the Users_Net security zone to the Extranet security
zone so that employees can access various business applications. In this section, you will
create a Security Policy rule to allow access between these two zones
Use this section if you prefer detailed guidance to complete the objectives for this lab. We
strongly recommend that you use this section if you do not have extensive experience working
with Palo Alto Networks firewalls.
Apply a Baseline configuration to the Firewall
To start this lab exercise, you will load a preconfigured firewall configuration file.
1. In the firewall web interface, select Device > Setup > Operations.
2. Click Load named configuration snapshot.
3. Click the drop-down arrow next to the Name field and select edu-210-11.1a-06.xml.
Look for edu-210 in the filename because the drop-down list might contain lab
configuration files for other course numbers.
4. Click OK to close the Load Named configuration window.
5. Click Close to close the Loading configuration window.
6. Click the Commit button at the upper right of the web interface.
7. Leave the remaining settings unchanged and click Commit.
8. Wait until the Commit process is complete.
9. Click Close to continue.
Create a Security Policy Rule
You need to allow network traffic from the Users_Net security zone to the Extranet security
zone so that employees can access various business applications. In this section, you will
create a Security Policy rule to allow access between these two zones
No comments:
Post a Comment