Module 1: Palo Alto Networks Portfolio and Architecture
- Which 2 planes are found in Palo Alto Networks single-pass platform Architecture?
- Control
- Data
- Which object cannot be segmented using virtual systems on the firewall?
- MGT Interface
- Which series of firewalls is a high-performance physical appliance solution?
- PA
- Which strata products provides centralized firewall management and logging
- Panorama
- True/False? The CN-Series firewall delivers the same capabilities as the PA-Series and VA-Series firewalls?
- True
Palo Alto Networks Approach to Cybersecurity
- Complete visibility
- Reduce Attack Surface
- Prevent Known Threats
- Prevent unknown Threats
Network Security
The key Palo Alto Network Product Portfolio elements for securing the networks are:
- Next Generation firewalls (NGFW) - the foundation of the Palo Alto Networks product portfolio (hardware)
- VM-Series NGFW - The virtualized form factor (AWS, GCP, Azure) of the Palo Alto Networks Next Generation Firewall
- CN-Series NGFW- Container-Native version of ML powered Next Generation Firewalls NGFW designed explicitly for Kubernetes environment (software)
- Cloud-Delivered Security Services Provides enhanced threat prevention services and NGFW Capabilities (cdss subscription) (software)
- Panorama - Centralized NGFW management and logging
Palo Alto Networks Single-Pass Architecture
Single-Pass:
- Operation per packet:
- Traffic classification with App-ID technology
- User or group mapping
- Content scanning: Threats, URL, confidential data
- One Single policy per type
Parallel Processing
- Function-specific parallel processing hardware engines
- Separate data and control planes
Palo Alto Networks Firewall Architecture
Zero Trust Architecture
- Never Trust , always verify
- Inspect parameter traffic
- Inbound Traffic
- Outbound traffic
- Also inspect internal traffic
Firewall Offerings
PA-Series Next Generation Firewalls
High Performance physical appliances solution
Virtual Systems
- Separate, logical firewalls within a single physical firewall
- Creates an administrative boundary
- Use Case: multiple customers or departments
V-M Series Capabilities
- CN-Series provides visibility and security to containerized application workloads
- Natively integrates with kubernetes clusters
- Delivers the same capabilities as the PA series and VM-Series firewalls
- Provides Layer 7 Visibility, application-level segmentation, DNS security and advanced threat protection.
- Protects traffic across trusted zones in public cloud or data center environments
Learning Objectives
you should be able to
- Describe the Palo Network Portfolio
- Define the single pass architecture
- Define Zero trust concept
- Describe the physical and virtual firewall modules avaiable from palo alto networks
Module 2
- What are the 2 attributes of the dedicated out-of-band network management port in Palo Alto Networks firewalls?
- Labeled MGT by default
- Cannot be configured as a standard traffic port
- True/false? You will need the firewall's serial number to register a Hardware firewall?
- True
- In the web Interface, what is signified when a text box is highlighted in red?
- the value in the text box is required
- True/false? Service routes can be used to configure an in-band port to access internal services?
- True
No comments:
Post a Comment