Tuesday, September 30, 2025

PNCSE Study Notes: Platforms and Architecture

 

PNCSE Study Notes: Platforms and Architecture

I'll be adding these as I complete my notes on each section. Here is the topic on Platforms and Architecture.

If I have any information wrong or incomplete on any topic, please let me know!

Here is the datasheet for the hardware platforms, has some good information to look over!
https://www.paloaltonetworks.com/resources/datasheets/product-summary-specsheet

Security Platform Overview

  • Recon, Weaponize, Deliver, Exploitation, Installation, Command & Control, Act on Objective

​NGFW:

  • Identifies and inspects all traffic

  • Blocks known threats

  • Sense unknown to cloud

  • Extends to mobile and virtual networks

Threat Intel Cloud:

  • Gathers potential threats from network and endpoints

  • Analyzes and correlates threat intel

  • Disseminates threat intel to network and endpoints

Advanced Endpoint Protection

  • Inspects all Processes and files

  • Prevents known and unknown exploits

  • Integrates with cloud to prevent known and unknown malware

Other items available:

  • Panorama: Centralized management of all PAN firewall points.

  • AutoFocus: Hosted security service, provides aggregate info on threat intel from multiple sources

  • Aperture: protection for cloud-based systems like box, sales force, etc. helps manage permissions and file scans. focused on DLP, PCI, and other personally exploitable data.

  • GlobalProtect: VPN that puts traffic back through the firewall to ensure traffic scanning, traffic visibility and security.

Next Gen Firewall Architecture

  • Single-Pass Architecture

    • Per-Packet Operations:

    • Traffic Classification with App-Id

    • User/group mapping

    • Content Scan (threats, URL, confidential data)

  • Parallel Processing

    • Function specific parallel processing hardware engine

    • Separate data/control plane

  • PAN is a single-pass Parallel Processing system.

    • Dataplane:

    • Signature Matching

      • IPS, virus, spyware, CC#, SSN

  • Security Processing

    • App-ID, User-ID, URL Match, Policy Match, App Decoding, SSL/IPSec, decompression

  • Network Processing

    • Flow Control, Route Lookup, MAC lookup, QoS, NAT

  • Control Plane:

    • Managment

      • Configuration, Management UI, Logging, Reporting

  • ​Zero Trust Security Model

    • No trust provided by default

    • Never Trust, always verify

    • Need to establish trust boundaries

    • NGFW offer several options to help approach the zero-trust model:

      • App-ID, User-ID, URL filtering, Vuln filtering, anti-spyware, anti-virus, Traps, file blocking, DOS protection, Zone Protection, Wildfire

Public Cloud Security

  • SaaS security provided by Apreture

  • Can be spun up on demand

  • Can be managed through Panorama, same or different device groups

Firewall Offerings

  • Physical devices:

    • PA-220, PA-800, PA-5200 - Next Gen hardware.

    • PA-7050 and PA-7080 are Chassis architecture

  • Virtual devices:

    • VM-700, VM-500, VM-300, VM-100, VM-50, VM-50lite

    • Supported environment:

      • ESXi: All

      • KVM/Openstack: All

      • Hyper-V: All

      • VMWare NSX: VM100-500

      • AWS: VM100-700

      • Azure: VM100-700

    • New sessions all models: 8000 per second

    • IPSec throughput, all models: Varies according to model (originally was 250mbps, per the training, however documentation states otherwise. Please see the hardware spec sheet at the top of this post for specifics)

  • Virtual Systems

    • Ability to have seperate virtual firewalls in a single physical chassis

    • Each system has its own zones, policies, administrators.

    • Supported on the 3k/5k/7k models
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Global Protect Troubleshooting

Global Protect Components Certificate Management Connections Authentication Debugging https://www.youtube.com/watch?v=0Z48WHvyW0Q authentica...