Palo Alto Firewall Basics — Network Security Explained (Beginner Tutorial)

Hello guys, today we are going to start Palo Alto firewall.

So what basically the Palo Alto firewall is? Let's try to understand. So before

is? Let's try to understand. So before

understanding the Palo Alto firewall, let's focus on the firewalls. So uh you might have gone through the CCNA and we have a router here

and what this router does it helps to forward the traffic from one network to another network. We are having a routing

another network. We are having a routing table here and based on the routing table it sends the packets here to here.

Or if we have another network 3 it sends the traffic from here to there or reverse direction. Similarly it helps.

reverse direction. Similarly it helps.

So this controls the traffic in layer three. The same scenario is with the

three. The same scenario is with the switch.

If we have any switch here and uh we have the different VLANs right so the traffic is sent on the same network. So

in this case this is all in the same network.

So in fact I should have told uh layer 2 first. So what the switch does it within

first. So what the switch does it within the same network it sends the packet bus but but on the same van. Let us suppose

this is on VLAN one. This is also on VLAN one then it will send the traffic.

But if two ports they are in the VLAN 2 then they will communicate with each other. So that's what it is happening in

other. So that's what it is happening in layer 2 and layer three right so this is the functions of the switches and the router. what happened or what is our

router. what happened or what is our requirement that I was quite happy in the scenario of this router. Our traffic was traveling

this router. Our traffic was traveling here to there. But if we want to control the traffic, controlling of the traffic can be done

in the layer three routers. Basically,

we can take the help of Cisco routers or some others routers. We are having a name as access control list.

Sometimes we also call it as ACL.

Right? Short form is ACL. So like in the Juniper or other routers they are having the similar concept but with some other names but the feature is same like we

can control the traffic based on its IP address and its port number.

It means that whenever the traffic is arriving we can filter out the traffic that okay this IP address 10.1.1

to allow to go to this interface while the IP address 10.1.1.2 two is not allowed to go to the internet

not internet basically to the another network it likes anything like from one interface to another interface we can set a control so there's two ways to control the one is IP address what I

have just told you that this IP address is allowed and this is not allowed similar concept we can have for the port number it can be for the source port number or for the destination port

number similarly whatever I told that is was for the source IP address but the similar concept can be used for the destination IP address that this user or

in fact this machine is not allowed to connect destination IP address 192 let's suppose 200.200.200 200 1. So the similar concept we can have

1. So the similar concept we can have like based on the source and destination IP address or our source and destination port numbers our traffic is allowed or

denied.

So as this was quite overloaded right because uh this router is doing our L3 part like like we are having a routing table and the packet is being forwarded

based on the routing tables. But if we also uh configure the access control it or ACL. So the same router is doing the

or ACL. So the same router is doing the two jobs. So what happens that this our

two jobs. So what happens that this our router gets overburdened.

So the RAM and CPU uses are quite high.

So we can do like implement the another router for that functionality. But the

better way is that we can implement a firewall separately. Means the let the

firewall separately. Means the let the router do its own job that was forwarding of the packets based on routing table from one network to

another network and this filtering part controlling of the traffic let's do it via firewall. So what we do we implement

via firewall. So what we do we implement a router here after a router we install a firewall.

So our router will be powered in traffic and now this control will be done via this firewall. So that's how we implement.

firewall. So that's how we implement.

Now the question comes that what exactly firewall can do right. So now I'm quite confident you are you know that what exactly firewall is doing. So basically

the job of our firewall is to control the traffic control. So controlling just on IP

control. So controlling just on IP address and the port number is the concept of our legacy

firewall.

Now question comes that what is next generation firewall and this is very important question and uh most of the

time interviewer ask that first question what they ask they ask uh what is the difference between the legacy firewall

and the next generation firewalls.

Another question in reference to the Palo Alto is PA a legacy firewall or it is a next generation firewall.

So legacy firewalls are the firewalls which gives you a control up to L4. L4

means layer 4 and uh that I'm talking about the OSI layer right below layer layer four. Okay, OSI model I'm talking

layer four. Okay, OSI model I'm talking about. So in that case you are having

about. So in that case you are having control up to the IP address and the port numbers only above that

means that you don't have any control for the application there means that firewall is not able to understand that if you are able to

access the google.com or you are accessing any malicious website or you are accessing any adult content or you are accessing any news website that this

firewall legacy firewall is not able to understand or it is not able to identify that one. So this feature is controlled

that one. So this feature is controlled or the introduced in the next generation firewall and this firewall next generation firewalls are having control

up to application layer means that our firewall will come to know that you are accessing which of the

website you can allow or deny based on the URL. So we can say this feature as a

the URL. So we can say this feature as a URL filtering. So URL filtering feature

URL filtering. So URL filtering feature is available here.

You can block or deny the traffic based on the different file types. So we can say the file blocking is allowed like uh sometimes what happens that you uh

download any malicious content that is having.exe file and that software is not

having.exe file and that software is not intended for your machine and it uh steals some of the information or some unwanted things it is doing. So you can

block like uh.exe is not allowed or if you your organization wants or you want that you don't want to download the PDF

right so you can block the PDF or you can do reverse wise you can just allow uh PDF only and you can block the remaining files. So there are different

remaining files. So there are different extension of the files. You can just do these things or you can allow in uh inspection of the

traffic in the firewall.

Right? So these type of things it is doing. So basically our this parallel to

doing. So basically our this parallel to firewalls falls in this category next generation firewall. So the answer of your inter question in the interview

that what is the PAL legacy firewall what is the next generation firewall and what is the difference between them another question was is pal 2 is a legacy firewall or next generation

firewall now you are able to answer that question and I have given multiple interviews that's why I'm telling you with my experience that what questions are being asked so in the entire course

I will be telling you uh the content that what I'm I will be telling you on the same time I will also be telling you that what are the questions are going to be asked in the interviews is that topic

relevant or not.

So this is it in about the introduction of the firewalls and uh let's see the GUI of our firewall that what exactly it

looks like.

So for this lab perspective I'm using EVNG over the VMware workstation. So at the

end I will explain you how you can set up your own lab. But meanwhile let's look onto the

view and GUI of the PA2 firewall.

So I have started my EVNG and now I will log in the browser.

So here the evng looks like that uh I have a firewall here on the left hand side I have taken

one machine we can take multiple there's no restrictions here on the right side I have taken the internet so later on whenever we will be

doing the lab we will create policies from this internal to internet or internet to internal or internal to DMZ.

So these type of scenarios we will do which are basically replication of the live or production environment.

So if I uh click on this f image of the balo you can see the console that how does it look like.

So sometimes you may face this issue but not to worry that it's normal. You

refresh the page it comes back. So if I log in I will be able to log in the CLI of the firewall.

So here we get the prompt. So do not worry whenever like if you're trying just after opening the firewall and it is not accepting the credentials. Okay. So now

it is ready. I will try to login the GUI. So here on the firewall uh you can

GUI. So here on the firewall uh you can also give the command as show system info to know the IP address of the

management.

So the management IP is basically the IP address that we try to use to log onto the firewalls.

Okay.

So you can see here my IP address is 192 16830.1 177. So that's what the IP I will use to

177. So that's what the IP I will use to login my GUI.

Yeah, this is here.

I will use the same credentials. Admin

admin 123 and yeah this is my secret.

Don't share my uh password with anyone.

Okay, I trust you guys.

Here we go.

That's how basically our fellow Alto firewall looks like. And I every time click on this do not show again, but uh unfortunately

it always pops up.

So there are like different sections different tabs on the firewalls.

This is a dashboard section where you can see the device name. Usually we call it as a host name.

This is a virtual machine model VM series. So that's why the model is the

series. So that's why the model is the PAV VM and other details you can see it here whatever you want. So this is like most important part was which is this

release. So this is the software version

release. So this is the software version 1010. Okay.

1010. Okay.

And next important thing is the up time.

So somewhere it will be mentioned as the up time. Yeah, here it is. So this is

up time. Yeah, here it is. So this is the up time that how long your firewall has been up. So this is very important.

Whenever you are troubleshooting the firewall. So sometime your firewall

firewall. So sometime your firewall takes a restart.

It comes back it is normal but uh you might have faced an interruption in between. So now you can come to know

between. So now you can come to know that okay was that re recently restarted or something. Okay. So you have to

or something. Okay. So you have to review on the uptime of the firewall and accordingly you can take decisions and go for the investigation why it took the restart what was the cause. If you can

resolve by yourself it's fine. else not

uh you have to go to all attack for that one to investigate further that what caused it because you cannot afford the outage or the interruption during the

productions hours.

We also have the policy section here where the different policies create created. Okay. So I have created some

created. Okay. So I have created some test policies like allowed websites block Facebook and Instagram some internet policies. Okay. So I will

internet policies. Okay. So I will explain all these in the detail later on in this series.

We can also look onto the networks. What

are the different interfaces? What are

the IP address assigned?

We give some device details and configuration. These things we can do

configuration. These things we can do like administrators. What are the

like administrators. What are the administrators that we can create it the from here. So for example I want to create the administrators. I can add the

users here. So there are different types

users here. So there are different types of either local administrator or the remote users. So that will also we will

remote users. So that will also we will come to know in the detail later on.

We can also monitor the traffic. This is

usually used for the troubleshooting that what is the source IP and destination IP. Okay. So the logs we can

destination IP. Okay. So the logs we can see it here. We can filter the traffic here based on the like uh what is the source IP and the destination IP. Okay.

So for example I filter the traffic by the source IP that I can get or the destination IP right so if I apply the filters here you can see that what are the things are happening here right so

that's how it is I will explain everything this uh in more detail uh later on so we have an object section we have an ACC so this was about that how

basically you can you know visualize the things and you can look onto the things that how they are the most important part here that uh I

have like two websites and uh you can like go to the my website fresh developer.online

online. Okay. And in this website there is a section as a self-arning and here you can view the entire series of your pal to firewall whatever I will

be covering up. So you might see that I have created all no these videos you can see that here it is all the available list.

You can watch these videos because in the YouTube sometimes you do not get in the sequence. So I have created a page

the sequence. So I have created a page and put all of them in the sequence here that will help you to not go here and there and sometimes

now you you know miss something uh here and there so that you can put in the common page.

I do also provide the you know uh live classes but yeah those are like paid sessions and some of the sessions I used to provide free of cost uh that you can

like uh register for those free sessions and uh once you fill up the details for that you can like whenever the I'm

scheduling any free sessions those are usually the live sessions I do and if you want to join you can join them but how you get informed for those and all.

So for that one you have to like be registering on the this is the link I will give you on the description. This

is of my another website that is a capmcurity.com.

capmcurity.com.

So this link I will be showing you.

Okay. So here you can give your name, email id and phone number and you can register now and uh after that one you can follow these steps. So either you

you will be usually getting the zoom link over an email but in case you do not receive sometimes it lands in the different folders for example junk or in some other folders. So if you do not get

or you don't want to check you can directly log on to this website learn.scapmsecurity.com capmck.com this

learn.scapmsecurity.com capmck.com this website here. Okay, just log in this

website here. Okay, just log in this part and under the workshop sections you will view it. So I will just show you uh where you can see it under the workshop

sections and if you are using the mobile phone uh there would be like this that's how the view will be coming in the smaller sections. Okay, let me make

it more small. So in that case what happens basically three lines are coming. So over there or at the bottom I

coming. So over there or at the bottom I think it is coming as a workshops. So

I'm also providing for the C and all these are live classes I have scheduled.

So not to worry about that one. You have

to like if you interested in live you can go for that one otherwise you can like register for these ones. So some

sometimes people do not get much idea of these recorded sessions in that case you can go for these live sessions and live sessions are like you know quite lengthy

one like around 30 to 40 hours content.

we take questions. So all the you know the live sessions how they happen right?

But these are like free sessions whenever like you want to connect it uh to me or you have some little doubts you can connect to me on this one. So you

can register for these free sessions and that will be helping you out. So that's

it from uh this video. Uh in the upcoming videos I'll be telling you more about the configuration and slowly. So

these all YouTube videos are like crisp knowledgeless little bit not too much detailed and practical sessions. Uh more

details are coming in the live classes or the recorded session that we usually do it. But yeah like if you're a

do it. But yeah like if you're a beginner this is the best series uh available in the YouTube you can like like go for it.

All right. Thank you. Bye-bye.