Palo Alto Interview Questions and Answers
Last updated on 22nd Sep 2022, Blog, Interview Question
1. Is Palo Alto a stateful firewall?
Yes , because here all firewall traffic can be transmitted through a Palo Alto system, and later these are matches against the session. More importantly, every session should match as against a firewall cybersecurity policy as well.
2. What is the purpose of a Palo Alto Focus?
Palo Alto Focus is one of the services available in Palo Alto to identify a critical attacks and take necessary action without using any of additional resources. It is considered as cloud-based threat intelligence service.
3. Name the types of a deployment modes in Palo Alto?
Tap mode: this mode allows users to a monitor any type of traffic flow across a networking system with the help of tap or switch SPAN/mirror port.
Virtual wire: in this deployment model, a firewall system is installed passively on any network segment by a combing 2 interfaces together.
Layer 2 mode: in this layer mode, multiple networking interfaces will be configured into the “virtual-switch” or VLAN mode.
Layer 3 deployment: In this layer 3 deployments, Palo Alto firewall routes allow a traffic between multiple interfaces. User should add an IP address to every interface.
4. What are scenarios for failover triggering?
- Failure occurs, if one or more monitored an interface fail.
- Failure occurs, if one or more specified a destinations cannot be pinged by an active firewall.
- If the active device does not respond to a heartbeat polls or loss of three consecutive heartbeats over the period of 1000 millisecond this time failure occurs.
5. Which command is used to check a firewall policy matching in Palo Alto?
Open the Palo Alto web browser -> go to a test security -> policy -> match from the trust to a untrust destination .
6. What is a application command center (ACC)?
The application command center provide a visibility to the traffic patterns and actionable information on threats in the firewall network logs.
7. What is the purpose of a Palo Alto’s autofocus?
Autofocus in Palo Alto is the type of threat intelligence service; this supports simpler identification of critical attacks so that effective action can be taken without the need for a additional resources.
8. What is zone protection profile?
With the help of the Zone protection profile, will get complete protection from a attackssuch as floods, reconnaissance, and packet-based attacks. The flood attacks can be of any type SYN, ICMP, and UDP, etc. The reconnaissance protections will help to defend against port and host sweeps. The packet protections help to get the protection from the large ICMP and ICMP fragment attacks.
9. Name the types of protections used in a Palo Alto?
Zone protection profile: examples are floods, reconnaissance, and a packet-based attacks.
Configured under Network tab protection: Network profiles, and a zone protections.
10. What is U-turn in Palo Alto?
The U-turn ANAT in Palo Alto is nothing but a logical path used in a networking system. In this NAT profile, the user should access an internal DMZ servers. To achieve this should used the external IP address of respective servers.
11. Mention the advantages of Palo Alto firewall?
- Provide high throughput and low latency.
- Palo Alto offers high-level active security functions.
- Supportsa provision of single and fully integrated security policy.
- Easier to used management policy.
12. explain WAF and its purpose?
WAF refers to a Web Application Firewall. The primary purpose of a WAF is to monitor web applications to enhance the security and its features in a web applications. It protects the web application by filtering the traffic between the internet and application.
13. What do mean by HA, HA1, and HA 2 in Palo Alto?
HA: HA refers to a High Availability, a deployment model in Palo Alto.HA is used to prevent a single point failure in a network. It included two firewalls with a synchronized configuration. If one firewall crashes, then a security features are applied by another firewall. This will help to continuing the business without any interruption.HA1 and HA2 are a two various ports in HA. HA is called control link, while HA 2 is called a Datalink. These ports are used to keep a state information and synchronize the data.
14. What is type of Palo Alto architecture?
The Palo Alto architecture follows a single pass parallel processing.
15. What are an Active/passive and Active/Active modes in a Palo Alto?
Active/passive: this mode in Palo Alto is supported in a deployment types including virtual wire, layer2, and layer3. the configuration settings are shared by a both the firewalls. In this case, the active firewalls fail, passive firewall becomes an active and maintain network security.
Active/Active: this mode in Palo Alto is supported in a deployment types including virtual wire and layer 3. In this mode, both the firewalls work synchronously and process a traffic.
16. What is APP-ID?
App-ID is nothing but the short form for the the application identifications. This is one of the major components in Palo Alto. The major responsibilities of a App-Id included are identifying the applications and transverse a firewalls independently.
17. Mention the benefits of a Panorama in Palo Alto?
Provide distributed administrations, which helps to control and delegate assessment to the Palo Alto firewall configurations.Offers a centralized configuration system and Deployment.Supports logging or aggregated management with the central oversight for reporting and an analyzing purposes.
18. What is the virtual system and a virtual router in Palo Alto?
A virtual router is just a function of Palo Alto; this is also the part of the Layer 3 routing layer. The virtual system is just exclusive and logical function in Palo Alto. This is also independent firewall; the traffic here is maintain separate.
19. Which are the media types that firewall supports?
The Palo Alto firewall supports 2 types of media :
- Fiber optic.
20. What is HSCI port?
SCI is a layer 1 of a SFP+ interface. In an HA configuration, this connects to any two PA -200 firewall series. This port can be used to both HA2 and HA3 network connections and the raw layer can transmitted to the HSCI ports.
21. What is global VPN support?
The global protect VPN offers a clientless SSL Virtual private network (VPN) and helps to access application in the data center.
22. What is the meaning of an endpoint security?
- Computing device connected to the local or Wide Area Network (WAN) is called an endpoint. The function of endpoint security is to protect an endpoints from malicious software.
- Some examples of endpoints like desktops, PCs, laptops, smartphones, servers and an Internet-of-Things (IoT) devices.
- Endpoint security protects an endpoints from cyber threats and unauthorized activities.
23. What is incomplete and application override in a palo Alto?
Application Incomplete can be interpreted as-either the three-way TCP handshake is not a completed or completed, and there was no information to classify the process just after a handshake.Where as Application override is being used to bypass App-ID for unique traffic transmitted by a firewall.
24. What is a GlobalProtect in Palo Alto?
GlobalProtectTM is an application that runs on an endpoint (desktop computer, laptop, tablet, or smartphone) to safeguard by employing the same security standards that protect a important corporate network resources. GlobalProtectTM encrypts an intranet traffic and allows to connect to a corporate network from anywhere in the world to use a company’s resources.
25. What are the options available on Palo Alto Firewall for a forwarding the log messages?
- Forwarding of logs from firewalls to PanoramaPanorama and from PanoramaPanorama to an external services.
- Forwarding of logs from firewalls to PanoramaPanorama and an external services in parallel.
26. What is Single-pass parallel processing?
Single-pass parallel processing allows a system to operate on one packet. The following are important features of a Single-pass parallel processing like policy lookup, identifying applications, performing networking functions, decoding, and signature matching. The content in a Palo Alto firewall is scanned only once in the architecture.
27. What protocol is used to an exchange heart beats between HA?
ICMP is the protocol used to an exchange heartbeat between HA.
28. What is parallel processing?
The Palo Alto architecture is designed with a separate data content and control planes to help a parallel processing. The hardware elements in parallel processing support a discrete and process groups to perform several difficult functions.
29.Define a term: U-Turn NAT?
U-Turn NAT refers to a logical path in a network. The users will be provided a access to the DMZ server using the server’s external IP address.U-Turn NAT allows a clients to access the public web server on an internal network.
30. What do mean by endpoint security in Palo Alto?
Endpoint security is something which protects the user’s devices such laptops, mobiles, PC using the designed tools and products. It is one of the world’s leading network’s security suites which helps to securing the user’s data and applications from an organizations. Depending on a network against different threats is not quite simple nowadays however, it can be attained by a using best practices in both the hardware and software.
31. Mention the differences between a Palo Alto -200, Palo Alto -500, and any higher models?
In both Palo Alto- 200 and Palo Alto -500 implement an activities such as signature process, and network processing ,the higher model comprised of a dedicated hardware processor.
32.Mention the types of links used to establish a HA or HA introduction?
- Control link or HA1.
- Datalink or HA2.
- Backup Links.
- Packet forwarding links.
33. Mention the different port numbers used in HA?
HA1: tcp/ 28769, tcp/28260 for a clear text communication
Tcp/28 for an encrypted communication
HA2: Use a protocol number 99 or UDP -29281
34. Which are features Palo Alto supports when it is in virtual wire mode?
When Palo Alto in a virtual wire mode, it supports more features like App-ID, Decryption, Content-ID, User-ID, and NAT.
35.Do know which virtualization platform provides its extensive support during a deployment of Palo Alto networks?
VM-Series is the virtualization platform that offers an extensive support during the deployment of Palo Alto Networks. It provide a wide range of public and private cloud computing environments such as open stack, VM ware, Cisco ACI, Amazon web services, Google cloud platform, and many more.
36. Can determine which command is used to show the maximum log file size? Give a brief idea on how a Panorama addresses new logs when storage limit is reached?
The command that is used to show a maximum log file size is represented below:
- show system logdb-quota.
- When the logs storage limit is reached, then Panorama automatically deleted the old logs and gives the space to a new records. Panorama has the automated functionality that can find the storage limit and remove it if needed.
37. Can determine the default IP address of the management port in Palo Alto Firewall along witha default username and password?
- The default IP address of a management port in Palo Alto Firewall is 192.168.1.1..
- The username is “admin” with password as “admin.”.
38. Can explain about the different states in HA Firewall?
39. What is wildfire? Give a brief explanation about a functionality of wildfire?
To secure a network from a potential threats requires finding solutions and analysing the malwares and is a quite hectic process. Wildfire is a cloud based malware direction which helps to identify a unknown files or threats made by attackers. Wildfire’s rapidly deliver a protection and share threat intelligence to an organizations.
40.Differences betweena Palo Alto NGFW and Checkpoint UTM?
Palo Alto follows a Single-pass parallel processing whereas a Checkpoint UTM follows a multi-pass architecture process.
41. Can explain why Palo Alto is being called as a next-generation firewall?
The Palo Alto cybersecurity application has an everything that is needed for the next generation. This application consists of a infusion prevention system and control features. In terms of productivity, it is considered as various from other cybersecurity vendors. One important thing is that it delivered the next generation features with the help of single platform.
42. Give a brief idea about a single pass and processing architecture? Which architecture does Palo Alto use?
Single-pass: In Single-pass processing, all the operations are performed only a once per packet. The services included application identification, networking functions, policy lookup, decoding, signature matching for any content or threats. In simpler terms, instead of using a multiple engines, single-pass software allows a single time scanning in a stream-based fashion.
Parallel processing: Parallel processing used some discrete processing groups to perform the functions. The functions included in networking, app id, content Id analysis, etc.Palo Alto utilizes a Single Pass Parallel processing (SP3) architecture.
43.Define the term HALite in Palo Alto? Give a brief explanation of capabilities of Palo Alto?
Before explaining HALite we need to know about PA 200. PA-200 is a firewall which prevents a network from a broad range of a cyber threats. HALite is the feature available on PA-200. It offers synchronization of some run time items. Limited version of HA is used in a PA 200 as there are a limited number of the ports available for synchronization.
44. Define what is meant by a service route? Can determine the interface that is used to access external services by default?
Service route refers to a path from the interface to a service on the server. .The interface that is used to an access external sources by default is the management (MGT) interface.
45. Can brief the basic approaches used to deploy certificates for Palo Alto Network Firewalls?
- Obtaining the documents from the trusted third-party CA like VeriSign or GoDaddy.
- Acquiring the certificates from enterprise CA
46. How to perform a troubleshoot HA Using CLI?
Show high- available state: show HA state of Palo Alto firewall.
Show high –available state – synchronization: used to check a sync status.
Show high –available path –monitoring: to show status of path monitoring a system.
Request high- available state suspend: to suspend a active box and make a current passive box as active.Generation of a self-signed certificates.
47. Elucidate the differences between PA-200, PA-600, and a higher models?
The network processing and a signature processing are implemented on software in PA-200 and PA-500. The higher models will have dedicated hardware processor to perform a functionalities.
48. In An Enterprise Deployment, A Network Security Engineer Wants To Assign To A Group Of an Administrators Without Creating Local Administrator Accounts On a Firewall. Which Authentication Method Must Be Used?
RADIUS with a Vendor-Specific Attributes.
49. What is the difference between the Next-Generation Firewall vs. Traditional Firewall?
A next-generation firewall (NGFW) is a network security solution that goes to beyond a traditional stateful firewall in terms of a capability.While a traditional firewall inspects all the incoming and outgoing network traffic in a real-time. Application awareness and control, integrated intrusion prevention, and cloud-delivered threat an intelligence are all used in a next-generation firewall.
50. Packet flow architecture of a Palo alto firewall>?
A Palo Alto Network firewall in the layer 3 mode provides a routing and network address translation (NAT) functions.The routing table is used to evaluate a source and destination zones on NAT policies:
Example 1: If translating a traffic that is incoming to an internal server .The NAT policy busing the zone in which a Public IP address resides must be configured.
Example 2: If translating a traffic that is incoming to internal server. It is need to used the DMZ zone to configure a NAT policy.Regardless of the policy, original IP addresses are ALWAYS used with the rules. Why? Since address translation does not take place an until the packet egress the firewall.The destination zone is the ONLY zone that can change from a original packet during processing.
51. How to configure a HA on Palo alto firewall?
To set up an active (PeerA) passive (PeerB) pair in HA, must configure some of options identically on both firewalls and some independently (non-matching) on every firewall. These HA settings are not synchronized between a firewalls. The following checklist details the settings that must configure an identically on both firewalls:
- Must enable a HA on both firewalls.
- Must configure the same Group ID value on the both firewalls. The firewall uses the Group ID value to made a virtual MAC address for all the configured interfaces. See Floating IP Address and Virtual MAC Address for data about virtual MAC addresses.
- When a new active firewall takes over, it sends a Gratuitous ARP messages from each of its connected interfaces to inform the connected Layer 2 switches of the virtual MAC address’s new location.
- If using in-band ports as HA links, must set the interfaces for the HA1 and HA2 links to type HA.
- Set the HA Mode to a Active Passive on both firewalls.
- If required, enable preemption on both firewalls. The device priority value, must not be an identical.
- If required, configure encryption on a HA1 link on both firewalls.Based on the combination of HA1 and HA1 Backup ports that are using, use the following recommendations to decide should enable heartbeat backup:
HA1: Dedicated HA1 port
HA1 Backup: Dedicated HA1 port
Recommendation: Enable Heartbeat Backup
HA1: Dedicated HA1 port
HA1 Backup: In-band port
Recommendation: Enable Heartbeat Backup
HA1: Dedicated HA1 port
HA1 Backup: Management port
Recommendation: Do not enable Heartbeat Backup
HA1: In-band port
HA1 Backup: In-band port
Recommendation: Enable Heartbeat Backup
HA1: Management port
HA1 Backup: In-band port
Recommendation: Do not enable Heartbeat Backup
52. What are the steps to take a configuration Backup of the Palo alto firewall?
- After logging into a Palo Alto firewall, go to Device -> Setup -> Operations.
- To save settings locally to a Palo Alto firewall, click “Save named configuration snapshot.
- o save a backup of Palo Alto Configuration file to the local PC, click “Export Named Configuration Snapshot.
53. What is the role of a Virtual Wire interface in Palo Alto firewall?
A virtual wire interface allows a transmission of traffic between the two interfaces by binding them together.
54. What do understand about dynamic updates?
Palo Alto Networks publishes updates about new and modified apps, threat protection, and Global Protect data files on the regular basis via dynamic updates. Find the frequency at which the firewall checks for and downloads or install a new updates by creating a schedule for dynamic updates. set the frequency of updates retrieval using a “schedule” option. can choose whether to “Download Only” or “Download and Install” scheduled updates, as well as how often and when they are occur .
55. What is the difference between a Palo Alto NGFW and WAF?
Palo Alto Network’s Next-Generation Firewalls (NGFW) employ three distinct identification technologies to offer a policy-based access and control over applications, users, and content: App-ID, User-ID, and Content-ID. The knowledge of which application is traversing a network and who is using it is then be used to made firewall security policies, including access control, SSL decryption, threat prevention, and URL filtering. A firewall is need for every organization. A Web Application Firewall (WAF), on the other hand, is designed to look a web applications and trace them for security problems that may occured as a result of coding errors. The only thing the two solutions share general is that they all use the word firewall in their names. A WAF is only needed by a companies who believe their web applications have coding issues.
56. Explain the difference between a Virtual Routers and Virtual Systems in Palo Alto?
Virtual systems are separate, logical firewall instances within the single physical Palo Alto Networks firewall. Controlled service providers and organizations should use single pair of firewalls (for high availability) and allow a virtual environments on them instead of having multiple firewalls. Every virtual system (vsys) is an independent, separately-managed firewall with its a traffic kept separate from the traffic of other virtual systems.A virtual router is a firewall feature that takes a part in Layer 3 routing. can manually explain a static routes or participate in one or more Layer 3 routing protocols, and the firewall can use a virtual routers to obtain routes to other subnets (dynamic routes).
57. Difference between a Pre NAT and Post NAT?
- The original IP address, which is pre-NAT address, is subject to a NAT rules and security policies. The zone associated with pre-NAT IP address is used to configure a NAT rule.
- In comparison to NAT rules, security protocols look at a post-NAT zones to see whether a packet is allowed. Protection protocols are applied on the post-NAT region because very essence of NAT is to change a source or destination IP addresses, which will change packet’s outgoing interface and zone.
58. Which Palo Alto Networks solution targets an endpoint security from Cyber-attacks?
The next-generation firewall solution targets an endpoint security from Cyber-attacks. It offers a detailed network traffic visibility focused on applications, customers, and content, enabling to accept and meet the business requirements.
59. Which all types of logs can be viewed on a Palo Alto NGFWs?
Can view a Traffic Logs, Threat Log, URL Filtering Logs, WildFire Submissions Logs, Data Filtering Logs, Correlation Logs, Tunnel Inspection Logs, Unified logs, HIP Match logs, GTP logs, SCTP logs, System logs, Alarm logs, and a Configuration logs, etc.
60. What are the prerequisites while configuring HA pair?
- The same model—The hardware or virtual machine models of both the firewalls in the pair must be the same.
- The same PAN-OS version—Both firewalls must be a running the same PAN-OS version and have the application, URL, and threat databases up to date.
- The same multi virtual system capability—Multi Virtual System Capability must be an activated or disabled on both firewalls. Every firewall requires several virtual machine licenses when it is activated.
- The same type of interfaces—Dedicated HA links, or a combination of a management port and in-band ports that are set to an interface type HA.
- Determine the IP address for the HA1 (control) connection between a HA peers. The HA1 IP address for both peers must be on same subnet if they are directly connected or are connected to a same switch.
- For firewalls without dedicated a HA ports, can use the management port for the control connection. Using the management port offers a direct communication link between management planes on both firewalls. However, because the management ports will not be directly cabled between the peers, make sure that have a route that connects these two interfaces across the network.
- If use Layer 3 as the transport method for the HA2 (data) connection, find the IP address for the HA2 link. Use Layer 3 only if the HA2 connection must communicate over the routed network. The IP subnet for the HA2 links must not overlap with that the HA1 links or with any other subnet assigned to a data ports on the firewall.
- The same set of licenses—Every firewall has its own license, which cannot be shared. As a result, all firewalls must have a same license. Both firewalls cannot synchronize a
61. What are HA modes in which Palo Alto Firewall can be configured?
Active/Passive— One firewall handles traffic actively, while other is synchronized and ready to take over in the event of malfunction. Both firewalls used the same configuration settings in this mode, and one actively manages a traffic until a route, link, system, or network fails. When an active firewall fails, passive firewall seamlessly switches to an active mode and enforces the same policies to maintain the network secure. Active/Active— Both firewalls in pair are up and running, managing traffic, and handling session configuration and an ownership in synchronous manner. Both firewalls maintain their own session and routing tables and synchronize with one another. In virtual wire and Layer 3 deployments, active/active HA is are supported.
62. Explain Active/Active HA in Palo Alto NGFW?
Active/Active more availability is stateful sessions and configuration synchronization with a few exceptions: Active/Active HA in Palo Alto is supported in deployment types including a virtual wire and layer 3. In this mode, both firewalls work synchronously and process a traffic.
63. Explain an Active/Passive HA in Palo Alto NGFW?
Active/Passive availability is also stateful sessions and configuration synchronization with some exceptions:
- The active/passive HA is supported to a VM-Series firewalls on Azure and AWS.
- When using a Amazon Elastic Load Balancing (ELB) service to deploy firewall on AWS, it does not support HA.
- On Google Cloud Platform, a VM-Series firewall does not allow more availability.
- This Active/Passive HA in Palo Alto is supported in a deployment types including virtual wire, layer2, and layer3.
- The configuration settings are shared by both firewalls. In this case, an active firewalls fail, the passive firewall becomes an active and maintained a network security.
64. How many zones can be an interface be part of?
An interface on the firewall must be an assigned to security zone before the interface can process traffic. A zone can have high interfaces of the same type assigned to it ,but an interface can belong to a only one zone.
65. Steps to configure a zone protection profiles?
- Configure a Reconnaissance Protection.
- Configure a Packet-Based Attack Protection.
- Configure a Protocol Protection.
- Configure a Packet Buffer Protection.
66. What actions are available while a filtering URLs?
Alert: The website is allowed and a log entry is generated in URL filtering log.
Allow: The website is allowed and no log entry are generated.
Block: The website is blocked and user will see a response page and will not be able to continue to a website. A log entry is to be generated in the URL filtering log.
Continue: The user will be prompted with the response page indicating that the site has been blocked due to a company policy, but the user is prompted with option to continue to a website.
Override: With this Override option, the security admin or helpdesk person would offered a password granting temporary access to all the websites in the given category.
67. Steps to configure an App ID and Content IDs how they can be added to an existing/new security policies?
- 1. Traffic is matched against a policy to check whether it is allowed on a network.
- 2. Signatures are then applied to a allowed traffic to identify the application based on unique application properties and to related transaction characteristics. The signature also find if the application is being used on its default port or it is using a non-standard port. If the traffic is allowed by a policy, the traffic is then scanned for a threats and further analysed for identifying the application more granularly.
- 3. If App-ID find s that encryption (SSL or SSH) is in use, and Decryption policy rule is in place, the session is decrypted and application signatures are applied again on decrypted flow.
- 4. Decoders for known protocols are then used to apply a additional context-based signatures to find other applications that may be tunneling inside of the protocol (for example, Yahoo! Instant Messenger used across a HTTP). Decoders validate that traffic conforms to the protocol specification and support for NAT traversal and opening dynamic pinholes for applications like are SIP and FTP.
- 5. For applications that are particularly evasive and cannot be identified through an advanced signature and protocol analysis, heuristics or behavioral analysis may be used to find the identity of application.Configuration steps for Content-ID for adding to a security policies:
- Detect and block a known and unknown threats in a single pass.
- Implement policy control over an unapproved web surfing.
- Limit unauthorized transfer of files and sensitive data, like credit card or Social Security numbers.
- Proactively identify and defend against unknown, new, or custom malware and an exploits.
- 5Single-pass software architecture maximizes performance by scanning traffic only once, regardless , which Content-ID features are enabled.
68 Define what the term “service route” means. Can which interface is used by default to access external services?
The path from interface to a server’s service is referred to as the service route. The management (MGT) interface is a default interface for accessing external sources.
69. Steps to take configuration Backup of Palo alto firewall?
- 1.Navigate to Device -> Setup -> Operations after a login into the Palo alto firewall.
- 2.Click on “Save named configuration snapshot” to save a configuration locally to a palo alto firewall.
- 3.lick on “Export Named Configuration Snapshot” to take backup of the Palo Alto Configuration file into local PC.
70. What parameter decides a primary and a secondary HA pair?
It is decided by the parameter “Device ID”. In active/active configuration, set a Device ID to determine which peer will be an active-primary (set Device ID to 0) and which will be an active-secondary (set the Device ID to 1).
71. Status of a high availability to check on GUI and CLI(command needed)?
High availability check on GUI: Go to a Device Tab -> High Availability -> General.This displays a status about Setup, active passive settings, control link (HA1), control link (HA1 backup), Data link (HA2) and an Election settings.High availability check on a CLI:
1. To View status of a HA4 backup interface: show high-availability cluster ha4-backup-status.
2. To View information about type and number of synchronized messages to or from an HA cluster: show high-availability cluster session-synchronization.
3. To View a HA cluster state and a configuration information: show high-availability cluster state.
4. To View a HA cluster statistics, such as counts received messages and dropped packets for various reasons: show high-availability cluster statistics.
5. To Clear a HA cluster statistics: clear high-availability cluster statistics.
6. To Clear a session cache: request high-availability cluster clear-cache.
7. To Request a full session cache synchronization: request high-availability cluster sync-from.
72. How to do Stateful failover on Palo alto firewall on the HA cluster?
When a failure occurs on one firewall and the peer takes over a task of securing traffic, the event is called a failover. A failover is triggered, for example, when a monitored metric on the firewall in the HA pair fails. The following are the metrics that are implemented to a monitor and detect a firewall failure:
- Heartbeat Polling and Hello messages.
- Link Monitoring.
- Link Monitoring.
73. Steps to do Packet capture on a GUI and CLI?
Steps for Packet capturing in GUI:
1.The first place to go is a Packet Capture menu on the GUI, where can manage filters, add capture stages, and simply download captures.
2.Before we get started, there are a few things are should know:
- Four filters can be added with the variety of attributes.
- Packet captures are a session-based, so a single filter is capable of capturing both a client2server and server2client.
- Packets are captured on the dataplane vs on interface (this explains the next bullet).
- Pre-Parse Match is the feature that can capture all files before they are processed by an engines running on the dataplane, which can help troubleshoot problems where an engine may not be properly accepting an inbound packet. This option should be used only if a instructed by the support and on a low volume time of day as it will capture everything.
- When filtering is enabled, new sessions are marked for a filtering and can be captured, but existing sessions are not being a filtered and may need to be restarted to be able to capture them.
- Offloaded sessions can’t be captured so offloading may need to disabled temporarily. An offloaded a session will display a “layer7 processing: completed” in “show session” details.
- 1.Add couple of filters.
- 2.If now switch the Filtering button to ON, the filters will be applied to any new sessions that match criteria.
- 3.A simple way to check if a filter is working is to check if global counters are increasing if a new session is an initiated.
Steps for Packet capturing in CLI:
1. From the CLI, execute this command: show counter a global filter delta yes packet-filter yes
1. Next going to configure stages, there are four stages:
drop: stage is where packets get discarded. The reasons may vary and, for this part, the global counters may help to identify if the drop was due to a policy deny, a detected threat, or something else.
receive: stage captures the packets as they ingress a firewall before they go into the firewall engine. When NAT is configured, these packets will be a pre-NAT.
transmit: stage captures packets how they egress out of firewall engine. If NAT is a configured, these will be a post-NAT.
firewall: stage captured a packets in the firewall stage.When all the desired stages are set, can switch the capture button to ON, or you can use a CLI, clear the existing sessions which match the filters specified. This is to make sure no session has been an active since before the filters were enabled. Then use a capture on command to start the capture as displayed below.
show session all: Note down a session number matching the configured filters.
clear session id: This is to clear of any existing session that matches the filters configured .can now launch the sessions that like to capture. To verify if the session has started, use show session command:
show session all: When done, the capture can be turned off by a toggling the button back to the OFF position or using the debug command:
debug dataplane packet-diag set capture off : Packet capture is disabled
debug dataplane packet-diag clear filter-marked-session all: Unmark All sessions in a packet debug
74. How to add a License to Palo Alto Firewall?
- 1.Locate the activation codes for the licenses are purchased.
- 2.Activate a Support license.
- 3.Activate every license you purchased.
- 4.Verify that the license is a successfully activated.
- 5.Perform a commit to finish aWildFire subscription activation.
75. How do Dynamic updates and how schedule them?
Through dynamic updates, Palo Alto Networks regularly publishes a new and updated applications, vulnerability protection, and Global Protect data files. Setting a schedule for a dynamic updates allows to explain the frequency at which the firewall checks for and downloads or installs new updates. The “schedule” option allows to schedule the frequency for retrieving updates. can explain how often and when the dynamic content updates occur—the “Recurrence” and time—and whether to “Download Only” or to “Download and Install” scheduled updates.
76. What is Palo Alto sinkhole?
The DNS sinkhole permits a Palo Alto Networks device to manipulate a response to a DNS query to known vicious URL/domain, causing the vicious domain name to solve the customer.
77. What kind of firewall is Palo Alto?
The firewall of Palo Alto Networks is a VM-Series and a virtualized next-generation firewall that can operates on PAN-OSTM OS. The following virtualization security features are included in a VM-Series, which also identifies, controls, and securely permits intra-host connections.
78. What is a Tap deployment mode?
A network tap is a device that offers a path to access data flowing in a computer network. Tap deployment mode allows to monitor a traffic flow partially across the network with the help of mirror port or switch SPAN.
79. What is App-ID?
Application Identification, also known as an App-ID, is the main component in Palo Alto. App-ID allows to see the applications present in the network and understand how they behave, work, and their risks. It finds applications that cross a firewalls independently.
80. What is Palo Alto Content ID?
Palo Alto Content-ID provides a real-time threat prevention engine with the huge URL database and application identification to limit files and data transfers, identify and block malware, exploits, and malware communications, and also regulate internet usage.
81. Are Palo Alto updates cumulative?
Content updates are dynamic and cumulative, updates have the most recent content, and updates always incorporate from a previous versions and enforce them without requiring systemic changes.
82. Describe a Zero Trust feedback loop architecture in Palo Alto?
The zero-trust approach to cybersecurity secures an organisation by removing a clear trust and continuously authorising each stage of a digital interaction the principle of never trust, always verify. Zero trust architecture provides more comprehensive security and made it simple and operational. It prevents a phishing, malware, and data exfiltration attacks.
83. What Must Be Used In a Security Policy Rule That Contains an Addresses Where Nat Policy Applies?
Upon accessing, The firewall checks a packet and makes a route to look up and find the exit interface and zone. Then Pre-NAT contends with a Post-NAT zones.
84. What is an unique about Palo Alto?
Palo Alto Network delivers most advanced and next-gen. Firewall features in its single platform, unique management systems, and simultaneous processing diverse it from the other competitors who rely on multiple management systems or different modules.
85. Is Palo Alto IDS or IPS?
Palo Alto Network is an Intrusion Prevention System (IPS) by a nature. It differs from the other traditional IPS by linking a network anti-malware, vulnerability protection, and anti-spyware into a unified service that scrutinises all traffic for threats.
86. What is a zero-trust approach?
Zero Trust is a strategic approach to cybersecurity that secures organisation by continuous validation and removing an implicit trust at each stage of digital interaction. It prevents a data breaches. It does not made the system to be trusted; instead, it eliminates trust
87. What is IT OT Convergence?
Operational Technology (OT) and Information Technology(IT) systems are united together and called an IT/OT convergence. IT integration is useful in data-centric computing, and OT systems will monitor a devices, processes, and events and suggest necessary changes in an industrial operations and organisation.
88. What are the main areas Panorama adds value to?
- Distributed administration, which enabled to control and delegate access to firewall configurations locally and globally.
- Centralized configuration and a deployment.
- Logging (aggregated) with central oversight for an analysis and reporting.
89. What is U-Turn NAT in Palo Alto?
U-turn NAT is a logical path used in the network. In U-turn NAT, the users have to access a internal DMZ server. For this purpose, they used the external IP address of that server.
90. What is a virtual router in Palo Alto?
A virtual router is a function of the firewall, which is a part of a Layer 3 routing.
91. What is a virtual system in Palo Alto?
A virtual system is an exclusive and logical firewall in the Palo Alto. Being an independent firewall, the traffic in the virtual system is kept separate.
92. What sorts of media does firewall support?
Copper and fibre optic media are supported by a Palo Alto Networks firewal
93. What is Single Pass processing architecture?
Single-pass processing architecture can operates only once on a packet. likewise activities such as policy lookup, application identification, networking functions, and decoding, and signature matching are also will be performed only once when the packet is processed. Even the content is also scanned only once in a Single-pass processing architecture.
94. What determines whether a primary and secondary of HA pair exists?
The parameter “Device ID” determines this. Set the Device ID in an active/active setting to identify a which peer will be an active-primary (set Device ID to 0) and which will be an active-secondary (set Device ID to 1). (set the Device ID to 1).
95. What is WAF? What purpose does it serve?
WAF is a Web Application Firewall. It monitors a web applications for security problems, which may arise due to errors in the code.
96. Which virtualization platforms fully support a Palo Alto network deployments?
- Open stack
- Cisco ACI
- Amazon Web Services (AWS)
- Google Cloud Platform
- The public cloud computing environment
- The private cloud computing environment
97. Give a explanation of a Tentative HA Firewall state?
- When a firewall has be failed.
- A monitored object’s failure .
- When a firewall goes into a suspended or non-working condition.
98. What is maximum number of zones that an interface can be a part of?
Security zones on a firewall are a logical approach to an arrange physical and virtual interfaces in order to restrict and log traffic that passes through a certain network interfaces. Before an interface on a firewall can process traffic, it must be an allocated to a security zone. Multiple interfaces of same type (such as tap, layer 2, or layer 3 interfaces) can be allocated to zone, but an interface can only belong to a one zone.
99. What is function of Palo Alto focus?
The Palo Alto focus is one of the most important services of a Palo Alto. It is used to identify a critical attacks and take the required action without the use of additional resources. It is referred to as a cloud-based threat intelligence service.
100. What are the advantages of Panorama in Palo Alto?
- Distributed administrations are available, allowing control and delegate evaluation of a Palo Alto firewall configuration.
- Deployment and a centralized configuration system are provided.
- Supports logging or aggregated management for reporting and analysis with the central oversight.
- View a graphical representation of a network’s apps, their users, and also security implications.
- Analyze, evaluate, and report on network traffic, security issues, and administrative changes from centralized locations.
101. What is WildFire in Palo Alto?
Palo Alto Networks WildFire cloud-based threat to analysis service is the industry’s most advanced analysis and prevention engine for more evasive zero-day exploits and malware.
Are you looking training with Right Jobs?Contact Us
- Hadoop Interview Questions and Answers
- Apache Spark Tutorial
- Hadoop Mapreduce tutorial
- Apache Storm Tutorial
- Apache Spark & Scala Tutorial
- What is Dimension Reduction? | Know the techniques
- Difference between Data Lake vs Data Warehouse: A Complete Guide For Beginners with Best Practices
- What is Dimension Reduction? | Know the techniques
- What does the Yield keyword do and How to use Yield in python ? [ OverView ]
- Agile Sprint Planning | Everything You Need to Know