Links
Hardware / Virtual Machines
Hardware Architecture
https://www.paloaltonetworks.com/resources/pa-series-next-generation-firewalls-hardware-architectures
Compare Next Generation Firewalls
https://www.paloaltonetworks.com/products/product-selection.html
Panorama Datasheet
https://www.paloaltonetworks.com/resources/datasheets/panorama-centralized-management-datasheet
Configure Resources Per VSYS
https://live.paloaltonetworks.com/t5/blogs/configure-resources-per-vsys/ba-p/173856
Software / Updates
Downgrade über Feature Releases
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-new-features/upgrade-pan-os/downgrade-pan-os/downgrade-a-firewall-to-a-previous-feature-release.html
Tipps for managing Content Updates
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGRCA0
Best Practices for PAN-OS Upgrade
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRrCAK
Admin
Facebook Engineering: Scalable and secure access with SSH
https://engineering.fb.com/2016/09/12/security/scalable-and-secure-access-with-ssh/
Firewall Policies / Zone Protection / Protection Profiles
Packet Flow Sequence in PAN-OS
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0
Zone Protection Profiles
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clm9CAC
Dynamig Groups: Auto-Tagging Video
https://www.youtube.com/watch?v=SaknKHwdnCI
Destination NAT with Port Translation Example
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-with-port-translation-example.html
How to Check the NAT Buffer Pool
> show running ippool
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CliQCAS
Block Tor Exit nodes with an External Dynamic List (EDL)
https://blog.boll.ch/paloalto-firewall-feature-block-tor-exit-nodes-with-an-external-dynamic-list-edl-ip-list/
Microsoft Public IP List
https://www.microsoft.com/en-us/download/details.aspx?id=53602
APP-ID
Application Research Center (Applipedia)
https://applipedia.paloaltonetworks.com/
What is Application Dependency
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK
Liste mit Application Level Gateways (ALG)
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/application-level-gateways.html
Disable the SIP Application-level Gateway (ALG)
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/disable-the-sip-application-level-gateway-alg.html
Submit an Application
https://blog.paloaltonetworks.com/submit-an-application/
User-ID
Create a Dedicated Service Account for the User-ID Agent
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/user-id/map-ip-addresses-to-users/create-a-dedicated-service-account-for-the-user-id-agent.html
Best Practices for Securing User-ID Deployments
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVPCA0
How to Check Users in LDAP Groups
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVcCAK
Wildfire
PE Testfile
http://wildfire.paloaltonetworks.com/publicapi/test/pe
Wildfire Portal
https://eu.wildfire.paloaltonetworks.com
SSL Decryption
Empfehlung: XCA Certificate management Tool
https://hohnstaedt.de/xca/
LetsEncrypt Certificates for Palo Alto Networks GlobalProtect VPN
https://www.bitbodyguard.com/articles/palo-alto-networks/letsencrypt-certificates-for-palo-alto-networks-globalprotect-vpn/
How to Create Subordinate CA Certificates with Microsoft Certificate Server
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWOCA0
Log and Report
Correlation Engine
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/monitoring/use-the-automated-correlation-engine/interpret-correlated-events.html
The following models support the automated correlation engine:
- Panorama—M-Series appliances and virtual appliances
- PA-7000 Series firewalls
- PA-5200 Series firewalls
- PA-3200 Series firewalls
Log Retention
https://live.paloaltonetworks.com/t5/blogs/log-retention/ba-p/306150
–> show system logdb-quota
Additional information
Best Practice Assessment Tool Video
https://www.paloaltonetworks.com/resources/videos/bpa-demo
https://www.youtube.com/watch?v=GNHCq3NvkVk
Knowledge Base
https://knowledgebase.paloaltonetworks.com
Security Information (CVE)
https://security.paloaltonetworks.com/
PaloAlto Best Practices
https://docs.paloaltonetworks.com/best-practices
PaloAlto Cloud Status
https://status.paloaltonetworks.com/
Recommended PAN-OS Version
https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-p/258304
SNMP MIB FIles
https://docs.paloaltonetworks.com/resources/snmp-mib-files