Professional Documents
Culture Documents
Guide
Table
of
Contents
Activity
0
Login
to
UTD
Workshop
.................................................................................
5
Task
1
Login
to
your
Ultimate
Test
Drive
Class
Environment
....................................................................
5
Task
2
Login
to
the
student
desktop
.........................................................................................................
7
Task
3
Login
to
UTD
Virtual
Firewall
........................................................................................................
10
Page 2
UTD-NGFW
2.3CS
Page 3
Terminology:
Tab
refers
to
the
5
tabs
along
the
top
of
each
screen
in
the
GUI.
Node
refers
to
the
options
associated
with
each
Tab
found
in
the
left-hand
column
on
each
screen.
*NOTE*
Unless
specified,
the
Chrome
web
browser
will
be
used
to
perform
any
tasks
outlined
in
the
following
Activities.
(Chrome
is
pre-installed
on
the
student
desktop
of
the
workshop
PC.)
UTD-NGFW
2.3CS
Page 4
Step
3:
Complete
the
Registration
form
and
click
Register
and
Login
at
the
bottom.
Step
4:
Depends
on
your
browser
of
choice,
you
will
be
asked
to
install
a
plugin,
please
click
yes
to
allow
the
plugin
to
be
installed
and
continue
the
login
process.
UTD-NGFW
2.3CS
Page
5
Step
5:
Once
you
login,
the
environment
will
be
automatically
created
for
you.
Click
on
Start
Using
This
Environment
when
the
Environment
is
ready.
Step
6:
The
UTD
NGFW
Environment
consists
of
three
core
components:
a
Student
Desktop,
VM-Series
Virtual
Firewall
and
an
Ubuntu
Server.
You
will
access
the
lab
through
the
Student
Desktop.
UTD-NGFW
2.3CS
Page 6
Step
2:
You
will
be
connected
to
the
Student
Desktop
through
your
browser.
Step
3:
Click
on
the
blue
arrow
on
the
top
left
hand
corner
to
collapse
the
navigation
bar.
This
will
make
more
room
for
the
Student
Desktop.
UTD-NGFW
2.3CS
Page 7
Step
4:
If
the
Student
Desktop
resolution
is
too
high
or
too
low
for
your
laptop
display,
you
can
adjust
the
resolution
on
the
upper
right
hand
corner.
[Note:
The
default
connection
to
the
Student
Desktop
uses
RDP
over
HTML5
protocol
through
the
browser.
In
case
of
your
browser
does
not
support
HTML5
or
you
find
that
the
student
desktop
is
too
small
to
use
in
the
browser,
please
refer
to
Appendix-1
:
Alternative
Login
Method
to
connect
to
the
student
desktop
using
Java
or
RDP
client.
]
Optional
Step
5:
If
you
encounter
connection
issue
with
the
Student
Desktop,
click
on
Reconnect
to
re-
establish
the
connection.
UTD-NGFW
2.3CS
Page 8
Optional
Step
6:
If
re-connection
to
the
Student
Desktop
remains
unsuccessful,
please
verify
your
laptop
connectivity
using
the
following
link.
Note
that
Java
client
is
required
on
your
browser
for
this
test
site
to
function.
https://use.cloudshare.com/test.mvc
This
test
site
will
validate
the
RDP-based
and
Java-based
connections
to
your
browser.
Click
Allow
to
allow
the
Java
Applet
to
be
installed
and
run
on
your
browser.
Optional
Step
7:
If
the
connectivity
test
passed,
please
close
the
browser
and
retry
from
Task-1
Step-1.
If
the
connectivity
test
failed,
please
inform
the
instructor
for
further
assistance.
UTD-NGFW
2.3CS
Page 9
student ->
<- utd135
Step
2:
You
are
now
login
to
the
firewall
and
should
see
the
main
dashboard.
UTD-NGFW
2.3CS
Page 10
Step
3:
Open
a
new
tab
in
Chrome
browser
window
and
confirm
Internet
connectivity
to
some
URL
(e.g.
http://www.cnn.com)
Step
4:
Here
is
a
quick
look
at
how
the
student
desktop
and
the
virtual
firewall
are
connected.
UTD-NGFW
2.3CS
Page 11
Modify
the
existing
firewall
configuration
to
control
the
behavior
of
the
Facebook
app
Review
Traffic
logs
to
confirm
activity
Page 12
Step
4:
Click
Add
and
type
facebook
and
select
facebook-base
from
the
list
Step
5:
Click
Ok
in
the
pop-up
window
Step
6:
Click
Enable
(in
the
bottom
bar
of
the
GUI)
Step
7:
Click
Commit
(in
the
upper
right
hand
corner
of
the
GUI)
Step
8:
Click
Ok
in
the
pop-up
window
[NOTE:
There
will
be
a
pop-up
window
with
messages
regarding
the
Commit.
Any
warning
messages
can
be
safely
ignored.]
Step
9:
Click
Close
in
the
pop-up
window
once
the
Commit
has
completed
Step
10:
Open
a
new
browser
tab
and
surf
to
http://www.facebook.com.
(You
may
get
a
warning
message
that
you
can
ignore.)
Step
11:
Log
into
facebook
using
the
account:
Username/Email:
ultimatetestdrive@gmail.com
Password:
paloalto123
Note:
If
you
have
trouble
passing
the
@
symbol
to
the
VM
please
follow
the
directions
in
the
Appendix
for
accessing
the
on-screen
keyboard.
(app eq facebook)
UTD-NGFW
2.3CS
Page 13
UTD-NGFW
2.3CS
Page 14
End
of
Activity
2
UTD-NGFW
2.3CS
Page 15
Logging
and
reporting
to
show
SSH,
RDP
and
Telnet
on
non-standard
ports
App-ID,
groups
function
and
service
(port)
User-ID
(groups)
Logging
and
reporting
for
verification
Page 16
Step
10:
Click
and
drag
the
Policy
IT-usage
so
it
is
above
the
UTD-Policy-05
rule.
Step
11:
Click
Commit
(in
the
upper
right
hand
corner
of
the
web
browser)
Step
12:
Click
Ok
in
the
pop-up
window
Step
13:
Click
Close
once
the
commit
has
completed
Step
14:
IT-apps
is
a
predefine
application
group
that
includes
SSH,
MS-RDP
and
other
applications.
Go
to
the
Object
tab
and
Application
Groups
node
to
review
what
applications
are
included
in
this
application
group.
UTD-NGFW
2.3CS
Page 17
Step
3:
Click
on
the
Service/URL
Category
tab
and
click
on
the
pull
down
menu
above
Service,
change
any
to
application-default
and
then
click
Ok
(The
Application-default
option
only
allows
applications
over
the
default
port
and
protocol,
it
prevents
applications
from
running
on
non-standard
port
or
protocol.)
Step
4:
Click
Commit
(in
the
upper
right
hand
corner
of
the
web
browser)
Step
5:
Click
Ok
in
the
pop-up
window
Step
6:
Click
Close
once
the
commit
has
completed
UTD-NGFW
2.3CS
Page 18
Activity
4
Decryption
Background:
More
and
more
traffic
is
decrypted
with
SSL
by
default,
making
it
difficult
to
allow
and
scan
that
traffic,
yet
blindly
allowing
it
is
high
risk.
Using
policy
based
SSL
decryption
will
allow
you
to
enable
encrypted
applications,
apply
policy,
then
re-encrypt
and
send
the
traffic
to
its
final
destination.
Policy
considerations
include
which
applications
to
decrypt,
protection
from
malware
propagation
and
data/file
transfer.
App-ID
SSL
decryption
Logging
and
reporting
for
verification
User-ID
(Challenge
Task)
Modify
existing
Security
Policy
to
allow
Linkedin
application
for
the
Exec
Team
Add
new
Decryption
Policy
to
decrypt
SSL
traffic
UTD-NGFW
2.3CS
Page 19
UTD-NGFW
2.3CS
Page 20
( app eq linkedin )
UTD-NGFW
2.3CS
Page 21
Questions:
Did
the
log
entry
show
the
traffic
was
decrypted?
End
of
Activity
4
UTD-NGFW
2.3CS
Page 22
UTD-NGFW
2.3CS
Page 23
Step
6:
Click
Ok
Optional
Step
7:
Click
on
the
rule
name
UTD-Policy-04
a
Security
Policy
Rule
pop-up
will
appear
Optional
Step
8:
Click
on
the
Actions
tab
(within
the
pop-up)
Optional
Step
9:
In
the
Profile
Setting
section,
select
the
pull-down
menu
next
to
Profile
Type
and
select
Profiles
Optional
Step
10:
Select
the
pull-down
menu
next
to
File
Blocking
and
select
UTD-File-Blocking-01
Question:
Should
you
apply
any
other
Security
Profiles
to
this
Security
Rule?
Optional
Step
11:
Click
Ok
Optional
Step
12:
If
this
policy
is
not
enabled,
click
Enable
at
the
bottom
of
the
policy
screen
to
enable
the
policy
Step
13:
Click
Commit
(in
the
upper
right
hand
corner
of
the
web
browser)
Step
14:
Click
Ok
in
the
pop-up
window
Step
15:
Click
Close
once
the
commit
has
completed
Step
3:
To
view
that
the
sample
file
has
been
sent
to
WildFire,
go
back
to
the
firewall
GUI,
click
on
the
Monitor
tab,
then
click
on
Data
Filtering
node
(under
the
Logs
section),
you
should
see
log
entries
that
the
test
sample
file
is
uploaded
to
WildFire.
Click
on
the
WildFile
Submissions
node
and
review
the
results
return
from
the
WildFire
service.
[Note:
It
may
take
about
10
mins
for
the
Wildfire
Submissions
log
to
appear.
It
is
a
good
time
to
take
a
short
break
before
you
continue.
Please
do
not
skip
ahead
to
the
next
task.]
UTD-NGFW
2.3CS
Page 24
Step
4:
When
you
see
the
entry,
click
the
Details
icon
next
to
the
top
log
entry.
In
the
Log
Info
tab,
you
can
view
the
basic
info
of
the
file
and
the
application
that
carries
that
file.
Step
5:
Click
on
the
WildFire
Analysis
Report
tab
to
view
the
details
on
the
analysis
results.
Under
WildFire
Analysis
Summary,
the
Verdict
indicates
that
the
submitted
file
is
a
Malware
and
you
can
download
the
malware
file
from
the
Sample
File
directly.
Step
6:
Under
Dynamic
Analysis,
you
can
see
the
behavior
of
the
malware
under
different
operating
systems.
Virtual
Machine
1
is
configured
with
Window
XP,
review
the
behavior
and
activity
of
the
malware.
Click
on
Virtual
Machine
2
to
review
the
malware
behavior
and
activity
in
Window
7.
UTD-NGFW
2.3CS
Page 25
Step
7:
Click
on
VirusTotal
Information
on
the
report,
and
it
will
bring
you
to
the
VirusTotal
home
page.
Since
this
malware
has
never
been
seen
before,
VirusTotal
will
not
have
any
information
on
this
virus.
Step
8:
Explore
the
other
features
and
functions
offered
in
the
WildFire
Analysis
Report
such
as
download
the
sample
file
or
download
the
WildFire
Analysis
report
in
pdf.
Page
26
Step
4:
Click
Ok
UTD-NGFW
2.3CS
Page 27
Step
10:
Click
Continue
to
open
the
web
page
Page
28
Page 29
End
of
Activity
7
UTD-NGFW
2.3CS
Page 30
Ask
you
Palo
Alto
Networks
Sales
Representative
or
Palo
Alto
Networks
Partner
for
more
information
UTD-NGFW
2.3CS
Page 31
Both
methods
are
described
below
and
you
can
select
the
one
that
best
fit
what
you
have
installed
on
your
laptop.
Note
that
RDP
protocol
may
not
be
supported
on
all
networks
so
please
verify
that
RDP
is
supported
at
your
location.
Step
2:
Click
on
the
Console
link
on
switch
to
Console.
This
will
run
the
Java
client.
Step
3:
Allow
to
Java
to
run
VncViewer
application.
You
may
need
to
click
Run
a
few
times.
UTD-NGFW
2.3CS
Page 32
Step
2:
Click
on
the
Dont
Block
on
the
Java
Security
Warning
message.
Step
3:
After
allowing
the
Java
client
to
run,
you
will
see
the
student
desktop
display.
Click
the
Send
Ctrl-
Alt-Del
to
open
the
login
window
and
use
the
Username
and
Password
as
indicated
on
your
browser,
not
the
one
indicated
below.
You
should
be
login
to
the
student
desktop
after
entering
the
login
name
and
password.
UTD-NGFW
2.3CS
Page 33
UTD-NGFW
2.3CS
Page 34
Step
4:
Open
the
RDP
client
on
your
laptop
and
paste
URL
to
the
host
or
PC
field.
(Note:
Not
the
URL
as
shown
below.)
Step
5:
On
the
browser,
click
on
the
More
details
link
on
the
Student
Desktop,
then
click
on
the
show
password
link
under
Credentials.
Use
the
password
to
login
to
the
student
desktop.
Step
6:
Use
the
username
and
password
to
login
to
the
student
desktop.
UTD-NGFW
2.3CS
Page 35
Step
8:
You
should
be
connected
to
the
student
desktop
after
that.
UTD-NGFW
2.3CS
Page 36
UTD-NGFW
2.3CS
Page 37
UTD-NGFW
2.3CS
Page 38
Step
2:
Click
Accessories
UTD-NGFW
2.3CS
Page 39
Step
4:
You
should
now
see
the
windows
On-Screen
Keyboard.
To
pass
keys
inside
the
VM
image
that
do
not
work
on
your
keyboard,
simply
select
the
key
using
a
mouse.
UTD-NGFW
2.3CS
Page 40
Lab
Setup
Firewall
VM-Series
Interface:
Ethernet
1/1
Ethernet
1/2
Management
Int Type:
IP Address:
L3
L3
-
172.16.1.1
192.168.11.1
10.30.11.1
Connects
to
Zone:
"Untrust"
"Trust"
UTD-NGFW
2.3CS
Page 41