Workshop

Guide

Ultimate Test Drive

Next Generation Firewall
(NGFW)
PAN-OS 6.0/UTD 2.3CS
http://www.paloaltonetworks.com

2014 Palo Alto Networks. Proprietary and Confidential

Last Update: 20140731

Ultimate Test Drive - NGFW

Table of Contents
Activity 0 Login to UTD Workshop ................................................................................. 5
Task 1 Login to your Ultimate Test Drive Class Environment .................................................................... 5
Task 2 Login to the student desktop ......................................................................................................... 7
Task 3 Login to UTD Virtual Firewall ........................................................................................................ 10

Activity 1 Enabling Social Media .................................................................................. 12

Task 0 Check connectivity to Facebook ................................................................................................... 12
Task 1 Modify an existing Security Policy to allow Facebook .................................................................. 12
Task 2 Review Traffic Logs ....................................................................................................................... 13

Activity 2 Controlling Evasive Applications ................................................................... 14

Task 1 Attempt to use an non-approved web application ....................................................................... 14
Task 2 Attempt to use an anonymizer site ............................................................................................... 14
Task 3 Attempt to download and install evasive application ................................................................... 15
Task 4 Review URL log .............................................................................................................................. 15

Activity 3 Applications on Non-standard Ports ............................................................. 16

Task 1 Create a new Security Policy ........................................................................................................ 16
Task 2 Check application connectivity ..................................................................................................... 17
Task 3 Modify Security Policy .................................................................................................................. 17
Task 4 Re-check applications on non-standard ports .............................................................................. 18

Activity 4 Decryption ................................................................................................... 19

Task 0 Check connectivity to LinkedIn ..................................................................................................... 19
Task 1 Modify existing Security Policy ..................................................................................................... 20
Task 2 Add a new Decryption Policy ........................................................................................................ 20
Task 3 Log into LinkedIn .......................................................................................................................... 21
Task 4 Review Traffic Logs ....................................................................................................................... 21

Activity 5 Modern Malware Protection ........................................................................ 23

Task 1 Enable file forwarding to WildFire Service ................................................................................... 23
Task 2 Modify Security Policy with File Blocking Profile .......................................................................... 23
Task 3 Test WildFire Modern Malware Protection .................................................................................. 24
Task 4 Wildfire Portal Review .................................................................................................................. 26
UTD-NGFW 2.3CS

Page 2

Ultimate Test Drive - NGFW

Activity 6 URL Filtering ................................................................................................ 27

Task 0 Check connectivity ....................................................................................................................... 27
Task 1 Modify URL filter .......................................................................................................................... 27
Task 2 Apply URL filter to Security Policy ................................................................................................ 28
Task 3 Review URL Filtering Logs ............................................................................................................. 28

Activity 7 ACC and Custom Reports .............................................................................. 29

Task 1 Review Application Command Center (ACC) ................................................................................ 29
Task 2 Setting up custom report ............................................................................................................. 30

Appendix-1: Alternative Login Method to Student Desktop ............................................ 32

Login to the student desktop using Java Console (Java client required) .................................................... 32
Login to the student desktop with RDP client ............................................................................................ 34

Appendix-2: Support for Non-US keyboards ................................................................... 37

Add new international keyboard ............................................................................................................... 38
Use the on-screen keyboard ...................................................................................................................... 39

UTD-NGFW 2.3CS

Page 3

Ultimate Test Drive - NGFW

How to use this Guide:

The activities outlined in this Ultimate Test Drive guide are meant to contain all the
information necessary to navigate the Palo Alto Networks graphical user interface (GUI).
This guide is meant to be used in conjunction with the information and guidance provided
by your facilitator.

Once these activities are completed:

You should be able to:
1. Navigate the Palo Alto Networks GUI
2. Review portions of the firewall configuration
3. Change the configuration to affect the behavior of traffic across the firewall
This workshop covers only basic topics and is not a substitute for the training classes
conducted by Palo Alto Networks Authorized Training Centers (ATC). Please contact your
partner or regional sales manager for more training information.

Terminology:
Tab refers to the 5 tabs along the top of each screen in the GUI.
Node refers to the options associated with each Tab found in the left-hand column on each screen.

*NOTE*
Unless specified, the Chrome web browser will be used to perform any tasks outlined in
the following Activities. (Chrome is pre-installed on the student desktop of the workshop

PC.)

UTD-NGFW 2.3CS

Page 4

Ultimate Test Drive - NGFW

Activity 0 Login to UTD Workshop

In this activity you will:

Login to the Ultimate Test Drive Workshop from your laptop

Test student desktop connectivity to the firewall
Review the workshop network

Task 1 Login to your Ultimate Test Drive Class Environment

Step 1: First, make sure your laptop is installed with a modern browser that supports HTML 5.0. We
recommend using the latest version of Firefox, Chrome and Internet Explorer. We also recommend you
install the latest Java client for your browser.
Step 2: Go to class URL. Enter your email address and the Passphrase. (If you have an invitation email, you
can find the Class URL and Passphrase in the invitation email. Or the instructor will provide you with the
class URL and Passphrase.)

Step 3: Complete the Registration form and click Register and Login at the bottom.
Step 4: Depends on your browser of choice, you will be asked to install a plugin, please click yes to allow
the plugin to be installed and continue the login process.

UTD-NGFW 2.3CS

Page 5

Ultimate Test Drive - NGFW

Step 5: Once you login, the environment will be automatically created for you. Click on Start Using This
Environment when the Environment is ready.







Step 6: The UTD NGFW Environment consists of three core components: a Student Desktop, VM-Series
Virtual Firewall and an Ubuntu Server. You will access the lab through the Student Desktop.

UTD-NGFW 2.3CS

Page 6

Ultimate Test Drive - NGFW

Task 2 Login to the student desktop

Step 1: Click on the Student Desktop tab on top to connect to the Student Desktop.

Step 2: You will be connected to the Student Desktop through your browser.

Step 3: Click on the blue arrow on the top left hand corner to collapse the navigation bar. This will make
more room for the Student Desktop.

UTD-NGFW 2.3CS

Page 7

Ultimate Test Drive - NGFW

Step 4: If the Student Desktop resolution is too high or too low for your laptop display, you can adjust
the resolution on the upper right hand corner.

[Note: The default connection to the Student Desktop uses RDP over HTML5 protocol through the
browser. In case of your browser does not support HTML5 or you find that the student desktop is too small
to use in the browser, please refer to Appendix-1 : Alternative Login Method to connect to the student
desktop using Java or RDP client. ]

Optional Step 5: If you encounter connection issue with the Student Desktop, click on Reconnect to re-
establish the connection.

UTD-NGFW 2.3CS

Page 8

Ultimate Test Drive - NGFW

Optional Step 6: If re-connection to the Student Desktop remains unsuccessful, please verify your laptop
connectivity using the following link. Note that Java client is required on your browser for this test site to
function.
https://use.cloudshare.com/test.mvc
This test site will validate the RDP-based and Java-based connections to your browser. Click Allow to
allow the Java Applet to be installed and run on your browser.


















Optional Step 7: If the connectivity test passed, please close the browser and retry from Task-1 Step-1. If
the connectivity test failed, please inform the instructor for further assistance.

UTD-NGFW 2.3CS

Page 9

Ultimate Test Drive - NGFW

Task 3 Login to UTD Virtual Firewall

Step 1: Click on the UTD-NGFW-PAVM-CS bookmark in the Chrome browser, login to the firewall using
the following name and password:
Name: student
Password: utd135

student ->

<- utd135

Step 2: You are now login to the firewall and should see the main dashboard.

UTD-NGFW 2.3CS

Page 10

Ultimate Test Drive - NGFW

Step 3: Open a new tab in Chrome browser window and confirm Internet connectivity to some URL (e.g.
http://www.cnn.com)

Step 4: Here is a quick look at how the student desktop and the virtual firewall are connected.

UTD-NGFW 2.3CS

Page 11

Ultimate Test Drive - NGFW

Activity 1 Enabling Social Media

Background: Every organization is trying to determine how to exert controls over social media applications
allowing them all is high risk while blocking them all can be business crippling. Policy considerations
include who can use social media, what are the risks of data loss/data transfer, and how to eliminate the
propagation of malware.

PAN-OS features to be used:
App-ID and function control
Logging and reporting for verification

In this activity you will:

Modify the existing firewall configuration to control the behavior of the Facebook app
Review Traffic logs to confirm activity

Task 0 Check connectivity to Facebook

Step 1: On your session desktop, open a browser and enter the URL: http://www.facebook.com
Question: What is the response seen in the browser window?
Answer: You should get blocked and see a screen that looks like this:

Task 1 Modify an existing Security Policy to allow Facebook

Step 1: Click on the Policies tab Security node
Step 2: Click on the rule name UTD-Policy-03 a Security Policy Rule pop-up will appear
Step 3: Click on the Application tab (within the pop-up)
UTD-NGFW 2.3CS

Page 12

Ultimate Test Drive - NGFW

Step 4: Click Add and type facebook and select facebook-base from the list
Step 5: Click Ok in the pop-up window
Step 6: Click Enable (in the bottom bar of the GUI)
Step 7: Click Commit (in the upper right hand corner of the GUI)
Step 8: Click Ok in the pop-up window
[NOTE: There will be a pop-up window with messages regarding the Commit. Any warning messages can
be safely ignored.]
Step 9: Click Close in the pop-up window once the Commit has completed
Step 10: Open a new browser tab and surf to http://www.facebook.com. (You may get a warning
message that you can ignore.)
Step 11: Log into facebook using the account:
Username/Email: ultimatetestdrive@gmail.com
Password: paloalto123
Note: If you have trouble passing the @ symbol to the VM please follow the directions in the Appendix for
accessing the on-screen keyboard.

Task 2 Review Traffic Logs

Step 1: Click on the Monitor tab and the Traffic node (under the Logs section) will be selected
Step 2: Type into the query box (directly above the Receive Time column) the search string:

(app eq facebook)

Then hit the Enter key or click the icon:

Questions:
What was the action associated with the log entries?
What was the port number associated with the log entries?

End of Activity 1

UTD-NGFW 2.3CS

Page 13

Ultimate Test Drive - NGFW

Activity 2 Controlling Evasive Applications

Background: Evasive applications are found on almost every network. Some are purposely evasive, making
every effort to avoid controls and hide. Examples include anonymizer, Tor and P2P. Policy considerations
for controlling applications include protection from RIAA threats, data loss either inadvertent or
otherwise and malware propagation.

PAN-OS features to be used:

App-ID and URL filters to prevent evasive applications

Logging and reporting for verification

In this activity you will:

Use Application and URL Filter to control Proxy sites

Review the logs

Task 1 Attempt to use an non-approved web application

Step 1: Open a new browser tab and go to http://drive.google.com.
You should get blocked screen.





Google-drive-web application is not explicitly allowed by the firewall so it is blocked.
To get around the firewall some users may try to use an anonymizer sites to by-pass the firewall

Task 2 Attempt to use an anonymizer site

Step 1: Open a new browser tab and go to one of these anonymizer sites: http://www.anonymouse.org
and http://www.hidemyass.com .
Step 2: You should see the anonymizer site being blocked:

UTD-NGFW 2.3CS

Page 14

Ultimate Test Drive - NGFW

Task 3 Attempt to download and install evasive application

Step 1: To circumvent the firewalls, some students may try to download and install an evasive application
such as ToR.
Step 2: Attempt to download ToR from the web site https://www.torproject.org in the browser. You
should see that it has been blocked too.

Task 4 Review URL log

Step 1: Click on the Monitor tab and the URL Filtering node (under the Logs section)
Step 2: You can click on any entry under the URL column and it will automatically enter the filtering
string in the search bar
Then hit the Enter key or click the icon:
Questions:

Can you determine what policy is blocking google-drive?

Can you determine what policy is blocking the anonymizer sites?
What is the application used to access the anonymizer sites?
What is the application used to access the Tor download sites?

End of Activity 2

UTD-NGFW 2.3CS

Page 15

Ultimate Test Drive - NGFW

Activity 3 Applications on Non-standard Ports

Background: Many applications can use, either by default or through user control, a non-standard port.
Often times, the use of non-standard ports is done as a means of evading controls. Tech savvy users are
accessing their home PC from work by directing SSH to a non-standard port. The Verizon Data Breach
Report released in March of 2012 shows that the list of hacking-related pathways in in 2012 tells a very
similar story to years past. There were 855 breaches analyzed, 812 (95%) were attributed to hacking some
type and 715 (88%) of those 812 were remote access tool related. More simply translated, 84% of the 855
breaches were attributable to remote access tool exploitation. Policy considerations include which
applications and users should be allowed to use these applications.

PAN-OS features to be used:

Logging and reporting to show SSH, RDP and Telnet on non-standard ports
App-ID, groups function and service (port)
User-ID (groups)
Logging and reporting for verification

In this activity you will:

Add a new Security Policy for the IT organization

Re-order the Policies

Task 1 Create a new Security Policy

Step 1: Click on the Policies tab then the Security node
Step 2: Click Add in the lower left-hand corner
Step 3: Name the Policy IT-usage and select Activity-3 for Tags using the drop down list
Step 4: Click on the Source tab
Step 5: Click Add in the Source Zone box and select Trust
Step 6: Click on the Destination tab and click Add in the Destination Zone box and select Untrust
Step 7: Click on the Application tab and click Add type IT-apps and select it
Step 8: Click on the Service/URL Category tab and click on the pull down menu above Service, change
the default setting from application-default to any and then click Ok.
Step 9: Click Ok

UTD-NGFW 2.3CS

Page 16

Ultimate Test Drive - NGFW

Step 10: Click and drag the Policy IT-usage so it is above the UTD-Policy-05 rule.
Step 11: Click Commit (in the upper right hand corner of the web browser)
Step 12: Click Ok in the pop-up window
Step 13: Click Close once the commit has completed
Step 14: IT-apps is a predefine application group that includes SSH, MS-RDP and other applications. Go
to the Object tab and Application Groups node to review what applications are included in this
application group.

Task 2 Check application connectivity

Step 1: Use the PUTTY application on the desktop
Step 2: SSH to the SSH-Server (172.16.1.101) using the default port 22, login with
Login: student
Password: utd135
Question:
Can you login?
Yes you should be able to login.
Step 3: Close the SSH session. SSH again to 172.16.1.101 using the non-standard port 443
Question:
Can you login using the non-standard port?
Yes you should be able to login.
Step 4: Close the putty application and click the Monitor tab Traffic log on the firewall GUI.
Step 5: Search for application SSH on port 22 or 443
Questions:
What query string did you type into the search box?
Was the application allowed?

Task 3 Modify Security Policy

Step 1: Click on the Policies tab Security
Step 2: Click on the IT-usage Security Policy created in Task 1

UTD-NGFW 2.3CS

Page 17

Ultimate Test Drive - NGFW

Step 3: Click on the Service/URL Category tab and click on the pull down menu above Service, change
any to application-default and then click Ok (The Application-default option only allows
applications over the default port and protocol, it prevents applications from running on non-standard
port or protocol.)
Step 4: Click Commit (in the upper right hand corner of the web browser)
Step 5: Click Ok in the pop-up window
Step 6: Click Close once the commit has completed

Task 4 Re-check applications on non-standard ports

Step 1: Use the PUTTY application on the student desktop
Step 2: SSH to 172.16.1.101 again on port 443 using putty. Did you get a login prompt?
You should not get the login prompt this time
Step 3: Close the putty application and click the Monitor tab Traffic log on the firewall GUI
Step 4: Search for application SSH on port 443
Questions:
What query string did you type into the search box?
Was the application allowed?
End of Activity 3

UTD-NGFW 2.3CS

Page 18

Ultimate Test Drive - NGFW

Activity 4 Decryption
Background: More and more traffic is decrypted with SSL by default, making it difficult to allow and scan
that traffic, yet blindly allowing it is high risk. Using policy based SSL decryption will allow you to enable
encrypted applications, apply policy, then re-encrypt and send the traffic to its final destination. Policy
considerations include which applications to decrypt, protection from malware propagation and data/file
transfer.

PAN-OS features to be used:

App-ID
SSL decryption
Logging and reporting for verification
User-ID (Challenge Task)

In this activity you will:

Modify existing Security Policy to allow Linkedin application for the Exec Team
Add new Decryption Policy to decrypt SSL traffic

Task 0 Check connectivity to LinkedIn

Step 1: On your Java Applet session desktop, open a browser and enter the URL: http://www.linkedin.com
Question: What is the response seen in the browser window?
Answer: You should get blocked and see a screen that looks like this:

UTD-NGFW 2.3CS

Page 19

Ultimate Test Drive - NGFW

Task 1 Modify existing Security Policy

Step 1: Click on the Policies tab Security node will be selected
Step 2: Click on the rule UTD-Policy-04 a Security Policy Rule pop-up will appear
Step 3: Click on the Application tab (within the pop-up)
Step 4: Click Add and type linkedin-base select it
Step 5: Click Ok
Step 6: Click Enable (in the lower bar of the GUI)
NOTE: You dont need to click Commit until after the next Task

Task 2 Add a new Decryption Policy

Step 1: Click on the Policies tab then the Decryption node
Step 2: Click Add in the lower left-hand corner
Step 3: In the Decryption Policy Rule pop-up: name the Policy UTD-Decryption-02 and select Activity-
4 in Tags
Step 4: Click on the Source tab
Step 5: Click Add in the box labeled Source Zone and select Trust
Step 6: Click on the Destination tab
Step 7: Click Add in the box labeled Destination Zone and select Untrust
Step 8: Click on the Options tab and select decrypt for Action - leave the Type selection as SSL
Forward Proxy
Step 9: Click Ok
Step 10: Click Commit (in the upper right hand corner of the web browser)
Step 11: Click Ok in the pop-up window
Step 12: Click Close once the commit has completed

UTD-NGFW 2.3CS

Page 20

Ultimate Test Drive - NGFW

Task 3 Log into LinkedIn

Step 1: Open a new browser tab and enter http://www.linkedin.com
Step 2: Log into LinkedIn with the following credentials:
Email address: ultimatetestdrive@gmail.com
Password: paloalto123
Note: If you have trouble passing the @ symbol to the VM please follow the directions in the Appendix for
accessing the on-screen keyboard.
Step 3: Attempt to post a status update.
Question:
Did your post update block by the firewall?
You should see the following block page and note the application that is being blocked.

Task 4 Review Traffic Logs

Step 1: Click on the Monitor tab and the Traffic node (under the Logs section) will be selected
Step 2: Type into the query box (directly above the Receive Time column) the search string:

( app eq linkedin )

Then hit the Enter key or click the icon:

Questions:
Can you find the log entry associated with the application you just used?
Then click the Details icon next to the top log entry:

UTD-NGFW 2.3CS

Page 21

Ultimate Test Drive - NGFW

Questions:
Did the log entry show the traffic was decrypted?






End of Activity 4

UTD-NGFW 2.3CS

Page 22

Ultimate Test Drive - NGFW

Activity 5 Modern Malware Protection

Background: Modern malware is at the heart of many of today's most sophisticated network attacks, and
is increasingly customized to avoid traditional security solutions. WildFire exposes targeted and unknown
malware through direct observation in a virtual environment, while the next-generation firewall ensures
full visibility and control of all traffic including tunneled, evasive, encrypted and even unknown traffic.
Policy considerations include which applications to apply the WildFire file blocking/upload profile.

PAN-OS features to be used:

Profiles: Virus, Spyware, file blocking & WildFire

WildFire portal
Logging and reporting for verification

In this activity you will:

Modify existing file blocking policy to use the Wildfire service

Add the modified file blocking policy to other Security Policy

Task 1 Enable file forwarding to WildFire Service

Step 1: Click on the Objects tab File Blocking node (found under Security Profiles)
Step 2: Click on the Profile name UTD-File-Blocking-01
Step 3: On the Enable WildFire entry, change the File Types from Any to exe, pdf, docx and
PE,
Step 4: Change Action from alert to forward
Step 5: Click Ok this now allows the File Blocking Profile to forward files to WildFire Modern Malware
Protection services

Task 2 Modify Security Policy with File Blocking Profile

Step 1: Click on the Policies tab Security node
Step 2: Click on the rule name UTD-Policy-01 a Security Policy Rule pop-up will appear
Step 3: Click on the Actions tab (within the pop-up)
Step 4: In the Profile Setting section, select the pull-down menu next to File Blocking
Step 5: Select UTD-File-Blocking-01

UTD-NGFW 2.3CS

Page 23

Ultimate Test Drive - NGFW

Step 6: Click Ok
Optional Step 7: Click on the rule name UTD-Policy-04 a Security Policy Rule pop-up will appear
Optional Step 8: Click on the Actions tab (within the pop-up)
Optional Step 9: In the Profile Setting section, select the pull-down menu next to Profile Type and
select Profiles
Optional Step 10: Select the pull-down menu next to File Blocking and select UTD-File-Blocking-01
Question:
Should you apply any other Security Profiles to this Security Rule?
Optional Step 11: Click Ok
Optional Step 12: If this policy is not enabled, click Enable at the bottom of the policy screen to enable
the policy
Step 13: Click Commit (in the upper right hand corner of the web browser)
Step 14: Click Ok in the pop-up window
Step 15: Click Close once the commit has completed

Task 3 Test WildFire Modern Malware Protection

Step 1: To download a WildFire test file, open the browser and enter the following to the address bar or
click on the bookmark WildFire Test File
http://wildfire.paloaltonetworks.com/publicapi/test/pe
Step 2: The browser will automatically download a wildfire-test-pe-file.exe sample file. Check your
Download folder to confirm the download. [Note that this sample changes every time it is downloaded
and it should by-pass most Antivirus scans.]

Step 3: To view that the sample file has been sent to WildFire, go back to the firewall GUI, click on the
Monitor tab, then click on Data Filtering node (under the Logs section), you should see log entries
that the test sample file is uploaded to WildFire. Click on the WildFile Submissions node and review the
results return from the WildFire service. [Note: It may take about 10 mins for the Wildfire Submissions log
to appear. It is a good time to take a short break before you continue. Please do not skip ahead to the next
task.]

UTD-NGFW 2.3CS

Page 24

Ultimate Test Drive - NGFW

Step 4: When you see the entry, click the Details icon next to the top log entry. In the Log Info
tab, you can view the basic info of the file and the application that carries that file.








Step 5: Click on the WildFire Analysis Report tab to view the details on the analysis results. Under
WildFire Analysis Summary, the Verdict indicates that the submitted file is a Malware and you can
download the malware file from the Sample File directly.
Step 6: Under Dynamic Analysis, you can see the behavior of the malware under different operating
systems. Virtual Machine 1 is configured with Window XP, review the behavior and activity of the
malware. Click on Virtual Machine 2 to review the malware behavior and activity in Window 7.

UTD-NGFW 2.3CS

Page 25

Ultimate Test Drive - NGFW

Step 7: Click on VirusTotal Information on the report, and it will bring you to the VirusTotal home page.
Since this malware has never been seen before, VirusTotal will not have any information on this virus.




Step 8: Explore the other features and functions offered in the WildFire Analysis Report such as download
the sample file or download the WildFire Analysis report in pdf.

Task 4 Wildfire Portal Review

Step 1: In the Chrome browser and use the WildFire Portal bookmark to go to the login page (or enter
the URL: http://wildfire.paloaltonetworks.com )
Step 2: Login using the following credentials
Username: ngfw.utd@gmail.com
Password: utd135






Step 3: In the portal, click on the Reports tab, you can see a summary of all the files that are summited
for analysis. You can review the WildFire Analysis Report by clicking on the Report icon on the left hand
side of the entry. A WildFire account can manage multiple Palo Alto Networks firewalls. (Note: In this lab
environment, there is only one firewall managed by this account.)
Step 4: You can also upload suspicious files manually for analysis using the Upload Sample, click on
Upload Sample tab on top to review the various upload options.

End of Activity 5
UTD-NGFW 2.3CS

Page 26

Ultimate Test Drive - NGFW

Activity 6 URL Filtering

Application control and URL filtering complement each other, providing you with the ability to deliver
varied levels of control that are appropriate for your security profile. Policy considerations include URL
category access; which users can or cannot access the URL category, and prevention of malware
propagation.

PAN-OS features to be used:

URL filtering category match

Logging and reporting for verification

In this activity you will:

Modify the behavior of URL filtering functionality

Task 0 Check connectivity

Step 1: Open http://www.gambling.com in browser you should be able to open this page with the base
workshop configuration

Task 1 Modify URL filter

Step 1: Click on the Objects tab then the URL Filtering node (found in the Security Profiles section)
Step 2: Click on the Profile name UTD-URL-filter-01
Step 3: Find the Category gambling and change the Action from allow to continue

Step 4: Click Ok

UTD-NGFW 2.3CS

Page 27

Ultimate Test Drive - NGFW

Task 2 Apply URL filter to Security Policy

Step 1: Click on the Policies tab then the Security node
Step 2: Click on the rule UTD-Policy-01 a Security Policy Rule pop-up will appear
Step 3: Click on the Actions tab (within the pop-up)
Step 4: In the Profile Setting section, select the pull-down menu next to URL Filtering
Step 5: Select UTD-URL-filter-01 and then click Ok
Step 6: Click Commit (in the upper right hand corner of the web browser)
Step 7: Click Ok in the pop-up window
Step 8: Click Close once the commit has completed
Step 9: Open a new browser tab (on the workshop PC desktop) and enter the URL
http://www.gambling.com
The Web page is blocked but the block page will have an option to continue to open the page

Step 10: Click Continue to open the web page

Task 3 Review URL Filtering Logs

Step 1: Click on the Monitor tab URL Filtering node (under the Logs section)
Questions:
What was the action associated with the log entries?
What was the application associated with the log entries?

End of Activity 6
UTD-NGFW 2.3CS

Page 28

Ultimate Test Drive - NGFW

Activity 7 ACC and Custom Reports

Informative visualization tools and reports are very important to network and security administrators to
monitor and identify potential network problems and attacks. Comprehensive built-in visualization tools
and reporting features in the firewall can provide visibility into network without requiring a complex
logging infrastructure.

PAN-OS features to be used:

Application Command Center (ACC)

o Built-in visualization tools that provides a clear view on the applications, users and threats
data on your network
Manage custom reports
o Create a custom report using traffic stats logs

Task 1 Review Application Command Center (ACC)

Step 1: Click on the ACC tab, the ACC is configured to show data collected in the last hr, change the time
to Last 6 Hrs in the Time drop down window to include all the data generated during your lab session




Step 2: Under Top Applications, you can see the top applications based on usage in the network and
their respective risk levels. Click on any application such as web-browsing to review more details for that
application
Step 3: To investigate further, click on any entry to further review the details associates with that
particular entry, Eg: you can click on a destination address or URL category to drill down on the details
Step 4: You can clear the selection by clicking on the cross for that element on the upper left corner


Step 5: To increase the entries displayed in ACC, you can increase the number in the Top entries drop
down window



UTD-NGFW 2.3CS

Page 29

Ultimate Test Drive - NGFW

Task 2 Setting up custom report

Step 1: Click on the Monitor tab then the Manage Custom Reports node (second from last)
Step 2: Click Add (in the lower left) and name the report Traffic Stats (in the Custom Report pop-up)
Step 3: Use the following information to create this report:
Database ....................................... Application Statistics
Time Frame ................................... Last 6 Hrs
Selected Columns ......................... Application Name, App Category, App Sub Category, Risk of App,
Sessions
Sort By ........................................... Sessions : Top 10
Step 4: Click Run Now (at the top of the pop-up), then click on newly create tab Traffic Stats to review
the report, then export the results to a pdf report
Step 5: Click Ok to save this custom report

End of Activity 7

UTD-NGFW 2.3CS

Page 30

Ultimate Test Drive - NGFW

Request a free evaluation/AVR Report and youll get

entered into todays PA 200 drawing!

Ask you Palo Alto Networks Sales Representative or Palo Alto Networks Partner for more information

UTD-NGFW 2.3CS

Page 31

Ultimate Test Drive - NGFW

Appendix-1: Alternative Login Method to

Student Desktop
This appendix shows you how to login to the student desktop using other connectivity method. Please
complete the procedures outlined in Activity-0: Task-1 to login to the UTD Workshop before you continue.
There are two other methods that you can use to login to the student desktop:
-
-

Use Console feature in workshop (Java client required)

Use RDP client if it is installed on the laptop

Both methods are described below and you can select the one that best fit what you have installed on
your laptop. Note that RDP protocol may not be supported on all networks so please verify that RDP is
supported at your location.

Login to the student desktop using Java Console (Java client

required)
Step 1: Click on the Student Desktop after login to the UTD workshop

Step 2: Click on the Console link on switch to Console. This will run the Java client.

Step 3: Allow to Java to run VncViewer application. You may need to click Run a few times.

UTD-NGFW 2.3CS

Page 32

Ultimate Test Drive - NGFW

Step 2: Click on the Dont Block on the Java Security Warning message.

Step 3: After allowing the Java client to run, you will see the student desktop display. Click the Send Ctrl-
Alt-Del to open the login window and use the Username and Password as indicated on your browser, not
the one indicated below. You should be login to the student desktop after entering the login name and
password.

UTD-NGFW 2.3CS

Page 33

Ultimate Test Drive - NGFW

Login to the student desktop with RDP client

If you have RDP client installed on your laptop, you have the option to connect directly to the student
desktop over RDP.
Step 1: Click on the Virtual Machines tap to the top to view all the Virtual Machines in the environment.










Step 2: Click on the More details in the VM-Series Virtual Firewall. Note: Not the one under Student
Desktop.
Step 3: Copy the URL in External Address under VM Details of the VM-Series Virtual Firewall. You can
click on the blue icon next to the address to copy it to the clipboard.

UTD-NGFW 2.3CS

Page 34

Ultimate Test Drive - NGFW

Step 4: Open the RDP client on your laptop and paste URL to the host or PC field. (Note: Not the URL as
shown below.)

Step 5: On the browser, click on the More details link on the Student Desktop, then click on the show
password link under Credentials. Use the password to login to the student desktop.

Step 6: Use the username and password to login to the student desktop.

UTD-NGFW 2.3CS

Page 35

Ultimate Test Drive - NGFW

Step 7: Click Connect on the certificate error message.

Step 8: You should be connected to the student desktop after that.

UTD-NGFW 2.3CS

Page 36

Ultimate Test Drive - NGFW

Appendix-2: Support for Non-US keyboards

If you are using a Non-US keyboard and have difficulties entering any characters and special keys, you can
add a keyboard to the student desktop to support what you have or use the on-screen keyboard. This
appendix shows you how to add, select an international keyboards or use the on-screen keyboard.
By default, the English (United Sates) and French (France) keyboards are added to the student
desktop. Click on the bottom left corner to switch between them.

UTD-NGFW 2.3CS

Page 37

Ultimate Test Drive - NGFW

Add new international keyboard

To add other keyboards, go to Start > Control Panel. Click on Change Keyboards or other input methods






Click on change keyboard






Click Add to add a new international keyboard. Then switch to the new keyboard per the instruction on
the previous page.

UTD-NGFW 2.3CS

Page 38

Ultimate Test Drive - NGFW

Use the on-screen keyboard

To use the on-screen keyboard.
Step 1: Click on Start ->All Programs

Step 2: Click Accessories

UTD-NGFW 2.3CS

Page 39

Ultimate Test Drive - NGFW

Step 3: Click Ease of Access and then On-Screen Keyboard

Step 4: You should now see the windows On-Screen Keyboard. To pass keys inside the VM image that do
not work on your keyboard, simply select the key using a mouse.

UTD-NGFW 2.3CS

Page 40

Ultimate Test Drive - NGFW

Lab Setup

Firewall

VM-Series

Interface:
Ethernet 1/1
Ethernet 1/2
Management

Int Type:

IP Address:

L3
L3
-

172.16.1.1

192.168.11.1
10.30.11.1

Connects to Zone:
"Untrust"
"Trust"

UTD-NGFW 2.3CS

Page 41