+ All Categories

Download - Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

Transcript
Page 1: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

Copyright©2008-2016LiveAction,Inc.Allrightsreserved.LiveAction,LiveNX,LiveUX,theLiveActionLogoandLiveActionSoftwarearetrademarksofLiveAction,Inc.Informationsubjecttochangewithoutnotice.

LiveAction,Inc.3500WESTBAYSHOREROADPALOALTO,CA94303

Palo Alto Networks Integration with LiveNX

LIVEACTION,INC.

Page 2: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

2|PaloAltoNetworksIntegrationwithLiveNX

1. Introduction

PaloAltoNetwork’sNextGenerationFirewallprovidesextensiveinformationaboutsessions,websitesandusersvisitingthosesites.ThisinformationwhendisplayedthoughLiveAction’sLiveNXcanhelpanetworkorsecurityengineervisualizespecificeventsthathavehappenedataspecifictimeorisoccurringatthepresenttime.

ThisDocumentwillwalktheadministratorthroughtheprocessofsettingupNetFlowExportonthePaloAltoNetworksdeviceandhowtovisualizetheinformationwithinLiveNX

Page 3: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

3|PaloAltoNetworksIntegrationwithLiveNX

2. IntegrationArchitecture

TheIntegrationbetweenPaloAltoNetworksdevicesandLiveNXisoverstandardprotocolsofNetFlowandtheSimpleNetworkManagementProtocol(SNMP).PaloAltoNetworksdevicescanexportNetFlowinformationtoLiveNX.Inadditiontothestandardfields,PaloAltoNetworksdevicescanalsoexportApplicationIDandUserIDwithintheNetFlowPackets.

Page 4: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

4|PaloAltoNetworksIntegrationwithLiveNX

3. EnablingNetFlowExportonPaloAltoNetworksFirewalls

ToenableNetFlowExportonthePaloAltoNetworksdevice,logintothePaloAltoNetworksWebUI

AndnavigatetoDevice,expandtheSeverProfileaccordion,andselectNetFlow.ClickonAddandenterthecorrectinformationfortheLiveNXseverornode.ToincludetheextraPaloAltoNetworksfields,User-IDandApplicationIDcheckthePAN-OSFieldTypesbox

SelectOKandtheExporterhasbeensetup.Nowweneedtoactivatetheexportoftheflows.Thisisdoneonaninterfacelevel.NownavigatetotheNetworkTab,andInterfaces.SelecttheInterface(s)thatwillbeusedtogeneratetheNetFlowdata.IntheNetFlowProfilesectionaddtheExporterthatwejustsetup.

Page 5: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

5|PaloAltoNetworksIntegrationwithLiveNX

Oncecompleted,committheconfiguration.ThePaloAltoNetworksdeviceshouldnowbeexportingflowstoLiveNX.

ThenextstepistoenablethePaloAltoNetworksdevicetousetheMicrosoftActiveDirectorytopulltheUseridtoIPaddressmapping.PaloAltoNetworkscanpullthisinformationfromothersourcesaswell,pleaserefertothePaloAltoNetworksdocumentationtoenabletheothersources.OntheDeviceTab,navigatetoUserIdentificationandinUserMappingselectthegearicon(topright)tosetuptheagent.WearegoingtousetheAgentlessmethodandenableWindowsManagementInterface(WMI).EnterthenameandpasswordthatwillbeusedforWMIconnectivity.WewillpresumethatthisUseridhasalreadybeensetupbyyourADadministratorwiththecorrectsecuritylevel.

Page 6: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

6|PaloAltoNetworksIntegrationwithLiveNX

MakesurethatyoualsoenableServerMonitoring,ClientProbingandNTLM.NextclickOKandthenintheServerMonitoringsectionaddthedomaincontrollersthatneedtobeaccessedbythisPaloAltoNetworksDevice.ThislistmaybedifferentdependingontheADarchitectureandgeographiclocation,asADsecurityauditlogsarelocaltothedomaincontrollersthatareusedforauthentication.

Page 7: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

7|PaloAltoNetworksIntegrationwithLiveNX

OnceyouhaveaddedtheUserIdentificationserver,nowyoumustenableUserididentificationontheZones,toaccomplishthisnavigatetoNetwork,ZonesandediteachoftheZonesthatyouwanttheUseridtobedisplayon.

Page 8: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

8|PaloAltoNetworksIntegrationwithLiveNX

Nowcommitthechanges,andwehavefinishedsettingupthePaloAltoNetworksdevice.

Page 9: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

9|PaloAltoNetworksIntegrationwithLiveNX

4. AddingthePaloAltoNetworksDevice(s)toLiveNX

OpentheLiveNXJavaClientandlogintothesystem.NavigatetoFile->AdddeviceandtheAddDeviceWizardwillstart.Thisisa9stepwizardthatwillaskandinterrogatethedevicetofindtheInterfacesandotherinformationaboutthesystem.YoumusthavetheIPaddressofAnyLayer3interfacethatwillbeexportingFlowdata,andtheManagementIPaddress.YoumustalsohavetheSNMPcommunitystringthatwillbeusedtocollecttheinterfaceTable.

SelectNextandLiveNXwillnowgothroughandfindtheinterfacesinthePaloAltoNetworks.OnceyouhaveselectedtheinterfacesthatNetFlowwillbeexportedfromclicknext,andasLiveNXwillnotknowofanyVLANSdefinedwithinthePaloAltoNetworksselectNext.

Page 10: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

10|PaloAltoNetworksIntegrationwithLiveNX

NowwecanchangethePollingRate,leaveitatOneminute,andselectFlowsandclicknexttoreviewtheconfigurationandthenselectFinish.

Page 11: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

11|PaloAltoNetworksIntegrationwithLiveNX

Page 12: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

12|PaloAltoNetworksIntegrationwithLiveNX

ThedevicewillnowappearontheMainScreenandshouldbegreenmeaningthatLiveNXhascontactedthedevice.Next,weneedtorunthedevicesetupagain.ThisisanissuewithretrievingtheIPaddressesfromtheinterfaces.PaloAltoNetworksdevicesdonotupdatetheInterfaceMIBtablewithIPAddresses,andthereforeLiveNXcannotassociatetheflowdatawiththecorrectinterfaceor,connectittothecorrectnetworks.Thisisremediedbymodifyingthedevice.RightClickonthePaloAltoNetworksdeviceandopenEditDeviceSettings.

Page 13: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

13|PaloAltoNetworksIntegrationwithLiveNX

TheDeviceWizardwillstartandthistimewearegoingtochangetheDevicetypetoNonSNMPdevice,selectNextandtheInterfaceTablewillbepresented

Page 14: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

14|PaloAltoNetworksIntegrationwithLiveNX

EntertheIPAddressesoftheInterfacesthatwillbeexportingtheflowsandselectFinish

TheDevicewillnowconnecttothecorrectnetworks.IfthePaloAltoNetworksisrunninginLayer2mode,entertheManagementIPaddress.

Page 15: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

15|PaloAltoNetworksIntegrationwithLiveNX

5. Reports

LiveNXcurrentlyhasarichsetofreportsandvisualaidsthatcanhelpthenetwork/securityengineertoviewtrafficthatistraversingthePaloAltoNetworksdeviceandbeabletounderstandtheapplicationsandusersthatmaybeeffectingthestabilityofthenetwork.Let’sstartwithasetofVisualAids…ThefirstistomonitorthePaloAltoNetworksdeviceitselfandseewhatflowareactiveinreal-time.FromthemainscreenintheJavaClient,changetheflowdisplaytoFirewall.ThiswilldisplayallflowstraversingthePaloAltoNetworks

Nowifwedoubleclickontothedevicewewillnowseeareal-timedisplayofalltheflowsthePaloAltoNetworksdeviceisexporting.Thisviewisupdatedeveryminuteandcanbeusedtofindspecificflowsandusethattodrilldownintomorespecificreports.

Page 16: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

16|PaloAltoNetworksIntegrationwithLiveNX

Ifweselectaspecificflow,itcanbeaddedtothesearchfilter,andthenonlyinformationdestinedtothatapplicationorIPaddresscanbedisplayed.Orwecandrilldownintomorespecificreports,likeTopAnalysis,orInterfaceBandwidthreports

Page 17: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

17|PaloAltoNetworksIntegrationwithLiveNX

Byrightclickingonspecificcolumnsinthisdisplaywecandrilldownandlookatspecificissuesthatcouldbehappening,ifwechoosetheSourceIPAddresswecandrilldowntotheinterfacereportandseetheamountoftrafficthatisbeinggeneratedthatistraversingthroughthefirewallbythatspecificaddress,orbyrightclickingontheAPP-ID(PaloAltoNetworks)wecanchoosethesamereportandseetheamountoftrafficthatisspecificapplicationisgenerating

Page 18: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

18|PaloAltoNetworksIntegrationwithLiveNX

FromLiveNX’sFlowReportswecanalsolookatalltheapplicationsandthebandwidtheachisconsuming.OpenFlowReportsandchoosetheApplicationreport,choosethePaloAltoNetworksdeviceandmaketheGraphtypeFirewall,selectthetimeframeandexecutethereport.

Page 19: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

19|PaloAltoNetworksIntegrationwithLiveNX

FromthisviewwecanalsodrilldoneonspecificapplicationsandgathermoreinformationonNetworkActivity.

Page 20: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

20|PaloAltoNetworksIntegrationwithLiveNX

6. UseCases

Let’slookatsomespecificusecasesthatcanhelpsolvespecificissuesthatmaybegeneratedwithinanorganization.

1)WhatwasDone?Inthisspecificusecase,weneedtounderstandwhatanemployeedidduringaspecifictimeperiodandwhatapplicationswereusedandifanylargeamountsofdatawastransferredoutsidetheofthecompany’sinfrastructure.InformationthatwehavearetheUsersIDandthetimeframethattheeventhappened.InLiveNXwecanrunFlowreportsonthetimeframeandthenastheUser’sIDappearsinthereportswecanusetheassociatedIPaddresstoaddtothefliterlist.Executethereportandnowwehavealltheexternalactivityforthatuserovertheselectedtimeperiod.

ButnotonlycanweseewhatexternalappsandsystemsweretouchedwecanalsoseealltheinternalactivityfromthataddresswhiletheuserwasassociatedwiththatIPaddress.SelectAllDevicesandthetimeframe,setthegraphtoBasicFlowandexecutethereport.

Page 21: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

21|PaloAltoNetworksIntegrationwithLiveNX

2)DataLeakageReportofalargeDataLeakagehasoccurred.Yourmissionasanetwork/securityengineeristotryandfindoutwho,whatandwhenitoccurred.YouknowtheApplication,butyoudon’tknowwhodidit,orwhenitwasdone.Howdoyoufigureitout?Thefirststepistolookattheapplicationsgoingthroughthefirewall(s)overaperiodoftime.NavigatetoFlowreportsinLiveNX,selecttheperiodoftimethatyouwanttomonitor,selectthefirewallthatyouwilluseasthesource,selectgraphtypetobefirewallandexecutethereport

Page 22: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

22|PaloAltoNetworksIntegrationwithLiveNX

Fromthisreportwecandrilldownintotheapplicationwerethedataleakagewasreported.SoifwerightclickontheapplicationandthendrilldownandruntheTopAnalysiswecannowseetheindividualflowsoverthisspecifictimeframeandtheusersthatgeneratedthetraffic.InthisexamplewewilllookforsomethinggoingtoFacebook,whileit’snotadataexporttoolthesameprincipleapplies.

Page 23: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

23|PaloAltoNetworksIntegrationwithLiveNX

3)ShadowIT/CloudApplicationVisibilityThecloudistransformingthewaybusinessisdone.ButtheITteamsdonotalwayshavevisibilityofthesebusinesscriticalapplicationsandyettheyarestillresponsibleformakingsuretheseapplicationsareperformingwellandmeetinguser’sneeds.

ThefirststepistocollectinformationfromtheInternetedgesacrossyournetwork.ScheduleaweeklyreporttoprovideyoualistofCloudapplicationsonanongoingbasis.

Page 24: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

24|PaloAltoNetworksIntegrationwithLiveNX

Fromthisreport,youcanseethelistofCloudapplicationsandtheamountoftrafficeachapplicationisconsumingyourresources.Networkcongestioncanbeanissueformanybusinessestoday.Youwanttobesurethatcriticalapplicationsarenotimpactedwhencompetingwithrecreationaltraffic.InthenewInternet-basedworld,itisimportanttoidentifywhichapplicationsareonyournetworkandwhereyourresourcesarebeingconsumedtoalignwithyourbusinesspolicy.

Page 25: Palo Alto Network Integrationcdnx.liveaction.com/.../Palo-Alto-Network-Integration.pdf · 2016-12-22 · displayed though LiveAction’s LiveNX can help a network or security engineer

25|PaloAltoNetworksIntegrationwithLiveNX

7. Conclusion

CombiningPaloAltoNetworksNextGenerationFirewallsandLiveAction’sLiveNXgivesbothnetworkengineersandSecurityEngineersmorevisibilityintotrafficthatisinthenetwork,andexitingasegmentortheperimeterofthenetwork.


Top Related
Next Generation Security with VMware NSX and Palo Alto … · Mware NS an Palo Alto Networks. Introduction. This document is targeted at virtualization, security, and network architects
Next Generation Security with VMware NSX and Palo Alto … · Mware NS an Palo Alto Networks. Introduction. This document is targeted at virtualization, security, and network architects

Documents

And PALO ALTO MEDICAL FOUNDATION/PALO ALTO DIVISION ...
And PALO ALTO MEDICAL FOUNDATION/PALO ALTO DIVISION ...

Documents

Межсетевые экраны нового поколения Palo Alto … Alto Main Presentation v15.pdfО компании Palo Alto Networks • Palo Alto Networks - это
Межсетевые экраны нового поколения Palo Alto … Alto Main Presentation v15.pdfО компании Palo Alto Networks • Palo Alto Networks - это

Documents

Palo alto networks
Palo alto networks

Internet

LEAN IN Palo Alto - Global Women's Leadership Network 2.4.2015
LEAN IN Palo Alto - Global Women's Leadership Network 2.4.2015

Government & Nonprofit

Dining Out - | Palo Alto Online · DINING OUT A PUBLICATION OF THE PALO ALTO WEEKLY, ... Amber Dhara ... 452 University Ave., Palo Alto 650-323-2555
Dining Out - | Palo Alto Online · DINING OUT A PUBLICATION OF THE PALO ALTO WEEKLY, ... Amber Dhara ... 452 University Ave., Palo Alto 650-323-2555

Documents

Wireless Network Security Palo Alto Networks / Aruba Networks Integration
Wireless Network Security Palo Alto Networks / Aruba Networks Integration

Technology

Palo Alto 200
Palo Alto 200

Documents