PaloAlto | Firewall Security
URL Filtering
https://www.brightcloud.com/tools/url-ip-lookup.php
https://urlfiltering.paloaltonetworks.com/query/
https://www.brightcloud.com/tools/url-ip-lookup.php
https://urlfiltering.paloaltonetworks.com/query/
admin@PA-FW-01> test url bbc.com
admin@PA-FW-01> show log url
admin@PA-FW-01> show log data
admin@PA-FW-01> show log url
admin@PA-FW-01> show log data
Cek Storage Paloalto
admin@PA-FW-01(active)> show system logdb-quota
Management log storage
system: 20.00%, 12.434 GB Expiration-period: 0 days
config: 20.00%, 12.434 GB Expiration-period: 0 days
alarm: 16.00%, 9.947 GB Expiration-period: 0 days
appstat: 32.00%, 19.894 GB Expiration-period: 0 days
hip-reports: 5.00%, 3.108 GB Expiration-period: 0 days
application-pcaps: 2.00%, 1.243 GB Expiration-period: 0 days
debug-filter-pcaps: 2.00%, 1.243 GB Expiration-period: 0 days
dlp-logs: 2.00%, 1.243 GB Expiration-period: 0 days
Session log storage
traffic: 35.00%, 609.172 GB Expiration-period: 0 days
threat: 17.00%, 295.883 GB Expiration-period: 0 days
trsum: 4.00%, 69.620 GB Expiration-period: 0 days
hourlytrsum: 3.00%, 52.215 GB Expiration-period: 0 days
dailytrsum: 2.00%, 34.810 GB Expiration-period: 0 days
weeklytrsum: 2.00%, 34.810 GB Expiration-period: 0 days
urlsum: 3.00%, 52.215 GB Expiration-period: 0 days
WildFire Verifikasi
admin@PA-FW-01> debug wildfire upload-log show
File Filtering
Berikut Link download filte berdasarkan extension:
https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analysis/verify-wildfire-submissions/test-a-sample-malware-file#id4af85826-cf77-4e47-95ad-4e944488af45
admin@PA-FW-01(active)> show system logdb-quota
Management log storage
system: 20.00%, 12.434 GB Expiration-period: 0 days
config: 20.00%, 12.434 GB Expiration-period: 0 days
alarm: 16.00%, 9.947 GB Expiration-period: 0 days
appstat: 32.00%, 19.894 GB Expiration-period: 0 days
hip-reports: 5.00%, 3.108 GB Expiration-period: 0 days
application-pcaps: 2.00%, 1.243 GB Expiration-period: 0 days
debug-filter-pcaps: 2.00%, 1.243 GB Expiration-period: 0 days
dlp-logs: 2.00%, 1.243 GB Expiration-period: 0 days
Session log storage
traffic: 35.00%, 609.172 GB Expiration-period: 0 days
threat: 17.00%, 295.883 GB Expiration-period: 0 days
trsum: 4.00%, 69.620 GB Expiration-period: 0 days
hourlytrsum: 3.00%, 52.215 GB Expiration-period: 0 days
dailytrsum: 2.00%, 34.810 GB Expiration-period: 0 days
weeklytrsum: 2.00%, 34.810 GB Expiration-period: 0 days
urlsum: 3.00%, 52.215 GB Expiration-period: 0 days
WildFire Verifikasi
admin@PA-FW-01> debug wildfire upload-log show
File Filtering
Berikut Link download filte berdasarkan extension:
https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analysis/verify-wildfire-submissions/test-a-sample-malware-file#id4af85826-cf77-4e47-95ad-4e944488af45
File Type PDF
Link Enable DNS Security to control traffic based on domains
https://www.youtube.com/watch?v=fsWwACeJb48
Download File EXE (MIkrotik)
https://mikrotik.com/download
Link Check Application Category
https://applipedia.paloaltonetworks.com/
Link Check THREATVAULT
https://threatvault.paloaltonetworks.com/
Link Check Application Category
https://applipedia.paloaltonetworks.com/
Link Check THREATVAULT
https://threatvault.paloaltonetworks.com/
=================================================
45. Data Protection
Object | Custom Object | Data Patern
Create Data Object
Object | Security Profile | Data Filtering
(isi sesuai kriteria}
lalu terapakan dirule yang dari inside to outside
1. Polcies | Security
45. Data Protection
Object | Custom Object | Data Patern
Create Data Object
Object | Security Profile | Data Filtering
(isi sesuai kriteria}
lalu terapakan dirule yang dari inside to outside
1. Polcies | Security
Zone Protection
I. Network | Zone Protection | Add
1. buat namanya dan kriterianya
2. lalu terapkn di Zone Outsied
-----
II. Object | Security Profile | DoS Protection
Type-1
1. Create DoS Protection dgn Type Reguler)
Centang SYS-Flood, ICMP-Flood, UDP-FLood, IP Other
(bisa satu-persatu dicentang, untuk sekdera ngetest sj)
2. Lalu ke menu Policies | Dos Proection
-Terpakan dari Inside to Outside, dan ada Pilih Other Option (pilih yg baru object yg baru dibuat DoS Protection. Commit
Action : Protect
---
-----
II. Object | Security Profile | DoS Protection
Type-1
1. Create DoS Protection dgn Type Reguler)
Centang SYS-Flood, ICMP-Flood, UDP-FLood, IP Other
(bisa satu-persatu dicentang, untuk sekdera ngetest sj)
2. Lalu ke menu Policies | Dos Proection
-Terpakan dari Inside to Outside, dan ada Pilih Other Option (pilih yg baru object yg baru dibuat DoS Protection. Commit
Action : Protect
---
Type-2 (Spesisifk IP)
1. Create DoS Protection dgn Type Classification)
Centang semua SYS-Flood, ICMP-Flood, UDP-FLood, IP Other
ok
2. Lalu ke menu Policies | Dos Proection
-Terpakan dari Inside (ip host) to Outside (IP host) , dan ada Pilih Other Option
Classified:
Profile: (pilih yg baru object yg baru dibuat DoS Protection type Classification.
Address: Pilih src-dst-ip-booth
Commit
Centang semua SYS-Flood, ICMP-Flood, UDP-FLood, IP Other
ok
2. Lalu ke menu Policies | Dos Proection
-Terpakan dari Inside (ip host) to Outside (IP host) , dan ada Pilih Other Option
Classified:
Profile: (pilih yg baru object yg baru dibuat DoS Protection type Classification.
Address: Pilih src-dst-ip-booth
Commit
----------
III. Device | Setup | Session
1. Aktifkan (centang ):
- Remacth all session
- Packet Buffer Protection
IV. Interface | Zone
1. Plih Zone Outside, centang Enable Buffer Packet Protection
III. Device | Setup | Session
1. Aktifkan (centang ):
- Remacth all session
- Packet Buffer Protection
IV. Interface | Zone
1. Plih Zone Outside, centang Enable Buffer Packet Protection
Lalu test dari Kali linux. Kali linux di outside, server di Outside
SYN Floding
Kalilinux#kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.114.50
SYN Floding
Kalilinux#kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.114.50
UDP FLooding
Kalilinux#kali:~# nmap -sU -p0-65535 192.168.114.50
ICMP FLooding
Kalilinux#kali:~# hping3 -1 --flood -a 192.168.114.50 192.168.17.255
Maximum Concurrent Sesions
Seting di: Object | Security Profiles | DoS Protection
Create (Add) Object
Klik Tab : Resource Protection
Aktifkan (centang) Sessions, Kasih nilai 30.
Commit. Lanjut Test dengan command Berikut:
Kalilinux#kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.114.50
Verifikasi: Monitor | Threats
Kalilinux#kali:~# nmap -sU -p0-65535 192.168.114.50
ICMP FLooding
Kalilinux#kali:~# hping3 -1 --flood -a 192.168.114.50 192.168.17.255
Maximum Concurrent Sesions
Seting di: Object | Security Profiles | DoS Protection
Create (Add) Object
Klik Tab : Resource Protection
Aktifkan (centang) Sessions, Kasih nilai 30.
Commit. Lanjut Test dengan command Berikut:
Kalilinux#kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.114.50
Verifikasi: Monitor | Threats
46. Data Protection Profile
TCP SYN (Flood) Attack:
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.17.150
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 443 --flood --rand-source 192.168.17.150
-------------------------------------------------------------------------------
ICMP Flooding Attack:
root@kali:~# hping3 -1 --flood -a 192.168.17.150 192.168.17.255
--------------------------------------------------------------------------------
UDP Port Scan:
root@kali:~# nmap -sU -p0-65535 192.168.17.150
root@kali:~# nmap -sU 192.168.17.150
--------------------------------------------------------------------------------
Host Sweep Attack:
root@kali:~# nmap -sP 192.168.17.150
-----------------------------------------------------------------------------
TCP Flood Attack:
root@kali:~# hping3 -S -P -U --flood -V --rand-source 192.168.17.150
------------------------------------------------------------------------
TCP Flood Attack DOS Protection Profile:
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.17.150
-------------------------------------------------------------------
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.17.150
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 443 --flood --rand-source 192.168.17.150
-------------------------------------------------------------------------------
ICMP Flooding Attack:
root@kali:~# hping3 -1 --flood -a 192.168.17.150 192.168.17.255
--------------------------------------------------------------------------------
UDP Port Scan:
root@kali:~# nmap -sU -p0-65535 192.168.17.150
root@kali:~# nmap -sU 192.168.17.150
--------------------------------------------------------------------------------
Host Sweep Attack:
root@kali:~# nmap -sP 192.168.17.150
-----------------------------------------------------------------------------
TCP Flood Attack:
root@kali:~# hping3 -S -P -U --flood -V --rand-source 192.168.17.150
------------------------------------------------------------------------
TCP Flood Attack DOS Protection Profile:
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.17.150
-------------------------------------------------------------------
TCP Port SCAN
root@kali:~# nmap -p1-65535 -T4 -A -v 192.168.17.150
-------------------------------------------------------------
Host Sweep
root@kali:~# nmap -sP 192.168.17.0/24
root@kali:~# nmap -p1-65535 -T4 -A -v 192.168.17.150
-------------------------------------------------------------
Host Sweep
root@kali:~# nmap -sP 192.168.17.0/24
-------------------------------------------------------------
palo alto
Posting Komentar untuk "PaloAlto | Firewall Security"