Firewall Concepts and Configuration

Flashcards covering key concepts related to Next-Generation Firewalls (NGFWs) and their configuration, including security policies, network address translation, application identification, and SSL/TLS.

What is the primary function of a Next-Generation Firewall (NGFW)?

To integrate multiple security functions into a single platform for better protection, visibility, and control over network traffic.

Name three key features of Next-Generation Firewalls (NGFWs).

Security policy, NAT policy, application identification.

What is the "never trust, always verify" architecture model called?

Zero Trust architecture model

What are Palo Alto Networks' physical appliances for various deployment sizes called?

PA-Series

What is the default Management IP for initial firewall access?

192.168.1.1 (most models)

What is the configuration in an active setting on a firewall called?

Running config

What is the configuration called when changes are in progress?

Candidate config

What does the commit process do?

Activates candidate changes to running config

What advanced capability do NGFWs have regarding applications?

Application awareness: NGFWs can identify and control applications regardless of port, protocol, or encryption.

What integration capability do NGFWs have regarding users?

User identity integration: NGFWs can tie network activity to specific users, not just IP addresses.

What is the purpose of microsegmentation in the zero-trust model?

Creating granular security zones to contain breaches.

What is the purpose of a

Tap interface: Passive monitoring, can't control traffic

virtual wire

"Bump in the wire" deployment, no IP/MAC needed

Layer 3

Enables routing between interfaces, requires IP addresses

Define security zones.

Group interfaces with similar security requirements

What do virtual routers support?

Static and dynamic routing protocols

Regarding network segmentation, what does network segmentation limits?

Limits lateral movement of threats if one segment is compromised

Name another benefit of network segmentation.

Allows for more granular security policies and access controls

Tap interface more detail

Useful for initial network discovery and policy planning

What is a VLAN interface used for?

Allow multiple logical networks on a single physical interface

What does Interface Management Profiles do?

Control management access to the firewall itself via interfaces, important for securing the firewall from unauthorized access.

What is the purpose of path monitoring?

Helps ensure high availability by detecting upstream failures

What does a Security policies protect

network assets by allowing or blocking traffic based on criteria like source/destination zones, IP addresses, applications, users, etc.

What is used to define limit ports

define custom services

What do custom Tags allow for

grouping and filtering of rules and objects.

What is a Source NAT used for?

translates private source IPs to public IPs for outbound traffic.

Integrates with directory services

User-ID

What does NAT64 do?

Allows translation between IPv6 and IPv4 networks, aiding in IPv6 transition.

What is the primary goal of App-ID?

Identifies applications in network traffic to enable more granular control

What methods determine application with App-ID

signatures, protocol decoding, heuristics

Application shifts

A single network session may start as one application and shift to another

Some applications rely on other applications or protocols to function properly

Application Dependencies

Where can detail applciations traffic be found?

Logging and Reporting

What encrypts data for privacy?

SSL/TLS

What does PKI use to verify key owners

digital certificates

What does SSL do?

TLS operates at the application layer and encrypts data before sending it over the network

What is X.509?

the standard format for digital certificates