PaloAlto Networks Cybersecurity Academy Essentials I

ESSENTIALS I COURSE PROJECT OUTLINE

OVERVIEW:

To pass the PaloAlto Networks / Coursera Essentials I course you will need to complete
the course project assignment, which is based on the course lab activities. The course
project submission is a compilation of your summarizations of each lab activity
combined with one final activity that is outlined on the following pages. You will then
submit your complete project document and proceed to evaluate on of your classmate’s
project document submissions.

REQUIREMENTS:

• Create a project document (Word or Acrobat file formats) that you will submit to
the Course Project / Peer Review area in Module 4 of the course.

• Type your full name at the top left of the document.

• Save the document with your full name and the words ‘Essentials Project I’ in the
document file name. Example: “Mary Smith Essentials Project I”

• As you complete each Module’s lab activity you are required to summarize the
activity as directed in the lab instructions. Include each of your lab
summarizations in your course project document. Be sure you label each lab
summary by the lab title.

• When you have completed all of the other course requirements perform the
activities outlined below, and add your screen captures to your project
document.

• Submit your completed project document to the Module 4 Project Peer Review
content area and proceed with the Peer Review requirements outlined below.
Student Project

PAN-OS 8 CYBERSECURITY ESSENTIALS I

Student Project

Document Version: 2018-04-20

Copyright © 2017 Network Development Group, Inc.

www.netdevgroup.com

NETLAB Academy Edition, NETLAB Professional Edition, and NETLAB+ are registered trademarks of Network Development Group,
Inc.

VMware is a registered trademark of VMware, Inc. Cisco, IOS, Cisco IOS, Networking Academy, CCNA, and CCNP are registered
trademarks of Cisco Systems, Inc. EMC2 is a registered trademark of EMC Corporation.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 2

Student Project

Table of Contents
1. Task Preparation ..................................................................................................... 7
2. Create Zones and associate the Zones to Interfaces .............................................. 8
3. Create a Security Policy Rule .................................................................................. 9
4. Create a NAT Policy ................................................................................................. 9

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 3

Student Project

Introduction

In this project, you will configure the firewall for a zero - trust environment.

There are 4 sections near the end of this project that require
Student Input. You must complete the Student Input sections
to receive full credit for this project.
Objective

In this project, you will perform the following tasks:

1. Create zones and associate the zones to interfaces

2. Create a Security Policy Rule
3. Create a NAT Policy.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 4

Student Project

Project Topology

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 5

Student Project

Project Settings

The information in the table below will be needed in order to complete the lab. The
task sections below provide details on the use of this information.

Virtual Machine IP Address Username Password

Firewall 192.168.1.254 admin Admin

Client 192.168.1.20 lab-user Pal0Alt0

DMZ 192.168.50.10 root Pal0Alt0

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 6

Student Project

1. Task Preparation

1.1. Login on the firewall web interface.

1.2. From the web interface, Load named configuration snapshot underneath the
Configuration Management section.

1.3.In the Load Named Configuration window, select 210-cse-lab-01 from the Name
drop-down box and click OK.

1.4.Notice the configuration is loaded, click Close to continue.

1.5.Click the Commit link located at the top-right of the web interface.

1.6.When the commit operation successfully completes, click Close to continue.

1.7. You will see warnings about no zones being configured, that is expected you will
create the zones later in the project.

1.8. The commit process takes changes made to the firewall and copies them to the
running configuration, which will activate all configuration changes since the
last commit.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 7

Student Project

2. Create Zones and associate the Zones to Interfaces

2.1. Navigate to Network > Zones.

2.2.Click on the Add button at the bottom-left of the center section.

2.3. In the Zone window, type outside in the Name field, then click the OK button.

2.4. Click on the Add button at the bottom-left of the center section.

2.5. In the Zone window, type inside in the Name field, then click the OK button.

2.6. Click the Add button at the bottom-left of the center section.

2.7. In the Zone window, type dmz in the Name field, then click the OK button.

2.8. You have now created a zone for each interface. This will keep the traffic
between each interface in each zone. Now you will associate each zone with an
interface.

2.9. Navigate to Network > Interfaces

2.10. Click on the ethernet1/1 interface.

2.11. In the Ethernet Interface window, select the outside zone for the ethernet1/1
interface and click on the OK button.

2.12. Click on the ethernet1/2 interface.

2.13. In the Ethernet interface window, select the inside zone for the ethernet1/2
interface and click on the OK button.

2.14. Click on the ethernet1/3 interface.

2.15. In the Ethernet Interface window, select the dmz zone for the ethernet1/3
interface and click the OK button

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 8

Student Project

3. Create a Security Policy Rule

3.1. Navigate to Policies > Security.

3.2. Click the Add button on the bottom-right of the center section.

3.3. In the Security Policy Rule window, in the Name field, type Allow-Inside-Out.

3.4. In the Security Policy Rule window, click on the Source tab.

3.5. On the Source Tab, click the Add button in the Source Zone section and select
the inside zone for the Source Zone. Then, click on the Destination tab.

3.6. On the Destination Tab, click the Add button in the Destination Zone section and
select the outside zone for the Destination Zone. Then, click on the Application
tab.

3.7. On the Application tab, make sure that the Any checkbox is checked. Click on
the Service/URL Category tab.

3.8. Make sure the drop-down above the Service section has application-default
selected, then click on the Actions tab.

3.9. On the Actions tab, make sure Log at Session End is checked. Then, on under the
Profile Setting, select Profiles from the drop-down. For the Antivirus,
Vulnerability Protection, Anti-Spyware, URL Filtering, and WildFire Analysis
select the default Profiles.

Student Input:
3.10. Provide a screen shot of the Security Policy Rule Actions configuration. Click
the OK button.

3.11. Select, but do not open the interzone-default Security Policy.

3.12. With the interzone-default policy selected, click on the Override button at the
bottom.

3.13. This brings up the Security Policy Rule – predefined window, click on the
Actions tab.

3.14. Select the Log at Session End check box and click the OK button.

Student Input:
3.15. Provide a screen shot of the Security Policy Rule – predefined action tab > log
at session end check box selection.

4. Create a NAT Policy

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 9

Student Project

4.1 Navigate to Policies > NAT

4.2 Click the Add button at the bottom-left to add a new NAT Policy.

4.3 In the NAT Policy Rule window, type Inside-Nat-Out in the Name field, then click
on the Original Packet tab.

4.4 On the Original Packet tab, click the Add button at the bottom of the Source
Zone Section, select the inside interface, then in the Destination Zone drop-
down, select the outside zone, and then click on the Translated Packet tab.

4.5 On the Translated Packet tab, select Dynamic IP And Port on the Translation
Type drop-down, then select Interface Address on the Address Type drop-down,
then select ethernet1/1 for the Interface drop-down, and then select
203.0.113.20/24 on the IP Address drop-down.

Student Input:
4.6 Provide a screen shot of the NAT Policy Rule Translated Packet tab configuration.
Click the OK button.

4.7 Click the Commit link located at the top-right of the web interface.

4.8 In the Commit window, click Commit to proceed with committing the changes.

4.9 When the commit operation successfully completes, click Close to continue.

4.10 Open the Internet Explorer web browser from the task bar.

4.11 In the address bar, navigate to www.facebook.com. You will be able to access
facebook.

4.12 Close Internet Explorer and return to the Palo Alto Web Interface.

4.13 Navigate to Monitor > Logs > Traffic.

4.14 In the filter text box, clear the current filter by click on the red x.

4.15 In the filter text box, type (rule eq ‘Allow-Inside-Out’).

Student Input:
4.16 Provide a screen shot of the log entries allowing Facebook.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 10

Student Project

Stop. This is the end of the Essentials I Student Project.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 11