PaloAlto Networks Cybersecurity Academy Essentials II

ESSENTIALS II COURSE PROJECT OUTLINE

OVERVIEW:

To pass the PaloAlto Networks / Coursera Essentials II course you will need to complete
the course project assignment, which is based on the course lab activities. The course
project submission is a compilation of your summarizations of each lab activity
combined with one final activity that is outlined on the following pages. You will then
submit your complete project document and proceed to evaluate on of your classmate’s
project document submissions.

REQUIREMENTS:

• Create a project document (Word or Acrobat file formats) that you will submit to
the Course Project / Peer Review area in Module 4 of the course.

• Type your full name at the top left of the document.

• Save the document with your full name and the words ‘Essentials Project II’ in
the document file name. Example: “Mary Smith Essentials Project II”

• As you complete each Module’s lab activity you are required to summarize the
activity as directed in the lab instructions. Include each of your lab
summarizations in your course project document. Be sure you label each lab
summary by the lab title.

• When you have completed all of the other course requirements perform the
activities outlined below, and add your screen captures to your project
document.

• Submit your completed project document to the Module 4 Project Peer Review
content area and proceed with the Peer Review requirements outlined below.
[Type here]

PAN-OS 8 CYBERSECURITY ESSENTIALS II

Student Project

Document Version: 2018-04-20

Copyright © 2017 Network Development Group, Inc.

www.netdevgroup.com

NETLAB Academy Edition, NETLAB Professional Edition, and NETLAB+ are registered trademarks of Network Development Group,
Inc.

VMware is a registered trademark of VMware, Inc. Cisco, IOS, Cisco IOS, Networking Academy, CCNA, and CCNP are registered
trademarks of Cisco Systems, Inc. EMC2 is a registered trademark of EMC Corporation.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 2

[Type here]

Table of Contents
1. Task Preparation ..................................................................................................... 7
2. Create a Decryption Policy ...................................................................................... 7
3. Create a SSH Session with Putty and verify Decryption is working. ....................... 8
4. Disable Decryption Policy and show SSH traffic is not being Decrypted. ............... 8

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 3

[Type here]

Introduction

In this project, you will decrypt SSH traffic by creating a decryption policy, decryption
policies provide flexible rules and matching criteria that enable you to protect
destination zones or specific servers that may be prone to DoS attacks. After a
decryption policy has been created, you will then use Putty to SSH to the firewall and
monitor the logs to show the SSH session has been encrypted.

There are 3 sections near the end of this project that require
Student Input. You must complete the Student Input sections to
receive full credit for this project.

Objective

In this project, you will perform the following tasks:

1. Create a Decryption Policy

2. Create a SSH session with Putty and verify Decryption is working.
3. Disable Decryption Policy and show SSH traffic is not being Decrypted.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 4

[Type here]

Project Topology

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 5

[Type here]

Project Settings

The information in the table below will be needed in order to complete the project. The
task sections below provide details on the use of this information.

Virtual Machine IP Address Username Password

Firewall 192.168.1.254 Admin admin

Client 192.168.1.20 lab-user Pal0Alt0

DMZ 192.168.50.10 Root Pal0Alt0

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 6

[Type here]

1. Task Preparation

1.1. Login to the firewall through the web interface.

1.2. In the web interface, Load named configuration snapshot underneath the
Configuration Management section.

1.3.In the Load Named Configuration window, select 210-cse-lab-06 from the Name
drop-down box and click OK.

1.4.Notice the configuration is loaded, click Close to continue.

1.5. Click the Commit link located at the top-right of the web interface.

1.6. In the Commit window, click Commit to proceed with committing the changes.

1.7. When the commit operation successfully completes, click Close to continue.

1.8. The commit process takes changes made to the firewall and copies them to the
running configuration, which will activate all configuration changes since the
last commit.

2. Create a Decryption Policy

2.1. Decryption Policies allow administrators to stop threats that would otherwise
remain hidden in encrypted traffic and help prevent sensitive content from
leaving an organization.

2.2. From the WebGUI, navigate to Policies > Decryption > Add.

2.3. In the Decryption Policy Rule, On the General Tab, type Decrypt SSH for the
Name.

2.4. In the Decryption Policy Rule, On the Source Tab, click Add in the Source Zone
and select inside.

2.5. In the Decryption Policy Rule, On the Destination Tab, click Add in the
Destination Zone and select inside.

2.6. In the Decryption Policy Rule, On the Options Tab, select Decrypt, for Type
select SSH Proxy, leave the Decryption Profile set to None.

Student Input:
2.7. Provide a screen shot of the Decryption Policy Rule options configuration. Click
the Commit link located at the top-right of the web interface.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 7

[Type here]

2.8. In the Commit window, click Commit to proceed with committing the changes.

2.9. When the commit operation successfully completes, click Close to continue.

3. Create a SSH Session with Putty and verify Decryption is working.

3.1. In this step, you will create an SSH session with Putty to the internal interface of
the Firewall and show that the SSH Decryption Policy is functioning.

3.2. Minimize the Chrome Browser.

3.3. Double Click the Putty icon on the Client and open a new Putty Configuration
Window.

3.4. In the Putty Configuration Window, in the Host Name (or IP address) type
192.168.1.1, click Open.

3.5. In the Putty Configuration Windows, for login type admin and Password type
admin and then press enter on the keyboard.

3.6. Once the SSH connection has been made to the firewall internally, type exit and
press enter on the keyboard to close the SSH session from the client PC to the
internal interface IP Address 192.168.1.1 of the Palo Alto Networks Firewall.
Complete this step multiple times to show multiple SSH connections in the
Threat logs of the Palo Alto Networks Firewall.

3.7. Click the Chrome Browser icon to re-open the lab-firewall. After the Chrome
Browser has been opened up, click on the Monitor Tab and Click the refresh
icon multiple times to refresh the Traffic Logs.

3.8. In the search window, type ( app eq ssh ) to show only SSH Applications and
click Apply Filter.

Student Input:
3.9. Provide a screen shot showing the SSH traffic and notice that the traffic was
decrypted using the decryption policy created in a previous step.

4. Disable Decryption Policy and show SSH traffic is not being Decrypted.

4.1. In this step, you will disable the decryption policy that was created in a previous
step and verify the decryption of the SSH connection via Putty is no longer
decrypting the SSH traffic.

4.2. In the lab-firewall, click on the Policies tab, Decryption and select the Decrypt
SSH policy created. Once the decryption policy is highlighted, click Disable.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 8

[Type here]

4.3. Click the Commit link located at the top-right of the web interface.

4.4. In the Commit window, click Commit to proceed with committing the changes.

4.5. When the commit operation successfully completes, click Close to continue.

4.6. Minimize the Chrome Browser.

4.7. Double Click the Putty icon and open a new Putty Configuration Window.

4.8. In the Putty Configuration Window, in the Host Name (or IP address) type
192.168.1.1, click Open.

4.9. You may be prompted with a Putty Security Alert, if so click Yes to continue. By
clicking Yes, the server’s host key will now match the key Putty has cached in
the registry.

4.10. In the Putty session to 192.168.1.1, for login type admin and Password type
admin and then press enter on the keyboard.

4.11. Once the SSH connection has been made to the firewall internally, type exit
and press enter on the keyboard to close the SSH session from the client PC to
the internal interface IP Address 192.168.1.1 of the Palo Alto Networks Firewall.
Complete this step multiple times to show multiple SSH connections in the
Threat logs of the Palo Alto Networks Firewall.

4.12. Click the Chrome Browser icon to re-open the lab-firewall. After the Chrome
Browser has been opened up, click on the Monitor Tab and Click the refresh
icon multiple times to refresh the Traffic Logs.

Student Input:
4.13. Provide a screen shot of the logs showing the SSH traffic and notice that the
traffic was not decrypted. The decryption of the SSH traffic was not decrypted
due to disabling the Decryption Policy.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 9

[Type here]

Stop. This is the end of the Essentials II Student Project.

8/17/2018 Copyright © 2017 Network Development Group, Inc. www.netdevgroup.com Page 10