Chapter 2. Security Tuneup
2.1 Work with Applications
Learning Objectives
- Configure security policies
Prerequisites:
- Knowledge of previous labs
- SNAT for internet access
- Security Policy from Inside to Outside
| Device | Configuration |
|---|---|
| Client (webterm) | eth0: 10.0.0.2/24 GW: 10.0.0.1 |
| PaloAlto | Ethernet1/1: 10.0.0.1/24 Ethernet1/2: DHCP Management: 192.168.0.1/24 |
| Management (webterm) | eth0: 192.168.0.2/24 |
| Zone | Interface |
|---|---|
| Inside | Ethernet1/1 |
| Outside | Ethernet1/2 |
Modify Allowed Applications
Under polices > security, create a new security policy that allows inside to outside.
Under the application tab, add these under applications:
- dns
- ssl
- web-browsing
- dns-over-https
These will allow only basic web browsing.
Press OK, and commit the changes.
Test the Policy
On the client machine, navigate to any website, and you’ll see it works:
However, you’ll notice that ping will not function:
You can allow Ping application under application settings and then you can verify whether you are able to Ping or not.