Palo Alto Intrusion Prevention System (IPS)

Notes for SNCC
DoIT staff has cut over the firewalls in the Data Center to the Palo Alto firewall platform, doing a like-for-like migration of existing firewall rules. In the coming months, DoIT staff will work to enable the advanced features on the Palo Alto Network firewall platform. These features are designed to protect against advanced threats that traditional layer-four firewalls cannot detect.

This change will not be disruptive, however, problems that do show up should be reported to DoIT SEO Firewall team, SNCC Noc, or the Help Desk during business hours, and to the SNCC NOC after hours. Any general questions should be directed to cybersecurity

IPS will prevent attacks on servers that are located behind the Palo Alto firewalls.
It's possible that when it is turned on it may prevent legitimate traffic.

Palo Alto updates will be applied every Tuesday at 10:00am going forward. Day/Time was chosen so that support people are available.

IPS was turned on at 10:00am, 3/6/2018 for data center dev/test/infrastructure subnets.
(possible that some production service(s) is running on a dev/test box).

IPS was turned on at 10:00am, 3/20/2018 for data center production subnets.
(possible that some dev/test service(s) is running on a production box).

For reports of service outages, SNCC follows normal escalation (Sys Admin, APP Admin). If Sys/APP Admin suspects firewall issue they will contact SEO firewall team members who are trained on the Palo Alto equipment.

There is no 'Firewall on-call", so after-hours support is "best-effort", as the Board of Regents, Chancellor, CIO have prioritized security (and the possibility of service outages) over availability.


Keywords:
palo alto ids intrusion prevention firewall 
Doc ID:
80644
Owned by:
NATHAN M. in SNCC
Created:
2018-03-05
Updated:
2021-03-26
Sites:
DoIT Staff, Systems & Network Control Center, Systems Engineering