Topics Map > Information Security > Tools and Software

UW-Madison Palo Alto Firewall Services Readme

The purpose of this article is to provide a brief description of the Palo Alto firewalls and links to helpful KB articles, training and Palo Alto online resources.

Palo Alto Firewall

Palo Alto Networks®  next-generation firewalls detect threats, using intelligence generated across many thousands of customer deployments. This shared intelligence enables the next generation firewalls to counter threats that a traditional “port-based” firewall cannot detect. Malicious actors have found ways to present their traffic on traditionally trusted ports with their application performing potentially malicious activity. An example would be if an attacker used port 80 for network infiltration, a port which traditionally has been used for web-browsing. The Palo Alto firewall uses security zones to segment the network  to reduce the threat surface. The more specific we make our zones, the more protection we have against malware moving throughout our network.


The next-generation firewall identifies the application of the network traffic, so in the example above, the actual malicious traffic will be identified as such, rather than being passed off as standard web-browsing. This is done through the advanced protection features provided by the firewall. In addition, next-generation firewalls enable users to access data and applications based on policy requirements as well as stop credential theft and an attacker’s ability to use stolen credentials. The Office of Cybersecurity has a KB article here outlining rulesets created for the UW-Madison Wireless and WiscVPN networks.



Resources:

UW Provided Knowledge Base Articles:

UW Provided Training:

Palo Alto Provided Training:

Frequently Asked Questions:

Q: How can a unit start a new firewall?

A: Open a change request following the DoIT Change Management Process - https://kb.wisc.edu/page.php?id=8942.


Q: How do I install a VPN client?

A: Refer to the following KB article: https://kb.wisc.edu/helpdesk/page.php?id=74637.


Q: How can I access my firewall?

A: Refer to the following KB article: https://kb.wisc.edu/helpdesk/page.php?id=76602.


Q: How is it that the firewall knows what application is being used?

A: The firewall receives regular signature updates from Palo Alto Networks, similar to antivirus program signatures, that have been confirmed by security professionals to match the traffic behavior of the application.


Q: What if I suspect my application is being blocked as a false-positive and I need it unblocked?

A: Submit the request to your local firewall admin or submit an email to cybersecurity@cio.wisc.edu with the application/URL, time-frame of the suspected block and the use-case for the application to be allowed.


Q: How can I tell if my application is being blocked?

A: Refer to the following KB article: https://kb.wisc.edu/helpdesk/page.php?id=86279.


Q: What if I suspect my server is a target of an attack?

A: Immediately contact your local firewall admin, IT admin, or email cybersecurity@cio.wisc.edu to open a ticket to begin the process to get the appropriate technicians involved.


Q: Where do I go for palo alto network troubleshooting
A: There are many troubleshooting KB articles here and here.


Q: Who can I contact for palo alto ruleset consulting?

A: You can contact cybersecurity at cybersecurity@cio.wisc.edu to schedule a consultation.


Q: Who can I contact for urgent palo alto assistance?

A: For any urgent technical issues please call and open a ticket with the help desk.




Keywords:paloalto security training sources online web blocked homepage   Doc ID:91674
Owner:Vincent A.Group:Office of Cybersecurity
Created:2019-05-09 14:30 CDTUpdated:2019-07-12 13:55 CDT
Sites:Cybersecurity Operations Center, DoIT Help Desk, Office of Cybersecurity
CleanURL:https://kb.wisc.edu/security/uw-madison-palo-alto-firewall-homepage
Feedback:  0   0