Part 1: 10 Basic questions on PaloAlto Networks Firewall

Today we are going to talk about the very basic few questions which are usually asked in the interview for Palo Alto networks Firewall

Let's start with the first part of interview questions in Palo Alto Networks Firewall. we will come up with another round of questions in Palo Alto Networks.

Fig 1.1- Palo Alto Networks Firewall

Q1: What is the difference between a Next-Generation Firewall vs. Traditional Firewall?
A next-generation firewall (NGFW) is a network security solution that goes beyond a traditional stateful firewall in terms of capability. 

While a traditional firewall inspects all incoming and outgoing network traffic in real-time. Application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence are all used in a next-generation firewall.

Q2: Do you know about the command which is used to check the firewall policy matching in Palo Alto?
Check on the Panorama:
web browser -> go to test security -> policy -> match from trust to untrust destination

Q3: What are the benefits of Panorama in Palo Alto?
Panorama in Palo Alto offers distributed administrations, which helps you to control policies and configurations to the Palo Alto firewall centrally.

Q4: Describe about zone protection profile in Palo Alto?
Zone protection profile helps to provide complete protection from attacks like floods, reconnaissance, and packet-based attacks. As you know that flood attacks can be of type SYN, ICMP, and UDP. 

Q5: Which Palo Alto Networks solution targets endpoint security from Cyber-attacks?
The next-generation firewall solution targets endpoint security from Cyber-attacks. It provides detailed network traffic visibility focused on applications, customers, and content, enabling you to accept and meet your business requirements.

Q6: Explain Web Application Firewall and its Purpose ?
The primary purpose of WAF is to monitor web applications to enhance the security and its features in web applications. It protects the web application by filtering the traffic between the internet and the application.

Q7:What is global VPN support?
The global protect VPN provides a clientless SSL Virtual private network (VPN) and helps to access the application in the data center.

Q8: Describe Active/passive and Active/Active modes in Palo Alto ?

  • Active/Active: this mode in Palo Alto is supported in deployment types including virtual wire and layer 3. In this mode, both the firewalls work synchronously and process the traffic.
  • Active/passive: this mode in Palo Alto is supported in deployment types including virtual wire, layer2, and layer3. In this mode, the configuration settings are shared by both the firewalls. In this case, the active firewalls fail, the passive firewall becomes active and maintain network security.

Q9: What protocol is used to exchange heart beats between HA?
ICMP is the protocol used to exchange heartbeat between HA.

Q10:What is incomplete and application override in Palo Alto Firewall?
Application Incomplete can be interpreted as-either the three-way TCP handshake is not completed or completed, and there was no information to classify the process just after handshake. Where as Application override is being used to bypass the App-ID (Normal Application Identification) for unique traffic transmitted via a firewall.

We will come up with Part 2 on the interview questions of Palo Alto Firewalls soon.