PA NAT LAB

Home LAB SETUP

Laptop/PC - 8 GB RAM is recommended

Requirements :

1) VM Workstation

2) PA Image

Content ID & Global Protect isn't possible in virtual environment.

Without License Traffic Flowing Can't be tested on Home LAB (in Monitor)

But we may use session

1) Show session id

2) show session all

3) show session filter application

Labs can be done

1) Security Policy

2) NAT Policy

3) SSL Decryption Policy

4) App-ID

5) User-ID

6) HA

7) Ipsec site to site VPN

8) Packet Capture

Basic Setup

Step 1 : Configure Zones

Go to Network --> Zones

Configure LAyer3 interface with both inside and outside Zones

Step 2 : Configure Interface

e1/1 : Layer 3 Mode

Security Zone : Inside

Virtual Router : Default

IP Config : 192.168.204.1/24

e1/2 : Layer 3 Mode

Security Zone : DMZ

Virtual Router : Default

IP Config : 192.168.245.1/24

e1/3 : Layer 3 Mode

Security Zone : Outside

Virtual Router : Default

IP Config : 192.168.194.1/24

So we configured all three interfaces and "Commit" changes.

Step 3 : Create Default Static Router

Default Virtual Router

Name : Default-Router

Destination : 0.0.0.0/0

Next Hop : e1/3 , 192.168.194.254 (IP of ISP)

Step 4 : Create Management Profile "PING" so that we could ping firewall's interfaces from VM's when kept in respective zones.

Network --> Network Profiles --> Interface Management Profile

Create new one "PING" to allow ping

Now attach this "PING" profile to all three interfaces & "COMMIT" changes.

Lab Setup

Take two windows XP1 & XP2 system . Put one of them in Inside and other in DMZ.

XP1 = 192.168.204.129

XP2 = 192.168.245.129

Take another Linux System in Outside Zone and configure it as Web Server.

Linux Box = 192.168.194.129