Palo Alto NGFW Firewall Custom Response Pages lab using VMware Workstation

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hey guys welcome to MB 10th auger my name's Matt so in this video I'm going to show you how to configure custom response pages which displays a web page when users try to access a URL or web-based application I will show you how to do all of this on a VM series next generation Fowler and Windows Server 2016 using VMware Workstation if you haven't watched my previous app ID and as a self forward proxy decryption Labs I suggest you do this first as is required in order for this blog to be successful hopefully you will enjoy the video if you do please like it and please consider subscribing to my channel ok so let's check out the lab prerequisites we need a Windows 2016 server up and running in VMware Workstation with Active Directory installed we need the Windows 10 client joined to the domain both domain controller and Windows 10 clients should have access to the Internet we need access to the palatal networks file web UI from the ad server and then we need to make sure we have Windows IRS installed this would have been installed when completing the SSL for decryption lab let's go through the lab objectives now so we need to create a new non Active Directory primary zone in dns manager create a new host a record and confirm dns resolution configure the web server test the web server export the predefined response page file edit the response page files and upload to the firewall configure a new security policy to test the custom response pages and then attempt access to the blocked application and your app ok so let's begin well let's open up server manager and we're gonna go to tools and we're going to go to DNS with the four look up zones highlighted right click and create a new zone and then next leave the primary zone ticked and then we I'm gonna uncheck this because I don't want this zone to be stored in Active Directory click next give the zone a name I'm gonna call it MB Tech Talk lap comm next leave this all at default and then finish then expand the for look up zones again highlight your new zone right click and then click on new host a record this is going to be a www site and then the IP address of the alias a which is ten dot 4 dot 4 dot 100 and then click Add host click OK and done now we can open up the command prompt and just confirm we've got DNS resolution on the new zone so ping www dot M B Tech Talk lap comm perfect so we've got DNS resolution now we can close the window and close DNS manager and then we can go over to tools we can open up PI is so Internet Information Services Manager and then on the left hand side expand the sites and expand the default web site now if you've already completed my SSL forward proxy lab you would have already installed the ad certificate services and the web enrollment feature and will already have these sites populated if you haven't completed this slide I would strongly advise you go and do that before attempting this lab it would just make things go smoother and it would all be the same as as my lab is now okay so let's create some directories to stall the new website in we need to right click on default website and then add virtual directory in the alias box we're gonna give the site and name and I'm gonna call it Internet and then I'm gonna browse to this C Drive then I'm gonna put the files inside the eye net pup folder this is the default folder for iOS web sites I'm gonna make a new folder and I'm just gonna call it internet and then click OK make sure it's been populated and then okay and we're gonna do it again and create another virtual directory and this is going to be where we store the images so images and then the physical path is going to be in the C Drive again I net per Internet making you folder images click OK and then ok and that's that done now let's create a basic welcome page and store in the Internet folder so let's open up notepad and just type welcome and then we're gonna save that as MB tik tok lab comm dot txt you've got to remember that file name make sure it's stored in e inet pub internet folder and then save we can close that down back to our s and then highlight internet double click on default document and then we're gonna add and then we're going to put in that file name so it's MV Tech Talk lab comm dot txt and then just gonna click OK now that's the default page for the internet site now if we go over to Windows 10 open up a browser and then an open a tab and then now I'm gonna put debby debby debby dot MB Tech Talk lab dot com forward slash Internet so there's the basic website so that's working ok so now let's add some pictures to the is images folder so I already downloaded a couple of JPEGs so let's copy them over to the correct folder and then we can test in the browser so we need to go over to Windows Server 2016 open up File Explorer and then go to my pictures directory and then I copy these JPEGs I've already downloaded and then we're gonna go to C Drive inet perb Internet and then images then I'm gonna drop the files into there now we can close that and then back to Windows 10 and then the website address is gonna be wnbt talker live.com forward slash internet forward slash images images for slash we've got Iron Man dot JPEG and that works brilliant and then we've got another picture we can test which is the Yoda picture so Yoda okay that's working brilliant so now that's all working we can create custom response pages and reference whatever we host on the RSIs web server so let's go and hop over to the firewall and start configuring the response pages okay so we're over at the firewall so we need to click on device tap and then on the left hand so look for response pages click on application block page and then check the predefined and then export and then we're going to save this a different file name we're gonna put - Yoda on the end and then say to the desktop closed and then we're going to do the same for URL filtering and category match block page again take the predefined and then export and then we're gonna save as Iron Man on this one so - iron man and then click save and close so if we now go over to the desktop and we're gonna open up the application block page Yoda first so I'm going to edit with notepad I'm just simply going to add a line in the main body you can see here application blocked access to the application you were trying to use has been blocked in comes with a company policy and please contact your system administrator if you believe this is an error so underneath here I'm gonna put an image so the line I'm gonna add in is a less than sign and IMG SRC for source equals and then quotes and then the full website so this is going to be HTTP forward slash forward slash www dot M B Tech Talk lab comm intranet images and then Yoda dot jpg and then quotes and then the greater-than sign and then you can save that and then we're going to do the same for the other the URL block page ironman we're gonna open with notepad again and we can do exactly the same find the line where it's got the text talk explaining that it's this site has been blocked hit return and then we do the the same text again so it's IMG source and then equals and then it's going to be the website address again HTTP for - colon forward slash forward slash wwm be Tech Talk lab comm intranet four slash images forward slash Ironman dot jpg and then the quotes and then the greater than close that down and then we need to go back to the files and we're going to change them into HTML files so let's just rename these dot HTML say yes and the same for this one dot html' okay so these are now ready to be uploaded to the firewall so if we close that and we go to application block page we can now import and we're going to browse to the file on our desktop so the application block page was the yoader one so click OK and that's uploaded and then we'll do the same for the URL filtering hanging category match block page so again import and then browse and then looking for the URL block page and open okay and then close so that's done now we can move on to configuring the policies okay so let's create two new security policies so under the policies tab security and then click Add the first policy is going to be to block apps so let's call it block apps source will be the user zone that's where the Windows 10 client resides now I've got user ID configured so I'm going to add a domain user so if I select that and should get a drop-down and I'm gonna block Tony Stark's ot Stark if you haven't completed the user ID agent lab make sure you check it out so you can follow along in subsequent labs I'll put a card above with the video details in it so then we click on destination and then we'll click Add and this is going to be the interest that I towards the Internet the application I'm going to choose Facebook so just type in Facebook and it's gonna be for Facebook base and service is just going to be application default action setting is gonna be deny and click ok next we're going to configure the URL filtering policy this one is a bit more involved I'm going to touch on this using a URL filtering security profile however I will go much deeper into the URL filter down security profiles in separate videos so watch out for them and just make sure that you click the bell to receive notifications for any new videos that I upload to my channel ok so let's go to objects and then we're going to go down to security profiles on the left and then we're going to look for Eurail filtering you can see there's a default security profile but you can't edit this one and so what we're going to do is we're going to highlight it and then we're going to click clone and then we're going to click ok then we're going to click on the cloned schoo profile and we're going to give it a name so I'm going to call it block URL test then you can choose which URL categories that you want to block so for ease it's just for demonstration I'm going to click on this down arrow and then we're gonna set all actions to block and then I'm gonna click OK now we can create the last security policy so if we go into the policy tab and then go security and then add and we're going to call this block you are owls source is gonna be the users own source user is going to be Tony Stark I'll delete this find Tony destination is going to be the untrue so we're gonna put the applications needed to browse the Internet so that's gonna be web browsing SSL DNS that was wrong that's a cell and then service URL was gonna leave that application default and actions I'm gonna allow and then we're gonna choose a profile so we can go to the URL filtering drop-down and then we can choose the block URL test security profile we created a moment ago and then click OK then we're going to move these rules up to the top so let's move this one and then the block URL up to the top so those more specific rules come before the general internet traffic rule also a really important configuration is you've got to make sure that your management profile allows response pages so you need to make sure you've got a a management profile assigned to the interface that is going to receive the response pages or give out the response web pages to the users so if you look at my interface 1/2 you can see under the Advanced tab I have the internal ping web UI SSH response page management profile assigned so you need to make sure that's done otherwise it won't work and then when you're happy you can commit the changes let's head over to the Windows 10 client now and we can test the response pages so they open up a browser and let's test and a web based application that we've blocked which is Facebook says go to facebook.com awesome that's working so Tony Stark has been denied access to the Facebook application which is in in accordance with his company policy so let's check a website address so let's go to ebay.com he's also not allowed to go to ebay it's been categorized as an auctions website which has been blocked as well he checks his feet his favorite sports website which is fifa.com and that's been blocked as well so he thinks this is an error so he contacts his Systems Administrator to his file admin and says let you know why I don't I don't think this should be blocked I think it could we unblock this and the company agrees so the file admin went back to the firewall and he opened up the objects tab and he went to the security profiles and the URL filtering and he clicked on the block URL test profile and he searched on sport and then he changed the site acts from block to alert which means that traffic's going to be allowed through if they try to access a sports category and also he will log on the firewall when the access has been given click okay and we can commit that when it's committed we can go back in and check that fifa.com access and hopefully the user is allied through now so let's go back to Windows 10 let's open up a new tab and let's go to fifa.com and there you go so access has now been granted to that website yes these were pretty basic custom block pages however you can get very creative by adding sounds or style sheets or even a self-service portal where you can log in instant if you think the page shouldn't be blocked if you want to view the HTML example code for the response pages I'll put the link on the screen now and I'll put it in description as well let me know in the comments if you have used this feature before or even share some of your creative custom response pages well that's the end of the lab I hope you like the video I'm trying to useful seeing the next one okay guys that's it for today's video thanks for watching over the next coming weeks I will be uploading more videos where I will be sharing more content about palo alto firewall features and technologies and how to configure them if you like this video i'm sure you know what to do by now but just in case you don't please hit that like button below and share with your friends and be sure to hit that subscribe button and the bell to get notified every single time I post a new video if you have any ideas or video content you want me to create please put them in the comments below as I would love to hear your feedback on any aspect of my channel please keep watching and I will see you in the next video thanks [Music]
Info
Channel: MB Tech Talker
Views: 1,084
Rating: undefined out of 5
Keywords: palo alto firewall tutorial, palo alto firewall tutorial for beginners, palo alto networks, palo alto firewall, next generation firewall, palo alto networks firewall, palo alto lab setup, vmware workstation, vm-series ngfw, palo alto vm-series, palo alto firewall configuration, palo alto response pages, custom response pages, palo alto networks url, palo alto networks url filtering
Id: v11oFI6YUC4
Channel Id: undefined
Length: 21min 19sec (1279 seconds)
Published: Thu Jul 23 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.