Measures reported by PanGblGateWayTest

The security subscriptions on the Palo Alto Firewall allows you to safely enable applications, users and content by adding natively integrated protection from known and unknown threats both on and off the network. These security subscriptions are purpose-built to share context and prevent threats at every stage of an attack, allowing you to enable singular policies and automated protection that secure your network and remote workforce while simplifying management and enabling your business. Some of these subscriptions are:

• AutoFocus

• GlobalProtect

• URL Filtering PAN-DB

• Threat Prevention and

• WildFire

Every client system that participates in the GlobalProtect network receives configuration information from the portal, including information about available gateways as well as any client certificates that may be required to connect to the GlobalProtect gateway(s) and/or the Mobile Security Manager. In addition, the portal controls the behavior and distribution of the GlobalProtect agent software to both Mac and Windows laptops. (On mobile devices, the GlobalProtect app is distributed through the Apple App Store for iOS devices or through Google Play for Android devices). If you are using the Host Information Profile (HIP) feature, the portal also defines what information to collect from the host, including any custom information you require. The two types of configuring the GlobalProtect gateway are:

• External gateways : Provide security enforcement and/or virtual private network (VPN) access for your remote users. It enables establishing the VPN access through an IPSec or SSL tunnel between the user and a tunnel interface on the firewall.

• Internal gateways : An interface on the internal network configured as a GlobalProtect gateway for applying security policy for access to internal resources. When used in conjunction with User-ID and/or HIP checks, an internal gateway can be used to provide a secure, accurate method of identifying and controlling traffic by user and/or device state. Internal gateways are useful in sensitive environments where authenticated access to critical resources is required. You can configure an internal gateway in either tunnel mode or non-tunnel mode.

Whenever an infrastructure is accessed from an external network, administrators should keep constant vigil on the traffic flowing through the established tunnels. The same logic applies to the tunnels that were created to access an infrastructure that is guarded using the Palo Alto Firewall with the GlobalProtect subscription. If the number of tunnels suddenly increases or if the GloblaProtect gateway is utilized to the maximum frequently, then the firewall may not function efficiently resulting in a few tunnels hogging the bandwidth resources and choking the network! To avoid this, administrators should periodically check the number of tunnels and the utilization of the GlobalProtect gateways. This is where the PanGblGateWayTest test helps!

This test continuously monitors the GlobalProtect subscription enabled Palo Alto Firewall and reports the number of tunnels created on the firewall using the GlobalProtect subscription and the utilization of the GlobalProtect gateways. Using this test, administrators can easily identify malicious threats to their network if the number of tunnels are abnormally high and fine-tune the number of GlobalProtect gateways if the gateway utilization is high throughout.

Note:

This test will report metrics only if you have subscribed to GlobalProtect.

Outputs of the test : One set of results for the firewall being monitored.

The measures made by this test are as follows: