ULTIMATE

TEST DRIVE
Next-Generation Firewall
(NGFW)

Workshop Guide
PAN-OS 8.0

UTD-NGFW 3.3 2017 Palo Alto Networks, Inc. | Confidential and Proprietary Last Update:20170317
Table of Contents
How to use this guide .......................................................................................................................... 4
Activity 0 Login to the UTD Workshop ........................................................................................... 5
Task 1 Log in to your Ultimate Test Drive class environment .......................................................................... 5
Task 2 Login to the student desktop ................................................................................................................. 6
Task 3 Login to the UTD virtual firewall ............................................................................................................ 9
Activity 1 Granular control on Social Media and Enabling Sanctioned SaaS Applications .. 11
Task 1 Check connectivity to Facebook .......................................................................................................... 11
Task 2 Enable Facebook Application............................................................................................................... 12
Task 2a (Optional) Enable Facebook Application by Function ....................................................................... 13
Task 3 Review traffic logs ................................................................................................................................ 14
Task 4 Enable Sanctioned SaaS Applications .................................................................................................. 15
Activity 2 Controlling Evasive Applications ................................................................................ 16
Task 1 Attempt to use anon-approved web application ................................................................................ 16
Task 2 Attempt to use an anonymizer site ..................................................................................................... 16
Task 3 Attempt to download and install evasive application ......................................................................... 16
Task 4 - Review URL log ..................................................................................................................................... 17
Activity 3 Applications on Non-standard Ports .......................................................................... 20
Task 1 Create a new security policy ................................................................................................................ 20
Task 2 Check application connectivity ............................................................................................................ 21
Task 3 Modify Security Policy ......................................................................................................................... 22
Task 4 Re-check applications on non-standard ports ..................................................................................... 22
Activity 4 Decryption ...................................................................................................................... 23
Task 0 Check connectivity to lab web server .................................................................................................. 23
Task 1 Download test ...................................................................................................................................... 23
Task 2 Add a new decryption policy ............................................................................................................... 24
Task 3 Retest secure download ...................................................................................................................... 25
Task 4 Review traffic logs ................................................................................................................................ 25
Activity 5 Modern Malware Protection ......................................................................................... 27
Task 1 Review default WildFire analysis profile ............................................................................................. 27
Task 2 Enable WildFire analysis on a security policy ...................................................................................... 27
Task 3 Test WildFire modern malware protection ......................................................................................... 28
Task 4 WildFire portal review ......................................................................................................................... 28
Task 5 Review the WildFire analysis results ................................................................................................... 29
Activity 6 URL Filtering .................................................................................................................. 31
Task 0 Check connectivity ............................................................................................................................... 31
Task 1 Modify URL Filtering ............................................................................................................................ 31
Task 2 Apply URL Filtering to the security policy ............................................................................................ 32
Task 3 Review URL Filtering logs ..................................................................................................................... 33
Activity 7 GlobalProtect: Safely Enable Mobile Devices............................................................ 34
Task 1 Identify the GlobalProtect Gateway URL ............................................................................................. 34
Task 2 Complete the GlobalProtect Gateway configuration .......................................................................... 35
Task 3 Log into GlobalProtect from the Mobile PC (GlobalProtect) ............................................................... 37
Task 4 Review traffic on the VM-Series firewall ............................................................................................. 38
Activity 8 Control Application Usage with User-ID ..................................................................... 40

UTD-NGFW 3.3 2
Task 1 Validate access to SSH server .............................................................................................................. 40
Task 2 Enable applications based on User-ID ................................................................................................. 41
Task 3 Confirm access with User-ID ................................................................................................................ 41
Activity 9 Clientless VPN ............................................................................................................... 44
Task 1 Identify the Clientless VPN Gateway Hostname.................................................................................. 44
Task 2 Configure Clientless VPN ..................................................................................................................... 45
Task 3 Test the Clientless VPN access from Mobile PC .................................................................................. 47
Task 4 Verify the log file entries on the firewall ............................................................................................. 48
Activity 10 ACC and Custom Reports .......................................................................................... 49
Task 1 Review Application Command Center (ACC) ....................................................................................... 49
Task 2 SaaS Application Usage Report ............................................................................................................ 52
Task 3 Setting up a custom report .................................................................................................................. 53
Task 4 Whats new in PAN-OS 8.0................................................................................................................... 54
Activity 11 - Feedback on Ultimate Test Drive ............................................................................... 55
Task 1 Take the online survey ......................................................................................................................... 55
Appendix 1: Alternative Login Methods to Student Desktop ....................................................... 56
Login to the student desktop using Java Console (Java client required) .......................................................... 56
Appendix 2: Support for Non-U.S. Keyboards ............................................................................... 58
Add a new international keyboard .................................................................................................................... 58
Use the on-screen keyboard .............................................................................................................................. 59

UTD-NGFW 3.3 3
How to use this guide
The activities outlined in this Ultimate Test Drive (UTD) Workshop Guide are meant to contain all the information
necessary to navigate the workshop interface, complete the workshop activities, and troubleshoot any potential
issues with the UTD environment. This guide is meant to be used in conjunction with the information and
guidance provided by your facilitator.

Once these activities are completed

You should be able to:
1. Navigate the Palo Alto Networks GUI
2. Review portions of the firewall configuration
3. Change the configuration to affect the behavior of traffic across the firewall

This workshop covers only basic topics and is not a substitute for the training classes conducted by Palo Alto
Networks Authorized Training Centers (ATC). Please contact your partner or regional sales manager for more
training information.

Terminology

Tab refers to the seven tabs along the top of each screen in the GUI.
Node refers to the options associated with each Tab found in the left-hand column of each screen.

Note: Unless specified, the Google Chrome web browser will be used to perform any tasks
outlined in the following activities (Chrome is pre-installed on the student desktop of the
workshop PC).

UTD-NGFW 3.3 4
Activity 0 Login to the UTD Workshop

In this activity you will:

Log in to the Ultimate Test Drive Workshop from your laptop
Understand the layout of the environment and its various components
Enable the Firewall to facilitate connectivity

Task 1 Log in to your Ultimate Test Drive class environment

Step 1: First, make sure your laptop is installed with a modern browser that supports HTML 5.0. We recommend
using the latest version of Firefox, Chrome and Internet Explorer. We also recommend you install the latest
Java client for your browser.

Step 2: Go to class URL. Enter your email address and the passphrase (if you have an invitation email, you can
find the class URL and passphrase in the invitation email; or the instructor will provide you with the class URL and
passphrase).

Step 3: Complete the registration form and click Register and Login at the bottom.

Step 4: Depending on your browser, you will be asked to install a plugin. Please click Yes to allow the plugin to
be installed, then continue the login process.

UTD-NGFW 3.3 5
Step 5: Once you login, the environment will be created automatically for you. When you see the Environment is
ready message on the upper left hand corner, that means all the virtual machines are booted up and ready for
use.

The UTD NGFW lab environment consists of many VMs: a Student Desktop, Mobile PC, VM-Series Virtual
Firewall, Linux Server and more. You will start the lab by accessing the Student Desktop.

Task 2 Login to the student desktop

Step 1: Click on the Student Desktop tab to connect to the student desktop.

Step 2: You will be connected to the student desktop through your browser

UTD-NGFW 3.3 6
Step 3: To expand the student desktop window inside the browser, you can use the Fullscreen RDP option.

To exit the full-screen mode, click the black arrow at the top of window to open the dropdown menu; then click
Exit.

Step 5: If the student desktop resolution is too high or too low for your laptop display, you can adjust it in the
upper right-hand corner of the window.

Note: The default connection to the student desktop uses an RDP over HTML5 protocol through the
browser. In case your browser does not support HTML5 or you find that the student desktop is too
small to use in the browser, please refer to Appendix1: Alternative Login Method to connect to the
student desktop using Java client.

UTD-NGFW 3.3 7
Optional Step 6: If you encounter connection issues with the student desktop, click Reconnect to re-establish
the connection.

Optional Step 7: If reconnection to the student desktop is unsuccessful, please verify your laptop connectivity
using the following link. [Note that a Java client is required on your browser for this test site to function.]

https://use.cloudshare.com/test.mvc
This test site will validate the RDP-based and Java-based connections to your browser. Click Allow to allow the
Java applet to be installed and run on your browser.

Optional Step 8: If the connectivity test passed, please close the browser and retry from Task1, Step1. If the
connectivity test failed, please inform the instructor and ask for further assistance.

UTD-NGFW 3.3 8
Task 3 Login to the UTD virtual firewall

Step 1: Click the UTD-NGFW-PAVM bookmark in the Chrome browser, then login to the firewall using the
following name and password:

Name: student
Password: utd135

Step 2: You are now logged in to the firewall. Take a look at the welcome page to see some of the features
introduced in the latest release of PAN-OS. Click Close to close the welcome page.

UTD-NGFW 3.3 9
Step 3: Open a new tab in the Chrome browser window and confirm Internet connectivity by selecting CNN from
the Labs Bookmark > Activity-0 folder.

Step 4: Here is a quick look at how the student desktop and the virtual firewall are connected:

End of Activity 0

UTD-NGFW 3.3 10
Activity 1 Granular control on Social Media and
Enabling Sanctioned SaaS Applications
Background: Every organization is trying to determine how to appropriately control social media and
SaaS (Software as a Service) applications. Allowing them all is highly risky, while blocking them all can
cripple the business. Policy considerations, including who can use which social media channels and
SaaS applications, require a granular level of control at the firewall.

PAN-OS features to be used:

App-ID and function control.
Logging and reporting for verification.

In this activity you will:

Modify the existing firewall configuration to control the behavior of the Facebook application.
Review Traffic logs to confirm activity.

Task 1 Check connectivity to Facebook

Step 1: On your session desktop, open a browser and select the www.facebook.com from the Lab Bookmarks
folder > Activity-1 folder.
Question: What appears in the browser window?
Answer: You should get blocked and see a screen that looks like this:

Step 2: On the firewall GUI, click on the Monitor tab and Traffic node under Logs to review the traffic logs to
under why Facebook is being blocked. In the search bar, enter (subtype eq deny) the click Apply filter to
filter by deny policies, you should see that facebook-base application is not allowed by default. You will enable
Facebook application in the next task. Click Clear Filter to remove the filter and see all the logs.

UTD-NGFW 3.3 11
Task 2 Enable Facebook Application
Step 1: On the firewall GUI, click the Policies tab, then click the Security node.

Step 2: Highlight the rule #1, named UTD-Policy-00 (currently greyed out).

Step 3: Click Enable in the bottom bar of the GUI. You can see below the rule enabled (change of color)

Step 4: Double click on UTD-Policy-00 to open up the policy details window, go to the Application and
Actions tab to confirm the policy is configured to allow Facebook application. Click OK to close the policy
window.

UTD-NGFW 3.3 12
Step 5: Click Commit in the upper right-hand corner of the GUI.

Step 6: Click Commit All Changes in the pop-up window.

Step 7: Click Close in the pop-up window once the commit has completed.

Step 8: Open a new browser tab and select www.facebook.com from the Lab Bookmarks > Activity-1 folder.
You may get a warning message; you can ignore this. You should now be able to access www.facebook.com.

Task 2a (Optional) Enable Facebook Application by Function

Note: Optional Task the task below requires the use of your Facebook account, if you do not wish to log into
your account in this lab environment or you do not have a Facebook account, you can skip to the next task. The
Ultimate Test Drive lab environment is deleted at the end of the lab.

Step 1: Log in your own Facebook account.

Step 2: Open a new tab and select Candy Crush FB from the Lab Bookmarks > Activity-1 folder and verify you
can use it.

Step 3: Create a new post on your timeline. On the visibility you and just to only me, so it will not change your
timeline. Send a message via chat to a friend.

Step 4: Click the rule name UTD-Policy-00 A Security Policy Rule pop-up will appear, click on the Application
tab, and Delete Facebook.

UTD-NGFW 3.3 13
Step 5: Add a new application start typing facebook-posting. Click OK and close the Policy pop-up.

Step 6: Click Commit in the upper right-hand corner of the GUI.

Step 7: Click Commit All Changes in the pop-up window.

Step 8: Go to Facebook and create a new post, also try to go to Candy Crush again, and sending a message via
the chat window.
What are the results?
You should be blocked from Candy Crush and from private chat
You should be allowed to post to Facebook.

Step 9: Log out of Facebook

Task 3 Review traffic logs

Step 1: Click the Monitor tab. The Traffic node (under the Logs section) will be selected.

Step 2: Type the search string into the query box (directly above the Receive Time column):
(app eq facebook)
Then hit the Enter key or click the icon.

Questions:
What was the action associated with the log entries?
What was the port number associated with the log entries?

UTD-NGFW 3.3 14
Task 4 Enable Sanctioned SaaS Applications
The need for business efficiency and flexibility is driving the use of SaaS applications in many organizations. Palo
Alto Networks Next-Generation Firewall with App-ID provides the industry-leading granular control to and from
SaaS applications. We will show you how to enable a selected set of sanctioned SaaS applications.

Step 1: Go to Application Groups in the Objects tab, then select Sanctioned-SaaS-Apps and review the SaaS
applications in this application group.

Step 2: Add ms-office365to this application group by clicking the Add icon, then select ms-office365.Click
OK to close the application-group window.

Step 3: Go back to the security rule, UTD-Policy-00, and then add the Sanctioned-SaaS-Apps application
group to the policy. On the same tab delete facebook-posting. Click OK to close the policy window.

Step 4: Click Commit to commit the changes. In one policy, you have enabled basic Facebook applications and
a group of sanctioned SaaS applications.
Enabling a group of SaaS applications will allow us to see a more interesting SaaS application usage report in the
later lab activity.

Step 5: In you browser right click the SAAS bookmark folder in Lab Bookmarks > Activity-1, select open all
bookmarks, let pages load (or fail) and close the tabs again.

End of Activity 1

UTD-NGFW 3.3 15
Activity 2 Controlling Evasive Applications
Background: Evasive applications are found on almost every network. Some are purposely evasive,
making every effort to hide and avoid controls. Examples include anonymizer, Tor and P2P. Policy
considerations for controlling evasive applications include protection from RIAA threats, data loss
(inadvertent or otherwise) and malware propagation.

PAN-OS features to be used:

App-ID and URL Filtering to prevent evasive applications.
Logging and reporting for verification.

In this activity you will:

Use App-ID and URL Filtering to control proxy sites.
Review the logs.

Task 1 Attempt to use anon-approved web application

Step 1: Open a new browser tab select Google Drive from the Lab Bookmarks > Activity-2 folder
You should not be able to go to Google Drive.

The Google Drive web application is not explicitly allowed by the firewall, so it is blocked.
To bypass the firewall, some users may try to use an anonymizer site.

Task 2 Attempt to use an anonymizer site

Step 1: Open a new browser window and select one of these anonymizer sites from the Lab Bookmarks >
Activity-2 folder:
Proxify.com, Anonymouse.org or Hide My Ass!.

Step 2: You should see the anonymizer site being blocked by URL Filtering.

Task 3 Attempt to download and install evasive application

Step 1: To circumvent the firewall, some users may try to download and install an evasive application, such as
Tor.

UTD-NGFW 3.3 16
Step 2: Attempt to download the Tor browser from the Tor project website from the Lab Bookmarks > Activity-2
folder. You should see that it also has been blocked.

Task 4 - Review URL log

Visibility is the key to build and maintain a secure policy. Explore the possibilities to work with the log files.
Questions:
Can you determine which policy is blocking Google Drive?
Can you determine which policy is blocking the anonymizer sites?
Which application is used to access the anonymizer sites?
Which application is used to access Tor download sites?

Step 1: Click the Monitor tab, then the Unified node under the Logs section.

Step 2: Click the green plus for Add Filter in the upper right corner.

Step 3: Select Category > equal > proxy-avoidance-and-anonymizers and click Add without closing

Step 4: Select Connector or > Application > equal > google-drive-web and click Add without closing

Step 5: Select Connector or > URL > contains > enter value mouse without quotes and click Add and Close

UTD-NGFW 3.3 17
This is what you should see in the query bar:
(app eq google-drive-web) or (category eq proxy-avoidance-and-anonymizers) or (url contains mouse)
Hit the Enter key or click the icon.
Note: You can also save your filter and load it again later

What do you see in the column Log Type?

Questions:
Can you determine which policy is blocking Google Drive?
Can you determine which policy is blocking the anonymizer sites?
Which application is used to access the anonymizer sites?
Which application is used to access Tor download sites?

Step 6: Click on the magnifier icon on the left side of a log entry and explore the details.

UTD-NGFW 3.3 18
Step 7: Click the Monitor tab, then the URL Filtering node under the Logs section.

Step 8: You can click any entry under the URL column and it will automatically enter the filtering string in the
search bar. In example ( category eq proxy-avoidance-and-anonymizers )

Step 9: Click the Monitor tab, then the Traffic node under the Logs section.

Step 10: Click on a allow in the Action column, go to the query bar and add ! in front of the parentheses, it
should look like this !( action eq allow )
This will negate the filter and display everything that is not matching the action allow.

End of Activity 2

UTD-NGFW 3.3 19
Activity 3 Applications on Non-standard Ports
Background: Many applications can use, either by default or through user control, a non-standard port.
Oftentimes, the use of non-standard ports is done as a means of evading controls. Tech-savvy users are
accessing their home PCs from work by directing SSH to a non-standard port in order to bypass
corporate firewalls. This activity will show you how to allow applications to run only on the standard port
and prevent the same applications from running on any non-standard port.

PAN-OS features to be used:

Logging and reporting to show SSH, RDP and Telnet on non-standard ports.
App-ID, groups function and service (port).
Logging and reporting for verification.

In this activity you will:

Add a new security policy for the IT organization.
Re-order the policies.

Task 1 Create a new security policy

Step 1: Click the Policies tab, then the Security node.

Step 2: Click Add in the lower left-hand corner.

Step 3: Name the policy Allow-IT-apps then select Activity3 for Tags using the drop-down list.

Step 4: Click the Source tab.

Step 5: Click Add in the Source Zone box, then select Trust.

Step 6: Click the Destination tab. Click Add in the Destination Zone box, then select Untrust.

Step 7: Click the Application tab, then click Add. Type IT-apps, then select it.

Step 8: Click the Service/URL Category tab, then click the drop-down menu above Service; change the default
setting from Application Default to Any, then click OK.

Step 9: Click the Action tab. Check that the action is set to Allow, then click OK.

UTD-NGFW 3.3 20
Step 10: Click and drag the policy Allow-IT-apps above the UTD-Policy-04 rule.

Step 11: Click Commit in the upper right-hand corner of the web browser.

Step 12: Click Commit All Changes in the pop-up window.

Step 13: Click Close once the commit has completed.

Step 14: IT-apps is a predefined application group that includes SSH, MS-RDP and other applications. Go to the
Object tab and Application Groups node to review which applications are included in this application group.
There are some industrial specific application groups that are created to highlights some of the common
applications used in those industries. Review those application groups to learn about the applications that are
supported by the Palo Alto Networks Next-Generation Firewall for the specific industries.

Task 2 Check application connectivity

Step 1: Use the PuTTY application on the desktop.

Step 2: Load the SSH server (standard port 22) profile and the SSH to the SSH-Server (172.16.1.101)
using the standard port 22.Login with:

Login: student

Password: utd135

Question:
Can you login?
Yes you should be able to login.

Step 3: Close the SSH session. Load the SSH server again (172.16.1.101) using the non-standard port 443.
Question:
Can you login using the non-standard port?
Yes you should be able to login.

Step 4: Close the PuTTY application. Click the Monitor tab, then click the Traffic log on the firewall GUI.

Step 5: Search for application SSH on port 22 or 443

Questions:
What query string did you type into the search box?
Was the application allowed?

UTD-NGFW 3.3 21
Task 3 Modify Security Policy

Step 1: Click the Policies, then click Security.

Step 2: Click the Allow-IT-apps security policy created in Task 1.

Step 3: Click the Service/URL Category tab, then click the drop-down menu above Service. Change Any to
Application Default, then click OK (The Application Default option only allows applications over the default
port and protocol; it prevents applications from running on non-standard port or protocol).

Step 4: Click Commit in the upper right-hand corner of the web browser.

Step 5: Click Commit All Changes in the pop-up window.

Step 6: Click Close once the commit has completed.

Task 4 Re-check applications on non-standard ports

Step 1: Use the PuTTY application on the student desktop.

Step 2: SSH to 172.16.1.101again on port 443 using PuTTY. Did you get a login prompt?

You should not get the login prompt this time.

Step 3: Close the PuTTY application and click the Monitor tab, then click the Traffic log on the firewall GUI.

Step 4: Search for application SSH on port 443.

Questions:
What query string did you type into the search box?
Was the application allowed?

End of Activity 3

UTD-NGFW 3.3 22
Activity 4 Decryption
Background: More and more traffic is being encrypted with SSL by default. This makes it difficult to allow
and scan that traffic, yet blindly allowing it is very risky. Policy-based SSL decryption allows you to
decrypt applications, apply security policy, then re-encrypt and send the traffic to its final destination.
Policy considerations include which applications or web traffic to decrypt and then applying the
appropriate protection to prevent malware propagation and data/file transfers.

PAN-OS features to be used:

Decryption policy.
Logging and reporting for verification.

In this activity you will:

Add a new decryption policy to decrypt SSL traffic.

Task 0 Check connectivity to lab web server

Step 1: On your desktop, open a browser select UTD Lab Web Server from the Lab Bookmarks > Activity-4
folder.

Task 1 Download test

This website looks like a legitimate lab web server. Lets download a file from this site and see if the site is
working.

Step 1: Download the Apache configuration file, under the Configuration Overview tab by clicking the here
hyperlink.

UTD-NGFW 3.3 23
Step 2: Are you able to download the configuration file? The download should fail because the file is infected and
the antivirus inspection has stopped the download.

Step 3: Try to download the full manual from the manual link. Are you able to download the manual file? The
download should fail because the file is infected and the antivirus inspection has stopped the download.

Step 4: Mouse over the Configuration file (secure download) hyperlink; notice that the download is using
https:// instead of http://. Click the hyperlink to download the file. Are you able to download the configuration
file? The download should succeed because it is encrypted. This browser will open the file and show you the
content.

Task 2 Add a new decryption policy

We will create a decryption policy that decrypts web traffic going to an unknown site.
Step 1: Go to the firewall management GUI, click the Policies tab, then click the Decryption node.

UTD-NGFW 3.3 24
Step 2: Click Add in the lower left-hand corner.

Step 3: In the Decryption Policy Rule pop-up; name the policy UTD-Decryption-02,then select Activity4
under Tags.

Step 4: Click the Source tab.

Step 5: Click Add in the box labeled Source Zone. Then select Trust.

Step 6: Click the Destination tab.

Step 7: Click Add in the box labeled Destination Zone. Then select Untrust.

Step 8: In the Service/URL Category tab, add Unknown under the URL Category.

Step 9: Click the Options tab, then select decrypt for Action. Leave the Type selection as SSL Forward
Proxy then select default for the Decryption Profile.

Step 10: Click OK.

Step 11: Click Commit (in the upper right-hand corner of the web browser).

Step 12: Click Commit All Changes in the pop-up window.

Step 13: Click Close once the commit has completed.

Task 3 Retest secure download

Step 1: In the browser, go back to the UTD lab web server; then click the Configuration file (secure download)
link again. You will need to click Yes on the certificate-error prompt to continue with the download.

Step 2: Are you able to download through the secure download? The download should fail because the file is
infected and the antivirus inspection can now stop the download after the session is decrypted.

Task 4 Review traffic logs

Step 1: Click the Monitor tab; then go to the Threat node under the Logs section.

UTD-NGFW 3.3 25
Step 2: Select the latest entry in the Threat log, then click the Details icon next to the log entry to view the log
details. Notice that under the Flags category, there is a checkmark to indicate this particular session is
decrypted.

End of Activity 4

UTD-NGFW 3.3 26
Activity 5 Modern Malware Protection
Background: Modern malware is at the heart of many of today's most sophisticated network attacks and
is increasingly customized to avoid traditional security solutions. WildFire exposes targeted and
unknown malware through direct observation in a virtual environment, while the Next-Generation Firewall
ensures full visibility and control of all traffic, including tunneled, evasive, encrypted and even unknown
traffic. Policy considerations include which applications to apply to the WildFire file blocking/upload
profile.

PAN-OS features to be used:

Profiles: virus, spyware, file blocking, and WildFire.
WildFire portal.
Logging and reporting for verification.

In this activity you will:

Review the existing WildFire analysis profile.
Add the WildFire Analysis profile to an existing security policy.

Task 1 Review default WildFire analysis profile

Step 1: Click the Objects tab, then click the WildFire Analysis node (found under Security Profiles).

Step 2: Click the Profile name Default, then review the default WildFire analysis profile. Notice that the default
profile sends any file types from any applications to the WildFire public cloud service.

Note: WildFire analysis profile provides the option to enable hybrid deployment (public cloud and private cloud).
WildFire hybrid deployment enables you to maintain privacy or regulatory concerns, select between public cloud
or private cloud analysis (using WF-500) based on security rules, content sensitivity, and regulatory concerns. A
Palo Alto Networks firewall can forward unknown files and email links to the WildFire public global cloud or to
one of two WildFire regional clouds (Europe and Japan) that Palo Alto Networks owns and maintains. In this
lab, we will use the default profile and send unknown files to the WildFire public global cloud for analysis.

Step 3: Click Cancel to close the WildFire analysis profile.

Task 2 Enable WildFire analysis on a security policy

Step 1: Click the Policies tab, then click the Security node.

Step 2: Click the rule name UTD-Policy-01.A Security Policy Rule pop-up will appear.

Step 3: Click the Actions tab within the pop-up.

UTD-NGFW 3.3 27
Step 4: In the Profile Setting section, select the drop-down menu next to WildFire Analysis.

Step 5: Select Default.

Step 6: Click OK.

Step 7: Click Commit in the upper right-hand corner of the web browser.

Step 8: Click Commit All Changes in the pop-up window.

Step 9: Click Close once the commit has completed.

Task 3 Test WildFire modern malware protection

Step 1: To download a WildFire test file, open the browser and enter the following in the address bar or click on
the bookmark WildFire Test File. [Note: Ignore the Chrome browser warning message for downloading an .exe
file by clicking the Keep button.]
http://wildfire.paloaltonetworks.com/publicapi/test/pe

Repeat the download a few times. Each file is different and will trigger a new upload to the WildFire Cloud.

Step 2: The browser will automatically download a wildfire-test-pe-file.exe sample file. Check your Download
folder to confirm the download. [Note that this sample changes every time it is downloaded and it should bypass
most antivirus scans.]

Task 4 WildFire portal review

Step 1: Use the WildFire Portal bookmark to go to the login page (or enter the URL:
http://wildfire.paloaltonetworks.com )

Step 2: Login using the following credentials:

Username: ngfw.utd@gmail.com
Password: utd135

UTD-NGFW 3.3 28
Step 3: In the portal, click the Reports tab. You will see a summary of all the files that have been submitted for
analysis. You can review the WildFire analysis report by clicking the report icon on the left-hand side of the
entry. A WildFire account can manage multiple Palo Alto Networks firewalls. (Note: In this lab environment, there
is only one firewall managed by this account.)

Step 4: You can also upload suspicious files manually for analysis using the Upload Sample, click the Upload
Sample tab at the top of the page to review the various upload options.

Task 5 Review the WildFire analysis results

Step 1: To view the sample file that has been sent to WildFire, go back to the firewall GUI, then click the Monitor
tab. Click on the WildFire Submissions node and then review the results returned from the WildFire service.
[Note: It may take about 5-10 mins for the WildFire Submissions log to appear.]

Step 2: When you see the entry, click the Details icon next to the top log entry. In the Log Info tab, you
can view the basic info of the file and the application that carries that file.

Step 3: Click the WildFire Analysis Report tab to view the details on the analysis results. Under WildFire
Analysis Summary, the Verdict indicates that the submitted file is malware, and you can download the malware
file directly from the Sample File tab.

Step 4: Under Wildfire Analysis Report tab you can scroll down to see the behavior of the malware when its
associated with different operating systems. Virtual Machine 1 is configured with Microsoft Window XP; you
can review the behavior and activity of the malware. Click Virtual Machine 2 to review the malware behavior and
activity in Windows 7.

UTD-NGFW 3.3 29
Step 5: Click the VirusTotal link under Coverage Status on the report, and it will bring you to the VirusTotal
home page. Since this malware has never been seen before because the hash has been changed, VirusTotal will
not have any information on this virus.

Step 6: Explore the other features and functions offered in the WildFire Analysis Report such as download the
sample file or download the WildFire Analysis report in pdf.

End of Activity 5

UTD-NGFW 3.3 30
Activity 6 URL Filtering
Application control and URL Filtering complement each other, providing you with the ability to deliver
varied levels of control that are appropriate for your security profile. Policy considerations include URL
category access; which users can (or cannot) access the URL category; and the prevention of malware
propagation.

PAN-OS features to be used:

URL Filtering category match.

Logging and reporting for verification.

In this activity you will:

Modify the behavior of the URL Filtering functionality.

Task 0 Check connectivity

Step 1: Open a new tab and select Gambling.com from the Lab Bookmarks > Activity-6 folder (you should be
able to open this page).

Task 1 Modify URL Filtering

Step 1: Go back to the firewall GUI. Click the Objects tab, then click the URL Filtering node found in the
Security Profiles section.

Step 2: Click the Profile name UTD-URL-filter-01.

Step 3: Search for the Gambling category, then change the action from Alert to Continue on the Site Access
Column.

Step 4: An explicit block-and-allow list is available in the URL Filtering profile. See the preconfigured example,
then click OK to save the changes.

UTD-NGFW 3.3 31
Task 2 Apply URL Filtering to the security policy
Step 1: Click the Policies tab, then click the Security node.

Step 2: Click the rule UTD-Policy-01.A Security Policy Rule pop-up will appear.

Step 3: Click the Actions tab within the pop-up.

Step 4: In the Profile Setting section, select the drop-down menu next to URL Filtering.

Step 5: Select UTD-URL-filter-01, then click OK.

Step 6: Click Commit in the upper right-hand corner of the web browser.

Step 7: Click Commit All Changes in the pop-up window.

Step 8: Click Close once the commit has completed.

Step 9: Open a new browser tab (on the Student Desktop), then select Top Bet from the Lab Bookmarks >
Activity-6 folder If the cached page appears, use the CTRL + F5 keys to reload the page.

The web page is blocked, but you will have the option to continue to open the page.

Step 10: Click Continue to open the web page.

UTD-NGFW 3.3 32
Task 3 Review URL Filtering logs

Step 1: Click the Monitor tab, then click the URL Filtering node under the Logs section.

Questions:
What was the action associated with the log entries?
What was the application associated with the log entries?

End of Activity 6

UTD-NGFW 3.3 33
Activity 7 GlobalProtect: Safely Enable Mobile Devices
Mobile computing is one of the most disruptive forces in information technology. It is revolutionizing how
and where employees work, and the tools they use to perform their jobs. GlobalProtect from Palo Alto
Networks safely enables mobile devices for business use by providing a unique solution to manage the
device, protect the device and control the data.

PAN-OS features to be used:

GlobalProtect Portal and Gateway.
GlobalProtect Client Application.

In this activity you will:

Complete the GlobalProtect Portal configuration in the lab environment to allow GlobalProtect
clients to connect to the GlobalProtect Gateway.
Use the GlobalProtect client application to connect to the GlobalProtect Gateway and verify the
traffic is being protected by the firewall.

Task 1 Identify the GlobalProtect Gateway URL

Step 1: Locate the public URL for the GlobalProtect Gateway running on VM-Series. This is the URL we will use
to configure both the GlobalProtect Gateway and the client. Go to the Virtual Machines tab at the top of the
page. You will see a list of all the virtual machines used in this lab.

Step 2: Identify the VM-Series Next-Generation Firewall virtual machine, then click More Details. The external
address for the virtual firewall will revert to the public IP address, which you will need to use.
[Note that the external address is unique to each lab environment and it is different from what is shown below.]

UTD-NGFW 3.3 34
(Optional) Step 3a: Make note of this external address. Alternatively, you can use Cloudshare Clipboard to
copy the text to the VM in the environment. To use Cloudshare Clipboard, click the blue icon next to the URL
to copy it to the clipboard. Go back to the student desktop, then click the Edit Clipboard button. (If you are using
Fullscreen RDP you will need to exit to see the Edit Clipboard button.

(Optional) Step 3b: In the clipboard window, right-click, then paste the URL here.

(Optional) Step 3c: Close the clipboard by clicking save in the Cloudshare clipboard. Now you should be able to
paste this text in the VM when you right click in any text field. The URL should have a format of *.vm.cld.sr.

Note: You may want to paste the URL into a text file on your laptop it
may come in handy later in this activity.

Task 2 Complete the GlobalProtect Gateway configuration

Step 1: Go back to the student desktop, then login to the VM-Series firewall web GUI.

UTD-NGFW 3.3 35
Step 2: Go to the Network tab at the top of the page, then click the GlobalProtect node. Click portals

Step 3: Click the UTD-GP-Portal to open the GlobalProtect Portal configuration window; then click the Agent
tab on the left-hand side of the window.

Step 4: Click the UTD-GP-Portal-ClientCfg in the Client Configuration window.

Step 5: In the Config window of the UTD-GP-Portal-ClientCfg, go to the External tab to configure the
gateway information that will be provided to the client.

Step 6: In our lab, we will use one external Gateway. We will enter your lab gateway URL for the client. Click the
Address field under External Gateways tab, then replace the replace.this.url with the External Address URL
from Task1 of this activity.

Note: If you have completed Optional Step3 in Task1, you can right click and paste the URL in the address field.

UTD-NGFW 3.3 36
Step 7: Click OK twice to save and commit the configuration changes in the UTD-GP-Portal.

Task 3 Log into GlobalProtect from the Mobile PC (GlobalProtect)

Step 1: Click the Mobile PC (GlobalProtect) tab at the top of the page to go to the mobile PC console.

Step 2: Open the Chrome browser and test the Internet connectivity using public websites from the Labs
Bookmarks > Activity-6 folder like CNN or facebook. You should be able to connect to the internet directly from
this device.
Note: This device is not sitting behind the VM-Series firewall. You can test this by going to the
website (www.gambling.com) that was blocked in Activity6. You should not see the block page.

Step 3: Start GlobalProtect from the Start menu or Desktop

Step 4: In the GlobalProtect window, on the Home tab to enter the GlobalProtect Portal URL. [You can use the
Send Text feature to cut and paste the external gateway URL in the Send Text window, then send it to the
GlobalProtect Settings window.]

Step 5: In the Settings window, enter the following username and password, then copy the external gateway
URL from Task1 of this activity into the Portal field.
[You can use the Send Text feature to cut and paste the external gateway URL in the Send Text window, then
send it to the GlobalProtect Settings window.

Note: If you encountered connection problems,

check to ensure the external gateway URL is
entered correctly in the Portal field.

UTD-NGFW 3.3 37
(Optional) Step 5a: You can validate the external gateway URL by testing it in a browser with the HTTPS
protocol. It will open the GlobalProtect Portal page on your gateway. You are not required to login to this portal.

Step 6: Click Connect and enter credentials when prompted.

Username: joe
Password: utd135

Step 6: Once connected, you can see the GlobalProtect welcome page. To verify that GlobalProtect is connected
to the Portal, go to the Details window in the GlobalProtect application to confirm
the Connected status.

Step 7: Check your Internet connectivity in the Mobile PC (w GlobalProtect) by selecting some web pages from
the Labs Bookmarks folder in the browser. When you try to go to www.gambling.com again, you should see the
blocked page from Activity6.

Step 8: In your browser right click the SAAS bookmark folder from the Activity-1 folder, select open all
bookmarks, let pages load (or fail) and close the tabs again.

Task 4 Review traffic on the VM-Series firewall

Step 1: To view the Mobile PC (w GlobalProtect) VPN connection to the VM-Series firewall, go back to the
student desktop, then log in to the VM-Series firewall web GUI.

UTD-NGFW 3.3 38
Step 2: Go to the Monitor tab, then to the Traffic logs monitor page under the Logs node on the left side of
the page.

Step 3: Look for traffic logs from the GP-VPN zone where you can see the traffic logs from the Mobile PC (w
GlobalProtect). This demonstrates that traffic from the the Mobile PC (w GlobalProtect) is now protected by the
firewall. [Note: the firewall policy, in this case UTD-Policy-04 can be modified to safely enable the necessary
applications for remote users.]

Step 4: Notice that the username is also visible from the traffic log, indicating which user-based firewall policy can
be created based on the users login info.

Step 5: Now go to the Network tab, then go to the GlobalProtect > Gateway node.

Step 6: Click the Remote Users link under Info column to open the remote users information window.

Step 7: Under the Current User tab in the User Information window. Notice that the GlobalProtect client in the
Mobile-PC can collect host information such as computer name, operation system used and more.

Note: The host-information profile (HIP) in

GlobalProtect provides details about the
condition of the mobile laptop, smartphone or
tablet, which can be used to make policy
decisions about the resources that the device
can access. Please talk to your instructor for
more information about mobile security
management through GlobalProtect.

End of Activity 7

UTD-NGFW 3.3 39
Activity 8 Control Application Usage with User-ID

Understanding which users are related to which traffic on your network is more useful than just knowing
ports and IP addresses. Visibility and reporting based on users is more intuitive, and policies expressed
in terms of users (or groups) are a better match for expressing business-relevant security policies. You
will create a security policy using User-ID in this activity. You must successfully complete Activity 7
before you can continue with this activity.

PAN-OS features to be used:

Createa security policy using User-ID
Using GlobalProtect to validate the security policy

In this activity you will:

Create a security policy to enable applications based on User-ID
Ensure that access to the application is determined by individual userIDs, even when multiple
users log in from the same device.

Task 1 Validate access to SSH server

Step 1: On the Mobile PC (GlobalProtect), connect to the SSH server used in Activity3 using ssh. Open the
PuTTY application, then load the SSH server (standard port 22) from the saved sessions to ssh into
172.16.1.101. Click Open. Can you ssh to 172.16.1.101?

You should not be able to ssh to the server.

Step 2: Go back to the firewall GUI in the student desktop. Go to the Traffic logs in the Monitor tab. You
should be able to see that traffic on port 22 was being dropped.

UTD-NGFW 3.3 40
Task 2 Enable applications based on User-ID
Step 1: We will enable the security policy on the firewall to allow the user joe to use the SSH application. Click
the Security node in the Policies tab, then select UTD-Policy-05, and click Enable to enable the policy.

Once enabled, the policy will turn from light grey to blue.
Step 2: Click the policy name to open the policy window, then click on the User tab (note that the only user is
joe is in this policy). Then click the Application tab.(Note: Ping and SSH are enabled in this policy.)

You can check the Application Default setting in the Service/URL Category, so SSH can only run on its
standard port.

Step 3: Click Commit to commit the changes.

Task 3 Confirm access with User-ID

Step 1: Go back to the mobilePC (and remember that you are logged in as joe in the GlobalProtect client).
Verify the SSH access to the server on 172.16.1.101 by using:

Login: student
Password: utd135

You should be able to login to the SSH sever now. End the SSH session after you are logged in.

UTD-NGFW 3.3 41
Step 2: Go back to the GlobalProtect client window and 1. Click on joe in the upper right corner of the window.
That will open the dialog 2. And allow you to remove the current credentials.

Step 3: to peter in the Home tab(we have set the password for both accounts to utd135 so you dont need to
re-enter the password). Then click Connect and OK to reconnect to the GlobalProtect Gateway.

Step 4: Now click Connect and enter credentials when prompted. This time use
Username: peter
Password: utd135

You will see the Welcome message and peter will show in the upper right comer as logged in user.

Step 5: Use the PuTTY application to reconnect to the SSH server. You will see that the connection is being
denied.

Note: This demonstrates that the access to the application is controlled based on the users
ID, rather than the IP address of the device.

UTD-NGFW 3.3 42
Step 6: Review the traffic log on the firewall to confirm that the source user is peter instead of joe, hence
access to the SSH is being denied.

End of Activity 8

UTD-NGFW 3.3 43
Activity 9 Clientless VPN

Clientless VPN provides secure remote access to common enterprise web applications that use HTML,
HTML5, and Javascript technologies. Users have the advantage of secure access from SSL-enabled web
browsers without installing GlobalProtect client software. This is useful when you need to enable partner
or contractor access to applications, and to safely enable unmanaged assets, including personal devices.

In this activity you will:

Configure Clientless VPN access for accessing web applications
Test the access from a mobile PC without VPN client installed

Task 1 Identify the Clientless VPN Gateway Hostname

Step 1: Locate the external address for the Clientless VPN Gateway running on VM-Series. This is the hostname
we will use to configure the Clientless VPN Gateway and use it to connect with the web browser to the VPN. Go
to the Virtual Machines tab at the top of the page. You will see a list of all the virtual machines used in this lab.

Step 2: Identify the VM-Series Next-Generation Firewall virtual machine, and then click More Details. The
external address for the virtual firewall will revert to the public IP address, which you will need to use.
[Note that the external address is unique to each lab environment and it is different from what is shown below.]

UTD-NGFW 3.3 44
Task 2 Configure Clientless VPN
Step 1: Go to the Network tab at the top of the page, then click the GlobalProtect node. Click on UTD-GP-
Portals.

Step 2: Go to Clientless VPN and the General tab, activate the Clientless VPN checkbox and configure it with
the following values:
Hostname: Use the hostname we obtained in Task 1 (will look different from the screenshot)
Security Zone: Select Trust from the dropdown list
DNS Proxy: Select Google-Public-DNS from the dropdown list
Login Lifetime: 3 Hours
Inactivity Timeout: 30 Minutes

The result should look like this:

UTD-NGFW 3.3 45
Step 2: Continue on the Applications tab, click Add at the bottom left.

Step 3: Configure the Application To User Mapping with the following values:
Name: SSL-Portal-Apps
User/User Group: Any
Applications: Google Docs, Intranet, Office 365

Step 3: Commit all changes

UTD-NGFW 3.3 46
Task 3 Test the Clientless VPN access from Mobile PC
Step 1: Click the Mobile PC tab at the top of the page to go to the mobile PC console.

Step 2: Open a web browser and use the hostname that we captured in Task 1. You can use the Send Text
button to paste it into the browser.

Step 3: Make sure to precede the hostname with https://

Step 4: Login to the GlobalProtect Portal with the following credentials:

Name: joe
Password: utd135

Step 5: Test the applications by clicking on the icons.

UTD-NGFW 3.3 47
Step 6: The web application should open, please notice the URL showing that you are connected to the
Clientless VPN hostname.

Task 4 Verify the log file entries on the firewall

Step 1: On the Student PC: Go to the Monitor tab, then to the Traffic logs monitor page under the Logs node
on the left side of the page. Filter for (user src eq joe). The log entries show the Clientless VPN traffic.

End of Activity 9

UTD-NGFW 3.3 48
Activity 10 ACC and Custom Reports
Background: Informative visualization tools and reports are very important to network and security
administrators, which enable them to monitor and identify potential network problems and attacks.
Comprehensive built-in visualization tools and reporting features in the firewall can provide visibility into
the network without requiring a complex logging infrastructure.

PAN-OS features to be used:

Application Command Center (ACC).
o Built-in visualization tools that provide a clear view of the application, user and threat data
on your network.
o ACC in PAN-OS has been upgraded to reduce response time based on visual and
actionable data.
Manage custom reports.
o Create a custom report using traffic stats logs.

Task 1 Review Application Command Center (ACC)

Step 1: Click the ACC tab. The ACC is configured to automatically show data collected in the last hour. Change
the time range to Last 6 Hrs in the Time drop-down window to include all the data generated during your lab
session.

Step 2: There are four pre-defined tabs: the Network Activity, Threat Activity, Blocked Activity and Tunnel
Activity tabs. Under the Network Activity tab, you can see the most used applications in the Application Usage
widget. Please take a moment to review the other widgets such as User Activity, Source IP Activity,
Destination Regions, etc.

UTD-NGFW 3.3 49
Step 3: In the Application Usage widget, you can click any tile to zoom into a group of applications or a single
application by clicking the General Internet category or the Networking category.
Step 4: The selection in the widget applies only to that specific widget. Mouse over the App Category
[networking] selection, and the Add Global Filter option will appear. Click Add Global Filter to apply the
selection to all the widgets.

Step 5: In the Risk column (shown below), mouse over risk level 4 and click the Add Global Filter icon to add
a risk-level-4 filter to the global filters. The widget will display only information on risk-level-4 applications in the
networking category.

Step 6: To remove the global filter, click Clear all, or select a filter, then click the red - button to remove it.

UTD-NGFW 3.3 50
Step 7: To customize a time range, go to the User Activity widget. Then select a start time and drag it through
the time axis to the end of the time range. Apply this to the widget. You can apply this time range to the other
widgets by clicking Add Global Filter.

UTD-NGFW 3.3 51
Step 8: To remove the customized time range from the global filter, select a new time from the Time drop-down
menu inStep1 to reset the time range.

Task 2 SaaS Application Usage Report

To maintain network security and ensure compliance with corporate policy, you must identify and monitor the use
of SaaS applications on your network. To meet this challenge, the Palo Alto Networks firewall includes a new
SaaS Application Usage Report in PDF format to give you visibility into the SaaS applications. The new report
helps you identify the ratio of sanctioned versus unsanctioned SaaS applications in use on the network. It also
includes details on the top SaaS application subcategories by number of applications, by number of users, and
more. You can use the data from this report to define or refine security policy rules on the firewall to block or
monitor the use of unsanctioned SaaS applications on your network. This task will show you how to get started
with the SaaS Application Usage Report on the firewall.

Step 1: Click the Monitor tab, then click the SaaS Application Usage node under the PDF Reports.

Step 2: Click Add at the bottom of the window to open a new SaaS Application Usage report configuration
window.

Step 3: Name the report SaaS App Usage Report, then select Last 7 Days, and click OK to save it.

Step 4: You should see a new entry created. Click it again to re-open the report window; then click Run Now to
create the report.

Step 5: It will take a bit of time to create the report. When the report is done, you should see a new browser tab
open with the report. (You may need to disable the pop-up blocker in your browser to allow the report to be
opened in a new browser tab.)

UTD-NGFW 3.3 52
Step 6: Take a closer look at the SaaS Application Usage Report; it contains a lot of useful data. Close the SaaS
Usage Report window after the report is created. (You can export the report as a PDF.)

Task 3 Setting up a custom report

Step 1: Click the Monitor tab, then click the Manage Custom Reports node (second from last).

Step 2: Click Add (in the lower left), then name the report Session Stats (in the Custom Report pop-up).

Step 3: Use the following information to create this report:

Database ..................................... Application Statistics

Scheduled ........................... Not Checked
Time Frame ................................. Last 6 Hrs
Selected Columns ....................... Application Name, App Category, App Sub Category, Risk of App,
Sessions
Sort By ......................................... Sessions: Top 10

Step 4: Click Run Now (at the top of the pop-up). A tab Session Stats will be created; review the report and
export the results as a PDF file.
Reports may also be scheduled by selecting the Scheduled checkbox in the Custom Report window. These
reports will run automatically at 2:00 a.m. daily.

UTD-NGFW 3.3 53
Task 4 Whats new in PAN-OS 8.0
To provide organizations with the best security capabilities to prevent successful cyberattacks, PAN-
OS 8.0, includes a colossal amount of enhancements and capabilities, including:
Secure any cloud! AWS, Azure and more
Secure SaaS (Office 365 , Box, Slack) with visibility and enforcement
Prevent sandbox evasion, automate C2 detection, and leverage advanced intel sharing
Prevent credential theft usage and abuse
Simplify security operations with enhanced management, speed and automation
New high-performance hardware models to tackle encrypted traffic and more

To learn more about the new features in the latest PAN-OS release, visit us at:

End of Activity 10

UTD-NGFW 3.3 54
Activity 11 - Feedback on Ultimate Test Drive
Thank you for attending the Ultimate Test Drive event. We hope you enjoyed the presentation and the labs
that we have prepared for you. Please take a few minutes to complete the online survey form to tell us
what you think about this event.

Task 1 Take the online survey

Step 1: In your lab environment, click on the Survey tab.

Step 2: Please complete the survey, and let us know what you think about this event.

End of Activity 11.

UTD-NGFW 3.3 55
Appendix 1: Alternative Login Methods to Student
Desktop
This appendix shows you how to login to the student desktop using other connectivity methods. Please complete
the procedures outlined in Activity 0: Task1 to login to the UTD Workshop before you continue.
There are two other methods you can use to login to the student desktop:

Use the Console feature in the workshop (Java client required).

Use the RDP client if it is installed on the laptop

Both methods are described below, and you can select the one that best fits what you have installed on your
laptop. Note that RDP protocol may not be supported on all networks so please verify that the RDP is supported
at your location.

Login to the student desktop using Java Console (Java client required)
Step 1: Click Student Desktop after you login to the UTD workshop.

Step 2: Click the Console link on the upper right hand corner. This will switch the connection method from RPD
to Console which uses a Java based VNC client.

Step 3: Allow Java to run the VNC Viewer application. You may need to click Run a few times.

UTD-NGFW 3.3 56
Step 2: Click Dont Block on the Java Security Warning message.

Step 3: After allowing the Java client to run, you will see the student desktop display. Click Send Ctrl-Alt-Del to
open the login window and use the username and password as indicated on your browser (not the one indicated
below). You should be able to login to the student desktop after entering the login name and password.

UTD-NGFW 3.3 57
Appendix 2: Support for Non-U.S. Keyboards
If you are using a non-U.S. keyboard and have difficulties entering characters and special keys, you can add a
keyboard to the student desktop to support what you have or use the on-screen keyboard. This appendix shows
you how to add, select an international keyboard or use the on-screen keyboard.
By default, the English (United Sates) and French (France) keyboards are added to the student desktop. Click
the bottom left-hand corner to switch between them.

Add a new international keyboard

To add other keyboards, go to Start > Control Panel. Click Change Keyboards or other input methods.

UTD-NGFW 3.3 58
Click Change keyboard.

Click Add to add a new international keyboard. Then switch to the new keyboard per the instructions on the
previous page.

Use the on-screen keyboard

To use the on-screen keyboard:
Step 1: Click Start ->All Programs.

Step 2: Click on Accessories

UTD-NGFW 3.3 59
Step 3: Click Ease of Access, then click On-Screen Keyboard.

Step 4: You should see the Windows On-Screen Keyboard. To bypass keys inside the VM image that do not work
on your keyboard, select the key.

UTD-NGFW 3.3 60
 Lab Setup

Firewall VM-Series

Interface: Int Type: IP Address: Connects to Zone:

Ethernet 1/1 L3 172.16.1.1 "Untrust"

Ethernet 1/2 L3 192.168.11.1 "Trust"
Management - 10.30.11.1

UTD-NGFW 3.3 61