Podcast
Questions and Answers
What does Palo Alto Networks recommend regarding adding specific applications in PBF rules?
What does Palo Alto Networks recommend regarding adding specific applications in PBF rules?
Why might a PBF rule that specifies the application YouTube not be forwarded correctly initially?
Why might a PBF rule that specifies the application YouTube not be forwarded correctly initially?
What does the firewall do after fully identifying an application?
What does the firewall do after fully identifying an application?
What is a concern when adding specific applications in PBF rules?
What is a concern when adding specific applications in PBF rules?
Signup and view all the answers
How does the firewall initially identify YouTube traffic before fully identifying it?
How does the firewall initially identify YouTube traffic before fully identifying it?
Signup and view all the answers
What role does the Forwarding tab play in specifying packet forwarding options?
What role does the Forwarding tab play in specifying packet forwarding options?
Signup and view all the answers
Why is it important for a PBF rule to cache destination IP, port, and protocol information?
Why is it important for a PBF rule to cache destination IP, port, and protocol information?
Signup and view all the answers
What can be a consequence of not receiving enough packets for a PBF rule to match the most appropriate application?
What can be a consequence of not receiving enough packets for a PBF rule to match the most appropriate application?
Signup and view all the answers
What should be avoided when setting up PBF rules according to Palo Alto Networks?
What should be avoided when setting up PBF rules according to Palo Alto Networks?
Signup and view all the answers
What is one of the reasons to avoid adding specific applications in PBF rules?
What is one of the reasons to avoid adding specific applications in PBF rules?
Signup and view all the answers
Study Notes
Policy-Based Forwarding (PBF)
- PBF enables sending applications that do not use encrypted traffic over a private leased line, while other traffic is sent over an internet link.
- Alternatively, PBF can route business-critical applications over the leased line and other traffic over the internet link.
PBF Rules
- PBF rules use match criteria to match traffic, including source zone or interface, source user, source or destination IP address, application, or destination port.
- PBF rules enable specifying an outgoing interface.
- PBF rules do not apply to traffic originating from the firewall, such as IPsec VPN, GlobalProtect, or virtual router traffic.
PBF Path Monitoring
- PBF path monitoring enables the firewall to verify network path connectivity to an external IP address.
- The firewall uses ICMP pings as heartbeats to verify that the specified IP address is reachable.
- A Monitoring Profile specifies the threshold number of heartbeats to determine whether the external IP address is reachable.
Configuring PBF Policies
- To create a PBF rule, browse to Policies > Policy Based Forwarding and click Add.
- Specify the egress interface and IP address used to forward traffic.
- Specify source zone, address, user, and destination address, application, or port to match traffic.
Considerations for PBF Rules
- Avoid specifying specific applications in PBF rules, as the firewall may not initially identify the application correctly.
- The firewall caches destination IP, port, and protocol information to identify applications for subsequent connections.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Learn about how Palo Alto Networks Policy-Based Forwarding (PBF) can be used to route specific types of traffic over different network links for enhanced security or performance. Understand the limitations of PBF and which types of traffic it does not apply to.