Overview
This service provides the conversion of Layer 3 and 4 policies to advanced Layer 7 policies (App-ID) on existing Palo Alto Networks devices in the customer's AWS network, without involving design or architecture.
It includes the implementation of App-ID, SSL Decryption and QoS, as well as User-ID enablement with a source ID and Group Mapping configuration. It also covers the modification of security rules and the conversion of port-based rules to application-based rules. SSL decryption policies are deployed for high-risk categories, along with active monitoring and PANDB content filtering configuration.
The service allows blocking high-risk categories, enabling Content-ID, and includes Anti-virus and Anti-Spyware recommendations. Delivery includes up to four remote training sessions of four hours each to ensure proper implementation and operation.
- Any Palo Alto Networks device already online on the customer's network is included.
- Does not include architecture or design services.
- Includes review of technical requirements.
- Implementation of App-ID functionality on the customer's network and change of policies according to requirements is covered.
- Conversion of all applications known to the Palo Alto Networks solution from port-based rules to application-based rules.
- Isolation of traffic rules that handle unknown TCP/UDP traffic.
- Implementation of User-ID functionality on the client network with one (1) source of identification (802.1x, RADIUS, LDAP, XML API).
- Configuration of group association according to User-ID (Group Mapping).
- Modification of security rules according to customer requirements.
- Development and deployment of SSL Decryption policies for high risk categories according to customer requirements. Certificate deployment is not included.
- Enabling SSL Decryption functionality on selected Palo Alto Networks devices.
- Deployment of decryption policies based on customer-defined categories.
- Validation through log monitoring, active session decryption for categories defined in customer requirements.
- Configuration of the PANDB Content Filtering feature based on customer requirements.
- Manually convert existing content filtering rules to PANDB URL Filtering profiles, or create new filtering profiles.
- Blocking of high-risk categories based on customer requirements.
- Content-ID enablement - Review network traffic and document changes as needed.
- Inclusion of Anti-virus and Anti-Spyware recommendation.
- Includes up to four (4) remote training sessions of up to four (4) hours each.
Highlights
- Optimization of security policies: conversion of layer 3 and 4 rules to advanced layer 7 policies (App-ID) and enabling key functionalities such as SSL Decryption, User-ID and QoS.
- Advanced content filtering: PANDB configuration for high-risk categories and customization of URL filtering profiles to strengthen the protection of the client environment.
- Comprehensive remote support: up to four remote sessions of four hours each, ensuring an effective implementation tailored to the customer's specific technical requirements.
Details
Pricing
Custom pricing options
Legal
Content disclaimer
Support
Vendor support
Our Service Level Agreement (SLA) guarantees 24/7* support to ensure uninterrupted assistance for our clients. We commit to a first response time of under 15 minutes, providing prompt attention to your needs. Our SLA includes vendor support to address issues requiring external expertise, ensuring seamless problem resolution. Clients can reach us anytime through Xelco, telephone, email, or live chat, offering flexible communication options tailored to their preferences.
- Restrictions may apply.
- Contact support for more information at www.netdatanetworks.com/en/contact-us or via email info@netdatanetworks.com
Software associated with this service
