Firewall Deployment for Device Visibility
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Firewall Deployment for Device Visibility
Deploy your firewall so it can log network traffic data for DHCP flows and forward the
logs to Strata Logging Service.
The Palo Alto Networks IoT Security app
uses machine learning to classify IoT devices based on the network
traffic for which these devices are either a source or destination. To
accomplish this, it relies on Enhanced Application logs (EALs) generated
by the Palo Alto Networks next-generation firewall.
DHCP traffic is of particular importance to the IoT security
solution. DHCP provides a way to create an IP address-to-device
mapping (that is, an IP address-to-MAC address mapping) that is
required for classification to take place. However, a firewall typically
only generates an EAL entry when it receives a unicast DHCP message;
for example, when there is centralized Internet Protocol address
management (IPAM) and either the firewall or another local device
acts as a DHCP relay agent. Below is an example architecture that
illustrates a common case where the firewall generates EALs for
unicast DHCP traffic.
The firewall generates an EAL entry for broadcast DHCP traffic
when the packet is seen on a virtual wire (vWire) interface with
multicast firewalling enabled, as shown below.