Posts

Showing posts from October, 2017

Deploy Palo Alto in Azure

Image
There are many ways to deploy Palo Alto Firewall in Azure. Out of those options today I will discuss how Palo Alto can be configured to protect your Azure workload. This setup is suitable for Proof of Concept only. Planning-Includes Minimum Requirement - Without HA Logical Diagram:  Create Virtual Network Name: PAN-VNet Address Space: 10.0.0.0/16 Subnet Name: Management Subnet Address Space: 10.0.1.0/24 Subnet Name: Untrust Subnet Address Space: 10.0.2.0/24 Subnet Name: Trust Subnet Address Space: 10.0.3.0/24 Resource Group: PA-VNet    Subnet Spin Web Server Virtual Machine  Name: SecureWebServices Image: Windows Server 2016 Resource Group: Services Network: PAN-VNet Subnet: Trust Role: Web Server (IIS) Installed Change NSG rules of Web Server to accept request on port 80, if you wish to test the web request. However, later on, this behaviour will be controlled through firewall. Spin Palo Alto Firewall Virtual Machine Name: vmseries300 Im

Identity and Access Management in Azure

"Identity revolves around who am I ? and how can I prove that I am the one who is claiming to be."  Proving absolute need of access to the right people is key to success for every organization. Due to the growth of modern workspace and social life, identity management has become more challenging. Every day we deal with multiple identities within a corporate setting and forgetting identities of least recently used has become common. Thanks to "Forget Passport" - Self Service Password Reset features.   To deal with this situation Microsoft usages its most powerful tools Active Directory - Single Source of Authority for on-premises domain user's and applications, known as On-Premises Identity , Azure Active Directory - Cloud Identity for all cloud-based application and resources and Hybrid Identities - which extends on-premises identities to the Azure Active Directory so that existing users can access cloud-based application using their identities. It enables