Global Protect

Question 1

HIP Objects & Profiles

Answer 1

Host Information Profile or HIP objects provide the matching criteria for filtering the raw data reported by an agent or app that you want to use to enforce policy. For example, if the raw host data includes information about several antivirus packages on a client, you might be interested in a particular application because your organization requires that package. For this scenario, you create a HIP object to match the specific application you want to enforce.
The best way to determine the HIP objects you need is to determine how you will use the host information to enforce policy. Keep in mind that the HIP objects are merely building blocks that allow you to create the HIP profiles that your security policies can use. Therefore, you may want to keep your objects simple, matching on one thing, such as the presence of a particular type of required software, membership in a specific domain, or the presence of a specific client OS. With this approach, you have the flexibility to create a very granular, HIP-augmented policy.

Question 2

Jamf

Answer 2

Jamf Pro is comprehensive enterprise management software for the Apple platform, simplifying IT management for Mac, iPad, iPhone and Apple TV.

Question 3

SAML

Answer 3

Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). What that jargon means is that you can use one set of credentials to log into many different websites. It’s much simpler to manage one login per user than it is to manage separate logins to email, customer relationship management (CRM) software, Active Directory, etc.

SAML transactions use Extensible Markup Language (XML) for standardized communications between the identity provider and service providers. SAML is the link between the authentication of a user’s identity and the authorization to use a service.

An example of SAML is when i used google to login to this app (brainscape).

Question 4

Okta

Answer 4

saml identity provider

Question 5

Radius

Answer 5

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812[1] that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc. in 1991 as an access server authentication and accounting protocol and later brought into the Internet Engineering Task Force (IETF) standards.

Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by Internet service providers (ISPs) and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, digital subscriber line (DSL), access points, virtual private networks (VPNs), network ports, web servers, etc.

RADIUS is a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport. Network access servers, the gateways that control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server.[4] RADIUS is often the back-end of choice for 802.1X authentication as well.

The RADIUS server is usually a background process running on a UNIX or Microsoft Windows server.

Question 6

TACACS+

Answer 6

Terminal Access Controller Access-Control System Plus(TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handlesauthentication, authorization, and accounting (AAA)services. TACACS+ have largely replaced their predecessors.

Question 7

LDAP

Answer 7

• The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.
• A common use of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect to the LDAP server to validate users.

Question 8

Duo

Answer 8

Cisco MFA (Multi Factor Authentication) provider owned by Cisco

Question 9

Security Posturing

Answer 9

The security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.

Question 10

CFIS

Answer 10

Church Financial Information System

Question 11

3 components of GlobalProtect

Answer 11

GlobalProtect Portal
GlobalProtect Gateway(s)
GlobalProtect Client Software

Question 12

GlobalProtect Portal

Answer 12

Central Point of Intelligence

Provides the management functions for the GlobalProtect infrastructure. Every client connecting to the GlobalProtect network receives configuration information from the portal.

• Authenticates users initiating connections to GlobalProtect.
• Ability to create and store custom client configurations.
• Maintains lists of internal and external gateways.
• Manages CA certificates for client validations of gateways.
• Portal can control clients ability to choose which gateway it connects to or to only allow a specific gateway.

Question 13

GlobalProtect Gateways

Answer 13

Internal or External
Provide security enforcement for traffic from GlobalProtect agents and apps:
-External gateways provide security enforcement and VPN access for remote users.
-Internal gateways apply security policy for access to internal resources.

Question 14

GlobalProtect Client Software

Answer 14

Windows/UWP
Mac/iOS
Android/Chromebook
Linux App
-Runs on end-user systems and enables access to network resources via the deployed GlobalProtect portals and gateways.

Question 15

Is there communication between one GlobalProtect gateways and another? Or between gateways and portals?

Answer 15

No. Only communication only happens between clients and portals, or clients and gateways.

Question 16

Prisma Access

Answer 16

• Security delivered from the cloud
• Scalable, manageable, architecture
• Consistent security for both remote locations and mobile users
• Managed centrally by Panorama

Question 17

Clientless VPN

Answer 17

• Remote users can connect securely via SSL enabled browsers without needing to install the GlobalProtect client software.
• admins can allow a specific set of applications. You use security policies to allow access
• the remote user will see a published applications page with a list of web applications they can launch.

Question 18

How does a client decide whether to connect to the internal or external gateways?

Answer 18

The client receives an IP address and hostname for the internal gateway from the portal. If it is able to resolve the ip to hostname with a reverse lookup then it assumes it is internal and connects to the internal gateways. If not it connects to the external gateways.

Question 19

Internal User-Based Access

Answer 19

An internal gateway that is used in conjunction with User-ID technology can be use to provide a secure, accurate method of identifying and controlling traffic by user.

Question 20

GlobalProtect Certficates

Answer 20

connectivity between all parts of the GlobalProtect infrastucture is authenticated using ssl certs. The Portal can act as a CA for the system or customers can generate certs using their own CAs. Portals, Gateways, and agents must use certificates signed by the same CA. If third parties who may not trust a self-signed CA are to be granted remote access, a cert issued by a public CA should be used. Portals can export certs for the gateways. Since portals and gateways don’t directly communicate you have to manually import the certs to the gateways.