PALOALTO FIREWALL CONFIGURATION, MANAGEMENT & TROUBLESHOOTING
About This Course
The Palo Alto Networks Firewall Configuration, Management and troubleshooting recorded training course will help you to:
- Configure and manage the essential features of Palo Alto Networks Next-Generation Firewalls
- Configure and manage Security and NAT policies
- Application ID , User ID and Content ID
- Configure and manage Threat Prevention strategies to block known and unknown threats
- IPsec Site to Site and Remote access VPNs
- High Availability Deployment
- Packet Flow and Troubleshooting
This training is the most important course as it covers all the fundamentals to understand the Next-Generation Firewall from the ground up. Even experienced firewall engineers can take a lot out of this course as it includes, besides the architecture and management essentials, topics like Application Identification, Content ID (IPS, Anti-Virus/-Spyware, URL Filtering, File Blocking), SSL Decryption and User Identification which are all features usually not supported by legacy firewalls.
Objectives
Successful completion of this course should enhance the participant’s understanding of how to configure and manage Palo Alto Networks next-generation firewalls. The student should learn and get hands-on experience configuring, managing, and monitoring a firewall in a lab environment.
Target Audience
Security Engineers, Security Administrators, Security Operations Specialists, Security Analysts, Network Engineers, and Support Staff
Prerequisites
Participants must have a basic familiarity with networking concepts including routing, switching, and IP addressing. Students also should be familiar with basic security concepts. Experience with other security technologies (IPS, proxy, and content filtering) is a plus.
Table of Contents
Module 1: Firewall and Networking Basics
- Gateway Vs Security Gateway
- Legacy Vs Next Generation Firewalls
- Stateful Packet Inspection (SPI)
- Core Features of Palo Alto Firewall
Module 2: Platforms and Architecture
- Next-Generation Firewall Architecture – Concept
- Firewall Platforms – Overview
- Zero Trust Security Model – Concept
- Public Cloud Security – Overview
Module 3: Initial Configuration
- Administrative Controls – Overview
- CLI – Overview and How To
- Initial Access to the System – How To
- Configuration Management – Concept and How To
- Licensing – Overview and How To
- Service Route – Concept, Best-Practices and Configuration
Module 4: Interface Configuration
- Security Zones and Interfaces – Concept
- Layer 3 interfaces – Concept and Use Cases
- Layer 3 interface – Configuration
- Layer 3 Sub interfaces – Concept and Use Cases
- Layer 3 Sub interfaces – Configuration and Best Practices
- Interface Management Profile – Concept
- Interface Management Profile – Configuration and Best Practices
- Virtual-Wire – Concept and Use Cases
- Tap interfaces – Concept and Use Cases
- Layer 2 interfaces – Concept and Use Cases
- Layer 2 interface – Configuration
- Virtual Router – Concept
- Virtual Router – Configuration
- Virtual Router – Troubleshooting
Module 5: Security and NAT Policies
- Security Policy Fundamentals – Concept
- Security Policy Administration – How To
- NAT Overview and Flow Logic – Concept
- Source NAT – Concept
- Source NAT – Configuration
- Source NAT with Static or Dynamic mapping – Concept and Configuration
- Destination NAT – Concept
- Destination NAT – Configuration
- Destination NAT with Port Forwarding – Concept and Configuration
- Bi-Directional NAT – Concept and Configuration
- NAT Troubleshooting
Module 6: Application Identification-App ID
- Application Identification – Overview
- Application Identification Flow Logic – Concept
- Using App-ID in a Security Policy – Concept and How To
- Application Group and Application Filter
- Security Policy and App-ID – Troubleshooting
Module 7: Content-ID and Security Profiles
- Content-ID – Overview
- Antivirus – Concept Configuration and How To
- AntiSpyWare – Configuration and Log How To
- Vulnerability Protection – Configuration and Log How To
- File Blocking – Configuration and Log How To
- External Dynamic Lists – Concept and Configuration
- Security Profile – Best Practices
Module 8: URL Filtering
- URL Filtering – Overview
- URL Filtering – Configuration
Module 9: Decryption Policy
- SSL – Concept
- SSL Outbound Decryption – Concept
- SSL Outbound Decryption – Configuration
Module 10: Wildfire
- Wildfire – Concepts
- Wildfire – Configuration and Reporting
Module 11: User Identification
- User-ID – Concept
- Active Directory Integration – Concepts and Best Practices
- User-ID – Configuration and Best Practices
- User-ID and Group Mapping – Troubleshooting
Module 12: Site-to-Site VPN
- Site to Site VPN – Concept
- Site to Site VPN – Configuration and Best Practices
- Site to Site VPN – Troubleshooting
Module 13: Global Protect
- Global Protect – Concept
- Global Protect – Configuration and Best Practices
Module 14: High Availability
- High Availability – Overview
- Active/Passive High Availability – Concept
- Active/Active High Availability – Concept
- Active/Passive High Availability – Configuration and Best Practices
- Active/Passive High Availability – Configuration and Best Practices
Module 15: Routing in Palo Alto firewall
- Virtual Router
- Static and Dynamic Routing
Module 16: Software Upgrades and Updates
- PANOS Software upgrades
- Dynamic updates
Module 17: DoS Protection
- Zone Protection File
- DoS Policy
Module 18: Troubleshooting
- Packet Flow in Palo Alto firewall
- Backup and Restore of configuration file
- Packet Capture at different stages
- Testing security Policy
- Logging, Reporting and Monitoring
- Creating Tech Support File
- Command Line Interface (CLI)
- Using Packet flow Login in Troubleshooting
Your Instructors
nettech
Manoj Verma (CCIE#43923) - Instructor & Consultant
Manoj Verma (CCIE#43923) is a highly experienced senior technical instructor and Network/ security consultant. He has been in the networking industry for more than 20 years, with a focus on networking and security for the past 15 years. He has assisted thousands of engineers in obtaining their various certifications starting from CCNA to CCIE, CCSA, CCSE, PCNSE, F5, etc. and learning the latest and cutting-edge technologies. He started his career as a system administrator and then switched to the networking and security domain. During the job, he realized that he is gifted with a passion for teaching and sharing his knowledge, as he used to teach his colleagues and friends. In his classroom training, he always starts with explaining the theory on a certain topic and then gives away a short note of key points and finally end with lab implementation. Now a day, driving down to the training institute to attend classroom training sessions is not feasible for everyone owing to the workflow, odd working hours and rotational shifts, especially for working professionals and those who are living in different cities and countries. He started getting multiple requests from lots of students to launch an online training module in the same way as he teaches in his classrooms. Keeping all this in mind, he designed this self-paced training module which replicates classroom training. He has brought his years of classroom teaching experience, and years of real-world enterprise and service provider experience in designing training modules. For a better understanding of technologies and in-depth knowledge, reading books or short notes is necessary and to witness the theoretical information in live, practical knowledge is required so he has included both which is very unique in the IT training sector.