Training Type | Classroom & Online |
---|---|
Course Duration | 80 Hours Training |
No. of Hours | 2/3/4 Hours/day |
Certificate | Yes |
Skill Level | Intermediate |
Price | ₹ 20,000 |
Study Material | Yes |
Batches Available | (Mon-Thu) & (Sat-Sun) |
Roadmap
Roadmap
Course Outline
Identify how Palo Alto Networks products work together to improve PAN-OS services
1.1.1 Security components
3.1.2 Firewall components
5.1.3 Panorama components
7.1.4 PAN-OS subscriptions and the features they enable
9.1.5 Plug-in components
11.1.6 Heatmap and BPA reports
Determine and assess appropriate interface types for various environments
1.2.1 Layer 2 interfaces
3.2.2 Layer 3 interfaces
5.2.3 vWire interfaces
7.2.4 Tap interfaces
1.2.5 Subinterfaces
3.2.6 Tunnel interfaces
5.2.7 Aggregate interfaces
7.2.8 Loopback interfaces
9.2.9 Decrypt mirror interfaces
11.2.10 VLAN interfaces
Identify decryption deployment strategies
1.3.1 Risks and implications of enabling decryption
3.3.2 Use cases
5.3.3 Decryption types
7.3.4 Decryption profiles and certificates
9.3.5 Create decryption policy in the firewall
11.3.6 Configure SSH proxy
Enforce User-ID
1.4.1 Methods of building user-to-IP mappings
3.4.2 Determine if User-ID agent or agentless should be used
5.4.3 Compare and contrast User-ID agents
7.4.4 Methods of User-ID redistribution
9.4.5 Methods of group mapping
11.4.6 Server profile & authentication profile
Determine when to use the Authentication policy and methods for doing so
1.5.1 Purpose of, and use case for, the Authentication policy
3.5.2 Dependencies
5.5.3 Captive portal versus GP client
Differentiate between the fundamental functions that reside on the management plane and data plane.
Configure management profiles
2.1.1 Interface management profile
4.1.2 SSL/TLS profile
Deploy and configure Security profiles
2.2.1 Custom configuration of different Security profiles and Security profile groups
2.2.2 Relationship between URL filtering and credential theft prevention
4.2.3 Use of username and domain name in HTTP header insertion
6.2.4 DNS Security
8.2.5 How to tune or add exceptions to a Security profile
10.2.6 Compare and contrast threat prevention and advanced threat prevention
2.2.7 Compare and contrast URL Filtering and Advanced URL Filtering
Configure zone protection, packet buffer protection, and DoS protection
Define the initial design/deployment configuration of a Palo Alto Networks firewall
2.4.1 Considerations for advanced HA deployments
4.4.2 Implement a high availability pair
6.4.3 Implement Zero Touch Provisioning
8.4.4 Configure bootstrapping
Configure authorization, authentication and device access
2.5.1 Role-based access control for authorization
4.5.2 Different methods used to authenticate
6.5.3 The authentication sequence
8.5.4 The device access method
Configure and manage certificates
2.6.1 Certificate usage
4.6.2 Certificate profiles
6.6.3 Certificate chains
Configure routing
2.7.1 Dynamic routing
4.7.2 Redistribution profiles
6.7.3 Static routes
8.7.4 Route monitoring
10.7.5 Policy-based forwarding
13.7.6 Virtual router versus. logical router
Configure NAT
2.8.1 NAT policy rules
4.8.2 Security rules
6.8.3 Sourcenet
8.8.4 No NAT
10.8.5 Use session browser to find NAT rule name
12.8.6 U-Turn NAT
14.8.7 Check HIT counts
Configure site-to-site tunnels
2.9.1 IPSec components
4.9.2 Static peers and dynamic peers for IPSec
6.9.3 IPSec tunnel monitor profiles
8.9.4 IPSec tunnel testing
10.9.5 GRE
12.9.6 One-to-one and one-to-many tunnels
14.9.7 Determine when to use proxy IDs
Configure service routes
2.10.1 Default service routes
4.10.2 Custom service routes
6.10.3 Destination service routes
8.10.4 Custom routes for different VSYS versus destination routes
10.10.5 How to verify service routes
Configure App-ID
3.1.1 Create security rules with App-ID
5.1.2 Convert port and protocol rules to App-ID rules
7.1.3 Identify the impact of application override to the overall functionality of the firewall
3.1.4 Create custom apps and threats
5.1.5 Review App-ID dependencies
Configure GlobalProtect
3.2.1 GlobalProtect licensing
5.2.2 Configure gateway and portal
7.2.3 GlobalProtect agent
9.2.4 Differentiate between login methods
11.2.5 Configure clientless VPN
13.2.6 HIP
15.2.7 Configure multiple gateway agent profiles
17.2.8 Split tunneling
Configure decryption
3.3.1 Inbound decryption
5.3.2 SSL forward proxy
7.3.3 SSL decryption exclusions
9.3.4 SSH proxy
Configure User-ID
3.4.1 User-ID agent and agentless
5.4.2 User-ID group mapping
7.4.3 Shared User-ID mapping across virtual systems
9.4.4 Data redistribution
11.4.5 User-ID methods
13.4.6 Benefits of using dynamic user groups in policy rules
15.4.7 Requirements to support dynamic user groups
17.4.8 How GlobalProtect internal and external gateways can be used
Configure WildFire
3.5.1 Configure WildFire submission profile and add it to the security rule
5.5.2 Configure WildFire action profile and add it to the security rule
7.5.3 Review the WildFire submissions and verdicts
9.5.4 Review WildFire signature actions
11.5.5 Supported file types and file sizes
13.5.6 Configure WildFire update schedule
15.5.7 Configure forwarding decrypted traffic to WildFire
Configure templates and template stacks
4.1.1 Components configured in a template
6.1.2 How the order of templates in a stack affects the configuration push to a firewall
4.1.3 Overriding a template value in a stack
6.1.4 Configure variables in templates
8.1.5 Relationship between Panorama and devices as pertaining to dynamic updates versions, policy implementation and/or HA peers
Configure device groups
4.2.1 Device group hierarchies
6.2.2 Identify what device groups contain
8.2.3 Differentiate between different use cases for pre-rules, local rules, the default rules and post-rules
4.2.4 Identify the impact of configuring a primary device
6.2.5 Assign firewalls to device groups
Manage firewall configurations within Panorama
4.3.1 Licensing
6.3.2 Panorama commit recovery feature
8.3.3 Configuration settings for Panorama automatic commit recovery
10.3.4 Commit types and schedules
12.3.5 Config backups
14.3.6 Software and dynamic updates
16.3.7 Import firewall configuration into Panorama
18.3.8 Configure log collectors
20.3.9 Check firewall health and status from Panorama
22.3.10 Configure role-based access on Panorama
Manage and configure Log Forwarding
5.1.1 Identify log types and criticalities
7.1.2 Manage external services
9.1.3 Create and manage tags
11.1.4 Identify system and traffic issues using the web interface and CLI tools
5.1.5 Configure Log Forwarding profile and device log settings
7.1.6 Log monitoring
9.1.7 Customize logging and reporting settings
Plan and execute the process to upgrade a Palo Alto Networks system
5.2.1 Update a single firewall
7.2.2 Update high availability pairs
9.2.3 Perform Panorama push
11.2.4 Schedule and manage dynamic updates
Manage HA functions
5.3.1 Link monitoring
7.3.2 Path monitoring
9.3.3 HA links
11.3.4 Failover
13.3.5 Active/active and active/passive
15.3.6 HA interfaces
17.3.7 Clustering
19.3.8 Election setting
Troubleshoot site-to-site tunnels
6.1.1 IPSec
8.1.2 GRE
10.1.3 One-to-one and one-to-many tunnels
12.1.4 Route-based versus policy-based remote hosts
14.1.5 Tunnel monitoring
Troubleshoot interfaces
6.2.1 Transceivers
8.2.2 Settings
10.2.3 Aggregate interfaces, LACP
12.2.4 Counters
14.2.5 Tagging
Troubleshoot Decryption
6.3.1 Inbound decryption
8.3.2 SSL forward proxy
10.3.3 SSH proxy
12.3.4 Identify what cannot be decrypted and configure exclusions and bypasses
6.3.5 Certificates
Troubleshoot routing
6.4.1 Dynamic routing
8.4.2 Redistribution profiles
10.4.3 Static routes
12.4.4 Route monitoring
14.4.5 Policy-based forwarding
16.4.6 Multicast routing
18.4.7 Service routes
Use logs, reports, and graphs to troubleshoot
6.5.1 Identify system and traffic issues using the web interface and CLI tools
6.5.2 Create and interpret reports 7. 8.5.3 Create and interpret graphs
Troubleshoot resource protections
6.6.1 Zone protection profiles
8.6.2 Denial-of-service protections
10.6.3 Packet buffer protections
Troubleshoot GlobalProtect
6.7.1 Portal and Gateway
8.7.2 Access to resources
10.7.3 GlobalProtect client
Troubleshoot policies
6.8.1 NAT policies
8.8.2 Security policies
10.8.3 Decryption policies
12.8.4 Authentication policies
Troubleshoot HA functions
6.9.1 Monitor
8.9.2 Failover triggers
Track | Classroom & Online |
---|---|
Duration | 80 Hours Training |
Hours | 2/3/4 Hours/day |