Palo Alto firewall
Firewall

Palo Alto firewall

COURSE OBJECTIVE
60
LAB
57
INSTRUCTOR KNOWLEDGE
60
COURSE CONTENT PLAN
53
Summary rating from 86 user's marks. You can set own marks for this article - just click on stars above and press "Accept".
58

PALO ALTO

 

This course is designed for students who are new to next-generation firewalls. Candidates should have basic understaing on ip addressing, routing and switching technoilogies.

Upon completion of this course, students will be able to:

  • Explain the features and advantages of the next-generation firewall architecture over stateful inspection firewalls

Perform the basic & advance configuration of the firewall including:

  • Configuring interfaces, security zones, security policies, and content profiles
  • Setting up basic operation of User-ID, Content-ID, and App-ID
  • Enable SSL decryption and VPNs
  • Review logs and write basic reports
  • Configure an active-passive high availability (HA) pair

Module 0 – Platform Overview

  • Understanding on Hardware architecture of next generation firewall
  • Single pass architecture
  • Flow logic
  • Segregated control plane and data plane
  • Fast path

Module 1 – Administration and Management

  • Administration and management of firewall using GUI, CLI
  • Overview of REST API
  • Config Mgmt, PAN-OS, Account Administration

Module2 – Interface Configuration

  • Understating on various interface types including Tap, v-waire, layer3, HA
  • Security zones overview
  • Designing network security with layer2, transparent and layer3 deployment

Module3 – Layer3 configuration

  • Overview of layer 3 technologies including Virtual routers , interface management profile and service route configuration
  • Policy based forwarding, Static and dynamic routing protocols
  • Network address translation
    • Dynamic IP
    • Static IP
  • Destination NAT Type
    • Static IP
    • Port forwarding
  • NAT Specific traffic flow
  • Understating and implementation of NAT policies

Module 4 – Application –ID

  • Overview of application APP-ID
  • Application-ID traffic flow
  • Overview of security policy
  • App-id and security policies configuration
  • Advance concepts on application and security policies
    • Application dependencies
    • Managing policy behavior
    • Custom application signatures
  • Logging and reporting
  • Overview of SSL session setup and underrating on PAKI
  • how to configure firewall for SSL visibility
  • inbound deep packet inspection of SSL traffic – IPS and other signatures for inbound SSL traffic

Module 5 – User-ID

  • User-id flow & user based policies
  • understating on user-id process
  • Enumerate users and group with Active directory and LDAP
  • User id agent identification method
  • understating on AD security logs, CAS security logs, shared server sessions and WMI queries
  • Captive portal overview for guest authentication

Module 6 – Content-ID

  • Overview of content-id modules and security profiles
  • Understanding on advance deep packet inspection using
    • Anti-virus profiles
    • Anti-spyware profiles
    • Vulnerability scanning profiles
    • URL filtering profiles
    • File blocking profiles
    • Wild fire profiles
  • Administration of security profiles
  • Zone protection profiles

Module 7 – VPN

  • Overview of VPN technologies
    • SSL VPN
    • IPsec VPN
  • Understating on policy and route based VPN
  • Implementing VPN on PAN oS
  • Advance understanding of SSL VPN technology
  • Establishing SSL VPN with global protect

Module 8 – High Availability

  • Overview of redundant architecture and high availability
  • understating on active-active and active-standby HA
  • understating and managing split brain condition
  • path and link monitoring configuration to handle failover conditions

Module 9 – Troubleshooting

  • Overview of troubleshooting methodology on PAN os
  • Online tools, working with Palo alto support team
  • Troubleshooting with
    • GUI, CLI, logs, packet captures, debug and mint. mode
    • Tools and techniques for troubleshooting for VPN, session issues
Book Your Course
devashish.jpg

I

t always gives an pleasure and amazing feeling when someone ask me “Hey, I wanna learn more security stuff” and I say ” why don’t you go there..” And response is always “do you mean Dwarka or troika or vikas and govil..?? I always add by saying proudly that whatever I am or where ever I’ll go is all because of them. No alternatives no confusions just go and grow.

deepak.jpg

T

roika is the place where the guidance and learning given is completely extempore and in depth. A topic is covered till even a single person is able to answer almost everything about it with confidence. So I like the way a topic is chased and learned to everyone with exposure to real time industry scenarios.

(Redington gulf)

Deepak Mishra
naveen.jpg

T

roika is certainly a tremendous approach to master the information security aspects and technologies. It helped upgrading my signature from technical support to It security Specialist and ensures more upgrades in near future.

amit1.jpg

I

worked with an MNC for last 3 years in a track which has no growth and career options. So started my Hunt and of course Search engine is the first that we use. Some of my friends recommended to go with IT/Network security as a first Go and suggested me to Join troika. The very first day in Troika gave me a lot of learning, confidence, opportunities, reasons and most important Learning and growth is a priority.
It’s almost 1 year I have completed with troika and still thankful that I did not opt to use Search Engine optimization for a hunt of institutes.

Phone: +91 96540 16484
mobile: +91 958 290 7788
B-71, Shalimar Garden Extn-2, Sahibabad, Ghaziabad, Near Raj Bag Metro Station
IT Monteur
Style switcher RESET
Body styles
Color settings
Link color
Menu color
User color
Background pattern
Background image