Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Palo Alto Firewall Version 11 Essentials Training

Name: Palo Alto Firewall Version 11 Essentials Training
Rating: 4.5 (245 reviews)

Learn Palo Alto Firewall PAN-OS Version 11 with Step-by-Step Lab Workbook

Created byAhmad Ali

Last updated 3/2026

English

What you'll learn

Install and configure new Palo Alto Networks Next-Generation Firewalls.
Manage the Palo Alto Next-generation Firewall’s configurations.
Configure the Firewall to connect to your production network.
Manage the Security Policy Rules used to protect your network.
Manage Network Address Translation (NAT) Rules.
Configure and manage Palo Alto Networks next-generation firewalls.
Configuring, managing, and monitoring a firewall in a lab environment.
Configure & manage essential features of Palo Alto next-generation firewalls.
Configure and manage Security and NAT policies.
Configure and manage Threat Prevention strategies to block traffic.
Configure Policy based on application (App-ID) and user identity (User-ID).
Configure SSL Decryption on Firewall to inspect & control decrypted sessions.
Monitor network traffic using the interactive web interface and firewall reports.

Course content

10 sections • 77 lectures • 13h 28m total length

EDU-210 Course Overview7:04
Basic Terminology6:46
CIA Triad Concepts13:33
Core Security Concepts29:46
Explore core security concepts by examining malware types—viruses, worms, trojans, spyware, rootkits, keyloggers, ransomware, adware, scareware—and attack vectors like SQL injection, cross-site scripting, phishing, botnets, and data breach.

Firewall Technology Fundamentals18:28
Next Generation Firewalls8:20
Explore how Palo Alto's next generation firewall extends traditional firewalls with App ID, User ID, Content ID, and deep packet inspection to control traffic by application, user, and content.
Introduction to WAF7:58
Overview of Palo Alto Networks8:08
Zero Trust Security Principles4:29
PA Firewall Architecture13:20
Palo Alto firewall architecture uses SP3 single pass software and parallel processing hardware with separate control (management) and data planes to accelerate security checks.

Installing EVE-NG Version 67:43
Learn to download the EVE-NG community edition version 6.204 from the official site and install it on VMware Workstation Pro, including configuring hardware, ISO boot, and initial web access.
Add SW Images in EVE-NG4:15
Add Other Images in EVE-NG9:59
Add PA Firewall in EVE-NG7:28
Learn to upload a Palo Alto firewall image to eve-ng using WinSCP, create the proper folder and naming, set permissions, and boot the device with admin/admin after startup.
Add Panorama in EVE-NG6:49
Setting Up Palo Alto Firewall Lab8:45
Importing Labs into EVE-NG5:34
Export and import ready-made lab topologies into EVE-NG to quickly deploy Palo Alto firewall labs. Learn how to handle professional vs community editions, clouds, IP subnets, and pre-uploaded images.

Configuring Devices14:52
Configuring Windows AD7:21
Learn to configure Active Directory on Windows Server, install Active Directory Domain Services via Server Manager, and promote a server to a domain controller for a test.local forest.
Configuring DNS Server4:08
User and Groups in AD6:02
Configuring NTP Server5:31
Initial Configuration of PA6:27
Master the initial configuration of a Palo Alto firewall, using mgmt and console ports, default admin credentials, and cli or graphical setup for physical or virtual devices.
Initial Configuration of HQ-FW7:14

PA Dashboard Walk-Through18:45
PA CLI Modes & Commands14:45
Explain Palo Alto firewall cli access in operational and configuration modes, log in via ssh, telnet, or console, switch with configure, run show, request, and commit commands.
Configuring DNS & NTP in Palo Alto14:33
Configure DNS and NTP on the Palo Alto firewall using graphical or CLI approaches. Set primary and secondary DNS and NTP, then adjust hostname, domain, login banner, and time zone.
Concepts of Security Zones10:27
Practical Lab of Security Zones3:02
Concepts of Virtual Routers13:00
Practical Lab of Virtual Routers1:40
Interfaces of PA FW12:45
Configure Palo Alto firewall interfaces to route traffic using physical and virtual interfaces, including subinterfaces, VLANs, loopbacks, tunnels, and SD-WAN, with topology examples.
Layer 3 Network Interfaces15:53
PA Interface MGMT9:16
Create interface management profiles to protect the firewall, defining permitted services and IPs on layer 3 interfaces, subinterfaces, loopback, and VLAN, with a ping-only and a secure management profile.
Practical Lab of VR Default Router6:13
Configure dual default routes on a Palo Alto firewall for two ISPs, using static routes to 0.0.0.0/0 via interfaces 1/1 and 1/2 with next hops 1.254 and 2.254.

Concepts of Security Policies22:38
Practical Lab on Security Policies9:00
Develop and commit four Palo Alto firewall security policies: LAN to DMZ, LAN to internet, DMZ to internet, internet to DMZ, and verify traffic via monitoring.
Understanding NAT8:35
Understand network address translation on the Palo Alto firewall, translating private IPs to public addresses for internet access; includes source, destination, and u-turn NAT with static/dynamic IP and port translation.
Source NAT Overview23:03
Destination NAT Overview22:03
Practical Lab of Source NAT9:01
Practical Lab of Destination NAT17:47

SSL Decryption Overview13:05
Explore SSL inspection, decrypting and inspecting encrypted traffic like HTTPS and TLS with a firewall acting as a man-in-the-middle.
Using Self-Signed Certificates6:00
Installing Certificates8:06
Practical Lab of Decryption Policies7:40
Configure decryption policies with ssl forward proxy on a palo alto firewall, applying to lan to dmz or when1/when2 destinations, and create exclusions for government, financial, and shopping sites.
Verifying Decryption Policies6:41

Security Profiles Overview14:46
Security Profiles Deep Dive19:20
Practical Lab of Antivirus Profile11:40
Configure an antivirus security profile AB profile on the HQ firewall, apply it to the LAN-to-internet policy, ensure licenses and updated signatures, then test and verify virus blocking via logs.
Practical Lab of Anti-Spyware Profile7:38
Practical Lab of Vulnerability Profile10:15
Configure a vulnerability protection profile on a Palo Alto firewall v11, attach it to the LAN-to-internet policy, and validate protection via threat monitoring and Kali-based vulnerability tests.
Practical Lab of File Blocking Profile4:13
Practical Lab of WildFire Profile10:08
Practical Lab of Data Filtering Profile21:18
Learn to configure data filtering profiles on Palo Alto firewall, create data patrons (credit card, confidential regex, file properties), and attach them to a DMZ policy for DMZ LAN testing.
Overview of Security Groups6:45
Consolidate multiple security profiles into a single security profile group to simplify policy application, enabling one-click assignment of antivirus, anti-spyware, URL filtering, data filtering, and more to security policies.
Practical Lab on Security Groups6:09

Overview of URL Filtering17:00
Block malicious URLs and phishing sites with Palo Alto URL filtering using Bright Cloud or Penn DB. Apply policies to block, allow, or continue with URL categories and logs.
Blocking Malicious URLs-Security Policies14:43
Block malicious URLs with url filtering on Palo Alto firewall via a security policy, applying categories such as adult, extremism, hacking, and malware, then verify with logs and monitors.
Blocking Malicious URLs-URL Filtering11:48
Apply a url filtering profile to block malicious urls, configuring categories such as adult, command and control, extremism, malware, phishing, proxy, and peer-to-peer, and verify via logs.
Custom URL Categories-Security Policies9:51
EDL to Block URLs-Security Policies11:47
EDL & Custom URLs-URL Filtering Profiles5:36

Understanding App-ID16:57
App-ID Identification Methods12:47
App-ID Operation9:50
Application Shifts5:17
Application Window9:16
Explore how the application window shows YouTube and Facebook bases, their dependencies and implicit use, ports 80 and 443, and how to enable them in Palo Alto firewall version 11.
Dependent Applications7:52
Implicitly Use Application3:02
Application Groups9:29
Application Filters8:53
Create application filters in Palo Alto Firewall to group apps by category, subcategory, risk level, and tags. Apply these filters in policies to automatically include new apps without manual updates.
Application Block Page3:49
Identify Apps in SSL Traffic8:37
Policy Optimizer7:04
Explore how policy optimizer migrates legacy port-based rules to ep id application-based rules in palo alto firewall, through three phases: identify, top-of-rule creation, and monitoring before cleanup.
Application-ID Lab13:40
Port-Base to App-Base14:33

Requirements

Students must be familiar with networking concepts
Students also should be familiar with basic security concepts.
Experience with other security technologies is a plus.

Description

Course Overview:

Successful completion of this course should enhance the student’s understanding of how to configure and manage Palo Alto Networks next-generation firewalls. The student should learn and get hands-on experience configuring, managing, and monitoring a firewall in a lab environment. The Firewall Configuration and Management (PAN EDU 210) course covers all the content required for the PCNSA Palo Alto Networks Certified Network Security Administrator certification.

EDU-210 Course Description:

This training is the most important course as it covers all the fundamentals to understand the Next-Generation Firewall from the ground up. Even experienced firewall engineers take a lot out of this course as it includes, besides the architecture and management essentials, topics like Application Identification, Content ID (IPS, Anti-Virus/-Spyware, URL Filtering, File Blocking), SSL Decryption and User Identification which are all features usually not supported by legacy firewalls.

Outline:

01. Introduction and Initial Configuration

02. Palo Alto Architecture

03. Configuring Initial Firewall Settings

04. Managing Firewall Configurations

05. Interface Configuration

06. Managing Firewall Administrator Accounts

07. Connecting Firewall to Production Networks

08. Security Zones

09. Creating and Managing Security Policy Rules

10. Creating and Managing NAT Policy Rules

11. App-ID (Application Identity)

12. Security Profiles

13. URL Filtering

14. WildFire

15. User-ID (User Identity)

16. Encryption and Decryption

17. Monitoring and Reporting

Product Versions:

Palo Alto Firewall PAN-OS Version 11.0.0

Objectives:

After completing this course, you should be able to:

o Install and configure new Palo Alto Networks Next-Generation Firewalls.

o Manage the Palo Alto Next-generation Firewall’s configurations.

o Configure the Firewall to connect to your production network.

o Manage the Security Policy Rules used to protect your network.

o Manage Network Address Translation (NAT) Rules.

o Configure and manage Palo Alto Networks next-generation firewalls.

o Configuring, managing, and monitoring a firewall in a lab environment.

o Configure & manage essential features of Palo Alto next-generation firewalls.

o Configure and manage Security and NAT policies to enable approved.

o Configure and manage Threat Prevention strategies to block traffic.

o Configure Policy based on application (App-ID) and user identity (User-ID).

o Configure SSL Decryption on Firewall to inspect & control decrypted sessions.

o Monitor network traffic using the interactive web interface and firewall reports.

Prerequisites:

Students must be familiar with networking concepts, including routing, switching, and IP addressing. Students also should be familiar with basic security concepts. Experience with other security technologies (IPS, proxy, and content filtering) is a plus.

Lab Images:

Palo Alto Firewall: Paloalto-11.0.0

Palo Alto Panorama: Panorama-11.1.0

Cisco Switches: i86bi_linux_l2-ipbasek9-ms.high_iron_aug9_2017b.bin

Windows 11: Windows 11-x64-SE

Windows Server 2016: Winserver-S2016-R2-x64

Multiple WAN: Pfsense-2.6.0

Clients: Linux-slax-9.11.0

Web Servers: Linux-tinycore-6.4

Internet Link: NAT Cloud or Management Cloud

Who this course is for:

Security Engineers
Security Administrators
Security Operations Specialists
Security Analysts
Support Staff

Palo Alto Firewall Version 11 Essentials Training

What you'll learn

Explore related topics

Course content

Introduction4 lectures • 57min

Firewall Technologies6 lectures • 1hr 1min

EVE-NG Lab Setup7 lectures • 51min

Device & Network Configuration7 lectures • 52min

Palo Alto Networks Firewall11 lectures • 2hr

Security Policies and NAT7 lectures • 1hr 52min

SSL Decryption & Certificates5 lectures • 42min

Security Profiles10 lectures • 1hr 52min

URL Filtering Profile6 lectures • 1hr 11min

APP-ID (Application Identification)14 lectures • 2hr 11min

Requirements

Description

Who this course is for: