Name: Palo Alto Firewall Management Using Panorama
Rating: 4.1 (703 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created bySkilled Inspirational Academy

Last updated 11/2023

English

What you'll learn

What is Panorama
Configure and Manage Palo Alto Panorama
Understand Palo Alto Panorama Deployment Methods
How to setup a Lab Environment
Understand Templates and Device Groups
Understand Security Policy and NAT configuration
Benefits of Panorama
Initial Access
How to upgrade the panorama
Panorama High Availability
How to add Firewalls in Panorama and Device Deployment
Security Profiles and App-ID

Course content

12 sections • 19 lectures • 9h 39m total length

Overview of Panorama22:15
1. What is Panorama
2. Use case
3. Palo Alto 2-tier Architecture
4. Benefit of Panorama
4.1 Centralized config & Deployment
4.2 Aggregate Logging (Centralized Logs management)
4.3 Distributed Administration
5. PAN OS, PAN H/W and VM Series

Panorama Lab Setup24:15
1. Pre-requisite for HW/SW
------------------------------------------------------
https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/set-up-panorama/set-up-the-panorama-virtual-appliance/setup-prerequisites-for-the-panorama-virtual-appliance
------------------------------------------------------
2. Vmware workstation/ESXI server

3. Install the Panorama on Vmware
------------------------------------------------------
https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/set-up-panorama/set-up-the-panorama-virtual-appliance/install-the-panorama-virtual-appliance/install-panorama-on-vmware
------------------------------------------------------

Panorama Upgrade and Downgrade Step By Step Demonstration Part 0113:23
How to upgrade the panorama ::
1. Determine the upgrade path.
2. Download necessary PAN-OS base image version.
3. Install the PAN-OS version.
4. Terminology :: Base Image, release, Preferred release, Major version, Minor Version

Current Version :: 8.0.2 -> 8.0.20 (Preferred Release) -> 8.1.0 -> 8.1.18 (Preferred Release) -> 9.0.0 -> 9.0.12 (Preferred Release) -> 9.1.0 -> 9.1.6 (Preferred Release) (Target Version)
!
How to Downgrade the panorama ::
Current version :: 9.1.6 -> 9.1.0 -> 9.0.12 (target version)
Panorama Upgrade and Downgrade Step By Step Demonstration Part 0222:48
How to upgrade the panorama ::
1. Determine the upgrade path.
2. Download necessary PAN-OS base image version.
3. Install the PAN-OS version.
4. Terminology :: Base Image, release, Preferred release, Major version, Minor Version

Current Version :: 8.0.2 -> 8.0.20 (Preferred Release) -> 8.1.0 -> 8.1.18 (Preferred Release) -> 9.0.0 -> 9.0.12 (Preferred Release) -> 9.1.0 -> 9.1.6 (Preferred Release) (Target Version)
!
How to Downgrade the panorama ::
Current version :: 9.1.6 -> 9.1.0 -> 9.0.12 (target version)
Panorama Upgrade and Downgrade Step By Step Demonstration Part 035:28
How to upgrade the panorama ::
1. Determine the upgrade path.
2. Download necessary PAN-OS base image version.
3. Install the PAN-OS version.
4. Terminology :: Base Image, release, Preferred release, Major version, Minor Version

Current Version :: 8.0.2 -> 8.0.20 (Preferred Release) -> 8.1.0 -> 8.1.18 (Preferred Release) -> 9.0.0 -> 9.0.12 (Preferred Release) -> 9.1.0 -> 9.1.6 (Preferred Release) (Target Version)
!
How to Downgrade the panorama ::
Current version :: 9.1.6 -> 9.1.0 -> 9.0.12 (target version)

High Availability In Panorama Part 0111:54
HA
-> Panorama HA Prerequisites (Same HW, Same OS, Same License, VM should have unique SN.
!
-> Priority and Failover on Panorama in HA
!
-> Failover Triggers (HA Heartbeat Polling, Hello Messages, HA Path Monitoring AND Manual Failover)
!
-> Synchronization Between Panorama HA Peers (HA peers synchronize the running configuration each time you commit. shared objects and policy rules, device group objects and
rules, template configuration, and administrative access configuration, are synchronized between the Panorama HA peers.

Not Synchronized (Panorama HA configuration, Panorama configuration—Management port IP address, FQDN settings, login banner, NTP server, time
zone, geographic location, DNS server, permitted IP addresses for accessing Panorama, and Simple
Network Management Protocol (SNMP) system settings,
Scheduled configuration exports
!
-> Manage a Panorama HA Pair
Set Up HA on Panorama
2. Test Panorama HA Failover
3. Restore the Primary Panorama to the Active State
!!!!!!!!!!!!!!!!!!!!!!!!!
• Active = Active node of the cluster. Pushes policy to
devices.
• Passive = Passive node of the cluster. Will become active
on failover.
• Primary = Node receiving logs from managed systems.
• Secondary = Node not receiving logs from managed.
devices
• Active - Primary :: device performs all Panorama functions.
• Active - Secondary :: device can perform all management
functions. No logging to the Active Secondary if using NFS
storage.
• Passive device can still be used for ad-hoc reporting.
• Active- Secondary can be configured to receive logs if
using local storage

HA Settings :: Heartbeat, config synchronization uses management interface.
path monitoring
High Availability In Panorama Part 0239:10
HA
-> Panorama HA Prerequisites (Same HW, Same OS, Same License, VM should have unique SN.
!
-> Priority and Failover on Panorama in HA
!
-> Failover Triggers (HA Heartbeat Polling, Hello Messages, HA Path Monitoring AND Manual Failover)
!
-> Synchronization Between Panorama HA Peers (HA peers synchronize the running configuration each time you commit. shared objects and policy rules, device group objects and
rules, template configuration, and administrative access configuration, are synchronized between the Panorama HA peers.

Not Synchronized (Panorama HA configuration, Panorama configuration—Management port IP address, FQDN settings, login banner, NTP server, time
zone, geographic location, DNS server, permitted IP addresses for accessing Panorama, and Simple
Network Management Protocol (SNMP) system settings,
Scheduled configuration exports
!
-> Manage a Panorama HA Pair
Set Up HA on Panorama
2. Test Panorama HA Failover
3. Restore the Primary Panorama to the Active State
!!!!!!!!!!!!!!!!!!!!!!!!!
• Active = Active node of the cluster. Pushes policy to
devices.
• Passive = Passive node of the cluster. Will become active
on failover.
• Primary = Node receiving logs from managed systems.
• Secondary = Node not receiving logs from managed.
devices
• Active - Primary :: device performs all Panorama functions.
• Active - Secondary :: device can perform all management
functions. No logging to the Active Secondary if using NFS
storage.
• Passive device can still be used for ad-hoc reporting.
• Active- Secondary can be configured to receive logs if
using local storage

HA Settings :: Heartbeat, config synchronization uses management interface.
path monitoring

How To Add and Manage Firewalls Through Panorama21:09
1. Adding Firewalls
In Firewall :: Device -> Setup -> Management -> Add Panorama IP addresses
In Panorama :: Managed devices -> add -> put the Serial number of the firewall

2. Communication btw Panorama and Firewalls.
TCP 3978 :: Used for Panorama, log collector and firewall Bidirectional communication.

TCP 28443 :: used by firewall and log collector for retrieve software and content updates from panorama.

444 TCP :: Used for communication between Panorama and Cortex Data Lake and Global Protect cloud service.

TCP 28769,28260 :: used by Panorama HA peers for connectivity and config sync (Clear text).

TCP 28 :: used by Panorama HA peers for connectivity and config sync (Encrypted).

22 TCP :: Used for Panorama CLI interface.
443 TCP :: Used for Panorama web interface.

3. Troubleshooting Panorama Connectivity
-> Check IP connectivity between the devices.
-> Make sure port 3978 is open and available from the device to Panorama.
-> Make sure that a certificate has been generated or installed on Panorama.
-> Confirm the serial number configured in Panorama (case sensitive).
-> If a permitted IP list is configured for the management interface, make sure that Panorama IP is allowed in the list. By default, it will allow all IPs if a list is not specified.
-> Make sure Panorama is on a version greater than or equal to that of the managed devices. Panorama can manage devices running supported PAN-OS versions of the same or a lower release.
-> Check MTU settings on the managed device, as the value may need to be reduced. -> If a device on the path is fragmenting packets, communication from Managed Device to Panorama will not succeed.
-> Verify that there is not a large time difference between the clock (Date/Time) on Panorama and the clock (Date/Time) on the managed device.
!

How To Configure Interfaces , Routing, Security And NAT Through Panorama Part 0128:30
1. Interface Management Profile configuration
2. Routing configuration from panorama
->Static Routing
->Default Routing
3. PAT configuration (Dynamic IP and Port NAT)
4. test the Setup so far.
How To Configure Interfaces, Routing, Security And PAT Through Panorama Part 0233:21
1. Interface Management Profile configuration
2. Routing configuration from panorama
->Static Routing
->Default Routing
3. PAT configuration (Dynamic IP and Port NAT)
Static NAT
Security Rules :: inside to DMZ and DMZ to inside
Security Rules :: Inside, DMZ to Outside
Security Rules :: Outside to DMZ

Requirements

Students should have basic Palo Alto firewall understanding.
Students should have basic understanding of networking.

Description

1. What is Panorama

2. Configure and Manage Palo Alto Panorama

3. Understand Palo Alto Panorama Deployment Methods

4. How to setup a Lab Environment

5. Understand Templates and Device Groups

6. Understand Security Policy and NAT configuration

7. Benefit of Panorama

8. Initial Access

9. How to upgrade the panorama

10. Panorama High Availability

11. How to add Firewalls in Panorama and Device Deployment

11. Security Profiles and App-ID

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

1.We have Industry Experts and Working Professional Trainers with more than 10 years exp.

2.We help students to improve to newer versions whatever is the technology or vendor – like Routing, Data Centre, Security (Cisco, Juniper, Palo Alto, F5,Python for Network Automation, Ansible), Load Balancer (Citrix, F5 LTM,GTM,ASM) , Riverbed, Checkpoint certification courses.

3.We don’t only provide trainings but the classes recorded videos to brush up your concepts anytime later on.

4.You have an opportunity to learn anything in your laptop at anytime from anywhere whether it is your home or office. We will educate you how to build your own lab or you may use ours.

5.Our Main focus of the training is to get real industry level knowledge which is being used in day to day life, problem-solving activities, by Highly experienced professional trainers.

6. We understand the candidate’s requirements and expectation, we follow our own strategy to deliver the trainings and provide the best quality training.

7.Set the expectation about the technology. Explain the purpose of the technology.

8.Start with very basic topics to bring fresher as well as experienced in proper flow.

9.Make sure each student is understanding the technology.

10.Provide theory as well as lab sessions to clear the concepts.

11.Provide friendly environment for topics discussion.

12.Make sure each candidate’s progress are being monitored.

Who this course is for:

Network Engineers
Network Security Engineers
Palo Alto Firewall Engineer
Cloud Security Engineers
Network Consultant
Network Designer
Network Security Architect
Firewall Admins

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 22min

How To Setup Lab Environment1 lecture • 24min

Lab Topology, Initial Access Setup, Configuration Management.1 lecture • 23min

How To Upgrade And Downgrade Panorama3 lectures • 42min

How to Configure High Availability Between Two Panorama2 lectures • 51min

How To Add & Manage Palo Alto Firewall Through Panorama1 lecture • 21min

Device Deployment :: How To Manage Software, Dynamic Updates, Licenses of FWs1 lecture • 18min

Panorama Templates and Templates Stack1 lecture • 58min

Panorama Device Group2 lectures • 57min

How To Configure Interfaces And Routing Through Panorama2 lectures • 1hr 2min

Requirements

Description

Who this course is for: