PaloAlto firewalls are true Next Generation firewalls built from the ground up to address legacy firewalls issues. It is the first firewall platform to make decisions based on applications not just ports and protocols. The PCNSE exam requires deep understanding of the topics. Exam dumps is not the way to go. You need to practice the concepts and be clear on how to configure this feature rich firewall platform. You need to study the concepts. This class guide you through the configuration of different features and how to practice on AWS and Unetlab. This class covers some topics in PCNSE7 and new topics are added frequently.
This course dives deeper into Palo Alto firewalls policies and network configuration to give the students a clear understanding on several topics. Topics covered include Security Policies configuration, SSL Decryption, Routing configuration, IPsec configuration, IPv6 configuration, High Availability configuration and other real world
There are no materials included with this class.
Students are expected to have understanding of network terminology and be familiar with stateful firewall concepts, network address translation and routing protocols.
There are a lot of topics covered, please click on show full curriculum to see the topics covered.
You get a certificate of completion after you complete this class
High level overview of the Palo Alto firewall and differentiation between other vendors. Also, show the different platforms that Palo Alto and their specifications.
This lecture discussions the different deployment options in order to prepare the students for the configuration of different deployment on the web UI.
This lecture explains Layer 2 deployment purpose and how it can be use to introduce Palo Alto firewalls seamlessly on a network. Two examples are show, layer 2 interfaces in access and layer 2 in trunk mode.
Showing an example on how to configure the Palo Alto firewall in Layer 3 setup where it's routing traffic between different interfaces and zones.
This lecture demonstrates layer 2 mode with spanning tree and interface redundancy.
This lecture discusses features and limitations of layer 2 deployment and demonstrates those in the lab.
This lecture explains virtual wire deployment and provides a couple of scenario, one with straight virtual wire one interface to another interface and another scenario showing virtual-wires with vlan trunking. It also explains the spanning-tree default behavior of the Palo Alto firewalls in virtual-wire mode and how to change this behavior if so required.
This lecture explains virtual wire with IP classify, what is the purpose of IP classify and how does it work. It walks the students through configuring this feature for a firewall shared among multiple customers. This lecture also explains the concept of virtual systems.
Showing an example on how to configure the Palo Alto firewall in Tap Mode and why would you use TAP mode in your deployment.
Understand basic setup to get the firewall configured with management IP address, so you can manage it remotely.
This lecture shows you how to create a PaloAlto VM instance in Amazon to practice.
This lecture shows the student how to provision a windows domain controller to prepare for lab testing of the Palo Alto firewall in Amazon AWS.
This lecture shows the student how to setup the Amazon AWS VPC to route traffic through the Palo Alto AWS instance.
This lecture walks the student through creating a DMZ segment and routing it through the AWS firewall.
AWS routing and default gateway requirement to route traffic through the Palo Alto firewall.
This lecture shows you what software you need to have to setup a test environment so you can practice the different scenarios discussed in the class. It goes over the general steps to setup unetlab (now EVE-NG) to create your own test environment to practice the many scenarios in this class.
This lecture shows the students the basic settings needed for the PaloAlto firewall out of the box to get up and running
This lecture shows the student how to commit changes and other basic settings.
This lecture shows the student how to configure local admin account in the firewall and authenticate them using a radius server.
This lecture shows the student how to use the Radius server to dynamically assign local admin users from active directory and give them the appropriate rule without creating any local accounts on the firewall. This facilitates managing administrators on firewalls without touching firewall configuration for each newly added administrator.
This lecture shows the student how to check the licenses, upgrade the system and install activate global protect client.
This lecture shows the student the basic step of enabling dynamic updates to maintain the firewall threats, app-id, wildfire, and global protect dat files.
Understand the management profile and what is needed as far as configuration to enable user ID, response pages and pings. Also understand the precautions to ensure that only authorized users can manage the firewall.
Understand security zones and how traffic is processed as it relates to security zones, and security policies.
This lecture takes you through the life of a packet from the time it enters the firewall, how it's processed from ingress to egress.
Demoing using application ID features in security policy to restrict bad application while allowing legitimate applications.
This lecture demo how to deal with applications that are running on non-standard ports and security policy configuration relating to this issue.
Explaining Application Override Policy and the benefit of using it to identify internal application for better reporting and control. Showing an example of implementing Application Override Policy
Demoing using URL filtering to protect users from threats and restrict traffic to business legitimate URLs. Showing the difference between URL rules, allow, block, continue, override, alert.
Demoing how to create customer URL category for classifying internal URLs. This can be used to restrict who can access URLs belonging to that category, coupled with UserID which is discussed in the next section.
Demoing creating address objects, address groups to utilize in your security policy
Demoing creating service object and service group objects to utilize in your security policy.
Demoing using dynamic block lists to protect against bad players including known ones from internet sources or internally deemed risky IP addresses. How to use an internal server to dynamically block IP addresses without touching firewall configuration.
Demoing how to use tags to simplify readability of your security policy.
Lecture aimed at explaining to the student the User ID and the different methods that can be used to collect user IDs. Each of those methods will be demonstrated in the following lectures.
Demo of how to configure your domain controller to log events pertinent to User Identification. Show how to configure the user ID agent on a server to collect logs and send it to the PaloAlto firewall. Show how to configure the PaloAlto firewall to talk to the User ID agent and get the events relating to user logon.
Show how to configure the PaloAlto firewall to talk to the User ID agent and get the events relating to user logon.
Configuration Example of Integrated User ID agent in Palo Alto firewall. Demo of how to configure and utilize the integrated User ID agent on the firewall itself to collect user to IP mappings. The Palo Alto firewall has an integrated User ID agent that can be configured to connect directly to Active Directory Servers and gather users logon events and Kerbereos events and extract User and IP address to be utilized by the Palo Alto firewall for security policy decisions.
Demo of how to configure the firewall to integrate with LDAP to get user to group mapping and utilize this information in your security policy. This lecture provide a configuration example of setting the Palo Alto firewall to talk to an LDAP server to get the Active Directory groups.
Demo of how to utilize user to group mapping in your security policy. This lecture goes over configuration example of LDAP on PaloAlto firewalls to map user IDs to Active Directory groups. This allows the Palo Alto firewall to make security policy decisions based on Active Directory group membership.
Demo showing the configuration of the firewall to utilize Captive Portal to get User ID information for users that failed identification using the AD agent.
Demo of how to utilize the Captive portal in transparent mode.
This lecture shows an example of how to configure PaloAlto firewall to utilize Captive Portal integration with AD and get Single Sign On SSO information automatically from the user without prompting them to login to the Captive Portal.
Demo of how to configure PaloAlto firewalls to utilize the XML API to send user to ip mapping to the firewall, this feature allows to integrate with non supported User ID solution out of the box. This lecture goes over a scenario of configuration example of PaloAlto firewall user ID using XML provided information.
This lecture provide a configuration example of how to send syslog information to the PaloAlto firewall to extract User ID information. This example shows a Cisco ASA sending syslog information for Anyconnect VPN users to get their User ID information. Demo of how to utilize Syslog events to map user to IP addresses, example showing integration with Cisco ASA syslog events. Many companies still use Anyconnect on Cisco ASA; however, this doesn't prevent them from putting the ASA behind the Palo Alto firewall to benefit from Next Generation Features.
Understanding PaloAlto Antivirus protection feature and demoing how to configure it to protect your users from viruses.
Understanding AntiSpyware and DNS sinkholing and demoing configuring those features to protect from spywares on your network.
Demoing how to create custom anti-spyware signatures in your firewall to customize antispyware rules.
Demoing the Vulnerability protection "IPS" feature of the PaloAlto firewall and how to create custom IPS signatures.
Demoing using File Blocking to protect against malicious files and restrict download / upload of files by certain users.
Demo on how to configure Widfire protection and utilize sandboxing for fast response on newly discovered malwares.
Demo on how to access the wildfire portal and showing what it looks like.
Demo of how to utilize the Data Filtering feature in the PaloAlto firewall for DLP protection.
Demoing of Data Leakage protection to protect against leakage of Credit Card information and block such data from leaving the network.
Understand the DoS protection feature of the PaloAlto firewall.
Demoing how to configure DoS protection on the PaloAlto firewall.
Understand the SSL decryption concepts, preparing the students to show the configuration of SSL Decryption.
Demo of how to create self generated certificate for proxying ssl traffic and the caveats of using a self generated certificates.
Demoing the difference between SSL Trust and SSL Untrust certificate and the purpose of each.
Demoing how to create an internal PKI subordinate CA and how to utilize this to simplify the SSL decryption process for internal users that have computers member of the AD domain.
Demoing of the SSL decryption feature in action, blocking threats in traffic.
Understanding SSL inbound inspection and the purpose of using it to protect publicly hosted ssl servers in your environment.
Understand Dynamic NAT, ALG, Dynamic NAT Pools concepts
This lecture demonstrates how to configure dynamic NAT and dynamic NAT pools
Dynamic NAT caveats for multiple ISP configuration.
This lecture explains the difference between dynamic IP and dynamic IP and port showing example. It also explains the purpose and configuration of Dynamic IP with fallback.
This lecture explains Static NAT and static bidirectional NAT with example.
This lecture explains static NAT with port translation and the use cases of it with example.
This is a continuation of the previous lectur.
Demoing how to configure the PaloAlto firewall for destination NAT and how to configure the security policy correctly to reflect the actual NAT traffic.
Understand Uturn NAT and demo how to configure Uturn NAT to configure certain corner case scenario where Uturn NAT is needed.
Demoing how to configure source and destination nat simultaneously on traffic to understand how to deal with certain NAT corner scenarios.
Demoing using the PaloAlto firewall as a DHCP server for your hosts
Demoing the default route configuration
Demoing how to configure OSPF on the PaloAlto firewall to utilize dynamic routing to avoid using static routes and accommodate different network condition changes.
Demoing how to configure BGP on the PaloAlto firewall to interface with a service provider
Demoing how to configure BGP to advertise networks to service provider.
Demoing the user of multiple virtual routers in your environment and why would that be beneficial.
Demoing the use of multiple virtual routers and how does this setup apply to NAT configuration and security policy configuration.
Demoing how to configure the firewall to integrate with 2 service providers and failover using BGP.
Demoing how to configure multiple ISP failover using floating static routes.
Demoing how to use policy based forwarding to failover between multiple ISPs.
Demoing how to configure load sharing to effectively utilize multiple service provider connections in active active fashion.
Understand the terminologies of High Availability, the difference between HA1 and HA2 interfaces. The purpose of HA1 and HA2 interfaces. Understand concepts behind high availability to pave the way to show the configuration example of active/passive setup.
Lab demonstration of active/passive setup between 2 PaloAlto firewalls, configuring HA1 and HA2, configuring preemption, HA groups and all settings required to enable two PaloAlto firewalls to start synchornizing their configuration and sessions as well as preempt active/passive in case of failover.
Showing the student what happens when HA1 interfaces go down without a backup or heartbeat backup. Showing students synchornization on HA1 as well as the way firewalls perform when they are in active/standby pair. Further, showing the student how to avoid split brain situations.
Demoing using HA1 Backup and HA2 backup as a failsafe mechanism to protect against HA1 and HA2 failure
This lecture demos Link monitoring using Link Groups and explain the purpose of Link Groups. This lecture demos the Path monitoring and explain the purpose of Path monitoring. This lecture shows operational commands for manual HA failover.
Explaining active-active concepts to prepare for a configuration demo of active active with floating IP
Configuration demo of using 2 active firewalls to load share traffic by utilizing Floating IP addresses.
Understand Natting in the case of active-active, understand session owner options. Understand failover in the case of a firewall failure.
Understand active/active session owner, session setup scenarios. Configuration example for using session owner, session setup different scenarios.
Configuration example of configuring Static NAT in active/active high-availbility scenario and some caveats relating to this setup. Best practice scenario on how to set it up to avoid asymmetric path ssues.
Configuration of Arp Load sharing with Active / Active high availability example. In this scenario, a Palo Alto pair of firewalls are configured in Active/active high-availability with a destination NAT that is shared by the two firewalls using arp load sharing.
Classes offered by instructor with industry proven experience. He started his career as a help desk technician and progressed to desktop support then systems administration. With interest into networking, he obtained his CCNA and CCNP - 15 years ago. After obtaining his certification he moved to a technical manager position managing both systems and network infrastructure. He shifted his focus to security as his specialization and obtained the CISSP certification. The CISSP is the industry leading information security certification.
Technical hands-on passion led him to move back to the ranks and become an engineer honing his skills in the network security field. He mastered the Cisco ASA firewalls and Cisco security components and obtained the CCIE security, CCNP security and other security specialization certification.
For the past several years he has been working for a value added re-seller supporting Cisco, PaloAlto, and Fortinet security solutions. He became PaloAlto certified and sourcefire SSFIPS and SSFAMP certified.
"It is difficult and expensive to get hands on material covering the latest products like Sourcefire, PaloAlto, and Fortinet. I am making those classes to give students the education they need at a reasonable cost - with practical experience backing it."