Palo Alto Firewalls Configuration By Example

Deep dive in Policies and Network Configuration of PaloAlto Firewalls by example
4.3 (23 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
200 students enrolled
$19
$100
81% off
Take This Course
  • Lectures 105
  • Length 16 hours
  • Skill Level Intermediate Level
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works

Discover

Find online courses made by experts from around the world.

Learn

Take your courses with you and learn anywhere, anytime.

Master

Learn and practice real-world skills and achieve your goals.

About This Course

Published 8/2016 English

Course Description

PaloAlto firewalls are true Next Generation firewalls built from the ground up to address legacy firewalls issues. It is the first firewall platform to make decisions based on applications not just ports and protocols.  This course dives deeper into Palo Alto firewalls policies and network configuration to give the students a clear understanding on several topics. Topics covered include Security Policies configuration, SSL Decryption, Routing configuration, IPsec configuration, IPv6 configuration, High Availability configuration and other real world configuration examples.

Students are expected to have understanding of network terminology and be familiar with stateful firewall concepts, network address translation and routing protocols.

Security professionals with the skills to install configure and manage PaloAlto firewalls are in high demand. Having those skills will certainly equate to a legs up on the competition.

This online class will help in preparing the student for the PCNSE certification by covering topics in the depth that Palo Alto expects the candidates to have.

There are no materials included with this class.

There are a lot of topics covered, please click on show full curriculum to see the topics covered.

You get a certificate of completion after you complete this class

What are the requirements?

  • Students needs to be familiar with firewall concepts
  • Students needs to understand Networking Fundamentals
  • Students need to understand basic networking

What am I going to get from this course?

  • Understand Palo Alto Firewalls Deployment Methods
  • Understand Palo Alto Firewalls Security Policies
  • Understand Palo Alto Firewalls NAT configuration
  • Understand Palo Alto Firewalls Network Configuration
  • Understand User ID Integration
  • Configure user ID integration using User ID Agent
  • Configure Captive Portal to authenticate users
  • Understand the difference betwen NAT Source, Destination, UTurn
  • Understand security zones and traffic processing in PaloAlto Firewalls
  • Understand the packet flow through the PaloAlto Firewalls
  • Understand Threat Prevention capabilities of the PaloAlto Firewalls
  • Understand AntiSpyware, AntiVirus, IPS configuration
  • Understand AntiySpyware and DNS Sinkholing
  • Configure AntiSpyware, Antivirus and IPS
  • Understand PaloAlto firewall AntiSpyware policy using example configuration
  • Understand how to configure wildfire
  • Understand how to configure Data Leakage Protection
  • Configuring SSL Decryption
  • Understand SSL Decryption
  • Understand SSL decryption using a PaloAlto firewall SSL decryption example
  • PaloAlto Firewalls U-turn NAT configuration example
  • Understand the difference between Inbound and Outbound proxy
  • Understand the concept of Virtual Routers
  • Configuration of BGP and OSPF example
  • Configuration of multiple ISP with different failover scenarios
  • Configuration of policy based forwarding using different scenarios
  • Configure VPN IPSEc L2L tunnel on Paloato Firewall with different scenarios
  • Understand and Configure High Availability Active / Passive
  • Understand and Configure High Availability Active / Active with Floating IP Arp load sharing
  • Understand and Configure IPv6 on PaloAlto Firewalls
  • Understand and Configure IPv6 NPTv6

What is the target audience?

  • This Class is Suited for students who want to get deeper understanding on configuration Palo Alto Firewalls
  • This class is for students who want to see PaloAlto firewalls configuration examples

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.

Curriculum

Section 1: Basics and Platform Architecture
Preview
Preview
01:55
Message
02:33
07:03

High level overview of the Palo Alto firewall and differentiation between other vendors. Also, show the different platforms that Palo Alto and their specifications.

Firewalls Overview Quiz
4 questions
02:51

This lecture discussions the different deployment options in order to prepare the students for the configuration of different deployment on the web UI.

10:37

Showing an example on how to configure the Palo Alto firewall in a layer 2 deployment, how to configure the interfaces, security zones relating to a layer 2 deployment.

Deployment Options Quiz
8 questions
09:13

Showing an example on how to configure the Palo Alto firewall in Layer 3 setup where it's routing traffic between different interfaces and zones.

09:13

Showing an example on how to configure the Palo Alto firewall in Tap Mode and why would you use TAP mode in your deployment.

04:56

Showing an example on how to configure the Palo Alto firewall in virtual wire mode and the meaning of virtual wire.

03:14

Understand basic setup to get the firewall configured with management IP address, so you can manage it remotely.

Quick knowledge check 1 Quiz
8 questions
Section 2: Lab and AWS Palo Alto instance(s) Setup
10:01

This lecture shows you how to create a PaloAlto VM instance in Amazon to practice.

12:12

This lecture shows the student how to provision a windows domain controller to prepare for lab testing of the Palo Alto firewall in Amazon AWS.

19:02

This lecture shows the student how to setup the Amazon AWS VPC to route traffic through the Palo Alto AWS instance.

04:36

This lecture shows you what software you need to have to setup a test environment so you can practice the different scenarios discussed in the class. It goes over the general steps to setup unetlab to create your own test environment to practice the many scenarios in this class.

Section 3: Basic Administrative Tasks
05:46

This lecture shows the students the basic settings needed for the PaloAlto firewall out of the box to get up and running

06:51

This lecture shows the student how to commit changes and other basic settings.

09:54

This lecture shows the student how to configure local admin account in the firewall and authenticate them using a radius server.

07:33

This lecture shows the student how to use the Radius server to dynamically assign local admin users from active directory and give them the appropriate rule without creating any local accounts on the firewall. This facilitates managing administrators on firewalls without touching firewall configuration for each newly added administrator.

04:27

This lecture shows the student how to check the licenses, upgrade the system and install activate global protect client.

02:52

This lecture shows the student the basic step of enabling dynamic updates to maintain the firewall threats, app-id, wildfire, and global protect dat files.

04:38

Understand the management profile and what is needed as far as configuration to enable user ID, response pages and pings. Also understand the precautions to ensure that only authorized users can manage the firewall.

Quiz Basic Setup
4 questions
Section 4: Basic Security Policy Configuration
10:10

Understand security zones and how traffic is processed as it relates to security zones, and security policies.

09:33

This lecture takes you through the life of a packet from the time it enters the firewall, how it's processed from ingress to egress.

10:51

Demoing using application ID features in security policy to restrict bad application while allowing legitimate applications.

13:51

Demoing using URL filtering to protect users from threats and restrict traffic to business legitimate URLs. Showing the difference between URL rules, allow, block, continue, override, alert.

Knowledge check 2 Quiz
5 questions
02:53

Demoing how to create customer URL category for classifying internal URLs. This can be used to restrict who can access URLs belonging to that category, coupled with UserID which is discussed in the next section.

05:51

Demoing creating address objects, address groups to utilize in your security policy

03:47

Demoing creating service object and service group objects to utilize in your security policy.

04:42

Demoing using dynamic block lists to protect against bad players including known ones from internet sources or internally deemed risky IP addresses. How to use an internal server to dynamically block IP addresses without touching firewall configuration.

02:19

Demoing how to use tags to simplify readability of your security policy.

Knowledge check 3 Quiz
6 questions
Section 5: User ID integration
08:04

Lecture aimed at explaining to the student the User ID and the different methods that can be used to collect user IDs. Each of those methods will be demonstrated in the following lectures.

10:19

Demo of how to configure your domain controller to log events pertinent to User Identification. Show how to configure the user ID agent on a server to collect logs and send it to the PaloAlto firewall. Show how to configure the PaloAlto firewall to talk to the User ID agent and get the events relating to user logon.

09:03

Show how to configure the PaloAlto firewall to talk to the User ID agent and get the events relating to user logon.

05:33

Configuration Example of Integrated User ID agent in Palo Alto firewall. Demo of how to configure and utilize the integrated User ID agent on the firewall itself to collect user to IP mappings. The Palo Alto firewall has an integrated User ID agent that can be configured to connect directly to Active Directory Servers and gather users logon events and Kerbereos events and extract User and IP address to be utilized by the Palo Alto firewall for security policy decisions.

05:36

Demo of how to configure the firewall to integrate with LDAP to get user to group mapping and utilize this information in your security policy. This lecture provide a configuration example of setting the Palo Alto firewall to talk to an LDAP server to get the Active Directory groups.

05:05

Demo of how to utilize user to group mapping in your security policy. This lecture goes over configuration example of LDAP on PaloAlto firewalls to map user IDs to Active Directory groups. This allows the Palo Alto firewall to make security policy decisions based on Active Directory group membership.

06:13

Demo showing the configuration of the firewall to utilize Captive Portal to get User ID information for users that failed identification using the AD agent.

05:17

Demo of how to utilize the Captive portal in transparent mode.

16:51

This lecture shows an example of how to configure PaloAlto firewall to utilize Captive Portal integration with AD and get Single Sign On SSO information automatically from the user without prompting them to login to the Captive Portal.

06:39

Demo of how to configure PaloAlto firewalls to utilize the XML API to send user to ip mapping to the firewall, this feature allows to integrate with non supported User ID solution out of the box. This lecture goes over a scenario of configuration example of PaloAlto firewall user ID using XML provided information.

03:34

This lecture provide a configuration example of how to send syslog information to the PaloAlto firewall to extract User ID information. This example shows a Cisco ASA sending syslog information for Anyconnect VPN users to get their User ID information. Demo of how to utilize Syslog events to map user to IP addresses, example showing integration with Cisco ASA syslog events. Many companies still use Anyconnect on Cisco ASA; however, this doesn't prevent them from putting the ASA behind the Palo Alto firewall to benefit from Next Generation Features.

Section 6: Threat Prevention
08:19

Understanding PaloAlto Antivirus protection feature and demoing how to configure it to protect your users from viruses.

11:36

Understanding AntiSpyware and DNS sinkholing and demoing configuring those features to protect from spywares on your network.

10:05

Demoing how to create custom anti-spyware signatures in your firewall to customize antispyware rules.

11:37

Demoing the Vulnerability protection "IPS" feature of the PaloAlto firewall and how to create custom IPS signatures.

07:02

Demoing using File Blocking to protect against malicious files and restrict download / upload of files by certain users.

08:35

Demo on how to configure Widfire protection and utilize sandboxing for fast response on newly discovered malwares.

01:38

Demo on how to access the wildfire portal and showing what it looks like.

08:37

Demo of how to utilize the Data Filtering feature in the PaloAlto firewall for DLP protection.

04:45

Demoing of Data Leakage protection to protect against leakage of Credit Card information and block such data from leaving the network.

08:21

Understand the DoS protection feature of the PaloAlto firewall.

10:02

Demoing how to configure DoS protection on the PaloAlto firewall.

Section 7: SSL Decryption
18:17

Understand the SSL decryption concepts, preparing the students to show the configuration of SSL Decryption.

07:33

Demo of how to create self generated certificate for proxying ssl traffic and the caveats of using a self generated certificates.

06:16

Demoing the difference between SSL Trust and SSL Untrust certificate and the purpose of each.

09:05

Demoing how to create an internal PKI subordinate CA and how to utilize this to simplify the SSL decryption process for internal users that have computers member of the AD domain.

06:52

Demoing of the SSL decryption feature in action, blocking threats in traffic.

08:24

Understanding SSL inbound inspection and the purpose of using it to protect publicly hosted ssl servers in your environment.

Section 8: Network Address Translation
03:01

Explain Dynamic NAT and demo how to configure dynamic NAT on the PaloAlto firewall.

11:20

Demoing how to configure Source Nat on the PaloAlto firewall and understand how to configure the security policy correctly to reflect the actual NAT traffic.

07:50

Demoing how to configure the PaloAlto firewall for destination NAT and how to configure the security policy correctly to reflect the actual NAT traffic.

04:15

Demoing how to configure dynamic NAT pool.

03:55

Demoing how to configure source and destination nat simultaneously on traffic to understand how to deal with certain NAT corner scenarios.

05:18

Understand Uturn NAT and demo how to configure Uturn NAT to configure certain corner case scenario where Uturn NAT is needed.

Section 9: Basic and Intermediate IPv4 Networking
06:26

Demoing using the PaloAlto firewall as a DHCP server for your hosts

05:02

Demoing the default route configuration

09:58

Demoing how to configure OSPF  on the PaloAlto firewall to utilize dynamic routing to avoid using static routes and accommodate different network condition changes.

04:51

Demoing how to configure BGP on the PaloAlto firewall to interface with a service provider

02:46

Demoing how to configure BGP to advertise networks to service provider.

09:06

Demoing the user of multiple virtual routers in your environment and why would that be beneficial.

11:47

Demoing the use of multiple virtual routers and how does this setup apply to NAT configuration and security policy configuration.

16:39

Demoing how to configure the firewall to integrate with 2 service providers and failover using BGP.

09:35

Demoing how to configure multiple ISP failover using floating static routes.

08:07

Demoing how to use policy based forwarding to failover between multiple ISPs.

05:09

Demoing how to configure load sharing to effectively utilize multiple service provider connections in active active fashion.

Section 10: High Availability
13:22

Understand the terminologies of High Availability, the difference between HA1 and HA2 interfaces. The purpose of HA1 and HA2 interfaces. Understand concepts behind high availability to pave the way to show the configuration example of active/passive setup.

14:55

Lab demonstration of active/passive setup between 2 PaloAlto firewalls, configuring HA1 and HA2, configuring preemption, HA groups and all settings required to enable two PaloAlto firewalls to start synchornizing their configuration and sessions as well as preempt active/passive in case of failover.

15:18

Showing the student what happens when HA1 interfaces go down without a backup or heartbeat backup. Showing students synchornization on HA1 as well as the way firewalls perform when they are in active/standby pair. Further, showing the student how to avoid split brain situations.

15:08

Demoing using HA1 Backup and HA2 backup as a failsafe mechanism to protect against HA1 and HA2 failure

13:00

This lecture demos Link monitoring using Link Groups and explain the purpose of Link Groups. This lecture demos the Path monitoring and explain the purpose of Path monitoring. This lecture shows operational commands for manual HA failover.

09:17

Explaining active-active concepts to prepare for a configuration demo of active active with floating IP

22:23

Configuration demo of using 2 active firewalls to load share traffic by utilizing Floating IP addresses.

Understand Natting in the case of active-active, understand session owner options. Understand failover in the case of a firewall failure.

19:38

Understand active/active session owner, session setup scenarios. Configuration example for using session owner, session setup different scenarios.

10:50

Configuration example of configuring Static NAT in active/active high-availbility scenario and some caveats relating to this setup. Best practice scenario on how to set it up to avoid asymmetric path ssues.

10:53

Configuration of Arp Load sharing with Active / Active high availability example. In this scenario, a Palo Alto pair of firewalls are configured in Active/active high-availability with a destination NAT that is shared by the two firewalls using arp load sharing.

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Infinity Technology Services, Network Security Classes Focusing On NextGen Products

Classes offered by instructor with industry proven experience. He started his career as a help desk technician and progressed to desktop support then systems administration. With interest into networking, he obtained his CCNA and CCNP - 15 years ago. After obtaining his certification he moved to a technical manager position managing both systems and network infrastructure. He shifted his focus to security as his specialization and obtained the CISSP certification. The CISSP is the industry leading information security certification.

Technical hands-on passion led him to move back to the ranks and become an engineer honing his skills in the network security field. He mastered the Cisco ASA firewalls and Cisco security components and obtained the CCIE security, CCNP security and other security specialization certification.

For the past several years he has been working for a value added re-seller supporting Cisco, PaloAlto, and Fortinet security solutions. He became PaloAlto certified and sourcefire SSFIPS and SSFAMP certified.

"It is difficult and expensive to get hands on material covering the latest products like Sourcefire, PaloAlto, and Fortinet. I am making those classes to give students the education they need at a reasonable cost - with practical experience backing it."

Ready to start learning?
Take This Course