Firewall 8.0 Essentials: Configuration and Management(EDU-210)

Course Description

This class will enable you to:

• Configure and manage the essential features of Palo Alto Networks® next-generation firewalls.
• Configure and manage GlobalProtect to protect systems that are located outside of the data center perimeter.
• Configure and manage firewall high availability.
• Monitor network traffic using the interactive web interface and firewall reports.

Audience

• Network Administrators
• Network Engineers
• Security Engineers
  

Agenda

Module 1: Platform and Architecture

• Security platform overview
• Next-generation firewall architecture
• Zero Trust security model
• Public cloud security
• Firewall offerings

Module 2: Initial Configuration

• Administrative controls
• Initial access to the system
  
• Configuration management
  
• Licensing and software updates
  
• Account administration
  
• Viewing and filtering logs

Module 3: Interface Configuration

• Security zones and interfaces
  
• Tap interfaces
  
• Virtual Wire interfaces
  
• Layer 2 interfaces
  
• Layer 3 interfaces
  
• Virtual routers
  
• VLAN interfaces
  
• Loopback interfaces
  
• Policy-based forwarding

Module 4: Security and NAT Policies

• Security policy fundamental concepts
  
• Security policy administration
  
• Network Address Translation
  
• Source NAT configuration
  
• Destination NAT configuration

Module 5: App-ID

• Application Identification (App-ID) overview
• Using App-ID in a Security policy
  
• Identifying unknown application traffic
  
• Updating App-ID

Module 6: Content-ID

• Content-ID overview
  
• Vulnerability Protection Security Profiles
  
• Antivirus Security Profiles
  
• Anti-Spyware Security Profiles
  
• File Blocking Profiles
  
• Attaching Security Profiles to Security policy rules
  
• Telemetry and threat intelligence
  
• Denial of service protection•Application Identification (App-ID) overview

Module 7: URL Filtering

• URL Filtering Security Profiles
• Attaching URL Filtering Profiles

Module 8: Decryption

• Decryption concepts
• Certificate management
  
• SSL Forward Proxy decryption
  
• SSL Inbound Inspection
  
• Other decryption topics: Unsupported applications, No decryption, Decryption port mirroring, Hardware security modules, Troubleshooting SSL session terminations

Module 9: WildFire

• WildFire concepts
  
• Configuring and managing WildFire
  
• WildFire reporting

Module 10: User-ID

• User-ID overview
• User mapping methods overview
  
• Configuring User-ID
  
• PAN-OS® Integrated agent configuration
  
• Windows-based agent configuration
  
• Configuring group mapping
  
• User-ID and Security policy

Module 11: GlobalProtect

• GlobalProtect overview
• Preparing the firewall for GlobalProtect
• Configuration: GlobalProtect Portal
  
• Configuration: GlobalProtect Gateway
  
• Configuration: GlobalProtect agents

Module 12: Site-to-Site VPNs

• Site-to-site VPN
  
• Configuring site-to-site tunnels
  
• IPsec troubleshooting

Module 13: Monitoring and Reporting

• Dashboard, ACC, and Monitor
  
• Log forwarding
  
• Syslog
  
• Configuring SNMP

Module 14: Active/Passive High Availability

• HA components and operation
  
• Active/passive HA configuration
  
• Monitoring HA state

Module 15: What's Next

• Operational guidelines
  
• Analyzing ACC information
  
• Optimizing Security Profiles