Palo Alto

Palo Alto Network Security Training

palo alto

Palo Alto Certified Network Security Engineer-PCNSE

Course Overview
Palo Alto certification validates your ability to configure the central features of Palo Alto Networks Next Generation Firewall and capability to effectively deploy the firewalls to enable network traffic based on who (User-ID), what (App-ID), and when (Policy), all while ensuring security (Content-ID). Demonstrate your ability to configure the central features of Palo Alto Networks Next Generation Firewall and capability to effectively deploy the firewalls to enable network security.

Download Syllabus

Learning Goals

Learning Goals
By the end of this course participants will be able to:
1. Demonstrate knowledge of the Palo Alto PANOS devices.
2. Understand security technologies used in Palo Alto Firewalls.
3. Configuration and troubleshooting skills of related platforms.

Pre-Requisites

Pre-Requisites
This course is for security professionals looking to work in a Palo Alto environment. Knowledge of basic networking including OSI and TCP/IP Model and sub-netting is mandatory to attend this course.

Teaching Methodology

Teaching Methodology
This is a very hands-on course where participants carry out practical exercises according to the lab guide provided. The concepts are taught through implementation of real-world use-cases. Our exercises have been carefully designed
to replicate scenarios participants will face in real life work conditions.

Who Should Take This Course?

Who Should Take This Course?
This course is designed for security professionals with knowledge of basic networking looking forward to gain understanding of security technologies offered by Palo Alto Next-Generation Firewalls and configuration and troubleshooting of related platforms.

Course Content:

1. Platform and Architecture

  • Understand meaning of next generation firewall[NGFW].
  • Introduction to different firewalls models in the market and market ranking of Palo Alto.
  •  Parameters for deciding firewall for a network
  • Stateless vs Stateful Firewalls
  • Architecture of Palo-Alto OS and firewall platforms covering VM firewalls and hardware firewalls.
  • Application of various platforms suiting to different network environments

2. Initial Configuration of Firewall

  • Introduction to WebUI and CLI of Palo Alto.
  • Default setting on Palo Alto firewalls.
  • Configuration of initial parameters- DNS setting, passwords, login IP.
  •  Saving and loading configurations.
  •  Types of admin accounts and creating multiple admins.
  •  Locks available in WebUI.
  •  Setting up passwords and password complexities.
  •  Updating Signature Database and Licensing of Firewall
  • Setting up of the basic network.

3. Interface Configuration

  •  Types of interfaces available in firewall- Layer 3, Layer 2, HA, Tap and Virtual-Wire.
  •  Choosing type of interface for particular network design.
  •  Configuring interfaces depending on network design.
  •  Configuring Virtual-Wire, VLANs and Virtual Router.
  •  Routing in Palo Alto- Static, OSPF, BGP.
  •  Setting up service route on firewall.
  • Configuring parameters on management interface via CLI and WebUI.

4. Security and NAT Policies

  • Types of security policies.
  •  Configuration and logical design of policies.
  •  Order of processing the policies by the firewall.
  •  Enabling and disabling policies.
  •  External Dynamic Lists [EDL] and usage in security policies.
  •  Pre-defined and user-defined EDL.
  •  Uses of profiles in policies.
  •  Actions in security policies- Allow, Drop, Deny, Reset Server, Reset Client, Reset both.
  •  Understanding and configuration of types of NAT- static, dynamic, PAT, source anddestination.

5. App-ID

  •  Understand TCP packets and how NGFW firewalls process them.
  •  Drawbacks faced by traditional firewalls in understanding Layer-7applications.
  •  Application detection mechanism in Palo Alto
  •  Applipedia, Implicit and explicit application dependencies
  •  Application groups and Application filters.
  •  Configure App-ID, Application Exceptions, Custom Apps and Application override policy.

6. Content-ID

  • Content inspection using SP3 architecture.
  •  Security profiles- Anti-virus, Anti-Spyware, Vulnerability, File Detection and Data filtering
  •  Applying security profile in security policies.
  •  DNS Sinkholing in Palo Alto.
  •  Exceptions handling in profiles.
  •  Configure Content-ID in PAN-OS.

7. URL Filtering

  • URL categorization.
  •  Updating URL Database.
  •  Actions taken in URL filtering policy.
  •  Credential phishing avoidance policy in Palo Alto.
  •  Configuration of URL filtering.
  •  Setting override password in Palo Alto.

8. SSL Decryption

  • Working of SSL to establish encrypted session.
  •  Why SSL decryption is needed?
  •  Types of SSL Decryption- SSL Forward Proxy, SSL Inbound Inspection and SSHProxy
  •  Self-signed certificate versus CA signed certificate.
  •  Configure PAN-OS where to do and where to avoid SSL decryption.
  •  Enable SSL Opt-out Page for users.
  •  Verify SSL Decryption in traffic logs.

9. Working of Wildfire

  • What is wildfire?
  •  Why is Wildfire so important in modern day networks?
  •  Configure wildfire in Palo Alto Network firewall.
  •  Wildfire analysis in public cloud and private cloud.
  •  Wildfire licensing and subscriptions
  •  Understanding of wildfire reports.

10. GlobalProtect VPN

  • What is GlobalProtect VPN?
  • Configure GlobalProtect Portal and Gateway.
  • Use GlobalProtect App for Windows, Linux andiOS

11. Site-to-Site IPSec VPNs

  • Understanding of IPSec site to site VPNs.
  •  Understand IPSec Phase-1 and Phase-2 profiles.
  •  Difference between Main mode and aggressive mode in phase-1 and use cases.
  •  How does Diffie-Helman Exchange works.
  •  Features offered by Palo Alto to secure IPSec VPNs from intruders.
  •  Configuration of IPSec VPN between two firewalls.
  •  Considerations when deploying VPN with third party vendor device.
  •  Monitoring an IPSec VPN.

12. User-ID

  • Overview of User-ID
  •  User-ID Concepts
  •  Types of user mapping- server monitoring, port mapping, XFF headers, syslog,GlobalProtect, XML API.
  •  Configure Captive Portal in Palo Alto Networks Firewall
  •  Service account for user-ID agents.
  •  Map IP addresses to users.
  •  Deploy user-ID in a large scale network.
  •  Verify user-ID configuration

13. Monitoring Reports in Palo Alto

  • Monitor threat logs in Palo Alto
  • Take packet captures
  • Generate reports for logs
  • Generate customized reports
  • Schedule PDF reports over email.
  • Use Application Command Center.

14. Active/Passive High Availability

  • High Availability Overview.
  • High Availability Concepts in Palo Alto.
  • Setup Active/Passive HA.
  • Selection of Active firewall.
  • High Availability Synchronization.
  • High Availability Firewall States.
  • Design layout for Active/Passive and Active/Active HA.
  • Monitor and troubleshoot High Availability.

15. Quality of Service

  • QoS for application and users.
  • QoS policy.
  • QoS profiles and classes.
  • QoS priority queuing.
  • QoS bandwidth management.
  • QoS interface mapping.
  • Configure and verify QoS policy.

16. Panorama

  • Configure management Panorama server.
  • Configure template and template variables.
  • Configure device groups.
  • Install updates for Panorama.
  • Modes of operation of Panorama.

Practical Learning Exercises

A lab guide will be provided to each student with requirement scenarios. Along with lab guide required VMs and cloud access will be provided to set up and practice individual labs for self practice. A sample scenario would consist of one interface of Palo Alto appliance connected to internal network, one interface connected to Server farm and one interface connected to the internet. Similarly there would be scenarios for implementing, verifying and troubleshooting all modules covered in the course.

 

Gencor Learning Solutions Pvt Ltd.

I am happy to be here in Gencor which provided me with technical professional and skillful aspects of auto cad, thank you.

Kush Prakash - West Bengal University of Technology

I completed CCNA traning and certification preparation before appearing for ccna global examination 200-120 from gencor.

Amit Kumar - Lovely Professional University

The trainer has good knowledge of the subject.

Saurabh Kumar Suman - Shaheed Bhagat Singh State Technical Campus, Ferozepur

This institute is the best institute in web designing. Trainer sir is good in knowledge and best trained and  provided web designing knowledge to me.

Abhishek Kumar - Guru Gobind Singh Polytechnic College, Talwandi Sabo, (Bhathinda) Punjab

The trainer is good, so I think everything is good. 

Rabindra Kumar Yadav - Samalkha Group of Institutions

The Gencor classes is good for getting the knowledge. The trainer has good communication with students. I completed CAD training in Mechanical from here.

Akash Kumar - Jawaharlal Nehru Technological University, Hyderabad

I gained a lot here in the Gencor and I believe that it will help to enhance my knowledge and personalty further in my life.

Prem Kumar - BIT Sindri

Institute Completed my training as per  Syllabus provided on time. 

Akshay Kumar - The Institution of Civil Engineers, Delhi

Gencor institute is the best institute which completed my course on Civil CAD on time.

Amit Kumar - Reg No - 001/15348 - Civil CAD

The overall system of teaching is favorable and good as I expected and helped a lot in increasing my knowledge.

Sunny Kumar

I appreciate the course by the institute and efforts put in to complete it within the prescribed time limits.

Mohammad Asad Eqbal

The trainer has good knowledge of autocad, so I am happy to complete the training of AutoCAD from here.

Hemant Raj - Reg No.: 001/15307 - Civil CAD

The Trainer is nice one. He teaches well. The institute is good. I have faith on the Institute.

Vikash Kr Mandal - Reg No.: 001/15308 - Mechanical CAD

The institute is very good one and object oriented, focused on setting  up career for engineering students. The trainer is having enough knowledge to guide students.Teaching method is very much appreciated and interactive.

Indranil Mazumdar - Reg No.: 001/15312 - Civil CAD

All class I did here was very good. Faculty provide every detail about syllabus & Course. I am thankful of you.

Sumank Saurav - Reg No.: 001/15321 - Mechanical CAD

Trainer is the best guide for autocad and institute is also best for autocad

Vikash Kumar Sharma - Reg No.: 001/15322 - Mechanical CAD

This is professional institute , It has given the full knowledge of the subject, It is best best providing knowledge.

Dinu Kumar - Reg No.: 001/15328 - AutoCAD ME

This institute given me knowledge about Autocad and I appreciate that . I must recommend other to learn CAD from here.  

Abhishek Kr Singh (Reg No . 001/15332)

I am Gracy Pradhan , completed my  Linux training on RHCE from GenCor. Training is fully practical based and full syllabus coverage prescribed RED Hat Inc. . This training is surely going to provide me help in placement by college.

Gracy Pradhan - Ram Krishna Dharmarth Foundation University

I completed my Autocad Civil Training with Project and certification from GenCor InfoEdge – India, Trainer is The best in providing training .

Sonu Kumar

Best Training for telecommunication on Cisco CCNA. I got placed in 3i infotech Patna.

Scan the code