4.52 out of 5
4.52
1334 reviews on Udemy

Mastering Palo Alto Networks

Dominate and take control of all the features that Palo Alto firewalls can offer to protect and secure your network
Instructor:
Packt Publishing
6,623 students enrolled
English
Implement Palo Alto NGFW profiles and policies such as URL Filtering, App-ID, Antivirus and DoS to leverage Palo Alto's stateful security protection
Enable IPsec Tunnel based VPNs and SSL-VPN configurations (Globalprotect VPN) for a cost-effective and scalable remote connectivity solution
Configure dynamic and static routing process in Palo Alto's virtual routers and configure Network Address Translations
Multi-Tenant or Multi-Context Deployment scenarios that provide logical segmentation between Virtual firewall instances in a traffic and control-plane standpoint
Highly available Active-Active and Active-Standby configurations to provide always-on redundant firewall policing, inspection and routing services
Enable Load Balancing and Floating Virtual IPs to leverage hardware resources and scale the firewall network architecture
Perform day-to-day firewall monitoring and maintenance tasks such as firewall updates, PAN-OS firewall upgrades, and backup and recovery procedures
Integrate Palo Alto firewalls into Panorama for central firewall management operations

Network security is not a choice; it’s a must! Palo Alto Networks is one of the top firewall platform choices when it comes to protecting and securing all your critical on-premise and cloud infrastructures. That said, it’s highly probable that you—as a Network Security Engineer—is or will be managing or deploying one in your own or your customers’ environments.

This training guide will help you fully understand what tools, features, and options your Palo Alto firewalls can offer to protect and enhance visibility in your network traffic. It has been developed by someone who understands that learning every possible aspect of a technology platform can consume precious time.

Why is this course perfect for you? It will get you from zero to hero in no time, so you can take full advantage of all of the features that the Palo Alto firewall platform has to offer. From initial policy configurations to configuring Nat and security rules to performing Active-Active highly available clusters, you’ll learn all there is required to set it up like a pro!

After completing this training guide, you’ll feel confident that you can take full advantage of all of the features of Palo Alto firewall and most importantly, keep the bad guys out of your network.

About the Author

Rene Cardona is a Network Solutions Architect with over 8 years of experience in core data centers and security infrastructure designs, architecture, consulting, and implementations. He has performed many security and data center architecture refreshes for major U.S. corporations in the logistics, retail, healthcare, and education fields.

He has provided expert insights during migrations from firewall platform vendors such as Palo Alto, Cisco, Fortinet, and Checkpoint. His vast proficiency experience ranges from Hyper-Converged Datacenter Environments, VXLAN, SDN, SD-WAN and Multi-Datacenter High Availability (MDHA) to Network Security (firewalls, Network Admission Control, and Network Security Architectures). He is currently in charge of securing one of the biggest shipping container terminals in the United States.

Getting Started in PAN-OS 8

1
The Course Overview

This video will give you an overview about the course.

2
Welcome to Pan-OS 8

This video will introduce you to the Palo Alto Networks Operating System version 8 (PAN-OS 8) web graphical user interface. It will also provide the end user, web management interface familiarity, with navigation through tools and settings.

   •  Review dashboard tab and object tab

   •  Analyze the policy tab, network tab, and device tab

   •  Explore ACC tab and monitor tab

3
Dashboard Introduction

This video reviews the PAN-OS 8. 1.0 home dashboard. It guides on how to customize the dashboard in favor of the firewall administrator’s benefit, and interpreting system logs and adding widgets to the dashboard.

4
Console-Based Administration

Guided tour to the available functions inside the console interface. Retrieving information, performing troubleshooting steps, and maintenance tasks, from the console interface.

   •  Show commands to query information, not shown on the GUI

   •  Request to execute various administration commands

   •  Use test to perform fast troubleshoot steps

5
Device Management

An overview on how we can effectively delegate and control access to a management interface. Also, shows how to provide management attributes to an interface and delegate custom rights to local administrators.

   •  Review the physical interface location

   •  Configure a management profile

   •  Configure an administrator role for management purposes

6
Test Your Knowledge

Firewall Objects: Addresses, Services, and Groups

1
Address Objects and Groups

This video explains in detail how to take advantage in creating and applying address objects and groups to structure a clean and precise security policy table.

   •  Create an address object

   •  Create an address group

   •  Consolidate address objects into their respective groups

2
Service Objects and Groups

This has a detailed explanation on how to take advantage in applying service objects and groups on the firewall security policy table, and how it allows concise policy structure format and standardization.

   •  Create a service object

   •  Create a service object group

   •  Nest service object group to shrink the policy table

3
Application Objects and Groups

This section explains in detail how to profile the traffic by creating application objects and classify them in groups.

   •  Create an application object

   •  Create an application group

   •  Classify application objects in a group

4
PAN Application Research Center

Here we shall review Applipedia or the Application Research Center, to understand the Palo Alto network’s application objects database. Also, we shall review application object dependencies to properly configure application objects.

  • Get familiar with applipedia.paloaltonetworks.com

  • Review application objects dependencies

  • Add required dependencies for specific application groups

5
User Objects and Groups

This explains how to create local user accounts on the firewall, to enforce security policies, based on the local user database. Also, how to create local user groups to organize and enforce user group based policies.

   •  Create a local user account

   •  Create a local user group

   •  Add the local user on the local group and enforce security

6
LDAP Authentication and Remote Users and Groups

It tells us how to integrate your Palo Alto firewall with LDAP, to enforce directory service-based user account security policies.

   •  Perform LDAP integration with service account

   •  Perform LDAP user group mapping

   •  Create security groups with LDAP security groups

7
Test Your Knowledge

Firewall Security Zones, Interface Types, and V-Wires

1
Firewall Security Zones

This video provides mandatory security isolation, by classifying interfaces into their respective locations on the network.

   •  Identify your perimeter networks:  outside, inside, and DMZ

   •  Create individual security zones

   •  Add respective member interfaces on each zone

2
Interface Type

This video explains various options to provide end to end connectivity between your Palo Alto firewall and your core network infrastructure.

   •  Configure Layer 2 interfaces

   •  Configure Layer 3 interfaces

   •  Configure Tunnel, Loopback, and HA interfaces

3
V-Wires

This video explains how to allow the Palo Alto firewall to enforce traffic transparently, by bridging ingress and egress interfaces, and traffic in zones, without influencing the routing path decisions.

   •  Configure the physical interfaces in V-wire mode

   •  Create a V-wire and bridging the two interfaces that were previously configured

   •  Allocate each V-wire member interface in a security zone and creating a security policy

4
Test Your Knowledge

Security Policies, Routing Contexts, and NAT

1
Security Policies (Part One)

This gives us a real life work scenario introduction on how to build network security policies.

   •  Review the security rule requirements

   •  Create required objects

   •  Configure the required security policy

2
Security Policies (Part Two)

Applying security policies based on application and user attributes.

   •  Identify the user or application to grant/restrict traffic

   •  Create required application/user objects

   •  Configure the required security policy

3
Routing Contexts: INET-VRTR

This video will review our first virtual router deployment and enable traffic flow on the virtual instance.

   •  Create the virtual router (VRTR) for internet access

   •  Identify the user traffic that will be granted internet access

   •  Apply the route on the virtual router and enable access to the outside world

4
Routing Contexts: Servers-VRTR

We shall see how to create a dedicated virtual router for server traffic and enable dynamic routing.

   •  Create the virtual router (VRTR) for server traffic access

   •  Configure OSPF as our dynamic routing protocol

   •  Advertise a network via OSPF, between the core and the firewall

5
Destination NAT (D-NAT)

Here, we shall configure a destination network address translation, that will allow external users reach a webserver on the DMZ.

   •  Create the destination NAT policy

   •  Create the security policy to allow inbound access

   •  Enable the NAT policy and test reachability from the user’s perspective

6
Source NAT (S-NAT)

We shall configure a source address translation that will allow internal users reach the outside zone (Internet).

   •  Create the source NAT policy

   •  Create the security policy to allow outbound access

   •  Enable the policy and test reachability to the internet, from internal user

7
Test Your Knowledge

Next-Generation Firewall Features

1
Security Profiles Overview

General overview of all the next generation features available on the Palo Alto firewall.

   •  Discuss each security profile

   •  Demonstrate use case scenarios

   •  Explore options available inside each security profile

2
Antivirus and Anti-Spyware Profiles

Apply antivirus and anti-spyware profiles to protect the environment from common threats.

   •  Review default settings on each profile

   •  Create custom profiles

   •  Apply both default and custom profiles to each respective policy

3
URL Filtering and File Blocking

Configure URL filtering and file blocking profiles to limit user access to restricted content on the web.

  • Review default settings on each profile

  • Create custom profiles

  • Apply both default and custom profiles to each respective policy

4
Denial of Service Protection

Review and configure DoS zone protection profiles and understand the use cases.

   •  Configure DoS protection profiles

   •  Configure DoS zone protection policies

   •  Review the zone protection profile configuration

5
Test Your Knowledge

High Availability Firewall Clustering and Virtual Systems

1
Introduction to HA and Firewall Clustering

A general overview of HA environments in Palo Alto firewalls.

   •  Active/Standby overview

   •  Active/Active overview

   •  Virtual IP overview

2
Active/Standby High Availability (Part One)

Enable redundancy on the PA environment with Active/ Standby HA configuration.

   •  Enable the HA interfaces

   •  Enable Active/Standby with HA Interface configurations

3
Active/Standby High Availability (Part Two)

In this video, we will execute failover test.

   •  Configure HA interfaces

   •  Configure zones: Both, outside and inside

   •  Confirm HA is active and execute failover test

4
Active/Active HA Clustering

Here, we shall enable redundancy and load balancing, and maximize capacity on the PA environment with Active/Active HA configuration.

   •  Configure unique Zone IPs

   •  Configure virtual IPs and enable Active/Active HA

   •  Confirm HA is active and execute failover test

5
Virtual IP Load Balancing with ARP Sharing and Floating IPs

Enable Active/Active traffic load balancing with virtual IPs and failover traffic with floating IPs.

   •  Configure ARP load sharing with virtual IPs

   •  Configure floating IPs

   •  Test virtual IP reachability and failover services

6
Virtual Systems

Leverage hardware resources, limit complexity, and maintenance by enabling virtual systems.

   •  Enable virtual systems (vsys) under device

   •  Create virtual systems

   •  Allocate dedicated interfaces and virtual routers to the vsys

7
Test Your Knowledge

IPSec VPN Tunnels and GlobalProtect

1
PAN-OS VPN Tunneling Options

A general overview of IPSec tunneling options and GlobalProtect.

   •  Review the IPSec site to site tunnel modes

   •  Review the GlobalProtect gateway and portal

   •  Understand the cases where we can apply either of the solutions

2
IPSec Site-to-Site VPN (Tunnel Mode)

Enable a site-to-site IPSec tunnel in tunnel (proxy) mode and send traffic between the distant networks.

   •  Configure all prerequisites for our IPSec tunnel

   •  Configure the IPSec tunnel along with security policies

   •  Enable the tunnel and test traffic flow and reachability

3
IPSec Site-to-Site VPN Interface Mode

Convert the IPSec tunnel into an interface mode, by configuring L3 tunnel interfaces.

   •  Configure the tunnel interfaces in L3 and allocate IPs

   •  Enable dynamic routing (OSPF) and advertise distant networks

   •  Confirm traffic reachability to the advertised networks

4
GlobalProtect Remote Access VPN Portal

Enable the GlobalProtect portal and assign access groups.

   •  Configure the VPN users and users’ groups

   •  Configure the GlobalProtect portal on the outside interface

   •  Test reachability of the GlobalProtect portal and download GlobalProtect agent

5
GlobalProtect Gateway

Enable secure remote access to your external users by configuring a GlobalProtect gateway for VPN services.

   •  Create a GlobalProtect VPN security zone and tunnel interface

   •  Create a GlobalProtect gateway and configure the agent

   •  Configure the GlobalProtect portal agent for external gateway access

6
Test Your Knowledge

Management and Maintenance Operations

1
Performing PAN-OS Software Upgrades

Detailed PAN-OS upgrade procedure demonstration. Base PAN-OS and Maintenance PAN-OS versions.

  • Discuss upgrade paths

  • Perform maintenance version upgrades

  • Perform base version upgrade

2
Configuration Revisions, Backups, and Restores

This will give the firewall configuration management overview and also configuration backup, restore, reverts, and audits.

  • Perform running and candidate configuration audits

  • Perform configuration backup and snapshot

  • Perform configuration reverts and restores

3
Recovering Palo Alto Firewalls Using the Console

Perform emergency recovery procedures and troubleshooting with the maintenance recovery tool.

  • Boot the Palo Alto firewall, during boot enter “maint” when prompted

  • Restore from factory once in the maintenance mode, if needed

  • Repair disk partition corruption, if needed, using the recovery tool

4
Central Palo Alto Firewall Management with Panorama

We shall administer multiple geographically dispersed Palo Alto firewalls using Panorama.

  • Add devices to Panorama

  • Configure device groups in Panorama and add respective devices

  • Configure shared policies for all device groups or configure policies per device group

5
Test Your Knowledge
You can view and review the lecture materials indefinitely, like an on-demand channel.
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don't have an internet connection, some instructors also let their students download course lectures. That's up to the instructor though, so make sure you get on their good side!
4.5
4.5 out of 5
1334 Ratings

Detailed Rating

Stars 5
624
Stars 4
548
Stars 3
130
Stars 2
20
Stars 1
12
30-Day Money-Back Guarantee

Includes

9 hours on-demand video
Full lifetime access
Access on mobile and TV
Certificate of Completion
Mastering Palo Alto Networks
Price:
$138.98 $109

Community

For Professionals

For Businesses

We support Sales, Marketing, Account Management and CX professionals. Learn new skills. Share your expertise. Connect with experts. Get inspired.

Community

Partnership Opportunities

Layer 1
samcx.com
Logo
Register New Account
Compare items
  • Total (0)
Compare
0