PALO ALTO TRAINING

Platforms and Architecture

• Single Pass Architecture
• Flow Logic
• Designing your PAN in the Network

Initial Configuration

• Initial Access to the PAN and Account Administration
• Overview of Dashboard and Configuration Management
• Licensing and Software Updates

Interface Configuration

• Security Zones
• Layer2, Layer3, Virtual Wire and Tap
• Sub Interfaces and virtual routers

IP Routing

• Static and Default Routing
• Routing with OSPF and BGP
• Policy Based Forwarding

Security and NAT policies

• Security Policy configuration
• Filtering based on Protocol and Port
• Overview of Application Inspection
• Filtering based on Applications
• Creating Service Objects
• Creating Service Groups
• Testing Security Rules
• Network Address Translation (Source and Destination)

SSL Decryption

• Certificate management
• Creating and Installing Certificate
• Decryption policy
• Application database and Categories

URL Filtering

• URL Filtering (Block and Continue)
• Custom Block page and URL Category

File Blocking (Google Mail)

• Firewall Policy and Profile
• Decryption Policy
• Testing File Blocking
• Monitoring File Blocking
• Monitoring Decryption
• Testing when changing the file type

Anti Virus

• Anti-Virus Profile and Firewall policy
• Decryption Policy
• Testing Anti-Virus Blocking (Non-Secure, Secure web pages)

Site to Site VPN

• Configuring Site to Site VPN (Ipsec Tunnels)
• VPN configuration Between CISCO Router and Palo Alto

User Identification using Active Directory (without an Agent)

• Configuration on Active Directory Domain Controller
• User Identification Configuration on PAN appliance
• Creating security policies
• Testing and Monitoring
• Considerations when using User-ID

Captive Portal

• Review of LDAP profile and Authentication Profile
• User Identification
• Security and Captive Policies
• testing and Monitoring

Management, Reporting, and Logging

• Log Forwarding (SyslogServer) and SNMP
• Viewing Traffic Reports for top Talkers and Applications