This course will guide students through how to setup, configure and manage the most common features of the Palo Alto Networks next-generation firewall platform. Students will learn about the more advanced features that are available on the Palo Alto platform and where you would want to deploy those advanced features in a network environment. Students will learn how to monitor network traffic using Palo Alto's interactive interface and also how to build and export firewall reports. Students will learn how to deploy the GlobalProtect VPN system and how to configure basic high availability features on the Palo Alto firewall platform.
Prerequisites:
Students should have a basic familiarity with network routing, switching, and IP addressing. Students should also be familiar with basic concepts of network security. Previous experience with configuration of other brands of firewalls and network security devices is a plus.
Module 1: Initial Configuration
- Connect to firewall
- Load a base day-1 configuration
- Add an administrator role and account
- Test transaction locks
Module 2: Interface Configuration
- Create new security zones
- Create interface management profiles
- Create a virtual router
- Configure layer 3 ethernet interfaces
- Configure DHCP
- Test connectivity
Module 3: NAT and Security Policies Configuration
- Create a source NAT policy
- Create a outbound NAT policy
- Verify Internet connectivity
- Create a destination NAT policy
- Create security policy rules
- Test NAT and security policy rules
Module 4: App-ID Configuration
- Refine security policy for internet access
- Enable interzone logging
- Enable the application block page
- Verify application blocking and internet connectivity
Module 5: Content-ID Configuration
- Create a custom URL filtering category
- Configure a URL filtering profile
- Configure an antivirus profile
- Configure an anti-spyware profile
- Assign profiles to policies
- Test the antivirus profile
- Test the URL filtering profile
- Configure a Security Profile Group
- Assign a security profile group to a policy
Module 6: File Blocking and WildFire Configuration
- Create a file blocking profile
- Create a WildFire analysis profile
- Assign the profiles to a Security Profile Group
Module 7: Decryption Configuration
- Verify behavior without decryption
- Create SSL certificates on firewall
- Create SSL Decryption Policies
- Modify the security policy rules
- Test the SSL decryption policy
- Test the SSL no-decryption policy
- Import the certificates into windows OS
- Exclude a site from decryption
Module 8: User-ID Configuration
- Enable User-ID on inside zone
- Configure the LDAP server profile and Authentication Profile
- Configure User-ID group mapping
- Install and configure the User-ID agent software
- Configure the User-ID agent Service
- Configure firewall to connect to the User-ID agent
- Test user-id
Module 9: Site-to-Site VPN Configuration
- VPN Design
- Configure IKE Crypto Profile
- Configure IPSec Crypto Profile
- Configure tunnel interfaces
- Configure IKE gateway
- Configure IPSec Tunnel
- Create static route
- Create security policy rule
- Test connectivity
Module 10: Management and Reporting
- Explore the dashboard, ACC, Session browser
- Explore the logs
- Create a custom report
Module 11: Active/Passive Configuration
- HA design
- Display the HA widget
- Configure the firewall for HA
- Configure Active/Passive HA
- Configure HA monitoring
- Verify HA configuration