palo alto pcnsa - sevenmentor
TRANSCRIPT
Palo Alto ( PCNSA )Polo Alto Network Certied
Network Security Administrator
Palo Alto ( PCNSA )Polo Alto Network Certied
Network Security Administrator
www.sevenmentor.com
www.sevenmentor.com
Paloalto Intro and Deployment Options
1. Palo Alto Firewalls overview2. Deployment Options3. Layer 2 deployment4. Layer 3 deployment5. Layer 2 deployment and spanning tree6. Layer 2 Features and Limitations with demonstration7. Virtual Wire deployment8. Virtual Wire IP Classify9. Tap Mode deployment10. Initial Conguration
Basic Administrative Tasks
1. Basic Settings2. Changes and Committing changes3. Local Administrator Account with External Authentication4. External Authentication Using Radius Server5. System software Upgrade / Downgrade, global protect client install6. Dynamic Updates7. Interface Management Prole
Threat Prevention
1. Security Zones and Trafc Processing2. Packet Flow3. Rules based on application using App-ID4. Security Policy Rules for applications not running on application default ports5. Application Override Policies - Custom Applications6. URL Filtering Rules and Options7. Custom URL Category8. Using Address Objects9. Using Service Objects10. Using Dynamic Block Lists11. Using Tags
www.sevenmentor.com
User ID integration
User ID integrationInstalling User ID agent on ADCongure the rewall to use user ID agentConguring integrated User ID agent Group to User ID mapping Making decisions based on user group membership example Identifying Users using Captive Portal Redirect Mode User ID mapping using CaptivePortal in Transparent Mode Captive Portal using Broswer Challenge SSO example Relaying UserID information using XML example Threat Prevention
AntiVirius congurationAnti Spyware and DNS SinkholingCreating custom Anti-Spyware signaturesConguring Vulnerability Protection and Custom SignaturesFile PoliciesConguring WildreWildre PortalConguring Data Filtering - Data Leakage PreventionData leakage demo - Credit Card Numbers Detection and BlockingDenial Of Service ProtectionImplementing Zone and Host Denial Of Service Protection SSL Decryption
Certicates, Certicate of Autorities, and Decryption ConceptsSSL Forward Proxy - Trust Certicate - Local Cert on PaloAltoSSL Forward Proxy - Untrust Certicate - Local Cert on PaloAltoSSL Forward Proxy Using an Internal PKI Subordinate CASSL Forward Proxy Blocking Threats in Encrypted Trafc - DemoSSL Inbound Inspection
www.sevenmentor.com
Network Address Translation
Understanding Dynamic NAT and portDynamic NAT and port conguration examplesDynamic NAT and port Egress Interface Multipe ISP considerationWhat is the difference between Dynamic IP and Dynamic IP and port with examplesStatic NAT concepts and exampleStatic NAT with Port Translation Use Case and scenario exampleDestination NAT and Destination NAT with Port Address TranslationUTurn NAT with port translationSource and Destination NATNew in Version 8.1 Dynamic Destination NAT Basic and Intermediate Networking
DHCP ServicesDefault RouteOSPF RoutingBGP RoutingBGP AdvertiseUsing Multiple Virtual RoutersMultiple Virtual Routers NAT and Security Policy ExampleMultiple ISP Failover Scenario using BGPMultiple ISP Failover using oating Static RouteMultiple ISP Failover using Policy Based ForwardingMultiple ISP Load Sharing using Policy Based Forwarding High Availability
High Availability OverviewActive Passive Conguration Conguration ExampleHigh Availability Active / Passive different failure scenarios HA1 HA2 heartbeatHigh Availability Active / Passive HA1-backupHA2-backup congurationHigh Availabilit active / passive link and path monitoring, HA operations Active Active High availability intro, Floating IPActive Active with Floating IP conguration example
www.sevenmentor.com
IPv6 Cong
Ipv6 structure, addressing, unicast (link local, site local, global), multicastIPv6 neighbor discovery, icmpv6, dhcpv6IPv6 Stateles, Statefull DHCP, M Flag O Flag conceptsIPv6 basic rewall conguration exampleIPv6 Network Prex Translation NPTv6 conguration example IPv6 NAT64 example connecting IPv6 only network to IPv4 InternetexampleIPv6 NAT64 example connecting IPv4 only network to IPv6 only networkIPv6 dhcpv6 relay on PaloAlto rewall exampleIPv6 issues related to Windows and policy based on IPv6 addresses, example VPN IPSec conguration details
VPN IPSEC L2L intro and conguration steps VPN IPSEc L2L PaloAlto to PaloAlto Example VPN IPSEc Site To Site Hub Spoke, Dynamic IP address example VPN IPSEC L2L Paloalto to Cisco ASA conguration exampleVPN IPSEC L2L Paloalto to Cisco ASA with Dynamic IP addressIPsec Quick mode negotiation understandingIKE main mode more details, explanation Understanding IPSec Quick mode with PFS IKE security policies required and NAT-T explanation / example IKEv1 main mode versus agressive mode, understand the differenceIKEv2 intro and differences between IKEv2 and IKEv1IKEv2 Auth phase, IPsec associations, differences between Ikev1 and Ikev2
www.sevenmentor.com
Global Protect
Global Protect Setup exampleGetting a free publicly trusted ssl certicate to test Global ProtectSetting up global protect for on-demand mode, discover agent settingsDual Factor Authentication Using Open Source Solution PrivacyIdea demoJoining a windows PC to AWS windows domain - vpn tunnel to AWSInstalling CA services on windows, certicate enrollment policy service, OCSPGlobal Protect Authentication using Dual Factor Token and Computer CerticateGlobal Protect Always On User-Logon and Pre-Logon congurationGlobal Protect Pre-Logon with User Logon (on demand) conguration exampleGlobal Protect HIP Check Panorama
Panorama concepts, hardware, template and template stackPanorama Device Group Concepts Part 1Panorama Device Group and Object Inheritance QoS
QoS Introduction QoS Download Upload Bandwidth Restriction QoS Classication and Marking QoS Classication and Markings Example IPSec QoS lab setup overview Bandwidth Throttling IPSEc tunnels demo IPSec Tunnel QoS trafc classication IPSec Tunnel QoS controlling trafc bidirectional IPSec QoS Copy ToS Header Explanation and demo Using the CLI to show QoS details