Palo Alto Authorized Global Training Partner Logo

Prisma Access Training

SASE Security: Design and Operation (EDU-318)

Palo Alto Networks Authorized Global Training Partner Logo

Award-winning live online course

Experienced Instructors

Virtual Labs Access

Video Recordings

The “Prisma Access SASE Security: Design and Operation” (EDU-318) course covers the following content:

Prisma Access Overview

Use cases


Challenges with traditional network designs

  • Mobile Users
  • Remote Networks
  • Prisma Access solution

Secure Access Service Edge (SASE)

  • Network solutions like SD-WAN lag security
  • Security solutions lag network capability of SD-WAN
  • SASE brings the two together
  • Prisma Access provides security as a service for existing SD-WAN solutions

Prisma Access definitions

  • Regions & Locations
  • Service Connection & Corporate Access Node “CAN”
  • Service Infrastructure Subnet
  • Mobile User Gateway “GW”
  • Security Processing Node “SPN”
  • Access corporate service like LDAP, User-ID through the service connection
  • Zones

Prisma Access components

  • Panorama
  • Cortex Data Lake

Prisma Access licenses

  • Prerequisites
  • Mobile User License
  • Remote Networks License
  • Service Connection

Shared ownership model

Planning and Design

Routing considerations

Routing examples

High availability

SD-WAN overview

SD-WAN integration

Plan the service infrastructure

Plan for remote networks

Plan for mobile users

Activate and Configure

Activate Prisma Access


Configure the service infrastructure


Demo configure the service infrastructure


IPSEC Site to Site VPNs

  • IPSEC VPN Theory
  • IPSEC VPN Configuration
  • IPSEC VPN troubleshooting

IPsec VPN tunnel configuration on Prisma Access


Configure a service connection


Demo configure a service connection

Security Processing Nodes

Application Identification of a TCP Flow


Flow logic


Security policy rules


Demo Security Rules


Managing certificates


Demo Certificate Management


SSL decryption

  • Overview of SSL session setup
  • SSL Outbound – Forward Proxy
  • Configuration Best Practices
  • Troubleshooting

Security processing node comparison

Panorama Operations for Prisma Access


  • Zone Mapping
  • Template stacks

Device groups

  • Device groups Hierarchy
  • Device groups Inheritance
  • Device group policies
  • Device group objects

Configuration Demo

Remote Networks


IPsec tunnels for remote networks

Configure remote networks

Security policy rules

Onboard a new remote network

Verify connectivity

Dual ISPs in active/active mode

Configuration Demo

Mobile Users

Prerequisites for mobile users

Mobile user authentication

User Authentication Demo

Configure mobile users

Mobile Users Onboarding

Portals and gateways

Office 365 Azure AD authentication using SAML

Security policy rules and zones

Prisma Access with on-premises gateways

Tune, Monitor, and Troubleshoot

Deploy User-ID

  • Overview
  • User-ID redistribution
  • Scenarios

Quality of Service

Onboard networks with configuration import

Onboarding Demo

Clientless VPN

Manage IP addresses


Manage Multiple Tenants

Multitenancy overview

Device groups and templates

Configuring multitenancy

Create role-based access control


Multitenancy configuration demo

Palo Alto Training Excellence Award
Palo Alto Networks Online Training

Experience & Passion

The difference is made by our instructors who have many years of field experience which they bring with them into the classroom

Palo Alto Authorized Global Training Partner Logo

“All of my guys enjoyed and valued this course to the maximum.
You will simply love it”

Kamil Golombek at PWC

Kamil Golombek

NIS Cyber Defence Security Perimeter EMEA