Award-winning live online course
Experienced Instructors
Virtual Labs Access
Video Recordings
The “Firewall Configuration and Management” (EDU-210) course covers the following content:
Course Overview
The Big Picture – Functionality Overview in a Real World Use Case
- Visibility – Application & User Identification, URL Categorization, SSL Decryption
- Control – Policies, QoS, Data Filtering, File Blocking, VPN & Remote Access
- Threat Prevention – Anti-Spyware/-Virus Scanning, Vulnerability & DoS Protection, 0-Day Protection and WildFire
Palo Alto Networks Portfolio and Architecture
Palo Alto Networks Portfolio overview
Next-generation firewall architecture
Firewall offerings
Connect to the Management Network
Initial system access
- Overview
- Web Interface Overview
Configure management network settings
- Management, Service & Interface config
- Service Route
Activate a firewall, and manage licenses and software
- License Activation
- Licenses
- Support
- Software updates
- dynamic updates
IronSkillet
Lab
- Connect to the firewall web interface
- Load a starting lab configuration
- Set DNS servers for the firewall
- Set NTP servers for the firewall
- Configure a login banner for the firewall
- Set Latitude and Longitude for the firewall
- Configure permitted IP addresses for firewall management
- Schedule dynamic updates
Manage Firewall Configurations
Configuration management
- Configuration Interaction
- Auto-commit
- Configuration Actions
- Config Audit
- Commit operations
- Commit per administrator
- Commit Lock
- Factory Reset
View firewall logs
Lab
- Export a named configuration snapshot
- Save ongoing configuration changes before a commit
- Revert ongoing configuration changes
- Preview configuration changes
- Examine log files
- Create a log file filter
- Use the Filter Builder
Manage Firewall Administrator Accounts
Firewall authentication and authorization
Create a local firewall administrator account
Create a non-local firewall administrator account
Create a firewall administrator account for non-interactive login
Lab
- Create a local firewall administrator account
- Configure an LDAP Server Profile & Authentication Profile
- Configure a RADIUS Server Profile & Authentication Profile
- Create non-local firewall administrator accounts for LDAP and RADIUS
- Configure an Authentication Sequence
Connect to Production Networks
Block threats by using network segmentation
Network interfaces and security zones
Layer 3 interfaces
Layer 3 sub-interfaces
Virtual wire interfaces
Tap interfaces
Virtual routers
- Inter VR Routing
- Configuration
- Multiple Static Default Routes and path monitoring
- Troubleshoot Routing
Interface Management profile
Loopback interfaces
Lab
- Create Layer 3 interfaces
- Create a virtual router
- Segment your production network using security zones
- Test connectivity from firewall to hosts in each security zone
- Create Interface Management Profiles
Block Threats Using Security and NAT Policies
Security policy fundamental concepts
- Flow Logic
- Security Policy Match
- Rule types
Security policy administration
- Rule elements
- Managing policy ruleset
- Rule hit counter and unused rules
- Test policy match & policy match troubleshooting
- Global Find
Network address translation
- Source NAT configuration
- Source NAT Overview
- Source NAT Policy
- Source NAT Configuration
- Source NAT Types
- Bidirectional Source NAT
- DIPP NAT Oversubscription
- Destination NAT configuration
-
- Destination NAT Policy
- Destination NAT Configuration
- Destination NAT Port translation
Lab
- Configure a Security policy rule to allow access from Users_Net to Extranet
- Test access from client to Extranet servers
- View the Traffic log
- Examine policy Rule Hit Count
- Reset rule hit counts
- Customize policy tables
- Manage the Policy Ruleset
- Enable intrazone and interzone logging
- Configure source NAT
- Configure destination NAT
Block Packet- and Protocol-Based Attacks
Denial of Service Attack Types
- DoS vs DDoS
- SYN Flood and SYN Cookies
- Application-based DoS Attack
- Amplification Attack
Zone Protection
- Flood Protection
- Configuration
- RED vs SYN Cookie
- Flood Protection impact
- Protection Lab Demo
- Reconnaissance Protection
- Port scan vs Host Sweep
- Packet Based Attack Protection
- Protocol Protection
DoS Protection Policy
- Overview
- Configuration
- Aggregate vs Classified
- Resource Protection
- Protection Lab Demo
Zone Protection vs DoS Protection Policy
Block threats using packet buffer protection
Lab
- Configure a Zone Protection Profile to detect and control SYN floods
- Configure a Zone Protection Profile to detect and control reconnaissance scans
- Configure a Zone Protection Profile to detect and control specific IP header options
- Configure a Zone Protection Profile to perform spoofed IP address checking
- Configure a DoS Protection Profile to protect firewall and node resource consumption
- Configure a DoS Protection Profile to detect and control SYN floods
Block Threats from Known Bad Sources
Block access to or from known-bad IP addresses
- Overview
- Dynamic Address Group
- EDL Overview
- EDL configuration example
- External Dynamic List Monitoring
Block access to or from known-bad domains
- Security profiles overview
- DNS Sinkhole
Block access to or from known-bad URLs
- Overview
- URL categories in Security Policy Deny Rule
- Custom URL category
Other URL filtering features
- Response Pages
- Customize Response pages
- URL Filtering Profile
- URL Log including Recategorization request
Lab
- Block access to malicious IP addresses using Address objects
- Block access to malicious IP addresses using Address Groups
- Block access to malicious IP addresses using geographic regions
- Block access to malicious IP addresses using an External Dynamic List (EDL)
- Block access to malicious domains using an EDL
- Block access to malicious URLs using the Security policy
- Block access to a malicious URL using a URL Filtering Profile
Block Threats by Identifying Applications
App-ID reduces the attack surface
- What is an App vs URL Filtering
- Evasive Applications
App-ID concepts and operation
- Application Identification of a TCP Flow
- App-ID Flow
- Application Dependencies
- Control Applications on SSL-Secure Ports
- Application Default Port
- App-ID and UDP
- Differentiating Between Known and Unknown Applications
- Application Block Page
Configure App-ID objects
- Application Groups
- Application tagging for SaaS
- Application Filters
- Nested Application Groups and Filters
Lab
- Create an FTP Service object and an FTP port-based Security policy rule
- Test the port-based Security policy
- Generate application traffic
- Configure an application group
- Configure a Security policy to allow update traffic
- Test the Allow-PANW-Apps Security policy rule
- Examine the tasks list to see shadowed message
- Modify the Security policy to function properly
- Test the modified Security policy rule
Maintain Application-Based Policies
Migrate to an App-ID-based Security policy
- Moving to Application-Based Policies
- Migration Strategy
- Expedition
- Policy Optimizer
Maintain an App-ID Security policy
Maintain App-ID
- Applications and Threats Content Updates
- Review New and Updated Application Details
Lab
- Create a custom Service object for HTTP
- Add the new service to the Security policy
- Test Access to the web server on port 8080
- Revert the web server to port 80
- Create an FTP application-based Security policy rule
- Test the application-based Security policy
- Remove the FTP rules
- Scheduling App-ID updates
Block Threats Using Custom Applications
Unknown applications
Perform packet captures
Identify unique bit patterns
Create a custom application with a signature
Configure an Application Override policy
Lab
- Gather custom application information
- Configure a packet capture
- Capture application traffic
- Analyze the packet capture
- Create a custom application with a signature
- Add the custom application to the Security policy
- Test the custom application signature
Block Threats by Identifying Users
User-ID overview
User mapping methods
- Overview
- AD Integration – UID Agent on FW
- Concept
- User-ID Configuration
- Group Mapping Configuration
- Troubleshooting
- Terminal Services Agent
- User-ID redistributing
Windows-based agent configuration
Configure group mapping
User-ID redistribution
- Concept
- Configuration
User-ID and Security policy
- Users and Groups for a Security Policy
- Dynamic User Groups
Lab
- Examine current configuration
- Enable User-ID technology on the Acquisition zone.
- Generate traffic
- Modify Security policy to meet requirements
Block Threats by Identifying Devices
Device-ID concepts
Configuration tasks
View and manage devices and policies
Monitoring devices
Block Unknown Threats
WildFire concepts
Configure and manage WildFire
WildFire reporting
Lab
- Create a WildFire Analysis Profile
- Apply WildFire Profile to security rules
- Test the WildFire Analysis Profile
- Examine WildFire analysis details
Block Threats in Encrypted Traffic
Overview of SSL session setup
SSL Outbound – Forward Proxy
Certificate Generation
Decryption Policy
Decryption Exclusion
SSL Inbound – Inspection
Decryption considerations
SSH decryption
Master key management
Other decryption methods and features
Lab
- Test the firewall without decryption
- Create a self-signed certificates for trusted connections
- Create a self-signed certificates for untrusted connections
- Create and test a Decryption policy rule for outbound traffic
- Test outbound Decryption policy rule
- Export the firewall certificate and import to Firefox
- Test outbound Decryption policy again
- Review firewall logs
- Exclude URL categories from decryption using a No-Decrypt rule
- Test the No-Decrypt rule
Prevent Use of Stolen Credentials
Credential Theft use case and solution overview
Firewall authentication and authorization
Creating user accounts
- Admin LDAP authentication
- FireWall Admin authentication against Azure AD
Preventing use of stolen credentials using multi-factor authentication
- Credential-Based Attacks
- Authentication Policy
Preventing credential theft
- Concept
- Configuration Options
- Configure Domain Credential Filtering
Lab
- Test the firewall behavior without credential detection
- Provide the firewall with User-ID information
- Test the firewall behavior with credential detection
Block Threats Using Security Profiles
Inspect allowed traffic
- Concept
- Security Profile Best Practices
Block threats detected by signatures
- AntiVirus
- AntiSpyware
- Vulnerability Protection
Control URL access
- Web Access Policy Best Practices
Block unauthorized file transfers
- File Blocking
Detect unknown threats
- Wildfire Profile Best Practices
Block sensitive data transfers
- Concept
- Data Filtering
Security policy modifications
- BPA (Demo Support Portal)
- Security Best Practices Worksheet (Demo)
Lab
- Generate traffic without profiles and examine logs
- Create Security Profiles
- Create a Security Group
- Apply the Security Group to existing Security policy rules
- Generate traffic with profiles and examine logs
- Create tags
- Enable policy rulebase settings and observe behavior
View Threat and Traffic Information
View threat and traffic information
- Dashboard, ACC
- Detailed Logs and Log Settings
- Session Browser
- Reporting
- Threat Investigation introduction
Forward threat and traffic information to external services
- Telemetry (Demo)
- Log Forwarding including scheduled log exports
Lab
- View threat information using the Dashboard
- View application information using the Dashboard
- View threat information using the ACC
- View application information using the ACC
- View threat information using the Threat log
- View application information using the Traffic log
- View threat information using App Scope reports
- View threat information using predefined reports
- View application information using predefined reports
- View threat and application information using custom reports
Add-on: Security Best Practices
We provide students with the option for the instructor to cover these additional topics on Security Best Practices which are not part of the official course. They provide an overall view on how to put all of the threat prevention techniques discussed during the course together.
Network Security Framework
Heatmap and Best Practice Assessment
- BPA
- CIS Control
- Security Best Practice Worksheet
- Migration Strategy
Migration Tool
Designing a Web Access Policy
Add-on: IPSEC Site-to-Site VPN
Palo Alto Networks removed IPSEC Site to Site VPNs from the official course to focus the training more on cybersecurity then connectivity. However, we recognise that this might be an essential topic for many customers and therefore give students the option for the instructor to cover this topic as part of the course.
IPsec Site to Site VPN
VPN Configuration
VPN Troubleshooting
Add-on: GlobalProtect Remote Access VPN
Palo Alto Networks removed GlobalProtect Remote Access VPN from the official course to focus the training more on cybersecurity then connectivity. However, we recognise that this might be an essential topic for many customers and therefore give students the option for the instructor to cover this topic as part of the course.
Overview
Connection Sequence
Configuration
Host Checks
Add-on: High Availability
Palo Alto Networks removed High Availability from the official course to focus the training more on cybersecurity. However, we recognise that this might be an essential topic for many customers and therefore give students the option for the instructor to cover this topic as part of the course.
Active/Passive and Active/Active HA overview
Active / Passive HA configuration
Experience & Passion
The difference is made by our instructors who have many years of field experience which they bring with them into the classroom
“All of my guys enjoyed and valued this course to the maximum.
You will simply love it”
Kamil Golombek
NIS Cyber Defence Security Perimeter EMEA