Prisma Access Training

SASE Security: Design and Operation (EDU-318)

!! Legacy Course !!

Award-winning live online course

Experienced Instructors

Virtual Labs Access

Video Recordings

Get a quote for Business

Important Update: Prisma Access SASE Security (EDU-318) Course Retirement

Effective May 5, 2025, the “Prisma Access SASE Security: Design and Operation” (EDU-318) course will be retired by Palo Alto Networks. Palo Alto Networks has introduced updated training options to better align with evolving Prisma Access management.

Prisma Access (managed by STRATA Cloud Manager): Customers using the STRATA Cloud Manager “SCM” to manage Prisma Access should take the new “Prisma Access SSE: Configuration and Deployment” training course.
Prisma Access (Panorama managed): Customers using Panorama to manage Prisma Access should take the new “Panorama: Centralized Network Security Administration” and “Prisma Access SSE: Configuration and Deployment” training courses.

For further details on these new courses and to find the best fit for your needs, please contact us.

The “Prisma Access SASE Security: Design and Operation” (EDU-318) course covers the following content:

Prisma Access Overview

Use cases

Challenges with traditional network designs

Mobile Users
Remote Networks
Prisma Access solution

Secure Access Service Edge (SASE)

Network solutions like SD-WAN lag security
Security solutions lag network capability of SD-WAN
SASE brings the two together
Prisma Access provides security as a service for existing SD-WAN solutions

Prisma Access definitions

Regions & Locations
Service Connection & Corporate Access Node “CAN”
Service Infrastructure Subnet
Mobile User Gateway “GW”
Security Processing Node “SPN”
Access corporate service like LDAP, User-ID through the service connection
Zones

Prisma Access components

Panorama
Cortex Data Lake

Prisma Access licenses

Prerequisites
Mobile User License
Remote Networks License
Service Connection

Shared ownership model

Planning and Design

Routing considerations

Routing examples

SD-WAN overview

SD-WAN integration

Plan the service infrastructure

Plan for remote networks

Plan for mobile users

High availability tunnels

Routing and SD-WAN Design

Routing examples

Routing modes

Traffic steering

SD-WAN integration

Prisma SD-WAN (a.k.a. CloudGenix)

Activate and Configure

Activate Prisma Access

Configure the service infrastructure

Demo configure the service infrastructure

IPSEC Site to Site VPNs

IPSEC VPN Theory
IPSEC VPN Configuration
IPSEC VPN troubleshooting

IPsec VPN tunnel configuration on Prisma Access

Configure a service connection

Demo configure a service connection

Security Processing Nodes

Application Identification of a TCP Flow

Flow logic

Security policy rules

Demo Security Rules

Managing certificates

Demo Certificate Management

SSL decryption

Overview of SSL session setup
SSL Outbound – Forward Proxy
Configuration Best Practices
Troubleshooting

Security processing node comparison

Panorama Operations for Prisma Access

Templates

Zone Mapping
Template stacks

Device groups

Device groups Hierarchy
Device groups Inheritance
Device group policies
Device group objects

Configuration Demo

Remote Networks

Prerequisites

IPsec tunnels for remote networks

Configure remote networks

Security policy rules

Onboard a new remote network

Verify connectivity

Dual ISPs in active/active mode

Configuration Demo

Mobile Users

Prerequisites for mobile users

Mobile user authentication

User Authentication Demo

Configure mobile users

Mobile Users Onboarding

Portals and mobile user security processing nodes (MU-SPNs)

Office 365 Azure AD authentication using SAML

Security policy rules and zones

Prisma Access with on-premises gateways

Cloud Secure Web Gateway

Overview

Explicit proxy Client Configuration

Explicit proxy Workflow

Explicit proxy Onboarding and Configuration

Logs

Known Functionality

Tune, Monitor, and Troubleshoot

Deploy User-ID

Overview
User-ID redistribution
Scenarios

Onboard networks with configuration import

Onboarding Demo

Clientless VPN

Manage IP addresses

Troubleshooting

Manage Multiple Tenants

Multitenancy overview

Device groups and templates

Configuring multitenancy

Create role-based access control

Logging

Multitenancy configuration demo

Experience & Passion

The difference is made by our instructors who have many years of field experience which they bring with them into the classroom

“All of my guys enjoyed and valued this course to the maximum.
You will simply love it”

Kamil Golombek

NIS Cyber Defence Security Perimeter EMEA