Palo Alto Authorized Global Training Partner Logo

Panorama Training

Managing Firewalls at Scale (EDU-220)

Palo Alto Networks Authorized Global Training Partner Logo

Award-winning live online course

Experienced Instructors

Virtual Labs Access

Video Recordings

The “Panorama: Managing Firewalls at Scale” (EDU-220) course covers the following content:

Adding Firewalls to Panorama

Adding New Firewalls to Panorama

  • Add a FireWall
  • Automated Commit recovery
  • Automatically Add multiple FireWalls via CSV import
  • Tagging
  • Organizing Summary Information
  • Secure Communication Settings
  • Manage device licenses
  • Master key

Upgrade firewalls from Panorama


Deploy Content ID Updates to firewalls from Panorama



  • Set location for firewalls
  • Copy serial firewall numbers
  • Configure firewalls to communicate with Panorama
  • Add firewalls to Panorama
  • Modify Summary Window columns
  • Assign firewall Tags
  • Verify firewall licenses
  • Schedule Dynamic Updates for firewalls

Initial Configuration

Panorama solution overview


Deployment options


Panorama platforms


Register and License Panorama


GUI overview


Panorama License and Software update


Plugin Architecture


Services and Interface Configuration


Panorama Commits


Configuration Management

  • Config Operations
  • Manage Backup incl. export device state from FireWall
  • Config export


  • Lab Overview
  • Connect to the lab environment
  • Log in to the Panorama appliance and both firewalls
  • Document configuration and license information
  • Configure Panorama Management Interface
  • Configure Panorama Settings
  • Schedule automatic config exports
  • Schedule Content Updates
  • Save and export Panorama configuration
  • Commit changes


Templates overview


Configuring templates

  • Device configuration via template
  • Local overwrite

Template Variables

  • Overview
  • Configuration

Real-life use cases and best practices



  • Create templates
  • Create template stacks
  • Create template variables
  • Push the template stack to managed devices

Device Groups

Device groups overview


Configuring Device Groups

  • Setup Device-group hierarchy
  • Group and push to HA Peers


  • Create an object – shared/disable override
  • Override
  • Move
  • Device Group and template mapping


  • Rules Hierarchy
  • Rulebase structuring
  • Configure rules
  • Move Rules
  • Rulebase preview
  • Unused Rules
  • Policy rule targets

Rule changes archive

  • Audit Comments
  • Tag-Based Rule Groups

Real-life use cases and best practices



  • Create device groups
  • Configure device group settings

Log Forwarding and Collection

Design Considerations for Deployment


Log storage and retention

  • Determine the Log Rate
  • Storage calculation
  • Log retention

Planning Considerations


Panorama log event forwarding



  • Configure log forwarding on the firewalls
  • Configure log settings on the firewalls
  • Confirm log forwarding

Using Panorama Logs

Customizing Log Tables


Using Filters in Log Tables


Exporting Filtered Data



  • Customize Log Tables in Panorama
  • Create and Apply Filters in Log Tables
  • Export Filtered Data

Administrative Accounts

Authenticating Panorama administrators


Panorama authentication methods


Admin Role


Creating Administrative Accounts

  • Custom Panorama Admin incl. Admin Role
  • Device Group and Template Admin incl. Access Domain and Admin Role
  • Password Profile and Password Complexity

External Authentication

  • Authentication Profile
  • LDAP Server Profile

Concurrent Administration

  • Config Lock


  • Create LDAP and RADIUS Server Profiles
  • Configure Authentication Profiles for LDAP and RADIUS
  • Configure admin roles
  • Configure admin accounts
  • Create access domains
  • Demonstrate the use of commit locks

Aggregated Monitoring and Reporting

Data Sources Used by Panorama


Operational Information Available in Panorama


Reporting Capabilities in Panorama



  • Examine Panorama ACC data
  • Run reports on Panorama
  • Explore App Scope
  • Identify and respond to threats


Health and Summary Information of Managed Firewalls


Troubleshooting Communication Issues with Panorama


Troubleshooting Commit Errors


Test policy functionality



  • Troubleshoot connectivity issues with a firewall
  • Troubleshoot various commit errors
  • Troubleshoot loss of internet connectivity

Add-On: Transition a Firewall to Panorama Management

This is an additional module which is not part of the official course. The instructor will demo the import of an existing FireWall’s local configuration into Panorama and explain various caveats.


Overview of Use Cases

  • Import existing FireWall if Panorama wasn’t used so far
  • Import local config after FireWall migration
  • Import FireWall config that has been partially managed by Panorama

Config import incl. caveats

  • Dependency on Device config
  • Caveats on fine-tuning the config
  • Disable config sync in a HA cluster
Palo Alto Training Excellence Award
Palo Alto Networks Online Training

Experience & Passion

The difference is made by our instructors who have many years of field experience which they bring with them into the classroom

Palo Alto Authorized Global Training Partner Logo

“All of my guys enjoyed and valued this course to the maximum.
You will simply love it”

Kamil Golombek at PWC

Kamil Golombek

NIS Cyber Defence Security Perimeter EMEA