Palo Alto Authorized Global Training Partner Logo

Prisma SD-WAN Training

Design and Operation 
(EDU-238)

Schedule

Palo Alto Networks Authorized Global Training Partner Logo

Award-winning live online course

Experienced Instructors

Virtual Labs Access

Video Recordings

The “Prisma SD-WAN: Design and Operation” (EDU-238) course covers the following content:

Course Overview

  • Welcome and introductions
  • Intended audience and course focus
  • Course objectives and agenda
  • Learning Center tasks

Solution Overview

  • Industry Context
  • The Prisma SD-WAN Approach
  • Solution Overview
  • IPv6 Support
  • Strata Cloud Manager Overview
  • Multitenant Solution
  • Application Visibility
  • Site Visibility
  • Predictive Analytics
  • IoT Device Visibility

Branch Design

  • Site Architecture
  • Sites and Devices
  • ION Device Initiated Connections to Controller
  • Interface Types
  • Interface Uses
  • Interfaces: Virtual, IPv6, Cellular
  • Branch Labels
  • Branch Insertion Models
  • Branch Forwarding and Routing
  • Branch Availability Considerations
  • Branch Switching Considerations

Routing

  • Routing Implementation and Terminology
  • Branch Overview
  • Data Center HA Overview
  • Data Center BGP Routing Overview
  • BGP Global Configuration
  • Branch Configuration/Classic Peer
  • Data Center BGP Basic Peer Setup/Configuration
  • Verification and Troubleshooting
  • BGP Advanced Configuration
  • Routing Design Considerations

Policy Part 1: Application Path and QoS Policy

  • High-Level Policy Overview
  • Stacked Policies
  • Simple Stacked Policy
  • Advanced Stacked Policy
  • Data Center & Service Groups
  • Use Cases
  • Dynamic Path Selection

 

Lab: Initial Setup

  • Claim devices
  • Create sites and assign devices
  • Configure branch and data-center sites
  • Set up branch high availability
  • Create a custom path policy

 

Lab: Custom Applications and Adjusting Policies

  • Define custom applications
  • Create application overrides
  • Configure path and QoS policies

Policy Part 2: NAT, ZBFW and Security

  • Policy Review
  • NAT Policy Overview
  • NAT Policy Configuration
  • NAT Policy Use Cases
  • Advanced NAT Information
  • NAT Module Review
  • Security Policy

 

Lab: Stacked Security Policies

  • Create stacked security policies on the branch for corporate and guest network traffic
  • Bind security zones to interfaces
  • Create a guest LAN interface
  • Update a path policy to allow guest internet access

 

Lab: Introduction to NAT

  • Create an inbound NAT policy on TA-INET-1
  • Bind the NAT policy to the branch
  • Create a path policy for traffic to/from a security monitoring server to exit TA-INET-1

Event Policy Management Services

  • AI/ML Assisted Event Management
  • Event Policies Overview
  • Event Policy Constructs
  • Event Policy Configuration

DNS and DHCP Services

  • DNS Services Overview
  • DNS Service Roles
  • DNS Service Profiles
  • DNS Service Role/Service Profile Configuration Example
  • DNS Site-Level Bindings
  • DHCP Server Basics
  • DHCP Lease Reservations (Static Mappings)
  • DHCP Custom Options

 

Lab: DHCP and DNS

  • Configure DHCP services
  • Set up DNS functionality

Operations and Troubleshooting

  • Device Toolkit Overview and User Access
  • Device Toolkit Usage
  • Incidents and Alerts
  • SNMP
  • Syslog
  • IPFIX
  • Prisma SD-WAN DVR and Reports
  • Layer 3 Deployments
  • VPN Issues
  • Data Center Routing
  • Routing Troubleshooting
  • Data Plane Issues
  • Monitoring HA State
  • HA Failure Scenarios
  • Application Unreachable Troubleshooting

 

Lab: Configuring IPv6

  • Configure IPv6 addresses on all WAN branch and DC device interfaces
  • Generate and observe IPv6 traffic between a branch and a DC device

CloudBlades

  • CloudBlade Overview
  • ServiceNow
  • Email Notifications for Alarm-Alerts
  • AWS TGW Integration
  • GCP Integration
  • Azure Virtual WAN with vION Integration
  • Zscaler Enforcement Node (ZEN) Integration

Integrating Prisma SD-WAN and Prisma Access for SASE Implementation

  • CloudBlade Overview
  • Prisma SD-WAN + Prisma Access
  • Prisma Access for Networks (Panorama Managed)
  • Prisma Access for Networks (Cloud Managed)
  • Site and Device Configuration
  • Policy Configuration for Prisma Access
  • Validation – Remote Networks / Standard VPNs
  • Validation – BGP / Routing
  • Validation – Traffic Flows
  • Autonomous Digital Experience Management

 

Lab: Onboarding a Branch Site with Cloud Managed Prisma Access

  • Onboard the branch site with Prisma Access
  • Configure a path policy to send traffic to Prisma Access
  • Observe denied internet traffic by a Prisma Access security policy
  • Configure a Prisma Access security policy to allow internet traffic for SaaS applications
  • Verify allowed internet traffic

DevOps

  • Why Is DevOps-Style Automation Important?
  • DevOps – Demo
  • DevOps/SDK – Documentation and Support

 

Lab: Getting Started with the Python SDK

  • Set up a development environment and install the Prisma SD-WAN (CloudGenix) Python SDK
  • Connect to the Prisma SD-WAN API endpoint and authenticate to the controller
  • Execute create, read, update, and delete (CRUD) operations using Prisma SD-WAN APIs
  • Retrieve inventory information
Palo Alto Training Excellence Award
Palo Alto Networks Online Training

Experience & Passion

The difference is made by our instructors who have many years of field experience which they bring with them into the classroom

Palo Alto Authorized Global Training Partner Logo

“All of my guys enjoyed and valued this course to the maximum.
You will simply love it”

Kamil Golombek at PWC

Kamil Golombek

NIS Cyber Defence Security Perimeter EMEA