PaloAlto Firewall (PCNSA+PCNSE) Syllabus
001. PALOALRO INTRO, SP3 ARCHITECTURE & FLOW LOGIC
o Paloalto Firewall Introduction
o Paloalto Architecture Model
o FLOW LOGIC
002. PALOALTO CLI AND GUI ACCESS & GENERAL SETTING
o How to access PaloAlto Firewall via Console cable & via GUI mode
o How to change management IP address via CLI & GUI
o General Setting of PaloAlto FW
o Register firewall, licenses. software, dynamic update
003. TYPES OF ADMIN & ADMIN ROLES
o Types of Administrators in PaloAlto
o How to define Admin Roles
004. AUTH & PASSWORD PROFILE
o Authentication Profile and Password Profile
o Sequence Authentication profile
o User login Authentication via LDAP Server (AD Server)
005. PALOALTO INTERFACE DEPLOYMENT & ZONE MEMBERSHIP
o TAP MODE DEPLOYMENT
o LAYER 2 DEPLOYMENT
o LAYER 3 DEPLOYMENT
o VIRTUAL WIRE DEPLOYMENT
o AGGREGATE DEPLOYMENT
o HA MODE DEPLOYMENT
o DHCP SERVER AND CLIENT
o ZONE & ZONE MEMBERSHIP
006. SECURITY POLICY—INTRA-ZONE AND INTER-ZONE
o Default Security Policy-Intra-Zone and Inter-Zone Traffic Policy
o PaloAlto Intra-zone Security Policy
o PaloAlto Inter-zone Security Policy
o By Default allows traffic interzone
007. DEFAULT ROUTE, STATIC ROUTE & SERVICE ROUTE
o Configure Default Route for Paloalto Data Plane
o Service Route
o How to connect Paloalto to Internet
o How to allow traffic trust to untrusted ZONE
o PALOALTO--SECURITY POLICY-DNS-STATIC & DEFAULT
008. TYPES OF NAT
o Introduction of NAT
o Types of Source NAT
o Types of Destination NAT
o Configure SOURCE NAT-Dynamic IP & Port
o Configure SOURCE NAT-Dynamic IP
o Configure SOURCE NAT-Static IP-Bi-directional
o Configure DESTINATION NAT--Port Forwarding
o Configure DESTINATION NAT--Port Translation
o Configure DESTINATION NAT--Port Translation with Dynamic Distribution (Address &
Service Group)
o Configure U-TURN NAT-SAME ZONE-SINGLE NAT
o Configure U-TURN NAT-SAME ZONE-DOUBLE NAT
o Configure U-TURN NAT-DIFFERENT ZONE-SINGLE NAT
o Configure LAYER 2 Sub-int WITH SVI & SOURCE NAT
o Configure LAYER 2 SUB-INT WITH SVI & DESTINATION NAT WITH RDP
009. DYNAMIC PROTOCOLS--AUTHENTICATION & REDISTRIBUTION PROFILE
o Paloalto Dynamic Protocol--BGP & Static Redistribution
o RIP IMPLEMENTATION
o How to Configure Rip & Mutual Redistribute with BGP
o Paloalto Dynamic Protocol--BGP & OSPF Redistribution
o MUTUAL REDISTRIBUTION -RIP & OSPF
o PROTOCOLS REDISTRIBUTION-STATIC & OSPF
o MUTUAL REDISTRIBUTION -OSPF & BGP WITH AUTH
010. POLICY BASED FORWARDING (PBF)
o Overview of Policy Based Forwarding-PBF
o Configuration Policy Based Forwarding with link monitor and path monitor
011 LAYER 3-SUB-INTERFACE & CONCEPT OF VIRTUAL ROUTER
o Overview of Inter-Vlan Routing-L3 Sub-interface
o VRF in Cisco Router Vs VR in Paloalto FW
o Configure Sub-interface with DOT1Q TAG
o Configure L3 Sub-int with VLAN TAGGING -DIFFERENT ZONE-SAME VIRTUAL ROUTER
o Configure L3 Sub-int with VLAN TAGGING -DIFFERENT ZONE-DIFF. VIRTUAL ROUTER
012. HA Active-Active and Active-Passive
o PaloAlto High Availability (HA) & Prerequisite
o Paloalto HA Links-Control link and Data link
o Paloalto HA Triggers--Heart Beat--Link Monitoring--Path Monitoring
o Configure Paloalto for HA- Active & Passive Mode
o Configure Paloalto for HA- Active & Active Mode
013. SITE-TO SITE (IP-SEC) VPN ON PALOALTO AND CISCO ROUTER
o IPsec VPN is a combination of multiple protocols
o Site -To- Site VPN --IPSEC on Cisco Router
o IP-Sec over GRE
o PaloAlto Site-to-Site VPN Overview IPSEC --IKE Phase 1 & IKE Phase 2
o Configure IPSEC tunnel between PALOALTO & CISCO Router
o Configure IPSEC tunnel between PALOALTO to PALOALTO
o Configure IPSEC tunnel with NAT-T
014. Global Protect (SSL VPN)
o Overview of SSL VPN
o Configure SSL VPN
o PaloAlto Certificate Management How to Install a CA Signed Certificate
o Certificate Management How to Generate Self-Signed Certificate
015. USER-ID
o Overview of User-ID
o Configure local user Database
o Configure LDAP user Database
o Integrate LDAP Users with PaloAlto
016. PANORAMA
Overview of PANORAMA
017. APP-ID
Overview of APP-ID
CONCEPT OF APPLICATION -DEFAULT & APP-ID
Controlling Micro APP-ID --Block facebbok chat & video--youtube base etc
APP-IDS & Application Dependencies
018. Content ID
o Anti-Virus Profile
o Vulnerability Profile
o Wild Fire Analysis Profile
o Anti-Spyware
o File Blocking Profile
o Url-Filtering
o Security Profile Groups
o External Dynamic List
019. Wildfire
o Function and concept of wildfire
o Different ways to deploy wildfire
public cloud
private cloud
Hybrid Cloud
o wildfire verdict
o file type analysis
o signatures
o Wildfire subscription requirement
o Configure and verify wildfire Analysis
020. Decryption policy (ssl forward proxy)
o Overview of Decryption policy
o Configure and verify Decryption policy
021. Captive Portal
o Overview of Captive Portal
o Configure and verify Captive Portal
022. Management & Reporting
o Dashboard
o Basic Logging
o Basic Reporting
o Packet Capture
o Session Browser
o Back and Restore
o Running-config and Candidate -config
o Object TAG
o syslog-server