Blog Detail

• 12-12-2021
• 12:29:56 PM

PaloAlto Firewall (PCNSA+PCNSE) Syllabus

Join Paloalto Free  DEMO

001. PALOALRO INTRO, SP3 ARCHITECTURE & FLOW LOGIC
        o Paloalto Firewall Introduction
        o Paloalto Architecture Model
        o FLOW LOGIC
002. PALOALTO CLI AND GUI ACCESS & GENERAL SETTING
        o How to access PaloAlto Firewall via Console cable & via GUI mode
        o How to change management IP address via CLI & GUI
        o General Setting of PaloAlto FW
        o Register firewall, licenses. software, dynamic update
003. TYPES OF ADMIN & ADMIN ROLES
         o Types of Administrators in PaloAlto
         o How to define Admin Roles
004. AUTH & PASSWORD PROFILE
         o Authentication Profile and Password Profile
         o Sequence Authentication profile
         o User login Authentication via LDAP Server (AD Server)
005. PALOALTO INTERFACE DEPLOYMENT & ZONE MEMBERSHIP
         o TAP MODE DEPLOYMENT
         o LAYER 2 DEPLOYMENT
         o LAYER 3 DEPLOYMENT
         o VIRTUAL WIRE DEPLOYMENT
         o AGGREGATE DEPLOYMENT
         o HA MODE DEPLOYMENT
         o DHCP SERVER AND CLIENT
         o ZONE & ZONE MEMBERSHIP
006. SECURITY POLICY—INTRA-ZONE AND INTER-ZONE
         o Default Security Policy-Intra-Zone and Inter-Zone Traffic Policy
         o PaloAlto Intra-zone Security Policy
         o PaloAlto Inter-zone Security Policy
         o By Default allows traffic interzone
007. DEFAULT ROUTE, STATIC ROUTE & SERVICE ROUTE
         o Configure Default Route for Paloalto Data Plane
         o Service Route
         o How to connect Paloalto to Internet
         o How to allow traffic trust to untrusted ZONE
         o PALOALTO--SECURITY POLICY-DNS-STATIC & DEFAULT
008. TYPES OF NAT
         o Introduction of NAT
         o Types of Source NAT
         o Types of Destination NAT
         o Configure SOURCE NAT-Dynamic IP & Port
         o Configure SOURCE NAT-Dynamic IP
         o Configure SOURCE NAT-Static IP-Bi-directional
         o Configure DESTINATION NAT--Port Forwarding
         o Configure DESTINATION NAT--Port Translation
         o Configure DESTINATION NAT--Port Translation with Dynamic Distribution (Address &
Service Group)
         o Configure U-TURN NAT-SAME ZONE-SINGLE NAT
         o Configure U-TURN NAT-SAME ZONE-DOUBLE NAT
         o Configure U-TURN NAT-DIFFERENT ZONE-SINGLE NAT
         o Configure LAYER 2 Sub-int WITH SVI & SOURCE NAT
         o Configure LAYER 2 SUB-INT WITH SVI & DESTINATION NAT WITH RDP
009. DYNAMIC PROTOCOLS--AUTHENTICATION & REDISTRIBUTION PROFILE
         o Paloalto Dynamic Protocol--BGP & Static Redistribution
         o RIP IMPLEMENTATION
         o How to Configure Rip & Mutual Redistribute with BGP
         o Paloalto Dynamic Protocol--BGP & OSPF Redistribution
         o MUTUAL REDISTRIBUTION -RIP & OSPF
         o PROTOCOLS REDISTRIBUTION-STATIC & OSPF
         o MUTUAL REDISTRIBUTION -OSPF & BGP WITH AUTH
010. POLICY BASED FORWARDING (PBF)
         o Overview of Policy Based Forwarding-PBF
         o Configuration Policy Based Forwarding with link monitor and path monitor
011 LAYER 3-SUB-INTERFACE & CONCEPT OF VIRTUAL ROUTER
         o Overview of Inter-Vlan Routing-L3 Sub-interface
         o VRF in Cisco Router Vs VR in Paloalto FW
         o Configure Sub-interface with DOT1Q TAG
         o Configure L3 Sub-int with VLAN TAGGING -DIFFERENT ZONE-SAME VIRTUAL ROUTER
         o Configure L3 Sub-int with VLAN TAGGING -DIFFERENT ZONE-DIFF. VIRTUAL ROUTER
012. HA Active-Active and Active-Passive
         o PaloAlto High Availability (HA) & Prerequisite
         o Paloalto HA Links-Control link and Data link
         o Paloalto HA Triggers--Heart Beat--Link Monitoring--Path Monitoring
        o Configure Paloalto for HA- Active & Passive Mode
        o Configure Paloalto for HA- Active & Active Mode
013. SITE-TO SITE (IP-SEC) VPN ON PALOALTO AND CISCO ROUTER
        o IPsec VPN is a combination of multiple protocols
        o Site -To- Site VPN --IPSEC on Cisco Router
        o IP-Sec over GRE
        o PaloAlto Site-to-Site VPN Overview IPSEC --IKE Phase 1 & IKE Phase 2
        o Configure IPSEC tunnel between PALOALTO & CISCO Router
        o Configure IPSEC tunnel between PALOALTO to PALOALTO
        o Configure IPSEC tunnel with NAT-T
014. Global Protect (SSL VPN)
        o Overview of SSL VPN
        o Configure SSL VPN
        o PaloAlto Certificate Management How to Install a CA Signed Certificate
        o Certificate Management How to Generate Self-Signed Certificate
015. USER-ID
        o Overview of User-ID
        o Configure local user Database
        o Configure LDAP user Database
        o Integrate LDAP Users with PaloAlto
016. PANORAMA
        Overview of PANORAMA
017. APP-ID
         Overview of APP-ID
         CONCEPT OF APPLICATION -DEFAULT & APP-ID
         Controlling Micro APP-ID --Block facebbok chat & video--youtube base etc
         APP-IDS & Application Dependencies
018. Content ID
        o Anti-Virus Profile
        o Vulnerability Profile
        o Wild Fire Analysis Profile
        o Anti-Spyware
        o File Blocking Profile
        o Url-Filtering
        o Security Profile Groups
        o External Dynamic List
019. Wildfire
        o Function and concept of wildfire
        o Different ways to deploy wildfire
               public cloud
               private cloud
               Hybrid Cloud
        o wildfire verdict
        o file type analysis
        o signatures
        o Wildfire subscription requirement
        o Configure and verify wildfire Analysis
020. Decryption policy (ssl forward proxy)
        o Overview of Decryption policy
        o Configure and verify Decryption policy
021. Captive Portal
        o Overview of Captive Portal
        o Configure and verify Captive Portal
022. Management & Reporting
        o Dashboard
        o Basic Logging
        o Basic Reporting
        o Packet Capture
        o Session Browser
        o Back and Restore
        o Running-config and Candidate -config
        o Object TAG
        o syslog-server