EDU-210 Firewall Essentials: Configuration and Management

Upcoming Classes

EDU-210 EDU-210 Firewall Essentials: Configuration and Management

  • Duration: 5 days
  • Price: $3000 USD
  • Certifications: Palo Alto Networks Certified Network Security Administrator (PCNSA)

The Palo Alto Networks Firewall 10.0 Essentials: Configuration and Management (EDU-210) course is five days of instructor-led
training that will help you to:

  • Configure and manage the essential features of Palo Alto Networks next-generation firewalls
  • Configure and manage Security and NAT policies to enable approved traffic to and from zones
  • Configure and manage Threat Prevention strategies to block traffic from known and unknown IP addresses, domains, and URLs
  • Monitor network traffic using the interactive web interface and firewall reports

Successful completion of this five-day, instructor-led course should enhance the student’s understanding of how to configure and manage Palo Alto Networks NextGeneration Firewalls. The course includes hands-on experience configuring, managing, and monitoring a firewall in a lab environment.

Security Engineers, Security Administrators, Security Operations Specialists, Security Analysts, and Support Staff

Students must have a basic familiarity with networking concepts including routing, switching, and IP addressing. Students also should be familiar with basic security concepts. Experience with other security technologies (IPS, proxy, and content filtering) is a plus

  • Palo Alto Networks Portfolio and Architecture
    • Palo Alto Networks Portfolio overview
    • Next-generation firewall architecture
    • Firewall offerings
  • Connect to the Management Network
    • Initial system access
      • Overview
      • Web Interface Overview
    • Configure management network settings
      • Management, Service & Interface config
      • Service Route
    • Activate a firewall, and manage licenses and software
      • License Activation
      • Licenses
      • Support
      • Software updates
      • dynamic updates
    • IronSkillet
    • Lab
      • Connect to the firewall web interface
      • Load a starting lab configuration
      • Set DNS servers for the firewall
      • Set NTP servers for the firewall
      • Configure a login banner for the firewall
      • Set Latitude and Longitude for the firewall
      • Configure permitted IP addresses for firewall management
      • Schedule dynamic updates
  • Manage Firewall Configurations
    • Configuration management
      • Configuration Interaction
      • Auto-commit
      • Configuration Actions
      • Config Audit
      • Commit operations
      • Commit per administrator
      • Commit Lock
      • Factory Reset
    • View firewall logs
    • Lab
      • Export a named configuration snapshot
      • Save ongoing configuration changes before a commit
      • Revert ongoing configuration changes
      • Preview configuration changes
      • Examine log files
      • Create a log file filter
      • Use the Filter Builder
  • Manage Firewall Administrator Accounts
    • Firewall authentication and authorization
    • Create a local firewall administrator account
    • Create a non-local firewall administrator account
    • Create a firewall administrator account for non-interactive login
    • Lab
      • Create a local firewall administrator account
      • Configure an LDAP Server Profile & Authentication Profile
      • Configure a RADIUS Server Profile & Authentication Profile
      • Create non-local firewall administrator accounts for LDAP and RADIUS
      • Configure an Authentication Sequence
  • Connect to Production Networks
    • Block threats by using network segmentation
    • Network interfaces and security zones
    • Layer 3 interfaces
    • Layer 3 sub-interfaces
    • Virtual wire interfaces
    • Tap interfaces
    • Virtual routers
      • Inter VR Routing
      • Configuration
      • Multiple Static Default Routes and path monitoring
      • Troubleshoot Routing
    • Interface Management profile
    • Loopback interfaces
    • Lab
      • Create Layer 3 interfaces
      • Create a virtual router
      • Segment your production network using security zones
      • Test connectivity from firewall to hosts in each security zone
      • Create Interface Management Profiles
  • Block Threats Using Security and NAT Policies
    • Security policy fundamental concepts
      • Flow Logic
      • Security Policy Match
      • Rule types
    • Security policy administration
      • Rule elements
      • Managing policy ruleset
      • Rule hit counter and unused rules
      • Test policy match & policy match troubleshooting
      • Global Find

 Network address translation

  • Source NAT configuration
    • Source NAT Overview
    • Source NAT Policy
    • Source NAT Configuration
    • Source NAT Types
    • Bidirectional Source NAT
    • DIPP NAT Oversubscription
    • Destination NAT configuration
    • Destination NAT Policy
    • Destination NAT Configuration
    • Destination NAT Port translation
  • Lab
    • Configure a Security policy rule to allow access from Users_Net to Extranet
    • Test access from client to Extranet servers
    • View the Traffic log
    • Examine policy Rule Hit Count
    • Reset rule hit counts
    • Customize policy tables
    • Manage the Policy Ruleset
    • Enable intrazone and interzone logging
    • Configure source NAT
    • Configure destination NAT
  • Block Packet- and Protocol-Based Attacks
    • Denial of Service Attack Types
      • DoS vs DDoS
      • SYN Flood and SYN Cookies
      • Application-based DoS Attack
      • Amplification Attack
    • Zone Protection
      • Flood Protection
      • Configuration
      • RED vs SYN Cookie
      • Flood Protection impact
      • Protection Lab Demo
      • Reconnaissance Protection
      • Port scan vs Host Sweep
      • Packet Based Attack Protection
      • Protocol Protection
    • DoS Protection Policy
      • Overview
      • Configuration
      • Aggregate vs Classified
      • Resource Protection
      • Protection Lab Demo
    • Zone Protection vs DoS Protection Policy
    • Block threats using packet buffer protection
    • Lab
      • Configure a Zone Protection Profile to detect and control SYN floods
      • Configure a Zone Protection Profile to detect and control reconnaissance scans
      • Configure a Zone Protection Profile to detect and control specific IP header options
      • Configure a Zone Protection Profile to perform spoofed IP address checking
      • Configure a DoS Protection Profile to protect firewall and node resource consumption
      • Configure a DoS Protection Profile to detect and control SYN floods

Block Threats from Known Bad Sources

        • Block access to or from known-bad IP addresses
          • Overview
          • Dynamic Address Group
          • EDL Overview
          • EDL configuration example
          • External Dynamic List Monitoring
        • Block access to or from known-bad domains
          • Security profiles overview
          • DNS Sinkhole
        • Block access to or from known-bad URLs
          • Overview
          • URL categories in Security Policy Deny Rule
          • Custom URL category
        • Other URL filtering features
          • Response Pages
          • Customize Response pages
          • URL Filtering Profile
          • URL Log including Recategorization request
        • Lab
          • Block access to malicious IP addresses using Address objects
          • Block access to malicious IP addresses using Address Groups
          • Block access to malicious IP addresses using geographic regions
          • Block access to malicious IP addresses using an External Dynamic List (EDL)
          • Block access to malicious domains using an EDL
          • Block access to malicious URLs using the Security policy
          • Block access to a malicious URL using a URL Filtering Profile
  • Block Threats by Identifying Applications
    • App-ID reduces the attack surface
      • What is an App vs URL Filtering
      • Evasive Applications
    • App-ID concepts and operation
      • Application Identification of a TCP Flow
      • App-ID Flow
      • Application Dependencies
      • Control Applications on SSL-Secure Ports
      • Application Default Port
      • App-ID and UDP
      • Differentiating Between Known and Unknown Applications
      • Application Block Page
    • Configure App-ID objects
      • Application Groups
      • Application tagging for SaaS
      • Application Filters
      • Nested Application Groups and Filters
    • Lab
      • Create an FTP Service object and an FTP port-based Security policy rule
      • Test the port-based Security policy
      • Generate application traffic
      • Configure an application group
      • Configure a Security policy to allow update traffic
      • Test the Allow-PANW-Apps Security policy rule
      • Examine the tasks list to see shadowed message
      • Modify the Security policy to function properly
      • Test the modified Security policy rule
  • Maintain Application-Based Policies
    • Migrate to an App-ID-based Security policy
      • Moving to Application-Based Policies
      • Migration Strategy
      • Expedition
      • Policy Optimizer
    • Maintain an App-ID Security policy
    • Maintain App-ID
      • Applications and Threats Content Updates
      • Review New and Updated Application Details
    • Lab
      • Create a custom Service object for HTTP
      • Add the new service to the Security policy
      • Test Access to the web server on port 8080
      • Revert the web server to port 80
      • Create an FTP application-based Security policy rule
      • Test the application-based Security policy
      • Remove the FTP rules
      • Scheduling App-ID updates
  • Block Threats Using Custom Applications

    • Unknown applications
    • Perform packet captures
    • Identify unique bit patterns
    • Create a custom application with a signature
    • Configure an Application Override policy
    • Lab
      • Gather custom application information
      • Configure a packet capture
      • Capture application traffic
      • Analyze the packet capture
      • Create a custom application with a signature
      • Add the custom application to the Security policy
      • Test the custom application signature
  • Block Threats by Identifying Users
    • User-ID overview
    • User mapping methods
      • Overview
      • AD Integration – UID Agent on FW
      • Concept
      • User-ID Configuration
      • Group Mapping Configuration
      • Troubleshooting
      • Terminal Services Agent
      • User-ID redistributing
    • Windows-based agent configuration
    • Configure group mapping
    • User-ID redistribution
      • Concept
      • Configuration
    • User-ID and Security policy
      • Users and Groups for a Security Policy
      • Dynamic User Groups
    • Lab
      • Examine current configuration
      • Enable User-ID technology on the Acquisition zone.
      • Generate traffic
      • Modify Security policy to meet requirements
      • Export the firewall certificate and import to Firefox
      • Test outbound Decryption policy again
      • Review firewall logs
      • Exclude URL categories from decryption using a No-Decrypt rule
      • Test the No-Decrypt rule
  • Block Threats by Identifying Devices
    • Device-ID concepts
    • Configuration tasks
    • View and manage devices and policies
    • Monitoring devices
  • Block Unknown Threats
    • WildFire concepts
    • Configure and manage WildFire
    • WildFire reporting
    • Lab
      • Create a WildFire Analysis Profile
      • Apply WildFire Profile to security rules
      • Test the WildFire Analysis Profile
      • Examine WildFire analysis details
  • Block Threats in Encrypted Traffic
    • Overview of SSL session setup
    • SSL Outbound – Forward Proxy
    • Certificate Generation
    • Decryption Policy
    • Decryption Exclusion
    • SSL Inbound – Inspection
    • Decryption considerations
    • SSH decryption
    • Master key management
    • Other decryption methods and features
    • Lab
      • Test the firewall without decryption
      • Create a self-signed certificates for trusted connections
      • Create a self-signed certificates for untrusted connections
      • Create and test a Decryption policy rule for outbound traffic
      • Test outbound Decryption policy rule
      • Export the firewall certificate and import to Firefox
      • Test outbound Decryption policy again
      • Review firewall logs
      • Exclude URL categories from decryption using a No-Decrypt rule
      • Test the No-Decrypt rule
  • Prevent Use of Stolen Credentials
    • Credential Theft use case and solution overview
    • Firewall authentication and authorization
    • Creating user accounts
      • Admin LDAP authentication
      • FireWall Admin authentication against Azure AD
    • Preventing use of stolen credentials using multi-factor authentication
      • Credential-Based Attacks
      • Authentication Policy
    • Preventing credential theft
      • Concept
      • Configuration Options
      • Configure Domain Credential Filtering
    • Lab
      • Test the firewall behavior without credential detection
      • Provide the firewall with User-ID information
      • Test the firewall behavior with credential detection
  • Block Threats Using Security Profiles
    • Inspect allowed traffic
      • Concept
      • Security Profile Best Practices
    • Block threats detected by signatures
      • AntiVirus
      • AntiSpyware
      • Vulnerability Protection
    • Control URL access
      • Web Access Policy Best Practices
    • Block unauthorized file transfers
      • File Blocking
    • Detect unknown threats
      • Wildfire Profile Best Practices
    • Block sensitive data transfers
      • Concept
      • Data Filtering
    • Security policy modifications
      • BPA (Demo Support Portal)
      • Security Best Practices Worksheet (Demo)
    • Lab
      • Generate traffic without profiles and examine logs
      • Create Security Profiles
      • Create a Security Group
      • Apply the Security Group to existing Security policy rules
      • Generate traffic with profiles and examine logs
      • Create tags
      • Enable policy rulebase settings and observe behavior
  • View Threat and Traffic Information
    • View threat and traffic information
      • Dashboard, ACC
      • Detailed Logs and Log Settings
      • Session Browser
      • Reporting
      • Threat Investigation introduction
    • Forward threat and traffic information to external services
      • Telemetry (Demo)
      • Log Forwarding including scheduled log exports
    • Lab
      • View threat information using the Dashboard
      • View application information using the Dashboard
      • View threat information using the ACC
      • View application information using the ACC
      • View threat information using the Threat log
      • View application information using the Traffic log
      • View threat information using App Scope reports
      • View threat information using predefined reports
      • View application information using predefined reports

    Contact Us for more details