EDU-330 Firewall: Troubleshooting

Upcoming Classes

EDU-330 EDU-330 Firewall: Troubleshooting

  • Duration: 3 days
  • Price: $2100 USD
  • Certifications: Palo Alto Networks Certified Network Security Engineer (PCNSE)

The Palo Alto Networks Firewall 10.0: Troubleshooting course is three days of instructor-led training that will help you:

  • Investigate networking issues using firewall tools including the CLI
  • Follow proven troubleshooting methodologies specific to individual features
  • Analyze advanced logs to resolve various real-life scenarios
  • Solve advanced, scenario-based challenges

Successful completion of this three-day, instructor-led course will enhance the participant’s understanding of how to troubleshoot the full line of Palo Alto Networks Next-Generation Firewalls. Participants will perform hands-on troubleshooting related to the configuration and operation of the Palo Alto Networks firewall.

Completion of this class will help participants develop an in-depth knowledge of how to troubleshoot visibility and control over applications, users, and content.

Security Engineers, Security Administrators, Security Operations Specialists,
Security Analysts, Network Engineers, and Support Staff

Participants must complete the Firewall 10.0 Essentials: Configuration and
Management (EDU-210) course. Participants must have strong practical knowledge of routing and switching, IP addressing, and network security concepts, and at least six months of on-the-job experience with Palo Alto Networks firewalls.

  • Tools and Resources
    • Troubleshooting Enablement 
    • Basic Troubleshooting Methodologies 
    • Options for Information and Support
    • Status Monitoring Tools
    • Maintenance Mode
    • Lab – Tech Support Files
      • Validate the basic functionality of your lab environment
      • Use the web interface to get a Tech Support File
      • Decompress the Tech Support File
      • Explore the Tech Support File
    • Lab – Use the CLI to Export a Tech Support File Lab
      • Use the CLI to generate a Tech Support File
      • Use the CLI to export a Tech Support File
      • Validate the exported Tech Support File
  • CLI Primer
    • Scope and Structure of the CLI
      • Operational vs Configuration Mode
      • Network discovery use case
      • Configuration Mode
      • Data Displayed Through less
      • Syntax and feedback for invalid commands
    • Displaying and navigating command output
    • Using the CLI as a troubleshooting tool
    • Lab – CLI Fundamentals
      • Import, Load, and Commit a Configuration File
      • Confirm the Current Device Configuration
      • Explore Options for Changing Other Device Settings
      • Change the Current Device Setting
    • Lab – Use the CLI to Modify Policy Objects
      • Review the Existing Policy Configuration
      • Examine a Configuration and Discover Options for How to Modify It
      • Modify Object Parameters
      • Review Changes and Commit the Configuration
      • Test URL Filtering Profile Changes
  • Flow Logic
    • Session Flow and App-ID 
    • Flow Logic Overview
    • TCP Sessions and States 
    • Flow Logic Details
      • Key terms
      • Data flows per processing stage
    • Lab – Tracing Packet Flow
      • Open an existing packet-diagnostics file
      • Trace the first packet through the firewall
      • Trace the second packet
      • Trace the content inspection of a packet
      • Identify firewall-generated packets
      • Identify dropped packets and the session end
  • Packet Captures
    • Packet Capture Concepts 
    • Configuring Packet Captures
      • Using the web interface
      • Using the CLI
    • Lab
      • Test baseline functionality
      • Configure a packet filter
      • Test session marking
      • Configure capture stages
      • Turn on packet capture and capture packets
      • Analyze the pcaps
      • Add a Security policy configuration to drop traffic
      • Reconfigure the filter
      • Capture and analyze the pcaps
  • Packet-Diagnostics Logs
    • Debug-level Diagnostic Log Features
    • Usage Best Practices
    • Interpreting flow-basic output
    • Hardware assistance and offloading
    • Lab
      • Start-up and verify external connectivity to the FTP server
      • Verify the problem with the internal client
      • Examine firewall Traffic logs and Threat logs
      • Configure the packet filter
      • Check global counters
      • Configure and run packet capture and flow basic
      • Interpret the flow-basic log and pcaps
      • Implement a solution and verify it
      • Check logs and enable logging for increased visibility
  • Transit Traffic
    • Troubleshoot Transit Traffic
      • Re-create the issue
      • Discover the network – check interface IPs, routing, ARP
      • Traffic logs
      • Session table
      • Set filter and check global counter
      • Debug flow basic and packet captures
    • Lab – App-ID and Torrents
      • Apply a baseline configuration to the firewall
      • Torrent sites
      • Traffic log: Application data
      • Enable traffic
      • Test policy rule “deny”
      • Policy rule to block torrents
      • Add a File Blocking Profile
    • Lab – Blocking Tor
      • Lab challenge and checklist
      • Solution: Security policy to block Tor App-ID
      • Solution: Use application filters
      • Solution: Block risky URL categories
      • Solution: Deny unknown applications
      • Solution: Block untrusted and expired certificates with a Decryption Profile
      • Solution: Turn on SSL decryption
      • Solution: Implement an External Dynamic List (EDL)
  • Host-inbound Traffic
    • Host-Inbound Traffic
    • Management Services
    • Lab – Host-Inbound Traffic NTP Example 
      • Apply a baseline configuration to the firewall
      • Review the System log
      • Use CLI commands to get more information
      • Use tcpdump to capture packets
      • Diagnose the problem
      • Questions for discussion
  • IPSEC VPN Troubleshooting
    • VPN Concept
    • VPN Troubleshooting
    • Lab – VPN Traffic Case A 
      • Review the network topology and verify the problem
      • Check routing and security policy rules
      • Change strategy: Try a top-down approach instead
      • Check the health of the VPN tunnel
      • Initiate VPN connection from the remote network
      • Troubleshoot as the responder
      • Check proxy ID settings and correct the problem
    • Lab – VPN Traffic Case B
      • Verify a problem with SFTP access to a web server
      • Review the Traffic logs and System logs
      • Check the high-level health indicators for the tunnel
      • Troubleshoot as the responder
      • Fix the problem and verify functionality
  • System Services
    • Identifying performance issues
    • Baseline service performance
    • Performance Troubleshooting use cases
    • System Services Daemons
    • Gathering more data
    • Lab
      • Check running services
      • Review the logs for a specific service
      • Change the debug log level for a service
      • Restart a service
      • Restart a service and monitor a data-plane session
      • Investigate the event
  • Certificate Management and SSL Decryption Troubleshooting
    • Verify that SSL decryption is applied via certificate chain 
    • Accessing site via its IP vs FQDN
    • Intermediate CA missing
      • SSL Labs
      • Session end reason
      • Show session flag | count yes
      • Show counter global filter category proxy
    • Exclude URLs / certificates without pinching holes into the FireWall 
    • Client authentication and SSL Decryption Exclusion
    • External factors that complicate SSL decryption
    • Lab
      • Apply a baseline configuration to the firewall
      • Verify the functionality of SSL decryption
      • Create a tag and a dynamic address group
      • Create a Decryption policy rule
      • Create custom Vulnerability signatures
      • Configure a Log Forwarding profile
      • Configure a Vulnerability Protection profile to generate alerts
      • Add the Log Forwarding profile to a Security policy rule
      • Test the configuration and confirm results
  • User – ID
    • User-ID Mapping Flow 
    • User-ID Troubleshooting
      • Recreate the issue, no users showing log
      • System log, verify and fix user mapping issue
      • show user ip-user-mapping all
      • Event log
      • Verify ldap connectivity
      • Show user user-ids match-user xxx
      • Verify group mapping in security policy incl. ldap browser
      • Verify group users matches IP user
    • Lab
      • Apply a baseline configuration to the firewall
      • Diagnose and fix the problem
      • Review reference information
      • Solution: Enable User-ID on the correct zone
      • Solution: Fix the LDAP Server Profile
      • Solution: Fix the Authentication Profile Server type
      • Solution: Add the correct IP for server monitoring
  • Global Protect
    • Connection Sequence
    • GlobalProtect Troubleshooting
      • system log – check and fix group mapping
      • Verify certificate
      • Check internal host detection
      • Review support file
    • Lab
      • Apply a baseline configuration
      • Download the GlobalProtect agent
      • Connect to the external gateway
      • Disconnect the connected user
      • Advanced scenario: Pre-logon and certificates
  • Esclation and RMAs
    • Case management
    • Hardware failure and return merchandise authorizations (RMAs)
    • Escalation and support events

    Contact Us for more details