Bluemap

Palo Alto Network Security Engineer - PCNSE

Palo Alto certification validates your ability to configure the central features of Palo Alto Networks Next Generation Firewall and capability to effectively deploy the firewalls to enable network traffic based on who (User-ID), what (App-ID), and when (Policy), all while ensuring security (Content-ID). Demonstrate your ability to configure the central features of Palo Alto Networks Next Generation Firewall and capability to effectively deploy the firewalls and centrally manage them with Panorama CMS to enable all round network security.

Delivery Mode

Training is available in small groups as well as on one-to-one basis. Get in touch.

Batch Timings

For the latest training schedule, please check the Calendar.

Course:

16 Modules

Duration:

35 hours

Introduction

Palo Alto certification validates your ability to configure the central features of Palo Alto Networks Next Generation Firewall and capability to effectively deploy the firewalls to enable network traffic based on who (User-ID), what (App-ID), and when (Policy), all while ensuring security (Content-ID). Demonstrate your ability to configure the central features of Palo Alto Networks Next Generation Firewall and capability to effectively deploy the firewalls and centrally manage them with Panorama CMS to enable all round network security.

Calendar

Apr 17th
MON - FRI (35 DAYS)
07:00 AM to 09:00 AM (IST)

Apr 22nd
MON - FRI (35 DAYS)
07:00 AM to 09:00 AM (IST)

Training Type Timing Duration Get Started
Regular [Weekdays]
On Request
5 weeks
Regular [Weekends]
On Request
5 weekends
Fast Track [5 days]
To be announced

Course Content - What Will You Learn?

  • Understand meaning of next generation firewall[NGFW].
  • Introduction to different firewalls models in the market and market ranking of Palo Alto.
  • Parameters for deciding firewall for a network
  • Stateless vs Stateful Firewalls
  • Architecture of Palo-Alto OS and firewall platforms covering VM firewalls and hardware firewalls.
  • Application of various platforms suiting to different networkenvironments
  • Introduction to WebUI and CLI of Palo Alto.
  • Default setting on Palo Alto firewalls.
  • Configuration of initial parameters- DNS setting, passwords, login IP.
  • Saving and loading configurations.
  • Types of admin accounts and creating multiple admins.
  • Locks available in WebUI.
  • Setting up passwords and password complexities.
  • Updating Signature Database and Licensing of Firewall
  • Setting up of the basic network.
  • Types of interfaces available in firewall- Layer 3, Layer 2, HA, Tap and Virtual-Wire.
  • Choosing type of interface for particular network design.
  • Configuring interfaces depending on network design.
  • Configuring Virtual-Wire, VLANs and Virtual Router.
  • Routing in Palo Alto- Static, OSPF, BGP.
  • Setting up service route on firewall.
  • Configuring parameters on management interface via CLI and WebUI.
  • Types of securitypolicies.
  • Configuration and logical design of policies.
  • Order of processing the policies by the firewall.
  • Enabling and disabling policies.
  • External Dynamic Lists [EDL] and usage in security policies.
  • Pre-defined and user-defined EDL.
  • Uses of profiles in policies.
  • Actions in security policies- Allow, Drop, Deny, Reset Server, Reset Client, Reset both.
  • Understanding and configuration of types of NAT- static, dynamic, PAT, source and destination.
  • Understand TCP packets and how NGFW firewalls process them.
  • Drawbacks faced by traditional firewalls in understanding Layer-7applications.
  • Application detection mechanism in Palo Alto
  • Applipedia, Implicit and explicit application dependencies
  • Application groups and Application filters.
  • Configure App-ID, Application Exceptions, Custom Apps and Application override policy.
  • Content inspection using SP3 architecture.
  • Security profiles- Anti-virus, Anti-Spyware, Vulnerability, File Detection and Data filtering
  • Applying security profile in security policies.
  • DNS Sink holing in Palo Alto.
  • Exceptions handling in profiles.
  • Configure Content-ID in PAN-OS
  • URL categorization.
  • Updating URL Database.
  • Actions taken in URL filtering policy.
  • Credential phishing avoidance policy in Palo Alto.
  • Configuration of URL filtering.
  • Setting override password in Palo Alto.
  • Working of SSL to establish encrypted session.
  • Why SSL decryption is needed?
  • Types of SSL
    Decryption- SSL Forward Proxy, SSL Inbound Inspection and SSHProxy
  • Self-signed certificate versus CA signed certificate.
  • Configure PAN-OS where to do and where to avoid SSL decryption.
  • Enable SSL Opt-out Page for users.
  • Verify SSL Decryption in traffic logs.
  • What is wildfire?
  • Why is Wildfire so important in modern day networks?
  • Configure wildfire in Palo Alto Network firewall.
  • Wildfire analysis in public cloud and private cloud.
  • Wildfire licensing and subscriptions
  • Understanding of wildfire reports.
  • What is GlobalProtect VPN?
  • Configure GlobalProtect Portal and Gateway.
  • Use GlobalProtect App for Windows, Linux and iOS
  • Understanding of IPSec site to site VPNs.
  • Understand IPSec Phase-1 and Phase-2 profiles.
  • Difference between Main mode and aggressive mode in phase-1 and use cases.
  • How does Diffie-Helman Exchange works.
  • Features offered by Palo Alto to secure IPSec VPNs fromintruders.
  • Configuration of IPSec VPN between two firewalls.
  • Considerations when deploying VPN with third party vendor device.
  • Monitoring an IPSec VPN
  • Overview of User-ID
  • User-ID Concepts
  • Types of user mapping- server monitoring, port mapping, XFF headers, syslog, GlobalProtect, XML API.
  • Configure Captive Portal in Palo Alto Networks Firewall
  • Service account for user-ID agents.
  • Map IP addresses to users.
  • Deploy user-ID in a large scale network.
  • Verify user-ID configuration
  • Monitor threat logs in Palo Alto
  • Take packet captures
    Generate reports for logs
  • Generate customized reports
  • Schedule PDF reports over email.
  • Use Application Command Center.
  • High Availability Overview.
  • High Availability Concepts in Palo Alto.
  • Setup Active/Passive HA.
  • Selection of Active firewall.
  • High Availability Synchronization.
  • High Availability Firewall States.
  • Design layout for Active/Passive and Active/Active HA.
  • Monitor and troubleshoot High Availability.
  • QoS for application and users.
  • QoS policy.
  • QoS profiles and classes.
  • QoS priority queuing.
  • QoS bandwidth management.
  • QoS interface mapping.
  • Configure and verify QoS policy.
  • Configure management Panorama server.
  • Configure template and template variables.
  • Configure device groups.
  • Install updates for Panorama.
  • Modes of operation of Panorama.

Who Should Attend?

Duration

35 Hours

Pre-Requisite?

This course is for security professionals looking to work in a Palo Alto environment. Knowledge of basic networking including OSI and TCP/IP Model and sub-netting is mandatory to attend this course.

Skills gained after this course​

What job roles can I apply for after this course?

After completion of the course you can apply for the following job positions:

Lab Practice

BlueMap has dedicated servers for PaaS, with 99.9% uptime. Candidates will be provided access to individual pods for lab practice. Guidance will also be provided if candidates want to setup a lab environment on their personal machines. A lab guide will be provided to each candidate with scenarios to practice all modules covered in the course because at BlueMap we believe that unless you see it happening you won’t be confident to answer any questions based on the same. There would be scenarios for implementing, verifying and troubleshooting all modules covered in the course.

Frequently Asked Questions

Classes will be conducted online via GoToMeeting.

You will be provided dedicated lab access on our 24x7 available cloud servers during the entire course duration. Each candidate will have his/her own lab scenario for practice. Moreover, if the candidate wants to setup a lab on their machine that support will also be provided by the instructor.

The candidate will be provided with daily class recordings, presentations, lab guides, virtual machines and study notes for practice. All this material will be included in the course fees.

We do not have a refund policy. The candidate will be provided first two sessions free of cost and then the candidate will be asked to pay the course fees.

Yes, the course fees can be paid in two instalments. The first instalment will be payable after the first two free sessions. The second instalment will be payable after 50% course completion.

Placement assistance will be provided to all candidates after course completion. Interview calls be provided to all candidates. Along with that mock interview sessions will also be conducted for all candidates to prepare them for the interview.

Even after the course completion, BlueMap is committed to provide post-training support to all candidates. Post-training support works in two ways. In the first scenario if the candidate does not understand a particular topic he/she can have one-to-one session with the instructor to clear the concept or can attend any other on-going batches. In the second scenario the instructor will provide support to the candidate if he/she is facing issues on job helping candidate to apply knowledge to practice.

palo alto networks

Why choose Bluemap?

Get the best return on your investment by choosing our course. BlueMap offers incredible experience to all candidates in the training such that it creates a life-long relationship with us. What makes us say so:

Get started and skill up for the changing world