PaloAlto Network Security Engineer Details - Zetlan Technologies

Login Signup

info@zetlantechnologies.com +91-8680961847

/ PaloAlto Certification / PaloAlto Network Security Engineer

Palo Alto Networks Certified

Network Security Engineer (PCNSE)

Validates the in-depth knowledge and skills required to design, deploy, operate, manage, and troubleshoot Palo Alto Networks Next-Generation Firewalls

Objectives

This certification validates the knowledge, understanding, and skills required to deploy and configure Palo Alto Networks Next-Generation Firewalls.

Target Audience

This certification is designed for network security engineers, systems engineers, systems integrators, and support engineers who deploy and configure Palo Alto Networks Next-Generation Firewalls.

Recommended Prerequisites

(EDU-210) Firewall Essentials: Configuration and Management
(EDU-220) Panorama: Managing Firewalls at Scale
(EDU-330) Firewall: Troubleshooting
Palo Alto Networks Certified Cybersecurity Apprentice
Palo Alto Networks Certified Cybersecurity Practitioner
Palo Alto Networks Certified Network Security Generalist

Course Details

1. Core Concepts

Identify how Palo Alto Networks products work together to improve PAN-OS services

Security components
Firewall components
Panorama components
PAN-OS subscriptions and the features they enable
Plug-in components
Heatmap and BPA reports
Artificial intelligence operations (AIOps)/Telemetry
IPv6
Internet of things (IoT)

Determine and assess appropriate interface or zone types for various environments

Layer 2 interfaces
Layer 3 interfaces
Virtual wire (vwire) interfaces
Tap interfaces
Sub-interfaces
Tunnel interfaces
Aggregate interfaces
Loopback interfaces
Decrypt mirror interfaces
VLAN interfaces

Identify decryption deployment strategies

Risks and implications of enabling decryption
Use cases
Decryption types
Decryption profiles and certificates
Create decryption policy in the firewall
Configure SSH Proxy

Enforce User-ID

Methods of building user-to-IP mappings
Determine if User-ID agent or agentless should be used
Compare and contrast User-ID agents
Methods of User-ID redistribution
Methods of group mapping
Server profile & authentication profile

Determine how and when to use the Authentication policy

Purpose of, and use case for, the Authentication policy
Dependencies
Captive portal versus GlobalProtect (GP) client

Differentiate between the fundamental functions that reside on the management plane and data plane
Define multiple virtual systems (multi-vsys) environment

User-ID hub
Inter-vsys routing
Service routes
Administration

2. Deploy and Configure Core Components

Configure management profiles

Interface management profile
SSL/TLS service profile

Deploy and configure Security profiles

Custom configuration of different Security profiles and Security profile groups
Relationship between URL filtering and credential theft prevention
Use of username and domain name in HTTP header insertion DNS Security
How to tune or add exceptions to a Security profile
Compare and contrast threat prevention and advanced threat prevention
Compare and contrast URL Filtering and Advanced URL Filtering

Configure zone protection, packet buffer protection, and DoS protection

Customized values versus default settings
Classified versus aggregate profile types
Layer 3 and Layer 4 header inspection

Design the deployment configuration of a Palo Alto Networks firewall

Advanced high availability (HA) deployments
HA pair
Zero Touch Provisioning (ZTP)
Bootstrapping

Configure authorization, authentication, and device access

Role-based access control for authorization
Different methods used to authenticate
The authentication sequence
The device access method

Configure and manage certificates

Usage
Profiles
Chains

Configure routing

Dynamic routing
Redistribution profiles
Static routes
Path monitoring
Policy-based forwarding
Virtual router versus logical router

Configure NAT

NAT policy rules
Security rules
Source NAT
No NAT
Use session browser to find NAT rule name
U-Turn NAT
Check HIT counts

Configure site-to-site tunnels

IPSec components
Static peers and dynamic peers for IPSec
IPSec tunnel monitor profiles
IPSec tunnel testing
Generic Routing Encapsulation (GRE)
One-to-one and one-to-many tunnels
Determine when to use proxy IDs

Configure service routes

Default
Custom
Destination
Custom routes for different vsys versus destination routes
How to verify service routes

Configure application-based QoS

Enablement requirements
QoS policy rule
Add DSCP/TOS component
QoS profile
Determine how to control bandwidth use on a per-application basis
Use QoS to monitor bandwidth utilization

3. Deploy and Configure Features and Subscriptions

Configure App-ID

Create security rules with App-ID
Convert port and protocol rules to App-ID rules
Identify the impact of application override to the overall functionality of the firewall
Create custom apps and threats
Review App-ID dependencies

Configure Global Protect
Global Protect licensing
Configure gateway and portal
GlobalProtect agent
Differentiate between login methods
Configure Clientless VPN
Host information profile (HIP)
Configure multiple gateway agent profiles
Split tunnelling

Configure decryption

Inbound decryption
SSL forward proxy
SSL decryption exclusions
SSH proxy

Configure User-ID

User-ID agent and agentless
User-ID group mapping
Shared User-ID mapping across virtual systems
Data redistribution
User-ID methods
Benefits of using dynamic user groups in policy rules
Requirements to support dynamic user groups
How Global Protect internal and external gateways can be used

Configure Wild Fire

Submission profile
Action profile
Submissions and verdicts
Signature actions
File types and file sizes
Update schedule
Forwarding of decrypted traffic

Configure Web Proxy

Transparent proxy
Explicit proxy

4. Deploy and Configure Firewalls Using Panorama

Configure templates and template stacks

Components configured in a template
How the order of templates in a stack affects the configuration push to a firewall
Overriding a template value in a stack
Configure variables in templates
Relationship between Panorama and devices as pertaining to dynamic updates versions, policy implementation, and/or HA peers

Configure device groups

Device group hierarchies
Identify what device groups contain
Differentiate between different use cases for pre-rules, local rules, the default rules, and post-rules
Identify the impact of configuring a primary device
Assign firewalls to device groups

Manage firewall configurations within Panorama

Licensing
Commit recovery feature
Automatic commit recovery
Commit types and schedules
Config backups
Commit type options
Manage dynamic updates for Panorama and Panorama-managed devices
Software and dynamic updates
Import firewall configuration into Panorama
Configure log collectors
Check firewall health and status from Panorama
Configure role-based access on Panorama

5. Manage and Operate

Manage and configure Log Forwarding

Identify log types and criticalities
Manage external services
Create and manage tags
Identify system and traffic issues using the web interface and CLI tools
Configure Log Forwarding profile and device log settings
Log monitoring
Customize logging and reporting settings

Plan and execute the process to upgrade a Palo Alto Networks system

Single firewall
HA pairs
Panorama push
Dynamic updates

Manage HA functions

Link monitoring
Path monitoring
HA links
Failover
Active/active and active/passive
HA interfaces
Clustering
Election setting

6. Troubleshooting

Troubleshoot site-to-site tunnels

IPSec
GRE
One-to-one and one-to-many tunnels
Route-based versus policy-based remote hosts
Tunnel monitoring

Troubleshoot interfaces

Transceivers
Settings
Aggregate interfaces, LACP
Counters
Tagging

Troubleshoot decryption

Inbound decryption
SSL forward proxy
SSH proxy
Identify what cannot be decrypted and configure exclusions and bypasses
Certificates

Troubleshoot routing

Dynamic routing
Redistribution profiles
Static routes
Route monitoring
Policy-based forwarding
Multicast routing
Service routes

General Troubleshooting

Logs
Packet capture (pcap)
Reports

Troubleshoot resource protections

Zone protection profiles
DoS protections
Packet buffer protections

Troubleshoot Global Protect

Portal and Gateway
Access to resources
Global Protect client

Troubleshoot policies

NAT
Security
Decryption
Authentication

Troubleshoot HA functions

Monitor
Failover triggers

Video Packages
Online Live Class

Fees Structure :	15500 INR / 185 USD
Total No of Class :	204 Video Class
Class Duration :	154:30 Working Hours
Download Feature :	Download Avalable
Technical Support :	Call / Whatsapp : +91 8680961847
Working Hours :	Monday to Firday 9 AM to 6 PM
Payment Mode :	Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay)

Brochure Buy Now Sample Demo

Fees Structure :	22500 INR / 270 USD
Class Duration :	60 Days
Class Recording :	Live Class Recording available
Class Time :	Monday to Firday 1.5 hours per day / Weekend 3 Hours per day
Technical Support :	Call / Whatsapp : +91 8680961847
Working Hours :	Monday to Firday 9 AM to 6 PM
Payment Mode :	Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay)

Download Brochure Pay Online

Information Technologies

More Info

About Us Contact Us Privacy Policy Terms & Condition Refund Policy FAQs & Help

Account

My Account Course Details Shopping Cart Wishlist Order History Payment Details

Zetlan Technologies, All right reserved.