Palo Alto Networks Certified Network Security Engineer

Course Features
Training Type	Classroom & Online
Course Duration	25 Days
No. of Hours	Weekdays( Mon to Thu)- 2hrs/Day, Weekend (Sat & Sun)- 4hrs/Day, Only Sunday- 6hrs Per Day
Certificate	Yes
Skill Level	Intermediate
Study Material	Yes
Batches Available	(Mon-Thu) & (Sat-Sun)

Identify how Palo Alto Networks products work together to improve PAN-OS services

1.1.1 Security components

3.1.2 Firewall components

5.1.3 Panorama components

7.1.4 PAN-OS subscriptions and the features they enable

9.1.5 Plug-in components

11.1.6 Heatmap and BPA reports

Determine and assess appropriate interface types for various environments

1.2.1 Layer 2 interfaces

3.2.2 Layer 3 interfaces

5.2.3 vWire interfaces

7.2.4 Tap interfaces

1.2.5 Subinterfaces

3.2.6 Tunnel interfaces

5.2.7 Aggregate interfaces

7.2.8 Loopback interfaces

9.2.9 Decrypt mirror interfaces

11.2.10 VLAN interfaces

Identify decryption deployment strategies

1.3.1 Risks and implications of enabling decryption

3.3.2 Use cases

5.3.3 Decryption types

7.3.4 Decryption profiles and certificates

9.3.5 Create decryption policy in the firewall

11.3.6 Configure SSH proxy

Enforce User-ID

1.4.1 Methods of building user-to-IP mappings

3.4.2 Determine if User-ID agent or agentless should be used

5.4.3 Compare and contrast User-ID agents

7.4.4 Methods of User-ID redistribution

9.4.5 Methods of group mapping

11.4.6 Server profile & authentication profile

Determine when to use the Authentication policy and methods for doing so

1.5.1 Purpose of, and use case for, the Authentication policy

3.5.2 Dependencies

5.5.3 Captive portal versus GP client

Differentiate between the fundamental functions that reside on the management plane and data plane.

Configure management profiles

2.1.1 Interface management profile

4.1.2 SSL/TLS profile

Deploy and configure Security profiles

2.2.1 Custom configuration of different Security profiles and Security profile groups

2.2.2 Relationship between URL filtering and credential theft prevention

4.2.3 Use of username and domain name in HTTP header insertion

6.2.4 DNS Security

8.2.5 How to tune or add exceptions to a Security profile

10.2.6 Compare and contrast threat prevention and advanced threat prevention

2.2.7 Compare and contrast URL Filtering and Advanced URL Filtering

Configure zone protection, packet buffer protection, and DoS protection

Define the initial design/deployment configuration of a Palo Alto Networks firewall

2.4.1 Considerations for advanced HA deployments

4.4.2 Implement a high availability pair

6.4.3 Implement Zero Touch Provisioning

8.4.4 Configure bootstrapping

Configure authorization, authentication and device access

2.5.1 Role-based access control for authorization

4.5.2 Different methods used to authenticate

6.5.3 The authentication sequence

8.5.4 The device access method

Configure and manage certificates

2.6.1 Certificate usage

4.6.2 Certificate profiles

6.6.3 Certificate chains

Configure routing

2.7.1 Dynamic routing

4.7.2 Redistribution profiles

6.7.3 Static routes

8.7.4 Route monitoring

10.7.5 Policy-based forwarding

13.7.6 Virtual router versus. logical router

Configure NAT

2.8.1 NAT policy rules

4.8.2 Security rules

6.8.3 Sourcenet

8.8.4 No NAT

10.8.5 Use session browser to find NAT rule name

12.8.6 U-Turn NAT

14.8.7 Check HIT counts

Configure site-to-site tunnels

2.9.1 IPSec components

4.9.2 Static peers and dynamic peers for IPSec

6.9.3 IPSec tunnel monitor profiles

8.9.4 IPSec tunnel testing

10.9.5 GRE

12.9.6 One-to-one and one-to-many tunnels

14.9.7 Determine when to use proxy IDs

Configure service routes

2.10.1 Default service routes

4.10.2 Custom service routes

6.10.3 Destination service routes

8.10.4 Custom routes for different VSYS versus destination routes

10.10.5 How to verify service routes

Configure App-ID

3.1.1 Create security rules with App-ID

5.1.2 Convert port and protocol rules to App-ID rules

7.1.3 Identify the impact of application override to the overall functionality of the firewall

3.1.4 Create custom apps and threats

5.1.5 Review App-ID dependencies

Configure GlobalProtect

3.2.1 GlobalProtect licensing

5.2.2 Configure gateway and portal

7.2.3 GlobalProtect agent

9.2.4 Differentiate between login methods

11.2.5 Configure clientless VPN

13.2.6 HIP

15.2.7 Configure multiple gateway agent profiles

17.2.8 Split tunneling

Configure decryption

3.3.1 Inbound decryption

5.3.2 SSL forward proxy

7.3.3 SSL decryption exclusions

9.3.4 SSH proxy

Configure User-ID

3.4.1 User-ID agent and agentless

5.4.2 User-ID group mapping

7.4.3 Shared User-ID mapping across virtual systems

9.4.4 Data redistribution

11.4.5 User-ID methods

13.4.6 Benefits of using dynamic user groups in policy rules

15.4.7 Requirements to support dynamic user groups

17.4.8 How GlobalProtect internal and external gateways can be used

Configure WildFire

3.5.1 Configure WildFire submission profile and add it to the security rule

5.5.2 Configure WildFire action profile and add it to the security rule

7.5.3 Review the WildFire submissions and verdicts

9.5.4 Review WildFire signature actions

11.5.5 Supported file types and file sizes

13.5.6 Configure WildFire update schedule

15.5.7 Configure forwarding decrypted traffic to WildFire

Configure templates and template stacks

4.1.1 Components configured in a template

6.1.2 How the order of templates in a stack affects the configuration push to a firewall

4.1.3 Overriding a template value in a stack

6.1.4 Configure variables in templates

8.1.5 Relationship between Panorama and devices as pertaining to dynamic updates versions, policy implementation and/or HA peers

Configure device groups

4.2.1 Device group hierarchies

6.2.2 Identify what device groups contain

8.2.3 Differentiate between different use cases for pre-rules, local rules, the default rules and post-rules

4.2.4 Identify the impact of configuring a primary device

6.2.5 Assign firewalls to device groups

Manage firewall configurations within Panorama

4.3.1 Licensing

6.3.2 Panorama commit recovery feature

8.3.3 Configuration settings for Panorama automatic commit recovery

10.3.4 Commit types and schedules

12.3.5 Config backups

14.3.6 Software and dynamic updates

16.3.7 Import firewall configuration into Panorama

18.3.8 Configure log collectors

20.3.9 Check firewall health and status from Panorama

22.3.10 Configure role-based access on Panorama

Manage and configure Log Forwarding

5.1.1 Identify log types and criticalities

7.1.2 Manage external services

9.1.3 Create and manage tags

11.1.4 Identify system and traffic issues using the web interface and CLI tools

5.1.5 Configure Log Forwarding profile and device log settings

7.1.6 Log monitoring

9.1.7 Customize logging and reporting settings

Plan and execute the process to upgrade a Palo Alto Networks system

5.2.1 Update a single firewall

7.2.2 Update high availability pairs

9.2.3 Perform Panorama push

11.2.4 Schedule and manage dynamic updates

Manage HA functions

5.3.1 Link monitoring

7.3.2 Path monitoring

9.3.3 HA links

11.3.4 Failover

13.3.5 Active/active and active/passive

15.3.6 HA interfaces

17.3.7 Clustering

19.3.8 Election setting

Troubleshoot site-to-site tunnels

6.1.1 IPSec

8.1.2 GRE

10.1.3 One-to-one and one-to-many tunnels

12.1.4 Route-based versus policy-based remote hosts

14.1.5 Tunnel monitoring

Troubleshoot interfaces

6.2.1 Transceivers

8.2.2 Settings

10.2.3 Aggregate interfaces, LACP

12.2.4 Counters

14.2.5 Tagging

Troubleshoot Decryption

6.3.1 Inbound decryption

8.3.2 SSL forward proxy

10.3.3 SSH proxy

12.3.4 Identify what cannot be decrypted and configure exclusions and bypasses

6.3.5 Certificates

Troubleshoot routing

6.4.1 Dynamic routing

8.4.2 Redistribution profiles

10.4.3 Static routes

12.4.4 Route monitoring

14.4.5 Policy-based forwarding

16.4.6 Multicast routing

18.4.7 Service routes

Use logs, reports, and graphs to troubleshoot

6.5.1 Identify system and traffic issues using the web interface and CLI tools

6.5.2 Create and interpret reports 7. 8.5.3 Create and interpret graphs

Troubleshoot resource protections

6.6.1 Zone protection profiles

8.6.2 Denial-of-service protections

10.6.3 Packet buffer protections

Troubleshoot GlobalProtect

6.7.1 Portal and Gateway

8.7.2 Access to resources

10.7.3 GlobalProtect client

Troubleshoot policies

6.8.1 NAT policies

8.8.2 Security policies

10.8.3 Decryption policies

12.8.4 Authentication policies

Troubleshoot HA functions

6.9.1 Monitor

8.9.2 Failover triggers

Batch Details
Track	Classroom & Online
Duration	25 Days
Hours	Weekdays( Mon to Thu)- 2hrs/Day, Weekend (Sat & Sun)- 4hrs/Day, Only Sunday- 6hrs Per Day

Students join our online courses for a variety of reasons and come from diverse backgrounds, professions, and age groups.

It is recommended that you begin your course promptly. If you do need to start the course a few days late, contact your instructor as soon as possible after the course has opened to discuss your options. Registration closes on the Friday after the course begins.

Roadmap

Roadmap

Course Outline

Register for FREE Demo

Frequently asked questions

Roadmap

Roadmap

Course Outline

Core Concepts

Day 1

Day 2

Day 3

Day 4

Day 5

Day 6

Deploy and Configure Core Components

Day 1

Day 2

Day 3

Day 4

Day 5

Day 6

Day 7

Day 8

Day 9

Day 10

Deploy and Configure Features and Subscriptions

Day 1

Day 2

Day 3

Day 4

Day 5

Deploy and Configure Firewalls Using Panorama

Day 1

Day 2

Day 3

Manage and Operate

Day 1

Day 2

Day 3

Troubleshooting

Day 1

Day 2

Day 3

Day 4

Day 5

Day 6

Day 7

Day 8

Day 9

Register for FREE Demo

Frequently asked questions

Who should take an Online Course?

What should I do if I need to start the course late?