10151106Perimeter Security
Course Information
Description
This is an introductory course covering all the fundamentals to understand the Palo-Alto Next-Generation Firewall from the ground up. Students configure and manage the essential features of Palo Alto Networks Next-Generation Firewall, Configure and Manage Security and NAT policies, Configure and manage Threat Prevention, Monitor network traffic and logging.
Total Credits
3
Course Competencies
  1. Connect to the Management Network of the firewall
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Set DNS servers for the firewall
    Set NTP servers for the firewall
    Configure a login banner for the firewall
    Configure permitted IP addresses for firewall management

  2. Manipulate configuration snapshots and logs
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Save a named configuration snapshot
    Export a named configuration snapshot
    Revert configuration changes
    Examine log files
    Create log file filters

  3. Manage firewall administrator accounts
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Create a local user database account
    Create an Administrator Account
    Configure LDAP authentication
    Configure RADIUS authentication

  4. Connect firewall to production network
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Create layer 3 network interfaces
    Create a virtual router
    Segment the production network using security zones
    Test connectivity to each zone
    Define interface management profiles
    Test interface access after management profiles

  5. Apply subnetting to firewall networks
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Take a network and divide it into at least two smaller networks
    Configure the new network addresses to the firewall

  6. Configure security policies and NAT rules
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Create a security policy rule
    Modify a security policy rule
    Test a security policy rule
    Create security rules for internet access
    Create a source NAT policy
    Create a destination NAT policy

  7. Block packet and protocol based attacks
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Configure and test TCP SYN flood zone protection
    Protect against reconnaissance traffic
    Protect against denial-of-service attacks

  8. Block threats from known bad sources
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Block malicious IP addresses
    -Using address objects
    -Using address groups
    -By geographic region
    -Using external dynamic lists
    Create an external dynamic list (EDL) to block malicious domains
    Add an EDL to an antispyware profile
    Add the antispyware profile to a security rule
    Create a custom URL Category Block access to malicious URL using an URL Filtering Profile

  9. Block threats using custom applications
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Configure packet capture
    Analyze packet capture
    Create custom application with a signature
    Add the custom application to a security policy
    Test the custom application

  10. Block threats with User-ID
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Enable User-ID on one of the network zones
    Generate traffic from the network zone
    Examine User-ID logs
    Examine firewall traffic logs

  11. Block unknown malware with Wildfire
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Create a Wildfire analysis profile
    Apply Wildfire profile to security rules
    Test the Wildfire profile
    Examine Wildfire analysis details

  12. Block threats in encrypted traffic
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Create a decryption policy for outbound traffic
    Test outbound decryption policy
    Test a no-decryption rule

  13. Prevent use of stolen credentials
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Configure credential detection
    Test the credential detection

  14. Implement day-one best practice configuration
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Modify security policy rules
    Create recommended security profiles
    Create a security profile group from the created security profiles
    Apply the security profile group to security policies

  15. Protect data transfer with site-to-site virtual private network
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Configure a site-to-site virtual private network (VPN)
    Test the VPN

  16. Protect data transfer with a GlobalProtect virtual private network
    Assessment Strategies
    Skill demonstration in lab
    Criteria
    Configure GlobalProtect virtual private network (VPN)
    Test the VPN