Paloalto Intro and Deployment Options
Preview2
Message
Palo Alto Certification - what does it take.
Palo Alto Firewalls overview
Firewalls Overview Quiz
Deployment Options
Layer 2 deployment
Layer 3 deployment
Layer 2 deployment and spanning tree
Layer 2 Features and Limitations with demonstration
Virtual Wire deployment
Virtual Wire IP Classify
Tap Mode deployment
Deployment Options Quiz
Initial Configuration
Lab and AWS Palo Alto instance(s) Setup
AWS Note
Create an Amazon AWS instance to practice
Setup Amazon AWS for lab testing, add a windows AD server
AWS VPC setup, routing setup, route traffic through the AWS instance
Create a DMZ segment in Amazon AWS, add a server to DMZ segment
AWS routing issue to be aware of
Unetlab EVE-NG name change
Create your own test lab to practice
Basic Administrative Tasks
Basic Settings
Changes and Committing changes
Local Administrator Account with External Authentication
External Authentication Using Radius Server
System software Upgrade / Downgrade, global protect client install
Dynamic Updates
Interface Management Profile
Quiz Basic Setup
Security Policy Configuration
Security Zones and Traffic Processing
Packet Flow
Quick knowledge check 1 Quiz
Rules based on application using App-ID
Security Policy Rules for applications not running on application default ports
Application Override Policies - Custom Applications
URL Filtering Rules and Options
Knowledge check 2 Quiz
Custom URL Category
Using Address Objects
Using Service Objects
Using Dynamic Block Lists
Using Tags
Knowledge check 3 Quiz
User ID integration
User ID integration
Installing User ID agent on AD
Configure the firewall to use user ID agent
Configuring integrated User ID agent
Group to User ID mapping
Making decisions based on user group membership example
Identifying Users using Captive Portal Redirect Mode
User ID mapping using CaptivePortal in Transparent Mode
Captive Portal using Broswer Challenge SSO example
Relaying UserID information using XML example
User ID mapping using Syslog Messages example
Threat Prevention
AntiVirius configuration
Anti Spyware and DNS Sinkholing
Creating custom Anti-Spyware signatures
Configuring Vulnerability Protection and Custom Signatures
File Policies
Configuring Wildfire
Wildfire Portal
Configuring Data Filtering - Data Leakage Prevention
Data leakage demo - Credit Card Numbers Detection and Blocking
Denial Of Service Protection
Implementing Zone and Host Denial Of Service Protection
SSL Decryption
Certificates, Certificate of Autorities, and Decryption Concepts
SSL Forward Proxy - Trust Certificate - Local Cert on PaloAlto
SSL Forward Proxy - Untrust Certificate - Local Cert on PaloAlto
SSL Forward Proxy Using an Internal PKI Subordinate CA
SSL Forward Proxy Blocking Threats in Encrypted Traffic - Demo
SSL Inbound Inspection
Network Address Translation
Understanding Dynamic NAT and port
Dynamic NAT and port configuration examples
Dynamic NAT and port Egress Interface Multipe ISP consideration
What is the difference between Dynamic IP and Dynamic IP and port with examples
Static NAT concepts and example
Static NAT with Port Translation Use Case and scenario example
Static NAT with Port Translation Use Case and scenario example - part 2
Destination NAT and Destination NAT with Port Address Translation
UTurn NAT with port translation
Source and Destination NAT
New in Version 8.1 Dynamic Destination NAT
Basic and Intermediate Networking
DHCP Services
Default Route
OSPF Routing
BGP Routing
BGP Advertise
Using Multiple Virtual Routers
Multiple Virtual Routers NAT and Security Policy Example
Multiple ISP Failover Scenario using BGP
Multiple ISP Failover using floating Static Route
Multiple ISP Failover using Policy Based Forwarding
Multiple ISP Load Sharing using Policy Based Forwarding
High Availability
High Availability Overview
Active Passive Configuration Configuration Example
High Availability Active / Passive different failure scenarios HA1 HA2 heartbeat
High Availability Active / Passive HA1-backup, HA2-backup configuration
High Availabilit active / passive link and path monitoring, HA operations
Active Active High availability intro, Floating IP
Active Active with Floating IP configuration example
Active Active session owner, session setup using IP modulus, failover example
Active Active Static Nat Configuration Example using NAT HA binding Primary
Active Active High Availability Arp Load Sharing Configuration Example
IPv6 configuration
IPv6 structure, addressing, unicast (link local, site local, global), multicast
IPv6 neighbor discovery, icmpv6, dhcpv6
IPv6 Stateles, Statefull DHCP, M Flag O Flag concepts
IPv6 basic firewall configuration example
IPv6 Network Prefix Translation NPTv6 configuration example
IPv6 NAT64 example connecting IPv6 only network to IPv4 Internet example
IPv6 NAT64 example connecting IPv4 only network to IPv6 only network
IPv6 dhcpv6 relay on PaloAlto firewall example
IPv6 issues related to Windows and policy based on IPv6 addresses, example
VPN IPSec configuration details
VPN IPSEC L2L intro and configuration steps
VPN IPSEc L2L PaloAlto to PaloAlto Example
VPN IPSEc Site To Site Hub Spoke, Dynamic IP address example
VPN IPSEC L2L Paloalto to Cisco ASA configuration example
VPN IPSEC L2L Paloalto to Cisco ASA with Dynamic IP address
IPsec Quick mode negotiation understanding
IKE main mode more details, explanation
Understanding IPSec Quick mode with PFS
IKE security policies required and NAT-T explanation / example
IKEv1 main mode versus agressive mode, understand the difference
IKEv2 intro and differences between IKEv2 and IKEv1
IKEv2 Auth phase, IPsec associations, differences between Ikev1 and Ikev2
Global Protect
Global Protect Setup example
Getting a free publicly trusted ssl certificate to test Global Protect
Setting up global protect for on-demand mode, discover agent settings
Dual Factor Authentication Using Open Source Solution PrivacyIdea - demo
Joining a windows PC to AWS windows domain - vpn tunnel to AWS
Installing CA services on windows, certificate enrollment policy service, OCSP
Global Protect Authentication using Dual Factor Token and Computer Certificate
Global Protect Always On User-Logon and Pre-Logon configuration
Global Protect Pre-Logon with User Logon (on demand) configuration example
Global Protect HIP Check
Azure Palo Alto VM Deployment
Azure Networking Concepts
Setup Palo Alto VM In Azure
Protecting Virtual Machines in Azure behind Palo Alto firewall
Panorama
Panorama concepts, hardware, template and template stack
Panorama Device Group Concepts Part 1
Panorama Device Group and Object Iheritance
QoS
QoS Introduction
QoS Download Upload Bandwidth Restriction
QoS Classification and Marking
QoS Classification and Markings Example
IPSec QoS lab setup overview
Bandwidth Throttling IPSEc tunnels demo
IPSec Tunnel QoS traffic classification
IPSec Tunnel QoS controlling traffic bidirectionaly
IPSec QoS Copy ToS Header Explanation and demo
Using the CLI to show QoS details
Installing PaloAlto 8.1 In AWS
Palo Alto 8.1 Section Intro
Provisioning PaloAlto Firewall 8.1 in AWS - Part 1
Provisioning PaloAlto Firewall 8.1 in AWS - Part 2
Palo Alto Firewall In Google Cloud
Installing Palo Alto Firewall In Google Cloud
Initial configuration of interfaces
Placing workload behind the palo alto firewlal
More to Come