Palo Alto Firewalls PCNSE Prep Part 1

Palo Alto Firewalls PCNSE exam preparation Part 1

4.35 (2640 reviews)
Udemy
platform
English
language
Network & Security
category
instructor
13,455
students
12 hours
content
Nov 2023
last update
$19.99
regular price

What you will learn

Understand Palo Alto Firewalls Deployment Methods

Understand how to deploy Palo Alto Firewalls in AWS

Understand Palo Alto Firewalls Security Policies

Understand Palo Alto Firewalls NAT configuration

Understand User ID Integration

Configure user ID integration using User ID Agent

Configure Captive Portal to authenticate users

Understand Captive Portal different methods including, redirection, transparent and SSO with examples

Understand security zones and traffic processing in PaloAlto Firewalls

Understand the packet flow through the PaloAlto Firewalls

Understand AntiySpyware and DNS Sinkholing

Configure AntiSpyware

Description

PaloAlto firewalls are true Next Generation firewalls built from the ground up to address legacy firewalls issues. It is the first firewall platform to make decisions based on applications not just ports and protocols. The PCNSE exam requires deep understanding of the topics. 

I will show you how to create an eve-ng environment and setup a lab where you can launch the environment in AWS using terraform. This way you can start and stop the environment to minimize the charges.  I will show you how you can you use a combination of eve-ng and AWS setup deployed using terraform to test the functionality of AWS using a licensed version.

Topics covered

  • Understand the Basic concepts of the Palo Alto Firewall.

  • Review the GUI to understand all the areas of configuration.

  • Understand how to setup the Palo Alto firewall in AWS.

  • Understand how to setup an EVE-NG instance in your home lab and connect it to an instance in AWS for practicing.

  • Understand Basic NAT configuration.

  • Understand User ID topics, agent, agentless and captive portal.

  • Understand DNS security and how to configure DNS sinkhole and DNS security features.

  • Understand SSL Decryption Concepts

  • Understand the different deployment options.

  • Understand the core threat prevention features.

Content

Paloalto Intro and Deployment Options

Preview2
Message
Palo Alto Certification - what does it take.
Palo Alto Firewalls overview
Firewalls Overview Quiz
Deployment Options
Layer 2 deployment
Layer 3 deployment
Layer 2 deployment and spanning tree
Layer 2 Features and Limitations with demonstration
Virtual Wire deployment
Virtual Wire IP Classify
Tap Mode deployment
Deployment Options Quiz
Initial Configuration

Lab and AWS Palo Alto instance(s) Setup

AWS Note
Create an Amazon AWS instance to practice
Setup Amazon AWS for lab testing, add a windows AD server
AWS VPC setup, routing setup, route traffic through the AWS instance
Create a DMZ segment in Amazon AWS, add a server to DMZ segment
AWS routing issue to be aware of
Unetlab EVE-NG name change
Create your own test lab to practice

Basic Administrative Tasks

Basic Settings
Changes and Committing changes
Local Administrator Account with External Authentication
External Authentication Using Radius Server
System software Upgrade / Downgrade, global protect client install
Dynamic Updates
Interface Management Profile
Quiz Basic Setup

Security Policy Configuration

Security Zones and Traffic Processing
Packet Flow
Quick knowledge check 1 Quiz
Rules based on application using App-ID
Security Policy Rules for applications not running on application default ports
Application Override Policies - Custom Applications
URL Filtering Rules and Options
Knowledge check 2 Quiz
Custom URL Category
Using Address Objects
Using Service Objects
Using Dynamic Block Lists
Using Tags
Knowledge check 3 Quiz

User ID integration

User ID integration
Installing User ID agent on AD
Configure the firewall to use user ID agent
Configuring integrated User ID agent
Group to User ID mapping
Making decisions based on user group membership example
Identifying Users using Captive Portal Redirect Mode
User ID mapping using CaptivePortal in Transparent Mode
Captive Portal using Broswer Challenge SSO example
Relaying UserID information using XML example
User ID mapping using Syslog Messages example

Threat Prevention

AntiVirius configuration
Anti Spyware and DNS Sinkholing
Creating custom Anti-Spyware signatures
Configuring Vulnerability Protection and Custom Signatures
File Policies
Configuring Wildfire
Wildfire Portal
Configuring Data Filtering - Data Leakage Prevention
Data leakage demo - Credit Card Numbers Detection and Blocking
Denial Of Service Protection
Implementing Zone and Host Denial Of Service Protection

SSL Decryption

Certificates, Certificate of Autorities, and Decryption Concepts
SSL Forward Proxy - Trust Certificate - Local Cert on PaloAlto
SSL Forward Proxy - Untrust Certificate - Local Cert on PaloAlto
SSL Forward Proxy Using an Internal PKI Subordinate CA
SSL Forward Proxy Blocking Threats in Encrypted Traffic - Demo
SSL Inbound Inspection

Network Address Translation

Understanding Dynamic NAT and port
Dynamic NAT and port configuration examples
Dynamic NAT and port Egress Interface Multipe ISP consideration
What is the difference between Dynamic IP and Dynamic IP and port with examples
Static NAT concepts and example
Static NAT with Port Translation Use Case and scenario example
Static NAT with Port Translation Use Case and scenario example - part 2
Destination NAT and Destination NAT with Port Address Translation
UTurn NAT with port translation
Source and Destination NAT
New in Version 8.1 Dynamic Destination NAT

Basic and Intermediate Networking

DHCP Services
Default Route
OSPF Routing
BGP Routing
BGP Advertise
Using Multiple Virtual Routers
Multiple Virtual Routers NAT and Security Policy Example
Multiple ISP Failover Scenario using BGP
Multiple ISP Failover using floating Static Route
Multiple ISP Failover using Policy Based Forwarding
Multiple ISP Load Sharing using Policy Based Forwarding

High Availability

High Availability Overview
Active Passive Configuration Configuration Example
High Availability Active / Passive different failure scenarios HA1 HA2 heartbeat
High Availability Active / Passive HA1-backup, HA2-backup configuration
High Availabilit active / passive link and path monitoring, HA operations
Active Active High availability intro, Floating IP
Active Active with Floating IP configuration example
Active Active session owner, session setup using IP modulus, failover example
Active Active Static Nat Configuration Example using NAT HA binding Primary
Active Active High Availability Arp Load Sharing Configuration Example

IPv6 configuration

IPv6 structure, addressing, unicast (link local, site local, global), multicast
IPv6 neighbor discovery, icmpv6, dhcpv6
IPv6 Stateles, Statefull DHCP, M Flag O Flag concepts
IPv6 basic firewall configuration example
IPv6 Network Prefix Translation NPTv6 configuration example
IPv6 NAT64 example connecting IPv6 only network to IPv4 Internet example
IPv6 NAT64 example connecting IPv4 only network to IPv6 only network
IPv6 dhcpv6 relay on PaloAlto firewall example
IPv6 issues related to Windows and policy based on IPv6 addresses, example

VPN IPSec configuration details

VPN IPSEC L2L intro and configuration steps
VPN IPSEc L2L PaloAlto to PaloAlto Example
VPN IPSEc Site To Site Hub Spoke, Dynamic IP address example
VPN IPSEC L2L Paloalto to Cisco ASA configuration example
VPN IPSEC L2L Paloalto to Cisco ASA with Dynamic IP address
IPsec Quick mode negotiation understanding
IKE main mode more details, explanation
Understanding IPSec Quick mode with PFS
IKE security policies required and NAT-T explanation / example
IKEv1 main mode versus agressive mode, understand the difference
IKEv2 intro and differences between IKEv2 and IKEv1
IKEv2 Auth phase, IPsec associations, differences between Ikev1 and Ikev2

Global Protect

Global Protect Setup example
Getting a free publicly trusted ssl certificate to test Global Protect
Setting up global protect for on-demand mode, discover agent settings
Dual Factor Authentication Using Open Source Solution PrivacyIdea - demo
Joining a windows PC to AWS windows domain - vpn tunnel to AWS
Installing CA services on windows, certificate enrollment policy service, OCSP
Global Protect Authentication using Dual Factor Token and Computer Certificate
Global Protect Always On User-Logon and Pre-Logon configuration
Global Protect Pre-Logon with User Logon (on demand) configuration example
Global Protect HIP Check

Azure Palo Alto VM Deployment

Azure Networking Concepts
Setup Palo Alto VM In Azure
Protecting Virtual Machines in Azure behind Palo Alto firewall

Panorama

Panorama concepts, hardware, template and template stack
Panorama Device Group Concepts Part 1
Panorama Device Group and Object Iheritance

QoS

QoS Introduction
QoS Download Upload Bandwidth Restriction
QoS Classification and Marking
QoS Classification and Markings Example
IPSec QoS lab setup overview
Bandwidth Throttling IPSEc tunnels demo
IPSec Tunnel QoS traffic classification
IPSec Tunnel QoS controlling traffic bidirectionaly
IPSec QoS Copy ToS Header Explanation and demo
Using the CLI to show QoS details

Installing PaloAlto 8.1 In AWS

Palo Alto 8.1 Section Intro
Provisioning PaloAlto Firewall 8.1 in AWS - Part 1
Provisioning PaloAlto Firewall 8.1 in AWS - Part 2

Palo Alto Firewall In Google Cloud

Installing Palo Alto Firewall In Google Cloud
Initial configuration of interfaces
Placing workload behind the palo alto firewlal
More to Come

Screenshots

Palo Alto Firewalls PCNSE Prep Part 1 - Screenshot_01Palo Alto Firewalls PCNSE Prep Part 1 - Screenshot_02Palo Alto Firewalls PCNSE Prep Part 1 - Screenshot_03Palo Alto Firewalls PCNSE Prep Part 1 - Screenshot_04

Reviews

Sandeep
August 13, 2023
Robot never replace a teacher. The robots are not able to develop the personal distinctions between the students. Robotic Voice.
Robert
May 11, 2023
I have made it to chapter 4 and the course has finally moved past the very convoluted lab setup. Instructor has a think accent, and I'm not sure why as it seems like it could be a robot reading cards. There is a lot of information, without any description on what or why we would implement or use the items being described. Also a lot of assumption that the student knows scripting, programing and how to use AWS.
Manoj
August 9, 2022
This is not helpful , There is no explanation used in lecture . Only a robotic voice which is like reading from somewhere.
Carla
June 9, 2022
I was excited to take this course on Palo Alto firewalls since we have switched over to one at work. But, the speaking is automated and information seems to be read from a book or script. The videos contain only a monotone and mechanical voice as someone clicks through settings on each video giving no explanations or supporting technical theory. Definitely not my type of learning method but maybe it works for others.
Jeevan
September 10, 2021
its is monotonous.. lots of times the author is speaking something else and page is showing something else. its breaks the rhythm..
Cecil
July 10, 2021
This course was a good match for me since we just migrated to PA FW at work. The Amazon section of the course looks a lot different that the current AWS web portal now so it threw me off for a while.
Ivan
May 10, 2021
Information provided is great real world, presenter could have used more concise language and more direct to the point analysis.
Robert
February 23, 2021
Creator of course did not put a lot of effort and thought into it. The first time he logged into the Palo Alto web interface Version 8, which is never mentioned, the interfaces were already active and had VLAN names...
Sandip
February 15, 2021
So far it is extremely well organized and very much hands on. Lectures are very specific and not boarding. Vsys is not explained in details, and I wish Panorama is explained in little more details.
Robert
March 11, 2020
Amazing course on PA!!!!! I already had experience on PAs, since its part of my current job, but this course opened my eyes on so many things. I would recommend to have eve-ng set up on your computer, so you can follow along. Without eve-ng or other emulator, it would be very difficult to understand every topic covered in this course. Play around with different settings, and TS various misconfigurations, which will give you necessary hands-on experience. To the Author of this course, brilliant approach to bring all PA topics together in understandable manner. I would highly recommend this course to all who wants to dive deep into PA topic.
Alexander
February 5, 2020
So far the instructor demonstrates real world expertise and the course lives up to its name. I am taking this to shore up my knowledge from my somewhat limited daily usage of the platform in preparation for the PCNSE test.
Akash
January 23, 2020
Overall good course and recommended, but at a time it is fast and would be nice if author had spend more time explaining topology and overall lab set up in more detail before jumping in to configuration.
Kenneth
January 6, 2020
Would be nicer to explain concepts with network diagrams that are prepared in advance, and drawn nicely. The lab portion could be used for the segment on lab setup, but detracts from overall concept explanations.
Liaquat
January 3, 2020
I'm on lesson 9 of Section 1 and look like you don't have a class agenda. Also, there are no lab preparation resources, at least let your student know what IOS and PAN-OS version you are going to use in the lab.
Jason
December 23, 2019
content is great, however, prefer not using windows paint program as whiteboard/blackboard. the hand writing doesn't look good.

Charts

Price

Palo Alto Firewalls PCNSE Prep Part 1 - Price chart

Rating

Palo Alto Firewalls PCNSE Prep Part 1 - Ratings chart

Enrollment distribution

Palo Alto Firewalls PCNSE Prep Part 1 - Distribution chart
591298
udemy ID
8/23/2015
course created date
6/1/2020
course indexed date
Bot
course submited by