Network Engineer

Master s Program
Become a Network Engineer - learn to design and work with network
www.nwkings.com | www.nw ix.com
con gurations, and network infrastructure, troubleshoot performance
problems, and con gure security systems.

GET COURSES WORTH $1700

THIS MONTH FOR FREE

Live CCNA program TAC Engineer program

with labs
CCNP Service Provider
Live CCNP program
with labs CompTIA Network+

Live Palo Alto rewall CompTIA Security+

with labs
ASA Firewall

Juniper JNCIA
CCNA

www.nwkings.com | www.nw ix.com

www.nwkings.com | www.nw ix.com
www.nwkings.com | www.nw ix.com
www.nwkings.com | www.nw ix.com
CCNP ENCOR:

www.nwkings.com | www.nw ix.com

www.nwkings.com | www.nw ix.com
www.nwkings.com | www.nw ix.com
www.nwkings.com | www.nw ix.com
www.nwkings.com | www.nw ix.com
www.nwkings.com | www.nw ix.com
www.nwkings.com | www.nw ix.com
www.nwkings.com | www.nw ix.com
www.nwkings.com | www.nw ix.com
www.nwkings.com | www.nw ix.com
 PALO ALTO FIREWALL:
www.nwkings.com | www.learn.nwkings.com
PCNSE:
Become a Palo Alto Networks Certi ed Network Security Engineer (PCNSE) - learn to design,
deploy, operate, maintain, and troubleshoot Palo Alto Networks Next-Generation Firewalls.

Module 1 Core Concepts

Identify how Palo Alto Networks products Enforce User-ID

work together to improve PAN-OS services
1.  Methods of building user-to-IP mappings



Security components
Firewall components
4.  Determine if a User-ID agent or agentless should be
used
 Compare and contrast User-ID agents
 Panorama components
 Methods of User-ID redistribution
 PAN-OS subscriptions and the features they enable
 Methods of group mapping
 Plugin components
 Server pro le and authentication pro le
 Heatmap and BPA reports
 Arti cial intelligence operations (AIOps)/Telemetry
 IPv6
 Internet of Things (IoT) Determine how and when to use the
Authentication policy

Determine and assess appropriate interfaces

5.  Purpose of, and use case for, the Authentication
policy
 Dependencies
or zone types for various environments  Captive portal versus GlobalProtect (GP) client

2.  Layer 2 interfaces
 Layer 3 interfaces
Fundamental functions
 Virtual wire (vwire) interfaces
 Tap interfaces
 Subinterfaces
 Tunnel interfaces
6.  Differentiate between the fundamental functions
that reside on the management plane and data
plane
 Aggregate interfaces
 Loopback interfaces
 Decrypt mirror interfaces
 VLAN interfaces
De ne multiple virtual systems (multi-vsys)
environment

Identify decryption deployment strategies

7.  User-ID hub
 Inter-vsys routing

3.  Risks and implications of enabling decryption

 Use cases
 Service routes
 References

 Decryption types
 Decryption pro les and certi cates
 Create a decryption policy in the rewall
 Con gure SSH Proxy

www.nwkings.com | www.nw ix.com

 Module 2 Deploy and Con gure Core Components

Con gure Management Pro les

Con gure and manage certi cates

1.  Interface Management Pro le 6.  Usage www.nwkings.com | www.learn.nwkings.com

 SSL/TLS pro le
 Pro les
 Chains

Con gure routing

App-IDDeploy and con gure Security Pro les
7.  Dynamic routing

2.
 Custom con guration of different Security Pro les  Redistribution Pro les
and Security Pro le Groups  Static routes
 Relationship between URL ltering and credential  Route monitoring
theft prevention  Policy-based forwarding
 Use of username and domain name in HTTP header  Virtual routers versus logical routers
insertion
 DNS Security
 How to tune or add exceptions to a Security Pro le
 Compare and contrast threat prevention and
Con gure NAT
advanced threat prevention
 NAT policy rules
 Compare and contrast URL Filtering and Advanced
URL Filtering
8.  Security rules
 Source NAT
 No-NAT Policies
 Use session browser to nd NAT rule name
 U-Turn NAT
Con gure zone protections, packet buffer
 Check HIT counts
protection, and DoS protection

3.  Customized values versus default settings

Con gure site-to-site tunnels
 Classi ed versus aggregate pro le values
 Layer 3 and Layer 4 header inspection
 IPsec components

9.  Static peers and dynamic peers for IPsec

 IPsec tunnel Monitor Pro les

Design the deployment con guration of a Palo  IPsec tunnel testing

 Generic Routing Encapsulation
Alto Networks rewall
 One-to-one and one-to-many tunnels

4.  Advanced high availability (HA) deployments

 Determine when to use proxy IDs

 HA Pair
 Zero-Touch Provisioning
 Bootstrapping
Con gure service routes

 Default

Con gure authorization, authentication, and 10.  Custom

 Destination

device access  Custom routes for different virtual systems versus

5.
destination routes
 How to verify service routes
 Role-based access control for authorization
 Different methods used to authenticate
 The Authentication Sequence
 The device access method Con gure application-based QoS

 Enablement requirements

11.  QoS policy rule

 Add a Differentiated Services Code Point/ToS
component
 QoS Pro le
 Determine how to control bandwidth use on a per-
application basis
 Use QoS to monitor bandwidth utilization

www.nwkings.com | www.nw ix.com

 Module 3 Deploy and Con gure Features and Subscriptions Module 4 Deploy and Con gure Firewalls Using Panorama

Con gure App-ID

Con gure templates and template stacks

1.  Create security rules with App-ID 1.  Components con gured in a template www.nwkings.com | www.learn.nwkings.com
 Convert port and protocol rules to App-ID rules
 How the order of templates in a stack affects the
 Identify the impact of application override to
con guration push to a rewall
overall rewall functionality
 Overriding a template value in a stack
 Create custom apps and threats
 Con gure variables in templates
 Review App-ID dependencies
 Relationship between Panorama and devices for
dynamic update versions, policy implementation, and
HA peers

Con gure Global Protect

2.  Global Protect licensing Con gure device groups

 Con gure the gateway and the portal
 GlobalProtect agent 2.  Device group hierarchies
 Identify what device groups contain
 Differentiate between log-on methods
 Con gure clientless VPN  Differentiate between different use cases for pre-

 HIP rules, local rules, default rules, and post-rules

 Con gure multiple gateway agent pro les  Identify the impact of con guring a primary device

 8. Split tunneling  Assign rewalls to device groups

Con gure decryption Manage rewall con gurations within Panorama

3.  Inbound decryption  Licensing

 SSL forward proxy

 SSL decryption exclusions
3.  Commit recovery feature
 Automatic commit recovery

 SSH proxy  Commit types and schedules

 Con guration backups
 Commit type options
 Manage dynamic updates for Panorama and
Con gure User-ID 149 Panorama-managed devices

4.  User-ID agent and agentless

 Software and dynamic updates
 Import rewall con gurations into Panorama
 User-ID group mapping  Con gure Log Collectors
 Shared User-ID mapping across virtual systems  Check rewall health and status from Panorama
 Data redistribution  Con gure role-based access control on Panorama
 User-ID methods
 Bene ts of using dynamic user groups (DUGs) in
policy rules
 Requirements to support dynamic user groups
 How Global Protect internal and external gateways
can be used

Con gure Wild Fire

5.  Submission pro le  File types and

 Updated schedule
le sizes
 Action pro le
 Submissions and verdicts  Forwarding of decrypted
 Signature actions traf c

Con gure Web Proxy

6.  Transparent proxy
 Explicit proxy

www.nwkings.com | www.nw ix.com

 Module 5 Manage and Operate Module 6 Troubleshooting

Con gure
Manage and
App-ID
con gure log forwarding 181
Troubleshoot site-to-site tunnels

1.  Identify
Create security
log types
rules
andwith
criticalities
App-ID 1.  IPSec www.nwkings.com | www.learn.nwkings.com
 Route-based versus policy-
 Manage
Convert port
external
and services
protocol rules to App-ID rules
 GRE based remote hosts
 Create
Identifyand
themanage
impact of
tags
application override to
 One-to-one and one-to-  Tunnel monitoring
 Log
overall
monitoring
rewall functionality
many tunnels
 Customize
Create custom
logging
appsand
andreporting
threats settings
 Review App-ID dependencies

Troubleshoot interfaces

Plan and execute the process to upgrade a Palo 2.  Transceivers  Counters

 Tagging

2.
 Settings
Alto Networks system
 Aggregate interfaces, LACP

 Single rewall
 High availability pairs
 Panorama push Troubleshoot Decryption
 Dynamic updates
3.  Inbound decryption  Identity what cannot be
 SSL forward proxy decrypted and con gure
 SSH proxy exclusions and bypasses
Manage HA functions  Certi cates

3.  Link monitoring
 Path monitoring
 HA links Troubleshoot routing
 Failover
 Active/active and active/passive
 HA interfaces
4.  Dynamic routing
 Redistribution pro les
 Policy-based forwarding
 Multicast routing
 Static routes  Service routes
 Clustering
 Route monitoring

General Troubleshooting

5.  Logs  Reports

 Packet capture (pcap)

Troubleshoot resource protections

6.  Zone Protection pro les  Packet buffer

 DoS protections protections

Troubleshoot Global Protect

7.  Portal and Gateway  Global Protect client

 Access to resources

Troubleshoot policies

8.  NAT  Decryption
 Security  Authentication

Troubleshoot HA functions
9.  Monitor  Failover triggers

www.nwkings.com | www.nw ix.com

 PCNSA:
Become a Palo Alto Networks Certi ed Network Security Engineer (PCNSE) - learn to design, deploy,
operate, maintain, and troubleshoot Palo Alto Networks Next-Generation Firewalls.

Module 1 Device Management and Services Module 2 Managing Objects

Firewall management interfaces

Create and maintain address and address group

1.  Management interfaces 1. objects

www.nwkings.com | www.learn.nwkings.com
 Methods of access
 Identity-management traf c ow  How to tag objects

 Management services  Difference between address objects

 Service routes  Static vs. dynamic groups

 Create and maintain services and service groups
 Create and maintain external dynamic lists

Provision local administrators

2.  Authentication pro le  Role-based

 Authentication sequence authentication
Con gure and maintain application lters and

Maintain rewall con gurations

2. application groups

 Using lters vs. groups

3.  Running con guration

 Candidate con guration
 Purpose of application characteristics according to
App-ID database

 Load, save, import and export

 Differences between con guration states
 Backup Panorama con gurations
 Firewalls from Panorama

Push policy updates to Panorama-managed rewalls

4.  Device groups and hierarchy

 Where to place policies
 Effects of Panorama management
 Impact of templates, template stacks and hierarchy

Schedule and install dynamic updates

5.  From Panorama
 From the rewall
 Scheduling and staggering updates on an HA pair

Create and apply security zones to policies

6.  Identify zone types  Layer 2

 External types  Layer 3

Identify and con gure rewall interfaces

7.  Different types of interfaces

 Interface types affecting security policies

Maintain and increase the con guration

8. of a virtual/logical router

 Create a static route  Con gure route

 Use the routing table monitoring

 Interface types to be added to a
virtual/logical router

www.nwkings.com | www.nw ix.com

 Module 3 Policy Evaluation and Management Module 4 Securing Traf c

Con gure
Develop the
App-ID
appropriate application-based
Compare and contrast different types of security

1. security policy
 Create security rules with App-ID 1. pro les
www.nwkings.com | www.learn.nwkings.com
Convert
 Rule port and protocol rules to App-ID rules
shadowing
Identify the by
impact  Antivirus
 Group rules tag of application override to
overall rewall functionality  Anti-spyware
 Potential impact of App-ID updates to existing
 Create  Vulnerability protection
securitycustom apps and threats
policy rules
 Review App-ID dependencies  URL ltering
Policy usage statistics
 WildFire analysis

Differentiate speci c security rule types Create, modify, add and apply the appropriate

2.  Interzone 2. security pro les and groups

 Intrazone
 Antivirus
 Universal
 Anti-spyware
 Vulnerability protection
 URL ltering
Con gure security policy match conditions,

3. actions and logging options

Use information available in logs

3.
 Application lters and groups
 Logging options  Traf c
 App-ID  Threat
 User-ID  Data
 Device-ID  System logs
 Application lter in policy
 Application group in policy
 EDLs
Enable DNS security to control traf c based
on domains

Identify and implement NAT policies 4.  Con gure DNS security

4.  Destination
 Apply DNS security in policy

 Source

Create and deploy URL- ltering-based controls

Optimize security policies using appropriate

5. tools 5.  Apply a URL pro le in a security policy

 Create a URL ltering pro le
 Create a custom URL category
 Policy test match tool
 Control traf c based on a URL category
 Policy optimizer
 Why a URL was blocked
 How to allow a blocked URL
 How to request a URL recategorization

Differentiate between group mapping and IP-to-

user mapping within policies and logs
6.  How to control access to speci c locations
 How to apply to speci c policies
 Identify users within the ACC and the monitor tab
 How to request a URL recategorization

www.nwkings.com | www.nw ix.com

https://www.youtube.com/c/NetworkkingsOrgtraining/featured

https://in.linkedin.com/company/networkkings

https://www.nwkings.com/

[email protected]

+918130537300

Network kings IT services Private Limited,

2nd Floor, FCS Tower, Plot J-7, IT Park,
Chandigarh 160101

Network kings 60 Parrotta Drive Toronto ON

M9M Oe5

www.nwkings.com | www.nw ix.com

https://www.facebook.com/Networkkingss/

https://www.instagram.com/network.kings/