Firewall Paloalto

🌐 Palo Alto Firewall (PCNSA + PCNSE) Syllabus

Get Hands-on with Licensed Palo Alto Firewalls

We provide real licensed firewalls for labs. Students get full access to enterprise features like URL Filtering, WildFire, Security Profiles, Software Updates, and SD-WAN Configuration.

01. Palo Alto Introduction, SP3 Architecture & Flow Logic

Introduction to Palo Alto Firewall

Understanding Palo Alto Architecture

Flow Logic Overview

02. CLI, GUI Access & General Settings

Access via Console & GUI

Changing Management IP (CLI & GUI)

General Firewall Settings

Registering Firewall, Licenses & Dynamic Updates

03. Admin Types & Roles

Types of Admins

Creating and Managing Admin Roles

04. Authentication & Password Profiles

Authentication Profile

Sequence Authentication

LDAP (AD Server) Integration

05. Interface Deployment & Zone Membership

TAP Mode

Layer 2, Layer 3 Deployment

Virtual Wire & Aggregate Interfaces

High Availability (HA)

DHCP Server & Client

Zone Creation & Membership

06. Security Policies (Intra-Zone & Inter-Zone)

Default Policies Overview

Intra-zone & Inter-zone Rules

Default Allow Intra-zone Traffic

07. Static, Default & Service Routing

Default Route Configuration

Internet Connectivity Setup

Service Routes Explained

Trust to Untrust Traffic Rules

DNS in Security Policy

08. NAT (Source, Destination, U-Turn)

Introduction to NAT

Source NAT (Dynamic, Static)

Destination NAT (Port Forwarding/Translation)

U-Turn NAT (Same/Different Zones)

Layer 2 Sub-interface with NAT & SVI

RDP with Destination NAT

09. Dynamic Routing Protocols

BGP, OSPF, RIP Setup

Mutual Redistribution

Authentication in Protocols

Static Redistribution Profiles

10. Policy-Based Forwarding (PBF)

PBF Overview

Path Monitoring & Link Monitoring

11. Layer 3 Sub-Interfaces & Virtual Router

Inter-VLAN Routing

VRF vs Palo Alto Virtual Routers

VLAN Tagging (Same/Different Zones & VRs)

12. High Availability (HA)

HA Prerequisites & Overview

HA Links: Control & Data

Heartbeat, Link & Path Monitoring

Active/Passive & Active/Active Setup

13. Site-to-Site VPN (IPSec)

IPSec + GRE Overview

Palo Alto ↔ Cisco VPN Tunnels

NAT-T Configuration

IKEv1 & IKEv2 Phase Setup

14. GlobalProtect (SSL VPN)

SSL VPN Concepts

Self-Signed & CA Certificates

SSL VPN Deployment Steps

15. User-ID

Local & LDAP Users

User-ID Integration

16. App-ID

Application Identification Concepts

Block Micro-Apps (e.g., Facebook Chat, YouTube Video)

App Dependencies

17. Content-ID

Antivirus, Spyware, Vulnerability Protection

File Blocking

URL Filtering

Security Profile Groups & External Dynamic Lists

18. WildFire

Public, Private & Hybrid Cloud Deployment

File Type Analysis, Verdicts & Signatures

WildFire Subscription

WildFire Configuration

19. SSL Decryption (Forward Proxy)

Decryption Policy Overview

Deploy & Verify SSL Decryption

20. Captive Portal

Captive Portal Use Cases

Deployment & Verification

21. Management & Reporting

Dashboard, Logs, and Reports

Packet Capture & Session Browser

Backup & Restore

Config Types: Running vs Candidate

Object Tagging

Syslog Integration

22. Panorama (Centralized Management)

Overview & Benefits

Deployment Modes (Management-only, Panorama)

Licensing & Access Setup

Adding Devices, Templates, Device Groups

Health Monitoring

Shared Policies, NAT, QoS

Centralized Rule Management

Importing, Cloning & Deploying Changes