Palo Alto Networks Training

Purchase Options:

New Video Update: our popular Palo Alto Networks Training series has grown reaching to 11 hours of practical learning. In this new video update (10 minutes) you will learn how to setup IP Block List Feeds on the PAN appliance. This is a new feature supported in PAN OS 8 for blocking known malicious and high risk IP addresses. The IP Block List Feeds are maintained by Palo Alto Networks. We will set this up and confirm that everything is working step-by-step.

The video labs in this series is applicable for PAN OS versions 5.X to 7.X environments.

Do you want to learn how to block certain applications within Facebook like writing posts or chatting? Do you want to learn how to decrypt a secure web page a user may access to inspect it further? Do you want to learn how to block certain files uploaded towards the Internet? In this video series you will learn how to do many of these things and much more. Palo Alto Networks is a Next-Generation Firewall that is focused on application inspection where you can control what a user can access within a specific application. We have a range of basic to advanced topics that will show you how to deploy the PAN appliance step-by-step in a simple and practical implementation. This video series will be released in video modules providing numerous updates to this series. Below are some of the video topics that are available and what topics are already being scheduled to be released soon:

Video Series Length: ~11 hours (653 minutes)

  1. Update Announcement: PAN OS 7 and SSL/TLS Service Profile
  2. Palo Alto Networks Overview:
    1. Fundamentals
    2. Design
  3. Initial Access into PAN
  4. Registering the PAN
  5. Management Interface
  6. General Settings and Services
  7. Security Zones
  8. Virtual Routers
  9. Interfaces
  10. Static Routes
  11. OSPF Routing
  12. Upgrading PAN-OS
  13. Network Address Translations (NAT)
  14. Security Policies
  15. Outbound SSL Decryption
  16. URL Filtering
  17. Global Protect (Client VPN)
  18. Site-to-Site VPN Tunnel (VTI)
  19. Guest Network
  20. 802.1Q and VLAN tagging
  21. DHCP
  22. Sending Logs to Syslog
  23. SNMPv3
  24. Netflow
  25. File Blocking
  26. Anti-Virus Blocking
  27. Factory Default
  28. BGP Routing
  29. Captive Portal
  30. User Identification using Active Directory (without Agent)
  31. Dual Internet using Policy Based Forwarding
  32. DoS Protection (Zone Protection)
  33. Virtual Wire (Transparent Firewall)
  34. High Availability (Active/Passive)
  35. App-ID: Overview, Blocking Skype & BitTorrent Applications
  36. Dynamic Block List
  37. Vulnerability Protection (IPS)
  38. Configuration Formats
  39. Custom IPS Signatures
  40. Data Filtering
  41. IP Block List Feeds — NEW!!!

View the detailed topic list on the ‘Topics’ tab

Video Series Length: ~11 hours (653 minutes)

  1. Palo Alto Networks Overview:
    1. Palo Alto Network Fundamentals
    2. Network Design
    3. Network Diagram
    4. Designing your PAN in the Network
  2. Initial Access into PAN
    1. Defaults
    2. Initial Access
    3. Overview of Dashboard
  3. Registering the PAN
  4. Management Interface
  5. General Settings & Services
    1. Hostname
    2. Login Banner
    3. Timezone
    4. Changing Passwords
    5. DNS and NTP
    6. Management Services
    7. Basic Operations (Restart, Export Config)
  6. Security Zones
  7. Virtual Routers
  8. Interfaces
    1. LAN (Trust) Interface
    2. WAN (Untrust) Interface
  9. Static Routes
    1. Default Static Route to Internet
  10. OSPF Routing
    1. OSPF Configuration on Cisco L3 Core Switch
    2. OSPF Configuration on PAN
    3. Verifying and Testing OSPF
  11. Upgrading the PAN-OS
    1. Upgrade Path
    2. Application and Threat Updates
    3. Upgrade Process and Confirmation
  12. NAT
    1. Port Address Translation (PAT)
    2. Static NAT Translation using Dedicated IP Address
    3. Creating Address Objects
    4. Creating Security Rule
    5. NAT Port Forwarding
  13. Security Policies
    1. Filtering based on Protocol and Port
    2. Overview of Application Inspection
    3. Filtering based on Applications
    4. Creating Service Objects
    5. Creating Service Groups
    6. Testing Security Rules
  14. Outbound SSL Decryption
    1. Introduction
    2. Certificate
    3. Installing Certificate into Client Web Browser
    4. Decryption Policy
    5. Application Database
    6. Application Categories
    7. Security Policy using Facebook and Outlook Web
    8. Recommendations
    9. Adding other another Facebook Sub-Application
    10. Issue Reported with Decryption Policy
  15. URL Filtering
    1. URL Filtering (Block, Continue)
    2. Custom Block Page
    3. Block List
    4. Custom URL Category
  16. GlobalProtect (Client VPN)
    1. Certificate
    2. LDAP for User Authentication
    3. Tunnel Interface
    4. Gateway and Portal
    5. Security Policy
    6. Testing from Apple iOS
    7. Testing from Windows 8
    8. Viewing VPN user activity
  17. Site-to-Site VPN (VTI)
    1. VPN Configuration on Cisco IOS Router
    2. VPN Configuration on PAN
    3. Static Routing over VPN Tunnel
    4. OSPF Routing over VPN Tunnel
    5. Validation & Testing
  18. Guest Network
    1. VLAN and 802.1Q Configuration on Network
    2. 802.1Q (VLAN tagging) on PAN
    3. DHCP
    4. Validation & Testing
  19. Sending Logs to Syslog Server
  20. SNMPv3
    1. Enabling SNMPv3
    2. Adding PAN to an NMS (Manage Engine’s Opmanager)
  21. Netflow
    1. Enabling Netflow
    2. Adding PAN to a Netflow Analyzer Server
    3. Enabling SNMP3 on Netflow Server
    4. Viewing traffic reports for application and top-talkers
  22. File Blocking (Google Mail)
    1. Firewall Policy and Profile
    2. Decryption Policy
    3. Testing File Blocking
    4. Monitoring File Blocking
    5. Monitoring Decryption
    6. Testing when changing the file type
  23. Anti-Virus Blocking
    1. Anti-Virus Profile
    2. Firewall Policy
    3. Decryption Policy
    4. Testing Anti-Virus Blocking (Non-Secure, Secure web pages
  24. Factory Reset
  25. BGP Routing
    1. Configuring BGP Routing
    2. Inbound Route Advertisements to PAN
    3. Outbound Route Advertisements from PAN
    4. Routing Filtering
    5. Testing and Monitoring
  26. Captive Portal
    1. Review of LDAP profile and Authentication Profile
    2. User Identification
    3. Security and Captive Policies
    4. Testing and Monitoring
  27. User Identification using Active Directory (without an Agent)
    1. Configuration on Active Directory Domain Controller
    2. User Identification Configuration on PAN appliance
    3. Creating security policies
    4. Testing and Monitoring
    5. Considerations when using User-ID
  28. Dual Internet using Policy Based Forwarding
  29. DoS Protection (Zone Protection)
    1. DoS Overview
    2. Zone Protection Configuration
    3. Monitoring and Testing
  30. Virtual Wire (Transparent Firewall)
  31. High Availability (Active/Passive)
  32. App-ID
    1. App-ID Overview and Navigation
    2. Blocking Skype Application
    3. Blocking BitTorrent Application
    4. Using Application Groups
    5. Monitoring Blocked Applications on the PAN
  33. Dynamic Block List
  34. Vulnerability Protection (IPS)
  35. Configuration Formats
  36. Custom IPS Signatures
  37. Data Filtering
  38. IP Block List Feeds (PAN OS 8.X)


Michel Thomatis, CCIE #6778 (15 year) – Chief Network Architect & Lead Trainer

Michel has spent the last 18 years as a network engineer/architect.  As a 15-year CCIE, Michel loves the opportunity to provide training in a wide-array of network technologies. He formerly worked at Cisco, as well as in government, banking, and non-profit organizations. He has published the “Network Design Cookbook” and a science fiction novel called “The Dark End”.  He has also published various iOS applications (virtual Network Engineer, Circlefalls) that can be found on Apple’s iOS App Store.  Other software development experience includes python and SDN.  Currently, Michel is the owner, Chief Network Architect and Lead Trainer at RouteHub Group, LLC.