-
This course replaces the training EDU-220 - Panorama 11.x: Managing Firewalls at Scale.
In English online format (dates are marked with an English flag in this case), the course lasts either four half days from 9.00-12.30 (Irish Time) or from 13.00-16.30 (Irish Time).
-
This training is a dedicated course for Panorama for centralized management of firewalls at scale. It not only teaches the features and functions of Panorama, but also provides guidance on how to design a distributed firewall network that is managed from a central location.
-
Course Contents
-
- Learn how to design, configure and manage the Panorama FireWall Management Server
- Gain experience with centralized policy management using device groups
- Learn how to extend network and device configuration to many firewalls using templates and template variables
- Gain experience with administration, log collection, logging and reporting
- Become familiar with the planning and design considerations for Panorama deployment.
-
Target Group
-
- Security Architects
- Security Administrators
- Security Operations Specialists
- Security Analysts
- Security Engineers
-
Knowledge Prerequisites
-
The Firewall Configuration and Management (EDU-210) course or equivalent hands-on experience with the Palo Alto Networks Next-Generation FireWall is a recommended prerequisite for attending this Palo Alto Panorama training course. Participants should also be familiar with basic security concepts. Familiarity with networking concepts, including routing, switching, and IP addressing, is recommended.
-
Alternatives
-
For customers who manage Prisma Access with Panorama:
- The Panorama: Centralized Network Security Administration course covers Panorama fundamentals relevant to Prisma Access
- The Prisma Access SSE: Configuration and Deployment training course deepens this knowledge.
-
Course Objective
-
- Learn how to design, configure and manage the Panorama FireWall Management Server
- Gain experience with centralized policy management using device groups
- Learn how to extend network and device configuration to many FireWalls using templates and template variables
- Gain experience with administration, log collection, logging and reporting
- You will become familiar with the planning and design considerations for Panorama deployment
Training recommendations for the Next-Generation Firewall Engineer certification:
- Firewall: Configuration and Management (EDU-210)
- Palo Alto Networks Panorama: NGFW Management (replaces the EDU-220)
- Firewall: Troubleshooting (EDU-330) (optional, but beneficial)
Adding Firewalls to Panorama |
Adding New Firewalls to Panorama |
Add a FireWall |
Automated Commit recovery |
Automatically Add multiple FireWalls via CSV import |
Tagging |
Organizing Summary Information |
Secure Communication Settings |
Manage device licenses |
Master key |
Upgrade firewalls from Panorama |
Deploy Content ID Updates to firewalls from Panorama |
Lab |
Set location for firewalls |
Copy serial firewall numbers |
Configure firewalls to communicate with Panorama |
Add firewalls to Panorama |
Modify Summary Window columns |
Assign firewall Tags |
Verify firewall licenses |
Schedule Dynamic Updates for firewalls |
Initial Configuration |
Panorama solution overview |
Deployment options |
Panorama platforms |
Register and License Panorama |
GUI overview |
Panorama License and Software update |
Plugin Architecture |
Services and Interface Configuration |
Panorama Commits |
Configuration Management |
Config Operations |
Manage Backup incl. export device state from FireWall |
Config export |
Lab |
Lab Overview |
Connect to the lab environment |
Log in to the Panorama appliance and both firewalls |
Document configuration and license information |
Configure Panorama Management Interface |
Configure Panorama Settings |
Schedule automatic config exports |
Schedule Content Updates |
Save and export Panorama configuration |
Commit changes |
Templates |
Templates overview |
Configuring templates |
Device configuration via template |
Local overwrite |
Template Variables |
Overview |
Configuration |
Real-life use cases and best practices |
Lab |
Create templates |
Create template stacks |
Create template variables |
Push the template stack to managed devices |
Device Groups |
Device groups overview |
Configuring Device Groups |
Setup Device-group hierarchy |
Group and push to HA Peers |
Objects |
Create an object – shared/disable override |
Override |
Move |
Device Group and template mapping |
Policies |
Rules Hierarchy |
Rulebase structuring |
Configure rules |
Move Rules |
Rulebase preview |
Unused Rules |
Policy rule targets |
Rule changes archive |
Audit Comments |
Tag-Based Rule Groups |
Real-life use cases and best practices |
Lab |
Create device groups |
Configure device group settings |
Log Forwarding and Collection |
Design Considerations for Deployment |
Log storage and retention |
Determine the Log Rate |
Storage calculation |
Log retention |
Planning Considerations |
Panorama log event forwarding |
Lab |
Configure log forwarding on the firewalls |
Configure log settings on the firewalls |
Confirm log forwarding |
Using Panorama Logs |
Customizing Log Tables |
Using Filters in Log Tables |
Exporting Filtered Data |
Lab |
Customize Log Tables in Panorama |
Create and Apply Filters in Log Tables |
Export Filtered Data |
Administrative Accounts |
Authenticating Panorama administrators |
Panorama authentication methods |
Admin Role |
Creating Administrative Accounts |
Custom Panorama Admin incl. Admin Role |
Device Group and Template Admin incl. Access Domain and Admin Role |
Password Profile and Password Complexity |
External Authentication |
Authentication Profile |
LDAP Server Profile |
Concurrent Administration |
Config Lock |
Lab |
Create LDAP and RADIUS Server Profiles |
Configure Authentication Profiles for LDAP and RADIUS |
Configure admin roles |
Configure admin accounts |
Create access domains |
Demonstrate the use of commit locks |
Aggregated Monitoring and Reporting |
Data Sources Used by Panorama |
Operational Information Available in Panorama |
Reporting Capabilities in Panorama |
Lab |
Examine Panorama ACC data |
Run reports on Panorama |
Explore App Scope |
Identify and respond to threats |
Troubleshooting |
Health and Summary Information of Managed Firewalls |
Troubleshooting Communication Issues with Panorama |
Troubleshooting Commit Errors |
Test policy functionality |
Lab |
Troubleshoot connectivity issues with a firewall |
Troubleshoot various commit errors |
Troubleshoot loss of internet connectivity |
Add on: Transition a Firewall to Panorama Management |
This is an additional module which is not part of the official course. The instructor will demo the import of an existing FireWall’s local configuration into Panorama and explain various caveats. |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.

-
This course replaces the training EDU-220 - Panorama 11.x: Managing Firewalls at Scale.
In English online format (dates are marked with an English flag in this case), the course lasts either four half days from 9.00-12.30 (Irish Time) or from 13.00-16.30 (Irish Time).
-
This training is a dedicated course for Panorama for centralized management of firewalls at scale. It not only teaches the features and functions of Panorama, but also provides guidance on how to design a distributed firewall network that is managed from a central location.
-
Course Contents
-
- Learn how to design, configure and manage the Panorama FireWall Management Server
- Gain experience with centralized policy management using device groups
- Learn how to extend network and device configuration to many firewalls using templates and template variables
- Gain experience with administration, log collection, logging and reporting
- Become familiar with the planning and design considerations for Panorama deployment.
-
Target Group
-
- Security Architects
- Security Administrators
- Security Operations Specialists
- Security Analysts
- Security Engineers
-
Knowledge Prerequisites
-
The Firewall Configuration and Management (EDU-210) course or equivalent hands-on experience with the Palo Alto Networks Next-Generation FireWall is a recommended prerequisite for attending this Palo Alto Panorama training course. Participants should also be familiar with basic security concepts. Familiarity with networking concepts, including routing, switching, and IP addressing, is recommended.
-
Alternatives
-
For customers who manage Prisma Access with Panorama:
- The Panorama: Centralized Network Security Administration course covers Panorama fundamentals relevant to Prisma Access
- The Prisma Access SSE: Configuration and Deployment training course deepens this knowledge.
-
Course Objective
-
- Learn how to design, configure and manage the Panorama FireWall Management Server
- Gain experience with centralized policy management using device groups
- Learn how to extend network and device configuration to many FireWalls using templates and template variables
- Gain experience with administration, log collection, logging and reporting
- You will become familiar with the planning and design considerations for Panorama deployment
Training recommendations for the Next-Generation Firewall Engineer certification:
- Firewall: Configuration and Management (EDU-210)
- Palo Alto Networks Panorama: NGFW Management (replaces the EDU-220)
- Firewall: Troubleshooting (EDU-330) (optional, but beneficial)
Adding Firewalls to Panorama |
Adding New Firewalls to Panorama |
Add a FireWall |
Automated Commit recovery |
Automatically Add multiple FireWalls via CSV import |
Tagging |
Organizing Summary Information |
Secure Communication Settings |
Manage device licenses |
Master key |
Upgrade firewalls from Panorama |
Deploy Content ID Updates to firewalls from Panorama |
Lab |
Set location for firewalls |
Copy serial firewall numbers |
Configure firewalls to communicate with Panorama |
Add firewalls to Panorama |
Modify Summary Window columns |
Assign firewall Tags |
Verify firewall licenses |
Schedule Dynamic Updates for firewalls |
Initial Configuration |
Panorama solution overview |
Deployment options |
Panorama platforms |
Register and License Panorama |
GUI overview |
Panorama License and Software update |
Plugin Architecture |
Services and Interface Configuration |
Panorama Commits |
Configuration Management |
Config Operations |
Manage Backup incl. export device state from FireWall |
Config export |
Lab |
Lab Overview |
Connect to the lab environment |
Log in to the Panorama appliance and both firewalls |
Document configuration and license information |
Configure Panorama Management Interface |
Configure Panorama Settings |
Schedule automatic config exports |
Schedule Content Updates |
Save and export Panorama configuration |
Commit changes |
Templates |
Templates overview |
Configuring templates |
Device configuration via template |
Local overwrite |
Template Variables |
Overview |
Configuration |
Real-life use cases and best practices |
Lab |
Create templates |
Create template stacks |
Create template variables |
Push the template stack to managed devices |
Device Groups |
Device groups overview |
Configuring Device Groups |
Setup Device-group hierarchy |
Group and push to HA Peers |
Objects |
Create an object – shared/disable override |
Override |
Move |
Device Group and template mapping |
Policies |
Rules Hierarchy |
Rulebase structuring |
Configure rules |
Move Rules |
Rulebase preview |
Unused Rules |
Policy rule targets |
Rule changes archive |
Audit Comments |
Tag-Based Rule Groups |
Real-life use cases and best practices |
Lab |
Create device groups |
Configure device group settings |
Log Forwarding and Collection |
Design Considerations for Deployment |
Log storage and retention |
Determine the Log Rate |
Storage calculation |
Log retention |
Planning Considerations |
Panorama log event forwarding |
Lab |
Configure log forwarding on the firewalls |
Configure log settings on the firewalls |
Confirm log forwarding |
Using Panorama Logs |
Customizing Log Tables |
Using Filters in Log Tables |
Exporting Filtered Data |
Lab |
Customize Log Tables in Panorama |
Create and Apply Filters in Log Tables |
Export Filtered Data |
Administrative Accounts |
Authenticating Panorama administrators |
Panorama authentication methods |
Admin Role |
Creating Administrative Accounts |
Custom Panorama Admin incl. Admin Role |
Device Group and Template Admin incl. Access Domain and Admin Role |
Password Profile and Password Complexity |
External Authentication |
Authentication Profile |
LDAP Server Profile |
Concurrent Administration |
Config Lock |
Lab |
Create LDAP and RADIUS Server Profiles |
Configure Authentication Profiles for LDAP and RADIUS |
Configure admin roles |
Configure admin accounts |
Create access domains |
Demonstrate the use of commit locks |
Aggregated Monitoring and Reporting |
Data Sources Used by Panorama |
Operational Information Available in Panorama |
Reporting Capabilities in Panorama |
Lab |
Examine Panorama ACC data |
Run reports on Panorama |
Explore App Scope |
Identify and respond to threats |
Troubleshooting |
Health and Summary Information of Managed Firewalls |
Troubleshooting Communication Issues with Panorama |
Troubleshooting Commit Errors |
Test policy functionality |
Lab |
Troubleshoot connectivity issues with a firewall |
Troubleshoot various commit errors |
Troubleshoot loss of internet connectivity |
Add on: Transition a Firewall to Panorama Management |
This is an additional module which is not part of the official course. The instructor will demo the import of an existing FireWall’s local configuration into Panorama and explain various caveats. |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
