Palo Alto ATC Logo

Palo Alto Networks Panorama: NGFW Management

Palo Alto ATC Logo

This course replaces the training EDU-220 - Panorama 11.x: Managing Firewalls at Scale.

In English online format (dates are marked with an English flag in this case), the course lasts either four half days from 9.00-12.30 (Irish Time) or from 13.00-16.30 (Irish Time).

This training is a dedicated course for Panorama for centralized management of firewalls at scale. It not only teaches the features and functions of Panorama, but also provides guidance on how to design a distributed firewall network that is managed from a central location.

Course Contents

  • Learn how to design, configure and manage the Panorama FireWall Management Server
  • Gain experience with centralized policy management using device groups
  • Learn how to extend network and device configuration to many firewalls using templates and template variables
  • Gain experience with administration, log collection, logging and reporting
  • Become familiar with the planning and design considerations for Panorama deployment.
Request in-house training now

Target Group

  • Security Architects
  • Security Administrators
  • Security Operations Specialists
  • Security Analysts
  • Security Engineers

Knowledge Prerequisites

The Firewall Configuration and Management (EDU-210) course or equivalent hands-on experience with the Palo Alto Networks Next-Generation FireWall is a recommended prerequisite for attending this Palo Alto Panorama training course. Participants should also be familiar with basic security concepts. Familiarity with networking concepts, including routing, switching, and IP addressing, is recommended.

Alternatives

For customers who manage Prisma Access with Panorama:

  • The Panorama: Centralized Network Security Administration course covers Panorama fundamentals relevant to Prisma Access
  • The Prisma Access SSE: Configuration and Deployment training course deepens this knowledge.

Course Objective

  • Learn how to design, configure and manage the Panorama FireWall Management Server
  • Gain experience with centralized policy management using device groups
  • Learn how to extend network and device configuration to many FireWalls using templates and template variables
  • Gain experience with administration, log collection, logging and reporting
  • You will become familiar with the planning and design considerations for Panorama deployment

Training recommendations for the Next-Generation Firewall Engineer certification:

Adding Firewalls to Panorama
Adding New Firewalls to Panorama
Add a FireWall
Automated Commit recovery
Automatically Add multiple FireWalls via CSV import
Tagging
Organizing Summary Information
Secure Communication Settings
Manage device licenses
Master key
Upgrade firewalls from Panorama
 
Deploy Content ID Updates to firewalls from Panorama
 
Lab
Set location for firewalls
Copy serial firewall numbers
Configure firewalls to communicate with Panorama
Add firewalls to Panorama
Modify Summary Window columns
Assign firewall Tags
Verify firewall licenses
Schedule Dynamic Updates for firewalls
 
Initial Configuration
Panorama solution overview
Deployment options
Panorama platforms
Register and License Panorama
GUI overview
Panorama License and Software update
Plugin Architecture
Services and Interface Configuration
Panorama Commits
Configuration Management
 
Config Operations
Manage Backup incl. export device state from FireWall
Config export
 
Lab
Lab Overview
Connect to the lab environment
Log in to the Panorama appliance and both firewalls
Document configuration and license information
Configure Panorama Management Interface
Configure Panorama Settings
Schedule automatic config exports
Schedule Content Updates
Save and export Panorama configuration
Commit changes
 
Templates
Templates overview
Configuring templates
Device configuration via template
Local overwrite
Template Variables
Overview
Configuration
Real-life use cases and best practices
 
Lab
Create templates
Create template stacks
Create template variables
Push the template stack to managed devices
 
Device Groups
Device groups overview
Configuring Device Groups
Setup Device-group hierarchy
Group and push to HA Peers
Objects
Create an object – shared/disable override
Override
Move
Device Group and template mapping
Policies
Rules Hierarchy
Rulebase structuring
Configure rules
Move Rules
Rulebase preview
Unused Rules
Policy rule targets
Rule changes archive
Audit Comments
Tag-Based Rule Groups
Real-life use cases and best practices
 
Lab
Create device groups
Configure device group settings
 
Log Forwarding and Collection
Design Considerations for Deployment
Log storage and retention
Determine the Log Rate
Storage calculation
Log retention
Planning Considerations
Panorama log event forwarding
 
Lab
Configure log forwarding on the firewalls
Configure log settings on the firewalls
Confirm log forwarding
 
Using Panorama Logs
Customizing Log Tables
Using Filters in Log Tables
Exporting Filtered Data
 
Lab
Customize Log Tables in Panorama
Create and Apply Filters in Log Tables
Export Filtered Data
 
Administrative Accounts
Authenticating Panorama administrators
Panorama authentication methods
Admin Role
Creating Administrative Accounts
Custom Panorama Admin incl. Admin Role
Device Group and Template Admin incl. Access Domain and Admin Role
Password Profile and Password Complexity
External Authentication
Authentication Profile
LDAP Server Profile
Concurrent Administration
Config Lock
 
Lab
Create LDAP and RADIUS Server Profiles
Configure Authentication Profiles for LDAP and RADIUS
Configure admin roles
Configure admin accounts
Create access domains
Demonstrate the use of commit locks
 
Aggregated Monitoring and Reporting
Data Sources Used by Panorama
Operational Information Available in Panorama
Reporting Capabilities in Panorama
 
Lab
Examine Panorama ACC data
Run reports on Panorama
Explore App Scope
Identify and respond to threats
 
Troubleshooting
Health and Summary Information of Managed Firewalls
Troubleshooting Communication Issues with Panorama
Troubleshooting Commit Errors
Test policy functionality
 
Lab
Troubleshoot connectivity issues with a firewall
Troubleshoot various commit errors
Troubleshoot loss of internet connectivity
 
Add on: Transition a Firewall to Panorama Management
This is an additional module which is not part of the official course. The instructor will demo the import of an existing FireWall’s local configuration into Panorama and explain various caveats.
 

Classroom training

Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!

Hybrid training

Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.

Online training

You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.

Tailor-made courses

You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request in-house training now
PDF SymbolYou can find the complete description of this course with dates and prices ready for download at as PDF.

This course replaces the training EDU-220 - Panorama 11.x: Managing Firewalls at Scale.

In English online format (dates are marked with an English flag in this case), the course lasts either four half days from 9.00-12.30 (Irish Time) or from 13.00-16.30 (Irish Time).

This training is a dedicated course for Panorama for centralized management of firewalls at scale. It not only teaches the features and functions of Panorama, but also provides guidance on how to design a distributed firewall network that is managed from a central location.

Course Contents

  • Learn how to design, configure and manage the Panorama FireWall Management Server
  • Gain experience with centralized policy management using device groups
  • Learn how to extend network and device configuration to many firewalls using templates and template variables
  • Gain experience with administration, log collection, logging and reporting
  • Become familiar with the planning and design considerations for Panorama deployment.
Request in-house training now

Target Group

  • Security Architects
  • Security Administrators
  • Security Operations Specialists
  • Security Analysts
  • Security Engineers

Knowledge Prerequisites

The Firewall Configuration and Management (EDU-210) course or equivalent hands-on experience with the Palo Alto Networks Next-Generation FireWall is a recommended prerequisite for attending this Palo Alto Panorama training course. Participants should also be familiar with basic security concepts. Familiarity with networking concepts, including routing, switching, and IP addressing, is recommended.

Alternatives

For customers who manage Prisma Access with Panorama:

  • The Panorama: Centralized Network Security Administration course covers Panorama fundamentals relevant to Prisma Access
  • The Prisma Access SSE: Configuration and Deployment training course deepens this knowledge.

Course Objective

  • Learn how to design, configure and manage the Panorama FireWall Management Server
  • Gain experience with centralized policy management using device groups
  • Learn how to extend network and device configuration to many FireWalls using templates and template variables
  • Gain experience with administration, log collection, logging and reporting
  • You will become familiar with the planning and design considerations for Panorama deployment

Training recommendations for the Next-Generation Firewall Engineer certification:

Adding Firewalls to Panorama
Adding New Firewalls to Panorama
Add a FireWall
Automated Commit recovery
Automatically Add multiple FireWalls via CSV import
Tagging
Organizing Summary Information
Secure Communication Settings
Manage device licenses
Master key
Upgrade firewalls from Panorama
 
Deploy Content ID Updates to firewalls from Panorama
 
Lab
Set location for firewalls
Copy serial firewall numbers
Configure firewalls to communicate with Panorama
Add firewalls to Panorama
Modify Summary Window columns
Assign firewall Tags
Verify firewall licenses
Schedule Dynamic Updates for firewalls
 
Initial Configuration
Panorama solution overview
Deployment options
Panorama platforms
Register and License Panorama
GUI overview
Panorama License and Software update
Plugin Architecture
Services and Interface Configuration
Panorama Commits
Configuration Management
 
Config Operations
Manage Backup incl. export device state from FireWall
Config export
 
Lab
Lab Overview
Connect to the lab environment
Log in to the Panorama appliance and both firewalls
Document configuration and license information
Configure Panorama Management Interface
Configure Panorama Settings
Schedule automatic config exports
Schedule Content Updates
Save and export Panorama configuration
Commit changes
 
Templates
Templates overview
Configuring templates
Device configuration via template
Local overwrite
Template Variables
Overview
Configuration
Real-life use cases and best practices
 
Lab
Create templates
Create template stacks
Create template variables
Push the template stack to managed devices
 
Device Groups
Device groups overview
Configuring Device Groups
Setup Device-group hierarchy
Group and push to HA Peers
Objects
Create an object – shared/disable override
Override
Move
Device Group and template mapping
Policies
Rules Hierarchy
Rulebase structuring
Configure rules
Move Rules
Rulebase preview
Unused Rules
Policy rule targets
Rule changes archive
Audit Comments
Tag-Based Rule Groups
Real-life use cases and best practices
 
Lab
Create device groups
Configure device group settings
 
Log Forwarding and Collection
Design Considerations for Deployment
Log storage and retention
Determine the Log Rate
Storage calculation
Log retention
Planning Considerations
Panorama log event forwarding
 
Lab
Configure log forwarding on the firewalls
Configure log settings on the firewalls
Confirm log forwarding
 
Using Panorama Logs
Customizing Log Tables
Using Filters in Log Tables
Exporting Filtered Data
 
Lab
Customize Log Tables in Panorama
Create and Apply Filters in Log Tables
Export Filtered Data
 
Administrative Accounts
Authenticating Panorama administrators
Panorama authentication methods
Admin Role
Creating Administrative Accounts
Custom Panorama Admin incl. Admin Role
Device Group and Template Admin incl. Access Domain and Admin Role
Password Profile and Password Complexity
External Authentication
Authentication Profile
LDAP Server Profile
Concurrent Administration
Config Lock
 
Lab
Create LDAP and RADIUS Server Profiles
Configure Authentication Profiles for LDAP and RADIUS
Configure admin roles
Configure admin accounts
Create access domains
Demonstrate the use of commit locks
 
Aggregated Monitoring and Reporting
Data Sources Used by Panorama
Operational Information Available in Panorama
Reporting Capabilities in Panorama
 
Lab
Examine Panorama ACC data
Run reports on Panorama
Explore App Scope
Identify and respond to threats
 
Troubleshooting
Health and Summary Information of Managed Firewalls
Troubleshooting Communication Issues with Panorama
Troubleshooting Commit Errors
Test policy functionality
 
Lab
Troubleshoot connectivity issues with a firewall
Troubleshoot various commit errors
Troubleshoot loss of internet connectivity
 
Add on: Transition a Firewall to Panorama Management
This is an additional module which is not part of the official course. The instructor will demo the import of an existing FireWall’s local configuration into Panorama and explain various caveats.
 

Classroom training

Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!

Hybrid training

Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.

Online training

You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.

Tailor-made courses

You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request in-house training now

PDF SymbolYou can find the complete description of this course with dates and prices ready for download at as PDF.