The training combines lectures and hands-on lab exercises to cover the following key areas:
Initial Configuration and Deployment: Setting up the Panorama server (hardware or virtual appliance), initial system access, interface configuration, and understanding various deployment options (e.g., on-premises vs. cloud).
Adding Managed Firewalls: The process of connecting individual firewalls to Panorama for centralized management, including license management and communication settings.
Device Groups: Organizing firewalls into logical groups based on organizational hierarchy or function to ensure consistent policy enforcement.
Templates and Template Stacks: Using templates to manage device-specific configurations (like network interfaces, DNS, NTP, and services) and template stacks to apply configurations to multiple devices efficiently using template variables.
Centralized Policy Management: Creating, managing, and deploying shared security policies (security, NAT, QoS) and objects across all managed firewalls. This includes implementing pre-rules and post-rules for flexible rule application.
Log Collection and Reporting: Configuring log collectors/collector groups, managing log forwarding, and leveraging Panorama for aggregated reporting and analysis to gain holistic network visibility and assist in incident response.
Administration and Access Control: Setting up administrative accounts, defining role-based access control (RBAC), and configuring authentication methods (e.g., LDAP, RADIUS) for secure management access.
High Availability (HA): Understanding and configuring Panorama in a high-availability setup to ensure management of plane redundancy and uptime.
Dynamic Updates and Software Management: Managing and scheduling dynamic updates (threats, applications, etc.) and PAN-OS software upgrades for managed firewalls from a central location.
Troubleshooting: Identifying and resolving common issues related to firewall connectivity, committing errors, and internal connectivity challenges within the Panorama environment.
Design and Planning: Best practices for planning and designing a scalable distributed firewall network architecture managed by Panorama.
Prerequisites and Certification
Prerequisites: Participants should first complete the EDU-210: Firewall Essentials - Configuration and Management course or possess equivalent practical experience with Palo Alto Networks firewalls and basic networking concepts.
Certification: This course covers content relevant for the Palo Alto Networks Certified Network Security Engineer (PCNSE) certification exam.
