cbtnuggets - Palo Alto Networks Firewall (Repost)

1. Welcome (3 min)
Keith welcomes you to the course and shares tips about how to get the most from this training.
2. Building Your Own Lab - Concepts (15 min)
Keith introduces options for creating a lab, where you can practice and reinforce what you learn, as you go through videos in this course. For the demonstration of building your own virtual lab, please enjoy the next Nugget titled, "Creating Your Virtual Lab - Implementation."
3. Creating Your Virtual Lab - Implementation (17 min)
Keith walks you through step-by-step instructions on creating a virtualized lab environment inside of VMware Workstation as the hypervisor.
4. Initial Power Up & Config (11 min)
Keith demonstrates the initial bootstrap configuration of a firewall's management IP address, and how to connect and log in for the first time.
5. Mgmt. Default Route and DNS (9 min)
Keith explains the importance of, and how to implement, default routes and DNS services that can be used by the firewall, as well as its management interface and associated IP address.
6. Concepts: Zones, Interfaces & Design (20 min)
Keith discusses the interface deployment modes available to use with a Palo Alto firewall, and how they impact network design. This Nugget also introduces the concept of a virtual router (VR), as well as how zones can be leveraged to enforce a security policy on the firewall.
7. Configure Zones, Interfaces and VRs (16 min)
Keith demonstrates how to create zones, virtual routers (VRs), and how to configure and associate L3 interfaces with them. Adding a default route as part of a virtual router for the data-plane is also explained.
8. Configuring a Security Policy (16 min)
Using the lab topology previously established in this course, Keith demonstrates adding a security policy that permits specific inter-zone traffic.
9. Configuring PAT (13 min)
Keith demonstrates the configuration of Port Address Translation (PAT) on the PaloAlto firewall.
10. GNS3 Integration (8 min)
Keith demonstrates how GNS3 can be integrated as part of our existing firewall lab topology.
11. Setting Up DMZ Server Access (17 min)
Keith describes and demonstrates configuring the firewall to allow public access to a web server in the DMZ. Keith also shares a demonstration regarding using a router (in GNS3) with web services to play the role of a web server on the DMZ.
12. Using VMware Snapshots in your Lab (6 min)
Keith explains the usefulness of, and demonstrates how to, create a point in time "snapshot" of the virtual firewall. This technique is useful when practicing and learning in a lab environment.
13. Exporting and Importing Configs (13 min)
Keith demonstrates the process for exporting the configurations on one firewall, and then restoring them to a replacement firewall.
14. Licensing the NGFW Features (11 min)
Keith demonstrates a method for registering and activating licensed features on a Palo Alto firewall.
15. Upgrade a Firewall (15 min)
Keith walks you through upgrading to the application and OS versions of the firewall.
16. App vs. Protocol & Port Security Policies (12 min)
Keith describes the benefits of using application object versus just protocols and ports to determine access through the firewall.
17. Destination NAT (15 min)
Keith presents another option for Network Address Translation (NAT): destination NAT. In this Nugget, Keith explains and demonstrates its use on the firewall.
18. App-ID Concepts (12 min)
Keith discusses firewall processes to identify applications that are used over the network. These methods are part of the Application Identification (App-ID) function of the firewall.
19. Granular App Control Concepts (9 min)
Keith explores the concepts behind very granular application controls, such as allowing general Facebook access while preventing specific applications within Facebook.
20. Granular App Control Demonstration (21 min)
Keith demonstrates the uses of specific Facebook-related applications that can be used in a security policy, as well as the creation of application groups.
21. SSL Outbound Encryption (19 min)
Keith discusses and demonstrates SSL Outbound Encryption on the firewall.
22. URL Filtering (10 min)
Keith describes and demonstrates the configuration and verification of URL filtering.
23. Antivirus (9 min)
Keith demonstrates the implementation and verification of Antivirus software on the firewall.
24. Vulnerability and Spyware Protection (5 min)
Keith demonstrates how to apply profiles to protect against vulnerabilities and spyware.
25. LDAP and Authentication Profiles (7 min)
Keith walks you through the setup of LDAP and Authentication profiles, which can leverage an existing Active Directory (AD) infrastructure.
26. Enable User-ID (12 min)
Keith discusses, demonstrates, and verifies User-ID on the firewall — using Microsoft AD as a centralized LDAP and AD server.
27. SSL VPN Concepts (7 min)
Keith introduces the concept of how an SSL/TLS VPN is implemented as part of Global Protect on the firewall.
28. Installing a CA Certificate (10 min)
Keith shows how to create a Certificate Signing Request (CSR) from a Certificate Authority, and how to implement certificates on the firewall.
29. Create a VPN Zone and Tunnel Interface (4 min)
Keith walks through the verification of the LDAP and Authentication profiles, and then creates a new zone for VPN users, and associates a tunnel interface with the new zone in preparation for Global Protect SSL VPNs.
30. Configure a Global Protect GW and Portal (11 min)
Keith takes you step by step through the creation of a GlobalProtect Gateway, and portal objects, on the firewall.
31. Clients and Security Policies for Global Protect (15 min)
Keith demonstrates setting up access for the client software, along with configuring security policies that allow clients to access resources through the VPN.
32. Site-to-Site IPsec VPN overview (8 min)
Keith describes the process used to implement IPsec site-to-site tunnels on the firewall. If you are new to the concepts of IPsec and/or VPNs, please watch video No. 34 "Crypto Concepts" from the CompTIA Security+ course (SY0-401), right here at CBT Nuggets.
33. Config IPsec on PA FW (15 min)
Keith walks you through the setup of the IPsec site-to-site tunnel components on the Palo Alto firewall.
34. Cisco IOS as VPN Peer (11 min)
Keith demonstrates using a Cisco IOS router to be an IPsec peer with the Palo Alto firewall. All configuration commands used on the Cisco router are included as part of the NuggetLab files.
35. Zone Protection Profiles (12 min)
Keith describes and demonstrates the use of a Zone Protection Profile on the firewall.
36. 802.1Q & Sub-Interface Concepts (10 min)
Keith provides an overview of how sub-interfaces and 802.1Q trunking can be used to support multiple directly-connected networks on the firewall, using a single physical interface.
37. Implement L3 Sub-Interfaces (11 min)
Keith demonstrates the creation of L3 Sub-Interfaces on the firewall.
38. Verify L3 Sub-Interfaces (13 min)
Keith walks you through one method of verifying that a sub-interface is operating correctly via trunking to a switch, by leveraging a virtual switch in GNS3.
39. Interface Management Profiles (6 min)
Keith describes, creates, and verifies an Interface Management Profile on the firewall.
40. Captive Portal (9 min)
Keith describes, demonstrates, and verifies Captive Portal on the firewall.
41. HA Concepts (6 min)
Keith discusses with you options regarding implementing High Availability (HA) on a pair of firewalls.
42. HA Implementation (17 min)
Keith demonstrates the configuration and verification of High Availability (HA) between a pair of firewalls.
43. Panorama (11 min)
Keith provides an introduction to the enterprise management tool for Palo Alto firewalls: Panorama.
44. File Blocking (4 min)
Keith describes, demonstrates, and verifies file-blocking profiles that can be attached and used as part of a security policy rule.
45. WildFire, Data Filtering and DoS Profiles (6 min)
Keith introduces three additional security profiles that can be used on the firewall.
46. Dynamic Routing (10 min)
Keith describes the benefits of, and an example of, dynamic routing on the firewall.
47. The Parka Principle (7 min)
Keith shares details about top resources for individuals who are pursuing Palo Alto Networks certification.