[Day 1]
Domain 1 Core Concept
Task 1.1 Firewall and Security Components
Task 1.2 Panorama overview
Task 1.3 PaloAlto Firewall Architecture
Task 1.4 Packet Flow
Domain 2 Device Management and Services
Task 2.1 Demonstrate knowledge of firewall management interfaces
- 2.1.1 Management interfaces
- 2.1.2 Methods of access
- 2.1.3 Access restrictions
- 2.1.4 Identity-management trafficflow
- 2.1.5 Management services
- 2.1.6 Service routes
Task 2.2 Provision local administrators
- 2.2.1 Authentication profile
- 2.2.2 Authentication sequence
Task 2.3 Assign role-based authentication
Task 2.4 Maintain firewallconfigurations
- 2.4.1 Running configuration
- 2.4.2 Candidate configuration
- 2.4.3 Discern when to use load, save, import, and export
- 2.4.4 Differentiate between configurationstates
- 2.4.5 Back up Panorama configurations and firewalls from Panorama
Task 2.5 Push policy updates to Panorama-managed firewalls
- 2.5.1 Device groups andhierarchy
- 2.5.2 Where to place policies
- 2.5.3 Implications of Panoramamanagement
- 2.5.4 Impact of templates, template stacks, and hierarchy
Task 2.6 Schedule and install dynamic updates
- 2.6.1 From Panorama
- 2.6.2 From the firewall
- 2.6.3 Scheduling and staggering updates on an HA pair
Task 2.7 Create and apply security zones to policies
- 2.7.1 Identify zone types
- 2.7.2 External types
- 2.7.3 Layer2
- 2.7.4 Layer3
- 2.7.5 TAP
- 2.7.6 VWire
- 2.7.7 Tunnel
Task 2.8 Identify and configure firewall interfaces
- 2.8.1 Different types of interfaces
- 2.8.2 How interface types affect Security policies
Task 2.9 Maintainandenhancetheconfigurationofavirtualorlogical router
- 2.9.1 Steps to create a static route
- 2.9.2 How to use the routing table
- 2.9.3 What interface types can be added to a virtual or logical router
- 2.9.4 How to configure route monitoring
[Day 2]
Domain 3 Managing Objects
Task 3.1 Create and maintain address and address group objects
- 3.1.1 How to tag objects
- 3.1.2 Differentiate between addressobjects
- 3.1.3 Static groups versus dynamic groups
Task 3.2 Create and maintain services and service groups
Task 3.3 Configureandmaintain application filtersandapplication groups
- 3.3.1 When to use filters versus groups
- 3.3.2 The purpose of application characteristics as defined in the App- ID database
Domain 4 PolicyEvaluationandManagement
Task 4.1 Develop the appropriate application-based Security policy
- 4.1.1 Create an appropriate App-ID rule
- 4.1.2 Rule shadowing
- 4.1.3 Group rules bytag
- 4.1.4 The potential impact of App-ID updates to existing Security policy rules
- 4.1.5 Policy usage statistics
Task 4.2 Differentiate specific security rule types
- 4.2.1 Interzone
- 4.2.2 Intrazone
- 4.2.3 Universal
Task 4.3 Configure Security policy match conditions, actions, and logging
options
- 4.3.1 Application filters andgroups
- 4.3.2 Logging options
- 4.3.3 App-ID
- 4.3.4 User-ID
- 4.3.5 Device-ID
- 4.3.6 Application filter inpolicy
- 4.3.7 Application group in policy
- 4.3.8 EDLs
Task 4.4 Identify and implement proper NAT policies
- 4.4.1 Destination
- 4.4.2 Source
Task 4.5 Optimize Security policies using appropriate tools
- 4.5.1 Policy test match tool
- 4.5.2 Policy Optimizer
[Day 3]
Domain 5 SecuringTraffic
Task 5.1 Create, modify, add, and apply the appropriate Security profiles and
groups
- 5.1.1 Antivirus
- 5.1.2 Anti-Spyware
- 5.1.3 Vulnerability Protection
- 5.1.4 URL Filtering
- 5.1.5 Wildfire Analysis
- 5.1.6 Configure threat preventionpolicy
Task 5.2 Use information available in logs
- 5.2.1 Traffic
- 5.2.2 Threat
- 5.2.3 Data
- 5.2.4 System logs
Firewall Troubleshooting
Q&A