Certificate Authentication

[Day 1]
Domain 1 Core Concept 
Task 1.1 Firewall and Security Components 
Task 1.2 Panorama overview 
Task 1.3 PaloAlto Firewall Architecture 
Task 1.4 Packet Flow 

Domain 2 Device Management and Services
Task 2.1 Demonstrate knowledge of firewall management interfaces

• 2.1.1 Management interfaces
• 2.1.2 Methods of access
• 2.1.3 Access restrictions
• 2.1.4 Identity-management trafficflow
• 2.1.5 Management services
• 2.1.6 Service routes

Task 2.2 Provision local administrators

• 2.2.1 Authentication profile
• 2.2.2 Authentication sequence

Task 2.3 Assign role-based authentication 
Task 2.4 Maintain firewallconfigurations

• 2.4.1 Running configuration
• 2.4.2 Candidate configuration
• 2.4.3 Discern when to use load, save, import, and export
• 2.4.4 Differentiate between configurationstates
• 2.4.5 Back up Panorama configurations and firewalls from Panorama

Task 2.5 Push policy updates to Panorama-managed firewalls

• 2.5.1 Device groups andhierarchy
• 2.5.2 Where to place policies
• 2.5.3 Implications of Panoramamanagement
• 2.5.4 Impact of templates, template stacks, and hierarchy

Task 2.6 Schedule and install dynamic updates

• 2.6.1 From Panorama
• 2.6.2 From the firewall
• 2.6.3 Scheduling and staggering updates on an HA pair

Task 2.7 Create and apply security zones to policies

• 2.7.1 Identify zone types
• 2.7.2 External types
• 2.7.3 Layer2
• 2.7.4 Layer3
• 2.7.5 TAP
• 2.7.6 VWire
• 2.7.7 Tunnel

Task 2.8 Identify and configure firewall interfaces

• 2.8.1 Different types of interfaces
• 2.8.2 How interface types affect Security policies

Task 2.9 Maintainandenhancetheconfigurationofavirtualorlogical router

• 2.9.1 Steps to create a static route
• 2.9.2 How to use the routing table
• 2.9.3 What interface types can be added to a virtual or logical router
• 2.9.4 How to configure route monitoring

[Day 2]
Domain 3 Managing Objects
Task 3.1 Create and maintain address and address group objects

• 3.1.1 How to tag objects
• 3.1.2 Differentiate between addressobjects
• 3.1.3 Static groups versus dynamic groups

Task 3.2 Create and maintain services and service groups 
Task 3.3 Configureandmaintain application filtersandapplication groups

• 3.3.1 When to use filters versus groups
• 3.3.2 The purpose of application characteristics as defined in the App- ID database

Domain 4 PolicyEvaluationandManagement
Task 4.1 Develop the appropriate application-based Security policy

• 4.1.1 Create an appropriate App-ID rule
• 4.1.2 Rule shadowing
• 4.1.3 Group rules bytag
• 4.1.4 The potential impact of App-ID updates to existing Security policy rules
• 4.1.5 Policy usage statistics

Task 4.2 Differentiate specific security rule types

• 4.2.1 Interzone
• 4.2.2 Intrazone
• 4.2.3 Universal

Task 4.3 Configure Security policy match conditions, actions, and logging 
options

• 4.3.1 Application filters andgroups
• 4.3.2 Logging options
• 4.3.3 App-ID
• 4.3.4 User-ID
• 4.3.5 Device-ID
• 4.3.6 Application filter inpolicy
• 4.3.7 Application group in policy
• 4.3.8 EDLs

Task 4.4 Identify and implement proper NAT policies

• 4.4.1 Destination
• 4.4.2 Source

Task 4.5 Optimize Security policies using appropriate tools

• 4.5.1 Policy test match tool
• 4.5.2 Policy Optimizer

[Day 3]
Domain 5 SecuringTraffic
Task 5.1 Create, modify, add, and apply the appropriate Security profiles and 
groups

• 5.1.1 Antivirus
• 5.1.2 Anti-Spyware
• 5.1.3 Vulnerability Protection
• 5.1.4 URL Filtering
• 5.1.5 Wildfire Analysis
• 5.1.6 Configure threat preventionpolicy

Task 5.2 Use information available in logs

• 5.2.1 Traffic
• 5.2.2 Threat
• 5.2.3 Data
• 5.2.4 System logs

Firewall Troubleshooting 
Q&A