Troubleshooting Palo Alto Firewall – PANOS 10

  • Lectures: 24
  • Students: 78

Troubleshooting Palo Alto Firewall – PANOS 10

Designed to reflect real life challenges

The Palo Alto Networks Firewall Troubleshooting course will help you to:

Understand the underlying architecture of the Next-Generation Firewall and what happens to a packet when it is being processed Investigate networking issues using firewall tools including the CLI Follow proven troubleshooting methodologies specific to individual features analyze advanced logs to resolve various real-life scenarios Solve advanced, scenario-based challenges

Prerequisites:

The “Firewall Configuration and Management” course or equivalent practical experience working with the Palo Alto Networks Next-Generation Firewall is a prerequisite to taking this Palo Alto firewall Troubleshooting course

Topics :

Module 1 : Tools and Resources   [ 1hr 14 mins ]

  • How to perform a factory reset on a Palo Alto Networks device
  • How to Retrieve Firewall Configuration in Maintenance Mode
  • How to Reset the Administrator Password
  • How to SSH into Maintenance Mode
  • How to Reinstall or Revert PAN-OS from Maintenance Mode
  • Restarting Management Server Process – CLI
  • How to Generate and Upload a Tech Support File
  • CLI to generate and export Tech Support File
  • How to Restart the Web-related Processes
  • Online resources – Live Community, KB

Module 2 : Command Line Interface  [ 1hr 38 mins ]

  • Operational vs Configuration Mode
  • Displaying and navigating command output
  • General system health commands
  • System and Resource Monitor Commands
  • Dropped packet troubleshooting Commands
  • Routing Debug Commands
  • Test Security Policy match command
  • Viewing and Deleting Logs from CLI
  • IPsec Tunnel Troubleshooting Commands
  • Using the CLI as a troubleshooting tool
  • Import, Load, and Commit a Configuration File
  • How to Troubleshoot Using Counters via the CLI
  • TCPDUMP and Debug Data plane commands
  • How to Create a Management Profile using the CLI
  • CLI commands to show enable and disable application cache

Module 3 : Flow Logic [ 1hr 48 mins ]

  • Packet Flow Sequence in PAN-OS
  • Packets in slow path, fast path and offloaded
  • Debugging packet flow
  • Open packet-diagnostics file
  • Identify dropped packets and the session end
  • Session states and types
  • Session Tracker Feature

Module 4 : Packet Captures [ 49 mins ]

  • Packet Capture Concepts
  • Packet Capture Stages
  • Manage Filters
  • Session offloading during packet capture
  • Configuring Packet Captures – CLI and WebUI

Module 5 : Packet Diagnostics Logs [ 10mins ]

  • Examine firewall Traffic logs and Threat logs
  • Configure the packet filter
  • Check global counters
  • Configure and run packet capture and flow basic
  • Interpret the flow-basic log and pcaps

Module 6 : Transit Traffic  [ 2hr 22 mins ]

  • Troubleshoot Transit Traffic
  • Session table and traffic logs
  • Security policy to block Tor Application
  • Not-Applicable, Incomplete, Insufficient Data in the Application Field
  • Why does some traffic report as aged-out in traffic log
  • Packets are Dropped Due to TCP Reassembly
  • SYN-ACK Issues with Asymmetric Routing
  • Tips & Tricks – Session Timeouts
  • Troubleshooting slowness with traffic, Management
  • Troubleshooting decreased throughput for SMB protocol
  • Block risky URL categories
  • Deny unknown applications
  • Turn on SSL decryption
  • Block untrusted and expired certificates

Module 7 : IPSEC VPN Troubleshooting [ 1hr 31 mins ]

  • VPN Concept & Configuration
  • Troubleshooting IPSec VPN Connectivity issues
  • Troubleshooting IKE Phase 1
  • Troubleshooting IKE Phase 2
  • Interpret VPN Error Messages
  • Check Routing and security Policy rules
  • Proxy IDs – Route and policy Based VPNs
  • IPSec Tunnel is up but packet is getting dropped
  • Dead Peer Detection and Tunnel Monitoring
  • IPSec with overlapping Networks
  • How to enable debug on a single VPN Peer

Module 8 : System Services  [ 41 mins ]

  • Identifying performance issues
  • System Services Daemons
  • Check running services
  • Restart a service
  • Gathering more data

Module 9 : Certificate Management and SSL Decryption Troubleshooting [1hr 44 mins]

  • Troubleshoot and monitor Decryption
  • Decryption Failure reasons
  • Troubleshoot Pinned Certificates
  • Troubleshooting SSL Certificates
  • Unsupported and Failure Checks
  • Remediating unsupported cipher suits
  • Forward trust and Forward untrust Certificate
  • Decryption Logging

Module 10 : User ID [ 54 mins ]

  • System log, verify and fix user mapping issue
  • Verify LDAP connectivity
  • Fix the LDAP Server Profile
  • Troubleshooting User-ID Cache timeout
  • Useful CLI Commands to troubleshoot LDAP Connection

Module 11 : Global protect  [ 54 mins ]

  • Troubleshooting Global Protect
  • Tools and utilities used for troubleshooting on client Machines
  • Tools used for troubleshooting on the Firewall
  • Global Protect unable to Connect to portal or gateway
  • Global Protect agent connected but unable to access resources
  • Useful Global protect gateway CLI Commands
  • Server Certificate is invalid Error Message Troubleshooting

Module 12 : Escalation and RMAs [ 7 mins ]

 

  • Module 2 - Command Line Interface 0/3

  • Module 3 - Flow Logic 0/2

  • Module 4 - Packet Capture 0/2

  • Module 5 - Packet Diagnostics Logs 0/1

  • Module 6 - Transit Traffic 0/3

  • Module 7 - IPsec Site to Site VPN Troubleshooting 0/2

  • Module 8 - System Services 0/1

  • Module 9 - Certificate Management and SSL Decryption Troubleshooting 0/2

  • Module 10 - User ID 0/2

  • Module 11 - Global protect 0/2

  • Module 12 - Escalation and RMAs 0/1

  • Module 13 : BONUS VIDEO (Scenario based IPSec VPN Troubleshooting ) 0/1

Admin bar avatar
Manoj Verma - CCIE # 43923 is a highly experienced senior technical instructor and Network/ security consultant. He has been in the networking industry for more than 19 years, with a focus on networking and security for the past 15 years. He has assisted thousands of engineers in obtaining their various certifications starting from CCNA to CCIE, CCSA, CCSE, PCNSE, F5, etc. and learning the latest and cutting-edge technologies.  He started his career as a system administrator and then switched to the networking and security domain. During the job, he realized that he is gifted with a passion for teaching and sharing his knowledge, as he used to teach his colleagues and friends. In his classroom training, he always starts with explaining the theory on a certain topic and then gives away a short note of key points and finally end with lab implementation. Now a day, driving down to the training institute to attend classroom training sessions is not feasible for everyone owing to the workflow, odd working hours and rotational shifts, especially for working professionals and those who are living in different cities and countries. He started getting multiple requests from lots of students to launch an online training module in the same way as he teaches in his classrooms. Keeping all this in mind, he designed this self-paced training module which replicates classroom training. He has brought his years of classroom teaching experience, and years of real-world enterprise and service provider experience in designing training modules. For a better understanding of technologies and in-depth knowledge, reading books or short notes is necessary and to witness the theoretical information in live, practical knowledge is required so he has included both which is very unique in the IT training sector.

There is no review for this course

Price

$110.00

Rating

Not enough ratings to display

(1) Comment

  • siklu2008 November 11, 2022 @ 9:39 pm

    I go through some of the preview video, it is really excellent. Also course content is really interesting for the person who want to make himself as PaloAlto specialist.

Leave a Reply

Select your currency
USD United States (US) dollar
X