FireWall Security Best Practices and Threat Prevention

• Security Engineers
• Security Administrators
• Security Operations Specialists
• Security Analysts
• Support Staff

The Palo Alto Networks “FireWall Security Best Practices and Threat Prevention” course is an instructor-led training that will help you to:

• Determine the efficacy of your current security policies
• Develop workflows for managing your security posture
• Modify your existing policy set to implement Security Best Practices
• Monitor network traffic using the interactive web interface and firewall reports
• Utilize tools such as the BPA tool to understand your environment further

The “Firewall Configuration and Management” (EDU-210) course or equivalent practical experience working with the Palo Alto Networks Next-Generation FireWall is a recommended prerequisite to taking this optimizing firewall threat prevention PAN EDU 214 course. Students also should be familiar with basic security concepts. Experience with other security technologies (IPS, proxy, and content filtering) is an advantage.

Get a taste for the course by watching the video in this blog post where one of our instructors teaches a sample module on FireWall Hardening Best Practices.

Introduction

• Course overview
• Course scenario description
• BPA tool, ACC, logging, and reporting
• Lab architecture

Security Profiles

• Review of Content-ID
• Defining context for Security Profiles
• Creation of profile groups

Daily Operations and Maintenance

• Software release cycle
• App-ID and threat update best practices and process
• Policy description and audit best practices

Establish Initial Baseline Visibility

• Log Forwarding Profiles
• Syslog, email, SNMP traps, and formatting
• Custom and pre-made reporting
• Dynamic user and address groups

Analyze and Update Security Rules Passing Traffic

• Expedition for BPA
• Policy Optimizer
• Application-centric rules
• Categorizing traffic into Inbound, Outbound, and Internal flows

Inbound Security Rules Best Practices and Analysis

• Inbound threat protection
• Workflow for false positives
• Inbound SSL Decryption best practices

Outbound Security Rules Best Practices and Analysis

• User-ID
• URL Filtering Profiles
• Credential theft
• Custom URL categories
• Outbound SSL decryption best practices

Internal Security Rules Best Practices and Analysis

• Internal traffic security best practices
• Internal traffic requirement workflows
• Application Override policies
• Intrazone traffic best practices

Administratively Hardening PAN-OS

• Role-based access control
• Multi-factor authentication
• Administrative best practice principles
• Hardening administrative interfaces

Reducing Policy se?t and Simplification

• Tag unused rules using Policy Optimizer
• Implement policy hygiene
• Describe how to use Address Groups and regions to reduce the policy set
• Describe Zero Trust architecture