Training Video Course

PCNSE: Palo Alto Networks Certified Network Security Engineer

PDFs and exam guides are not so efficient, right? Prepare for your Palo Alto Networks examination with our training course. The PCNSE course contains a complete batch of videos that will provide you with profound and thorough knowledge related to Palo Alto Networks certification exam. Pass the Palo Alto Networks PCNSE test with flying colors.

Rating
4.43rating
Students
111
Duration
00:51:06 h
$16.49
$14.99

Curriculum for PCNSE Certification Video Course

Name of Video Time
Play Video: Preview2
1. Preview2
2:14
Play Video: Palo Alto Firewalls overview
2. Palo Alto Firewalls overview
7:03
Play Video: Deployment Options
3. Deployment Options
2:41
Play Video: Layer 2 deployment
4. Layer 2 deployment
25:15
Play Video: Layer 3 deployment
5. Layer 3 deployment
12:29
Play Video: Layer 2 deployment and spanning tree
6. Layer 2 deployment and spanning tree
9:14
Play Video: Layer 2 Features and Limitations with demonstration
7. Layer 2 Features and Limitations with demonstration
9:54
Play Video: Virtual Wire deployment
8. Virtual Wire deployment
18:35
Play Video: Virtual Wire IP Classify
9. Virtual Wire IP Classify
19:38
Play Video: Tap Mode deployment
10. Tap Mode deployment
9:13
Play Video: Initial Configuration
11. Initial Configuration
3:14
Name of Video Time
Play Video: Create an Amazon AWS instance to practice
1. Create an Amazon AWS instance to practice
10:01
Play Video: Setup Amazon AWS for lab testing, add a windows AD server
2. Setup Amazon AWS for lab testing, add a windows AD server
12:12
Play Video: AWS VPC setup, routing setup, route traffic through the AWS instance
3. AWS VPC setup, routing setup, route traffic through the AWS instance
19:02
Play Video: Create a DMZ segment in Amazon AWS, add a server to DMZ segment
4. Create a DMZ segment in Amazon AWS, add a server to DMZ segment
10:11
Play Video: AWS routing issue to be aware of
5. AWS routing issue to be aware of
4:11
Play Video: Unetlab EVE-NG name change
6. Unetlab EVE-NG name change
0:00
Name of Video Time
Play Video: Basic Settings
1. Basic Settings
5:46
Play Video: Changes and Committing changes
2. Changes and Committing changes
6:51
Play Video: Local Administrator Account with External Authentication
3. Local Administrator Account with External Authentication
9:54
Play Video: External Authentication Using Radius Server
4. External Authentication Using Radius Server
7:33
Play Video: System software Upgrade / Downgrade, global protect client install
5. System software Upgrade / Downgrade, global protect client install
4:27
Play Video: Dynamic Updates
6. Dynamic Updates
2:52
Play Video: Interface Management Profile
7. Interface Management Profile
4:38
Name of Video Time
Play Video: Security Zones and Traffic Processing
1. Security Zones and Traffic Processing
10:10
Play Video: Packet Flow
2. Packet Flow
9:33
Play Video: Rules based on application using App-ID
3. Rules based on application using App-ID
10:04
Play Video: Security Policy Rules for applications not running on application default ports
4. Security Policy Rules for applications not running on application default ports
7:43
Play Video: Application Override Policies - Custom Applications
5. Application Override Policies - Custom Applications
8:01
Play Video: URL Filtering Rules and Options
6. URL Filtering Rules and Options
13:51
Play Video: Custom URL Category
7. Custom URL Category
2:53
Play Video: Using Address Objects
8. Using Address Objects
5:51
Play Video: Using Service Objects
9. Using Service Objects
3:47
Play Video: Using Dynamic Block Lists
10. Using Dynamic Block Lists
4:42
Play Video: Using Tags
11. Using Tags
2:19
Name of Video Time
Play Video: User ID integration
1. User ID integration
8:04
Play Video: Installing User ID agent on AD
2. Installing User ID agent on AD
10:19
Play Video: Configure the firewall to use user ID agent
3. Configure the firewall to use user ID agent
9:03
Play Video: Configuring integrated User ID agent
4. Configuring integrated User ID agent
5:33
Play Video: Group to User ID mapping
5. Group to User ID mapping
5:36
Play Video: Making decisions based on user group membership example
6. Making decisions based on user group membership example
5:05
Play Video: Identifying Users using Captive Portal Redirect Mode
7. Identifying Users using Captive Portal Redirect Mode
6:13
Play Video: User ID mapping using CaptivePortal in Transparent Mode
8. User ID mapping using CaptivePortal in Transparent Mode
5:17
Play Video: Captive Portal using Broswer Challenge SSO example
9. Captive Portal using Broswer Challenge SSO example
16:51
Play Video: Relaying UserID information using XML example
10. Relaying UserID information using XML example
6:39
Play Video: User ID mapping using Syslog Messages example
11. User ID mapping using Syslog Messages example
3:34
Name of Video Time
Play Video: AntiVirius configuration
1. AntiVirius configuration
8:19
Play Video: Anti Spyware and DNS Sinkholing
2. Anti Spyware and DNS Sinkholing
11:36
Play Video: Creating custom Anti-Spyware signatures
3. Creating custom Anti-Spyware signatures
10:05
Play Video: Configuring Vulnerability Protection and Custom Signatures
4. Configuring Vulnerability Protection and Custom Signatures
11:37
Play Video: File Policies
5. File Policies
7:02
Play Video: Configuring Wildfire
6. Configuring Wildfire
8:35
Play Video: Wildfire Portal
7. Wildfire Portal
1:38
Play Video: Configuring Data Filtering - Data Leakage Prevention
8. Configuring Data Filtering - Data Leakage Prevention
8:37
Play Video: Denial Of Service Protection
9. Denial Of Service Protection
8:21
Play Video: Implementing Zone and Host Denial Of Service Protection
10. Implementing Zone and Host Denial Of Service Protection
10:02
Name of Video Time
Play Video: Certificates, Certificate of Autorities, and Decryption Concepts
1. Certificates, Certificate of Autorities, and Decryption Concepts
18:17
Play Video: SSL Forward Proxy - Trust Certificate - Local Cert on PaloAlto
2. SSL Forward Proxy - Trust Certificate - Local Cert on PaloAlto
7:33
Play Video: SSL Forward Proxy - Untrust Certificate - Local Cert on PaloAlto
3. SSL Forward Proxy - Untrust Certificate - Local Cert on PaloAlto
6:16
Play Video: SSL Forward Proxy Using an Internal PKI Subordinate CA
4. SSL Forward Proxy Using an Internal PKI Subordinate CA
9:05
Play Video: SSL Forward Proxy Blocking Threats in Encrypted Traffic - Demo
5. SSL Forward Proxy Blocking Threats in Encrypted Traffic - Demo
6:52
Play Video: SSL Inbound Inspection
6. SSL Inbound Inspection
8:24
Name of Video Time
Play Video: Understanding Dynamic NAT and port
1. Understanding Dynamic NAT and port
15:49
Play Video: Dynamic NAT and port configuration examples
2. Dynamic NAT and port configuration examples
19:36
Play Video: Dynamic NAT and port Egress Interface Multipe ISP consideration
3. Dynamic NAT and port Egress Interface Multipe ISP consideration
14:08
Play Video: What is the difference between Dynamic IP and Dynamic IP and port with examples
4. What is the difference between Dynamic IP and Dynamic IP and port with examples
10:14
Play Video: Static NAT concepts and example
5. Static NAT concepts and example
14:41
Play Video: Static NAT with Port Translation Use Case and scenario example
6. Static NAT with Port Translation Use Case and scenario example
18:37
Play Video: Static NAT with Port Translation Use Case and scenario example - part 2
7. Static NAT with Port Translation Use Case and scenario example - part 2
5:35
Play Video: Destination NAT and Destination NAT with Port Address Translation
8. Destination NAT and Destination NAT with Port Address Translation
7:31
Play Video: UTurn NAT with port translation
9. UTurn NAT with port translation
7:15
Play Video: Source and Destination NAT
10. Source and Destination NAT
10:30
Name of Video Time
Play Video: DHCP Services
1. DHCP Services
6:26
Play Video: Default Route
2. Default Route
5:02
Play Video: OSPF Routing
3. OSPF Routing
9:58
Play Video: BGP Routing
4. BGP Routing
4:51
Play Video: BGP Advertise
5. BGP Advertise
2:46
Play Video: Using Multiple Virtual Routers
6. Using Multiple Virtual Routers
9:06
Play Video: Multiple Virtual Routers NAT and Security Policy Example
7. Multiple Virtual Routers NAT and Security Policy Example
11:47
Play Video: Multiple ISP Failover Scenario using BGP
8. Multiple ISP Failover Scenario using BGP
16:39
Play Video: Multiple ISP Failover using floating Static Route
9. Multiple ISP Failover using floating Static Route
9:35
Play Video: Multiple ISP Failover using Policy Based Forwarding
10. Multiple ISP Failover using Policy Based Forwarding
8:07
Play Video: Multiple ISP Load Sharing using Policy Based Forwarding
11. Multiple ISP Load Sharing using Policy Based Forwarding
5:09
Name of Video Time
Play Video: High Availability Overview
1. High Availability Overview
13:22
Play Video: Active Passive Configuration Configuration Example
2. Active Passive Configuration Configuration Example
14:55
Play Video: High Availability Active / Passive different failure scenarios HA1 HA2 heartbeat
3. High Availability Active / Passive different failure scenarios HA1 HA2 heartbeat
15:18
Play Video: High Availability Active / Passive HA1-backup, HA2-backup configuration
4. High Availability Active / Passive HA1-backup, HA2-backup configuration
15:08
Play Video: High Availabilit active / passive link and path monitoring, HA operations
5. High Availabilit active / passive link and path monitoring, HA operations
13:00
Play Video: Active Active High availability intro, Floating IP
6. Active Active High availability intro, Floating IP
9:17
Play Video: Active Active with Floating IP configuration example
7. Active Active with Floating IP configuration example
22:23
Play Video: Active Active session owner, session setup using IP modulus, failover example
8. Active Active session owner, session setup using IP modulus, failover example
19:38
Play Video: Active Active Static Nat Configuration Example using NAT HA binding Primary
9. Active Active Static Nat Configuration Example using NAT HA binding Primary
10:50
Play Video: Active Active High Availability Arp Load Sharing Configuration Example
10. Active Active High Availability Arp Load Sharing Configuration Example
10:53
Name of Video Time
Play Video: IPv6 structure, addressing, unicast (link local, site local, global), multicast
1. IPv6 structure, addressing, unicast (link local, site local, global), multicast
14:31
Play Video: IPv6 neighbor discovery, icmpv6, dhcpv6
2. IPv6 neighbor discovery, icmpv6, dhcpv6
12:48
Play Video: IPv6 Stateles, Statefull DHCP, M Flag O Flag concepts
3. IPv6 Stateles, Statefull DHCP, M Flag O Flag concepts
8:04
Play Video: IPv6 basic firewall configuration example
4. IPv6 basic firewall configuration example
12:49
Play Video: IPv6 Network Prefix Translation NPTv6 configuration example
5. IPv6 Network Prefix Translation NPTv6 configuration example
11:05
Play Video: IPv6 NAT64 example connecting IPv6 only network to IPv4 Internet example
6. IPv6 NAT64 example connecting IPv6 only network to IPv4 Internet example
18:23
Play Video: IPv6 NAT64 example connecting IPv4 only network to IPv6 only network
7. IPv6 NAT64 example connecting IPv4 only network to IPv6 only network
12:09
Play Video: IPv6 issues related to Windows and policy based on IPv6 addresses, example
8. IPv6 issues related to Windows and policy based on IPv6 addresses, example
12:52
Play Video: IPv6 dhcpv6 relay on PaloAlto firewall example
9. IPv6 dhcpv6 relay on PaloAlto firewall example
8:01
Name of Video Time
Play Video: VPN IPSEC L2L intro and configuration steps
1. VPN IPSEC L2L intro and configuration steps
17:38
Play Video: VPN IPSEc L2L PaloAlto to PaloAlto Example
2. VPN IPSEc L2L PaloAlto to PaloAlto Example
18:31
Play Video: VPN IPSEc Site To Site Hub Spoke, Dynamic IP address example
3. VPN IPSEc Site To Site Hub Spoke, Dynamic IP address example
10:44
Play Video: VPN IPSEC L2L Paloalto to Cisco ASA configuration example
4. VPN IPSEC L2L Paloalto to Cisco ASA configuration example
9:34
Play Video: VPN IPSEC L2L Paloalto to Cisco ASA with Dynamic IP address
5. VPN IPSEC L2L Paloalto to Cisco ASA with Dynamic IP address
2:58
Play Video: IPsec Quick mode negotiation understanding
6. IPsec Quick mode negotiation understanding
8:49
Play Video: IKE main mode more details, explanation
7. IKE main mode more details, explanation
20:17
Play Video: Understanding IPSec Quick mode with PFS
8. Understanding IPSec Quick mode with PFS
12:28
Play Video: IKE security policies required and NAT-T explanation / example
9. IKE security policies required and NAT-T explanation / example
15:07
Play Video: IKEv1 main mode versus agressive mode, understand the difference
10. IKEv1 main mode versus agressive mode, understand the difference
13:04
Play Video: IKEv2 intro and differences between IKEv2 and IKEv1
11. IKEv2 intro and differences between IKEv2 and IKEv1
17:03
Play Video: IKEv2 Auth phase, IPsec associations, differences between Ikev1 and Ikev2
12. IKEv2 Auth phase, IPsec associations, differences between Ikev1 and Ikev2
20:34
Name of Video Time
Play Video: Global Protect Setup example
1. Global Protect Setup example
14:09
Play Video: Getting a free publicly trusted ssl certificate to test Global Protect
2. Getting a free publicly trusted ssl certificate to test Global Protect
11:03
Play Video: Setting up global protect for on-demand mode, discover agent settings
3. Setting up global protect for on-demand mode, discover agent settings
12:06
Play Video: Dual Factor Authentication Using Open Source Solution PrivacyIdea - demo
4. Dual Factor Authentication Using Open Source Solution PrivacyIdea - demo
16:53
Play Video: Joining a windows PC to AWS windows domain - vpn tunnel to AWS
5. Joining a windows PC to AWS windows domain - vpn tunnel to AWS
9:49
Play Video: Installing CA services on windows, certificate enrollment policy service, OCSP
6. Installing CA services on windows, certificate enrollment policy service, OCSP
11:17
Play Video: Global Protect Authentication using Dual Factor Token and Computer Certificate
7. Global Protect Authentication using Dual Factor Token and Computer Certificate
6:33
Play Video: Global Protect Always On User-Logon and Pre-Logon configuration
8. Global Protect Always On User-Logon and Pre-Logon configuration
7:29
Play Video: Global Protect Pre-Logon with User Logon (on demand) configuration example
9. Global Protect Pre-Logon with User Logon (on demand) configuration example
7:52
Play Video: Global Protect HIP Check
10. Global Protect HIP Check
10:59
Name of Video Time
Play Video: Azure Networking Concepts
1. Azure Networking Concepts
11:14
Play Video: Setup Palo Alto VM In Azure
2. Setup Palo Alto VM In Azure
12:08
Play Video: Protecting Virtual Machines in Azure behind Palo Alto firewall
3. Protecting Virtual Machines in Azure behind Palo Alto firewall
23:00
Name of Video Time
Play Video: Panorama concepts, hardware, template and template stack
1. Panorama concepts, hardware, template and template stack
18:56
Play Video: Panorama Device Group Concepts Part 1
2. Panorama Device Group Concepts Part 1
12:06
Play Video: Panorama Device Group and Object Iheritance
3. Panorama Device Group and Object Iheritance
12:46
Name of Video Time
Play Video: QoS Introduction
1. QoS Introduction
13:07
Play Video: QoS Download Upload Bandwidth Restriction
2. QoS Download Upload Bandwidth Restriction
11:35
Play Video: QoS Classification and Marking
3. QoS Classification and Marking
12:27
Play Video: QoS Classification and Markings Example
4. QoS Classification and Markings Example
12:32
Play Video: IPSec QoS lab setup overview
5. IPSec QoS lab setup overview
4:24
Play Video: Bandwidth Throttling IPSEc tunnels demo
6. Bandwidth Throttling IPSEc tunnels demo
7:34
Play Video: IPSec Tunnel QoS traffic classification
7. IPSec Tunnel QoS traffic classification
7:10
Play Video: IPSec Tunnel QoS controlling traffic bidirectionaly
8. IPSec Tunnel QoS controlling traffic bidirectionaly
9:22
Play Video: IPSec QoS Copy ToS Header Explanation and demo
9. IPSec QoS Copy ToS Header Explanation and demo
12:42
Name of Video Time
Play Video: Palo Alto 8.1 Section Intro
1. Palo Alto 8.1 Section Intro
7:08
Play Video: Provisioning PaloAlto Firewall 8.1 in AWS - Part 1
2. Provisioning PaloAlto Firewall 8.1 in AWS - Part 1
15:35
Play Video: Provisioning PaloAlto Firewall 8.1 in AWS - Part 2
3. Provisioning PaloAlto Firewall 8.1 in AWS - Part 2
23:00

Palo Alto Networks PCNSE Exam Dumps, Practice Test Questions

100% Latest & Updated Palo Alto Networks PCNSE Practice Test Questions, Exam Dumps & Verified Answers!
30 Days Free Updates, Instant Download!

Palo Alto Networks PCNSE Premium Bundle
$69.97
$49.99

PCNSE Premium Bundle

  • Premium File: 619 Questions & Answers. Last update: Dec 3, 2024
  • Training Course: 142 Video Lectures
  • Study Guide: 658 Pages
  • Latest Questions
  • 100% Accurate Answers
  • Fast Exam Updates

PCNSE Premium Bundle

Palo Alto Networks PCNSE Premium Bundle
  • Premium File: 619 Questions & Answers. Last update: Dec 3, 2024
  • Training Course: 142 Video Lectures
  • Study Guide: 658 Pages
  • Latest Questions
  • 100% Accurate Answers
  • Fast Exam Updates
$69.97
$49.99

Free PCNSE Exam Questions & PCNSE Dumps

File Name Size Votes
File Name
palo alto networks.test-king.pcnse.v2024-10-08.by.violet.154q.vce
Size
1.62 MB
Votes
1
File Name
palo alto networks.pass4sures.pcnse.v2021-11-25.by.marc.157q.vce
Size
3.61 MB
Votes
1
File Name
palo alto networks.braindumps.pcnse.v2021-10-13.by.lyla.92q.vce
Size
1.73 MB
Votes
1
File Name
palo alto networks.certkiller.pcnse.v2021-06-18.by.luka.103q.vce
Size
2.3 MB
Votes
1
File Name
palo alto networks.pass4sureexam.pcnse.v2021-03-03.by.daniel.103q.vce
Size
1.58 MB
Votes
2
File Name
palo alto networks.braindumps.pcnse.v2020-12-24.by.charlie.100q.vce
Size
3.07 MB
Votes
2

Palo Alto Networks PCNSE Training Course

Want verified and proven knowledge for Palo Alto Networks Certified Network Security Engineer? Believe it's easy when you have ExamSnap's Palo Alto Networks Certified Network Security Engineer certification video training course by your side which along with our Palo Alto Networks PCNSE Exam Dumps & Practice Test questions provide a complete solution to pass your exam Read More.

User ID integration

10. Relaying UserID information using XML example

In this lecture, we'll talk about the anti-spyware configuration. Palo Alto is another content ID feature that Palo Alto is able to provide chosen signatures to identify spyware on the network. The way it does this is by matching against signatures. It can also be done with DNS learning to determine if there are any machines affected by spyware on your network. By default, there are two anti-spy profiles. The default and then the strict profile Let's take a look at the difference between the two. The default profile For critical, it takes the defaultaction of the signature simple.It uses the default value for "high. So basically, it takes the default action of all the signatures. So if we take a look at all the signatures here, click on Show all signatures. You can see what the signature default is. If you are going to be using the default policy,you will be subject to the default action that's in the rules and you will not have any control over the action other than to take the default. If you're using the default policy, it will only alert on DNS signatures. So DNS signatures are basically your clients' attempts to reach command and control IP addresses, which is an indication of the machine infected with spyware. Let's take a look at the rules. The difference between the default and strict isstrict would be reset for both clients and servers in the event of a critical high medium. The exception tab allows you to make exceptions for signatures that might be false positives for your environment.

DNS signatures are configured to block So for DNS signatures, in the event of strict, it's set to block, and then you can create your own. So we're going to go ahead and create an outbound policy and then we're going to add rules. There are different categories as well. You can make your policy based on the different categories of malware. Is it Edwar, backdoor, botnet, browser,hijack, data theft, keylogger network, peer-to-peer communication, and spyware? So those are different categories. I basically see spyware as a risk no matter what. So I'd like to take action against the higher medium of reselling the connection. The actions that you can do are allow alert, drop,reset, client reset, server reset, reset both, and block IP. Block IP is the most intrusive because it's going to block the IP of the client that's infected by spyware. Either reset or remove. We'll go ahead and do both resets. You can packet capture the traffic this way. You can do some forensics on it to determine what the communication was between the client and the server.

You can do single packet capture or you can do extended packet capture. It's up to you. If you're going to do extended packet capture and you have a lot of traffic in your environment, you might underestimate the amount of disc space consumed on your firewall. I'm going to do extended packet capture, but we'll set this policy for critical high, medium, and low. It's better to make the action be alert. Maybe if you want to investigate further, maybe a single packet capture. This way, you can determine if this is a false positive or not. And then we'll call this low informational. Click "okay" under exceptions. This is where you can make exceptions for signatures that might be triggering falsely for your environment. You can show all the signatures, and you can make exceptions for signatures. You can see all the signatures here. 122 pages. There are quite a lot of them. You can click on any of them and see the details, or you can specify an exception for a signature to be allowed. For example, this is an exception you can make. Let's say this signature is falsely triggering, then you can make it allow DNS signatures. DNS signatures allow you to monitor DNS traffic that is leaving your network and determine if there is any spyware or malware command and controllookup from clients in your environment.

And then you can allow or block those signatures, you can block those DNSqueries, or you can sync hold them. What sync holds allows you to do is send traffic to a specific IP address in your environment, and this way you can do further investigation into which machine. Clients typically do not query the DNS public DNS directly in the environment; instead, they go through your DNS server. So because of that, you wouldn't know exactly which client was the one that did the DNS query because the DNS query would be coming from your internal DNS server. So in order to get around that, you can sync hold, which means it's going to send traffic to an internal IP address on maybe yourIRS server, an internal IRS server, or maybe an internal server that you can do intelligent things like determining the actual client IP address that is searching for this DNS query that points to spyware. So a sync call is a great way to accomplish this.

Enabling passive monitoring enables the firewall to passively monitor DNS traffic that passes through the firewall. Determine if there's any DNSmatching signature against spyware. You can also do single packet capture or extended packet capture. So we're going to sync hold IPV4 to an IP address and then we can sync hold to an IP address on the firewall. So ten one, and this is going to be the loopback address that we're going to create on the firewall. We're going to go to network loopback. We'll add a loopback address, loop back one, and then we'll specify this to be the virtual router default and then the security zone trust and give it an IP address of ten (132). We'll go ahead and put this in a new security zone. I will call this zone "the sinkhole". This way, we can create a rule or policy on the firewall. This rule can allow us to alert clients that are trying to reach the Sync Hall.

Okay, we went ahead and created a new zone called Sync Hall. And then if a client machine on the internal network is infected, it's going to try to reach this IP address, which is in the sinkhole security zone. So now we can create a policy. We'll call this policy something like Sinkhole DNS, and then we'll specify the source to be trusted and the destination to be sinkhole. And then we're going to specify the permit. This will allow us to log traffic that is trying to reach the sync hole. So basically, what's going to happen is that the firewall will log the communication between clients and the sync hole. You can configure logix in your sync log server to notify you if any traffic is received from the rule synchro. You can do some intelligent alerting and such. So this will allow us to take another level of action. If a client on the internal network attempts to connect to the Sync Hold IP address, this Sync Hold IP address is used. Which is an IP address that you send to clients in response to their trying to resolve malware or spyware sites.

It will basically send them to school. This client would ping the sync host IP address and then any such events that are seen on the monitoring logs on your firewall. You can turn it on. If you are falling back to a syslog server and you want to trigger an alert based on receiving such traffic or logs hitting such a rule,this creates the anti-spyware security profile. Now we need to apply for a policy. We're going to go to policies, and then we'll find all the outbound traffic and then add this profile to the list of profiles that the firewall would do content inspection against. So let's find a trust to untrust rules. Allow yourself to trust and untrust. So this one will go ahead and add the antipower profile and then when you add it, you will see it here. And then, since this is blocked, we don't need to URL filtering rules, but we also need to do the spyware protection. So as we progress through the lectures, we build this profile, and then I'll show you later on how to group them in an easy-to-manage way. Now that you've completed this, you should go ahead and commit, and then commit to the changes. In the next lecture, I'll show you how to create a custom spyware signature so you can make sure your anti-spyware is working correctly.

11. User ID mapping using Syslog Messages example

In this lecture we will see how to configure the Palo Alto Firewall to receive SYSLOGinformation and then map IP addresses to users. In our example here, this hypothetical scenario, we have users connect to the any connect VPN and all your traffic goes out to the Internet using the Palo Alto Firewall. So we want to make restrictions based on user ID on the Palo Alto firewall. So in this case, since the SA doesn't support agents from Palo Alto, we can use Syslog to send Syslog information from the SA to the Palato firewall. This way, it can get the user to IP mapping from the essay on the ASA itself. We just basically need to enable logging and send the information to the IP address of the Palo Alto Firewall. Two steps need to be in place to be able to The first step is the interface configuration. The management profile needs to have the UDP Syslog listener configured.

So if we look at the trust interface, we see that we have the management profile trust. So we need to go to the management profile and add user ID syslog Listener UDP. The next step we have to do is go to Device User Identification and then we're going to add it under server monitor.We can add it as a monitor and specify that the type is Syslog server. We're going to put in the IP address of the ASE interface that's sending the Syslog events and specify UDP. And in the filter we're going to specify Cisco, AC, and e-connect v1, which is an aSyslog filter that's been pre-created by Palo Alto. Click "okay." And then when you go ahead and commit, commit. So when users connect to the ASA, they will get an IP address and, basically, the AC will send this Syslog message to the Palo Alto Firewall. That Syslock message will assist Palo Alto in determining who is logging in from this IP address. Click on administrator here and we're going to put the domain name lab. We need to add that as well, so we know which domain to associate with that user ID. And then I'm going to go ahead and connect to the interconnect, and basically, when I connect to any connect, the AC will send a Systlog message to the Palo Alto Firewall. So if we do show user IP user mapping,we see that the IP address information came from the Sydney log event that was received. That basically helps identify which users are coming from which IP address.

Threat Prevention

1. AntiVirius configuration

In this lecture, we'll talk about the antivirus feature. The antivirus engine detects and blocks viruses, spyware, phone, home spyware, downloads,botnets, worms, and Trojans. Additional features above and beyond protect your network from a wide range of threats. include inline streambased malware protection against malware embedded within compressed files and web content, DNS-based botnet analysis to reveal rapidly evolving malware networks and malicious websites, and HTML and malicious JavaScript protection. You can also leverage the SSL decryption within the app ID to block viruses embedded in SSL traffic. The key advantage of the PaloAlto solution is that it's stream-based. It takes the stream of traffic and dynamically analyses it for antivirus signatures. The Palo Alto Network Antivirus engine uses tree-based scanning to inspect your traffic as soon as the first packet of a file is received. This eliminates the performance and latency issues associated with a traditional proxy or file-based approach.

As with IPS, a uniform signature format is used for virus scanning. The same process that is used by the IPS is also used by the antivirus scanner. It eliminates redundant processes common to multiple scanning engine solutions. Because the packet is looked at once, it's matched against IPS and it's matched against antivirus,and basically that gives it a more efficient way of processing the traffic. There's also the continuous research that Paul Alto does. It takes the information from the Wildfire solution that we're going to talk about in later lectures. The Wildfire solution allows Palo Alto users to dynamically analyse files in the cloud. In the Wildfire Cloud, this information is received by the Wildfire Cloud and is used to match the traffic for all the customers. So it's kind of a crowdsourcing solution for anti malware.under objects. There are security profiles and antivirus. There is a default policy that comes with the system. We're going to go ahead and create a policy for our environment. We're going to call this outbound. Ez. You can do a packet capture if the ML was spotted on the network and antivirus software was spotted.

There are different decoders that the Palo Alto Firewall uses to decode packets. SMB for file sharing, SMTP, IMAP, HTTP, and FTP. You can specify different actions. For example, you can allow, you can alert, you can drop,you can reset clients or reset servers, or reset both. If the Wildfire determines that there's malware, you can also determine what action you're going to take. Allow alert, drop, and reset. The Wildfire action allows the system to not only use the signature based on the third prevention, but also check the Wildfire database to see if there's any match for the file in question. I personally like to use the drop feature so that the traffic is dropped completely, and I'm going to specify to drop across all the protocols. And then you can make an application exception, so you can specify an exception for a specific application. For example, you can specify an application from the application list and change the action to "maybe alerts." You can also make a virus exception based on thread ID. So let's say there was a thread ID that is false positive and you know it's not correct and you need to pass the file across your environment.

You can make an exception based on threat ID. Typically, what happens is you see this in the logs and then you can make an exception for the threat ID. One crucial point is that you have to make sure that you are updating your system under Devices dynamic updates. There's an antivirus update that you can schedule. You can schedule this hourly, daily, weekly, or none. You can do a download and install or just download only.You can specify a download every x number of minutes from the start of the hour. You can do it ten minutes after the start of the hour. Let's say you have multiple schedules and you want to scatter them out. It's important to keep your system updated with the latest antivirus signatures. You can also make sure that you get updates on the wildfire. You can do this every 15 minutes, every 30 minutes, or every hour. Download and install it. So this way, your system is always up to date on the latest threats. Going back to our policy here,we saw two different actions.

You have the antivirus, the action antivirus, and the wildfire action. They do check different databases. The action checks the antivirus database, the wildfire action checks the wildfire database. You also have to make sure you have the proper licenses. In order for you to do the detection of viruses, you need to have a Threat Prevention License. The threat prevention licence gives you antivirus, anti-spyware, and vulnerability protection. So we created the antivirus and now we want to basically apply it to our traffic for it to detect any viruses going across the network. What you need to do is determine the type of traffic that you want to check and then add the profile for that traffic.

We'll go ahead and use pretty much all the traffic from trust to trust, and we are going to check for viruses. To do this, you open the firewall rule,go to action, and choose Profile, and specify the profile that you want to use. So we'll go ahead and since this is blocked, you don't need to check it. This rule here is blocked for URL filtering. Also, we want to make sure we check for viruses, so we'll select the interval profile we created. Also, for the general rule, we can now specify the antivirus that we created. antivirus profile that we created. So you see here a different icon popped under your profile and you can hover around it and see the name and that will basically give you coverage to protect you from viruses on your network. Of course you need to commit, and after committing,of course the traffic is protected from viruses.

2. Anti Spyware and DNS Sinkholing

In this lecture we'll talk about the anti-spyware configuration. Anti-Spyware is another content ID feature that Palo Alto is able to provide chooses signatures to identify spyware on the network. The way it does this is by matching against signatures. It can also be done with DNS learning to determine if there are any machines affected by spyware on your network. By default, there are two anti-spy profiles. The default and then the strict profile Let's take a look at the difference between the two. The default profile For critical, it takes the defaultaction of the signature simple.

It uses the default value for high. So basically, it takes the default action of all the signatures. So if we take a look at all the signatures here, click on Show all signatures. You can see what the signature default is. If you are going to be using the default policy,you will be subject to the default action that's in the rules and you will not have any control over the action other than to take the default.

If you're using the default policy, it will only alert on DNS signatures. So DNS signatures are basically your clients' trying to reach command and control IP addresses, which is an indication of the machine infected with spyware. Let's take a look at the rules. The difference between the default and strict isstrict would be reset for both clients and servers in the event of a critical high medium. The exception tab allows you to make exceptions for signatures that might be false positives for your environment. DNS signatures are configured to block. So for DNS signatures, in the event of strict, it's set to block, and then you can create your own. So we're going to go ahead and create an outbound policy and then we're going to add rules. There are different categories as well. You can make your policy based on the different categories of malware. Is it Edwar, backdoor, botnet, browser,hijack, data theft, keylogger network, peer-to-peer communication, and spyware? So those are different categories.

I basically see spyware as a risk no matter what. So I'd like to take action against the higher medium of reselling the connection. The actions that you can do are allow alert, drop,reset, client reset, server reset, reset both, and block IP. Block IP is the most intrusive because it's going to block the IP of the client that's infected by spyware. Either reset or drop. We'll go ahead and do both resets. You can packet capture the traffic this way. You can do some forensics on it to determine what the communication was between the client and the server. You can do single packet capture or you can do extended packet capture. It's up to you. If you're going to do extended packet capture and you have a lot of traffic in your environment, you might underestimate the amount of disc space consumed on your firewall. I'm going to do extended packet capture, but we'll set this policy for critical high, medium, and low.

It's better to make the action be alert. Maybe if you want to investigate further, maybe a single packet capture. This way, you can determine if this is a false positive or not. And then we'll call this low informational. Click "okay" under exceptions. This is where you can make exceptions for signatures that might be triggering falsely for your environment. You can show all signatures and you can make exceptions for signatures. You can see all the signatures here. 122 pages. There are quite a lot of them. You can click on any of them and see the details, or you can specify an exception for a signature to be allowed. For example, this is an exception you can make. Let's say this signature is falsely triggering, then you can make it allow DNS signatures. DNS signatures allow you to monitor DNS traffic that is leaving your network and determine if there is any spyware or malware command and controllookup from clients in your environment. And then you can allow or block those signatures, you can block those DNSqueries, or you can sync hold them. What sync holds allows you to do is send traffic to a specific IP address in your environment, and this way you can do further investigation into which machine.

Clients typically do not query the DNS public DNS directly in the environment; instead, they go through your DNS server. So because of that, you wouldn't know exactly which client was the one that did the DNS query because the DNS query would be coming from your internal DNS server. So in order to get around that, you can sync hold, which means it's going to send traffic to an internal IP address on maybe yourIRS server, an internal IRS server, or maybe an internal server that you can do intelligent things like determining the actual client IP address that wassearching for this DNS query that points to spyware. So a sync call is a great way to accomplish this. Enabling passive monitoring enables the firewall to passively monitor DNS traffic that passes through the firewall. Determine if there's any DNSmatching signature against spyware. You can also do single packet capture or extended packet capture. So we're going to sync hold IPV four to an IP address and then we can sync hold to an IP address on the firewall. So ten one, and this is going to be the loopback address that we're going to create on the firewall.

We're going to go to network loopback. We'll add a loopback address, loop back one, and then we'll specify this to be the virtual router default and then the security zone trustand give it an IP address of ten (132).We'll go ahead and put this in a new security zone. I will call this zone "sinkhole".This way, we can create a rule or policy on the firewall. This rule can allow us to alert clients that are trying to reach the Sync Hall. Okay, we went ahead and created a new zone called Sync Hall. And then if a client machine on the internal network is infected, it's going to try to reach this IP address, which is in the sinkhole security zone. So now we can create a policy. We'll call this policy something like Sinkhole DNS, and then we'll specify the source to be trusted and the destination to be sinkhole. And then we're going to specify to permit. This will allow us to log traffic that is trying to reach the sync hole. So basically, what's going to happen is the firewall will log the communication between clients and the sync hole. You can make logix in your sync log server to alert you if any of the traffic gets received from the rule synchall. You can do some intelligent alerting and such. So this will allow us to take another level of action.

If a client on the internal network attempts to connect to the Sync Hold IP address, this Sync Hold IP address is used. Which is an IP address that you send to clients in response to their trying to resolve malware or spyware sites. It will basically send them to the sychole. This client would ping the sync host IP address and then any such events that are seen on the monitoring logs on your firewall. You can turn it on. If you are falling to a syslog server and you want to trigger an alert based on receiving such traffic or logs hitting such a rule,this creates the anti-spyware security profile.

Now we need to apply to a policy. We're going to go to policies, and then we'll find all the outbound traffic and then add this profile to the list of profiles that the firewall would do content inspection against. So let's find a trust to untrust rules. Allow yourself to trust and untrust. So this one will go ahead and add the antipower profile and then when you add it, you will see it here. And then, since this is blocked, we don't need to URL filtering rules, but we also need to do the spyware protection. So as we progress through the lectures, we build this profile and then I'll show you later on how to group them in an easy to manage way. Now that you've completed this, you should go ahead and commit, and then commit to the changes. In the next lecture, I'll show you how to create a custom spyware signature so you can make sure your anti-spyware is working correctly.

Prepared by Top Experts, the top IT Trainers ensure that when it comes to your IT exam prep and you can count on ExamSnap Palo Alto Networks Certified Network Security Engineer certification video training course that goes in line with the corresponding Palo Alto Networks PCNSE exam dumps, study guide, and practice test questions & answers.

Comments (5)

Add Comment

Please post your comments about PCNSE Exams. Don't share your email address asking for PCNSE braindumps or PCNSE exam pdf files.

  • angel
  • France
  • Sep 28, 2024

I have just managed to deploy Palo-Alto networks without any difficulty. It is actually because of the effective training I go here. thank you so much for simplifying the complex.

  • samson
  • Mexico
  • Sep 09, 2024

The certification has opened so many doors for me. Currently, the hiring managers are always asking me to attend their interviews because there are limited professionals.

  • norah
  • Netherlands
  • Aug 22, 2024

I am so happy that I have passed the exam. It was so easy mainly because I had go the best training ever. Never do an exam with insufficient knowledge. You might fail terribly.

  • gladwell
  • Singapore
  • Aug 02, 2024

The introduction of this course is so perfect. It let you know what is featured in the whole training even before you start learning the basics. It actually made me prepared for the topics properly.

  • harry
  • Chile
  • Jul 17, 2024

Here is the best training I have ever wanted to attend to. All the concepts are covered based on the exam objectives and no single topic is even omitted.

Add Comment

Purchase Individually

PCNSE  Premium File
PCNSE
Premium File
619 Q&A
$43.99 $39.99
PCNSE  Training Course
PCNSE
Training Course
142 Lectures
$16.49 $14.99
PCNSE  Study Guide
PCNSE
Study Guide
658 Pages
$16.49 $14.99

Palo Alto Networks Certifications

Only Registered Members can View Training Courses

Please fill out your email address below in order to view Training Courses. Registration is Free and Easy, You Simply need to provide an email address.

  • Trusted by 1.2M IT Certification Candidates Every Month
  • Hundreds Hours of Videos
  • Instant download After Registration

Already Member? Click here to Login

A confirmation link will be sent to this email address to verify your login

UP

LIMITED OFFER: GET 30% Discount

This is ONE TIME OFFER

ExamSnap Discount Offer
Enter Your Email Address to Receive Your 30% Discount Code

A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.