• Identify the security
• Identify the NGFW
• Identify Panorama
• Understand the PAN-OS subscriptions and the features they
• Understand plug-in

Task 1.2聽 聽Differentiate between deployment considerations of virtual form factors.

• Understand public cloud virtual 铿乺ewall deployment
• Understand hybrid cloud virtual 铿乺ewall deployment
• Understand private cloud virtual 铿乺ewall deployment
• Understand container 铿乺ewall deployment

Task 1.3聽 Determine appropriate interface types for various environments

• Leverage Layer 2
• Leverage Layer 3
• Leverage vWire
• Leverage Tap
• Leverage sub-interfaces.
• Leverage tunnel
• Leverage aggregate
• Leverage loopback
• Leverage decrypt mirror

Task 1.4聽 聽Identify decryption deployment strategies

• Understand the risks and implications of enabling
• Identify what cannot be
• Understand the impact to the hardware of enabling
• Identify use cases and con铿乬ure SSH
• Identify uses of decryption pro铿乴es.
• Understand the impact of using SSL

Task 1.5聽 聽Understand how to insert the 铿乺ewall within a larger security stack

• Identify the main use cases of decryption
• Identify the purpose of clear text pass-through.

Task 1.6聽 聽Plan User-ID deployment

• Identify the methods of building user to IP
• Differentiate User-ID
• Identify the methods of User-ID
• Identify the methods for group
• Identify the use of username and domain name in HTTP header insertion.

Task 1.7聽 聽Identify the purpose of captive portal, MFA and the authentication policy

• Identify the purpose of and use case for MFA and the Authentication policy.
• Identify the dependencies for implementing

Task 1.8聽 聽Summarize the components of Palo Alto Networks SD-WAN deployments

• Identify requirements for a PAN-OS SD-WAN
• Identify requirements for a Prisma SD-WAN
• Identify whether to use Prisma SD-WAN for an SD-WAN
• Identify SD-WAN

Task 1.9聽 聽Differentiate between the fundamental functions of the management plane and data plane

• Identify functions that reside on the management
• Identify functions that reside on the data
• Scope the impact of using SSL
• Scope the impact of turning logs on for every security

• Con铿乬ure the SSH management pro铿乴e.
• Con铿乬ure the SSL/TLS pro铿乴e.
• Con铿乬ure interface

Task 2.2聽聽聽聽 Deploy and con铿乬ure security pro铿乴es

• Identify and con铿乬ure the different security pro铿乴es and security pro铿乴e
• Identify steps needed to create a custom security pro铿乴e.
• Con铿乬ure exceptions to a security pro铿乴e.
• Identify the relationship between URL 铿乴tering and credential theft prevention.
• Identify the impact of turning logs on for every security

Task 2.3聽聽聽聽 Con铿乬ure App-ID

• Identify how to create security rules to implement App-ID without relying on port-based
• Migrate port and protocol
• Identify the impact of application override to the overall functionality of the 铿乺ewall.
• Create custom apps and

Task 2.4聽聽聽聽 Con铿乬ure zone protection, packet buffer protection and DoS protection

• Implement zone protection pro铿乴es.
• Implement denial-of-service
• Implement packet buffer

Task 2.5聽聽聽聽 Implement the 铿乺ewall to meet business requirements that leverage the Palo Alto Networks product portfolio

• Plan a NGFW
• Implement a single 铿乺ewall.
• Implement an active passive High Availability
• Understand the considerations of advanced HA
• Implement zero touch
• Con铿乬ure

Task 2.6聽聽聽聽 Con铿乬ure authorization, authentication and device administration

• Con铿乬ure RBAC for
• Understand the different methods to
• Implement the authentication
• Understand the device administration

Task 2.7聽聽聽聽 Con铿乬ure and manage certi铿乧ates

• Identify which Certi铿乧ates to
• Con铿乬ure certi铿乧ates.
• Manage certi铿乧ates.

Task 2.8聽聽聽聽 Con铿乬ure routing

• Con铿乬ure dynamic
• Con铿乬ure redistribution pro铿乴es.
• Con铿乬ure static
• Con铿乬ure route
• Con铿乬ure and understand policy-based forwarding and how it affects routing and FW

Task 2.9聽聽聽聽 Con铿乬ure Prisma Access

• Con铿乬ure service
• Con铿乬ure service
• Con铿乬ure mobile
• Con铿乬ure remote
• Understand the implications of regions, locations, and terms when con铿乬uring.

Task 2.10聽聽聽 Con铿乬ure GlobalProtect

• Understand the components of a
• Con铿乬ure
• Install
• Differentiate between logon
• Con铿乬ure clientless VPN.
• Understand GlobalProtect

Task 2.11聽聽聽聽 Con铿乬ure NAT

• Con铿乬ure features of NAT policy
• Con铿乬ure security
• Con铿乬ure

Task 2.12聽聽聽聽 Con铿乬ure decryption

• Con铿乬ure inbound
• Con铿乬ure SSL forward
• Con铿乬ure SSH

Task 2.13聽聽聽 Con铿乬ure site-to-site tunnels

• Con铿乬ure IPsec, GRE.
• Con铿乬ure one-to-one and one-to-many
• Determine when to use proxy

Task 2.14聽聽聽 Con铿乬ure SD-WAN

• Con铿乬ure PAN-OS.
• Con铿乬ure Prisma SD-WAN.
• Identify how to monitor SD-WAN connection status and failovers in Panorama.

Task 2.15聽聽聽 Con铿乬ure User-ID

• Understand captive
• Identify the bene铿乼s of using dynamic user groups in policy
• Identify the requirements to support dynamic user
• Identify how internal and external gateways can be
• Identify the use of username and domain name in HTTP header insertion.

Task 2.16聽聽聽 Con铿乬ure service routes

• Con铿乬ure default
• Con铿乬ure custom

Task 2.17聽聽聽 Con铿乬ure application-based QoS

• Select/identify the
• Select egress interface (and turn QoS on after con铿乬uring it).
• Con铿乬ure QoS policy
• Con铿乬ure QoS pro铿乴e.

Task 2.18聽聽聽 Con铿乬ure WildFire

• Con铿乬ure WildFire
• Con铿乬ure WildFire
• Con铿乬ure supported 铿乴e
• Con铿乬ure 铿乴e

• Identify how to use templates and template
• Identify how the order of templates in a stack affect the con铿乬uration push to a 铿乺ewall.
• Identify the components con铿乬ured in a
• Con铿乬ure variables in
• Identify the relationship between Panorama and devices as pertaining to dynamic updates versions and policy implementation and/or HA

Task 3.2聽聽聽聽 Con铿乬ure device groups

• Understand device group
• Identify what device groups
• Differentiate between different use cases for pre-rules and post-rules.
• Identify the impact of con铿乬uring a master

Task 3.3聽聽聽聽 Manage 铿乺ewall con铿乬urations within Panorama

• Identify how the Panorama commit recovery feature
• Identify the con铿乬uration settings for Panorama automatic commit
• Con铿乬ure commit
• Manage con铿乬
• Understand various commit type

• Identify log types and
• Manage external
• Create and manage
• Identify system and traf铿乧 issues using the web interface and CLI tools.

Task 4.2聽聽聽聽 Plan and execute the process to update a Palo Alto Networks system

• Update a single 铿乺ewall.
• Update HA
• Perform Panorama
• Schedule and manage dynamic
• Schedule and manage software

Task 4.3聽聽聽聽 Manage HA functions

• Con铿乬ure link
• Con铿乬ure path
• Identify when to use HA
• Tune
• Con铿乬ure A/A and A/P.
• Manage HA

Task 4.4聽聽聽聽 Identify the bene铿乼s and differences between the Heatmap and the BPA reports

• 4.4.1聽 Identify how to use the Heatmap and BPA to optimize FW con铿乬urations.

• Troubleshoot IPsec, GRE.
• Troubleshoot one-to-one and one-to-many
• Troubleshoot proxy

Task 5.2聽聽聽聽 Troubleshoot physical interfaces

• Troubleshoot
• Troubleshoot

Task 5.3聽聽聽聽 Troubleshoot SSL Decryption

• View decrypted traf铿乧 in
• View SSL decrypt info on
• Differentiate between supported and unsupported cipher
• Identify certi铿乧ate
• Troubleshoot inbound
• Troubleshoot SSL forward
• Troubleshoot SSH

Task 5.4聽聽聽聽 Troubleshoot routing

• Con铿乬ure dynamic
• Con铿乬ure redistribution pro铿乴es.
• Con铿乬ure static
• Con铿乬ure route
• Con铿乬ure and understand policy-based forwarding and how it affects routing and FW

Task 5.5聽聽聽聽 Investigate Traf铿乧 Patterns on the NGFW or Panorama

• Interpret log 铿乴es.
• Create and interpret
• Create and interpret
• Identify system and traf铿乧 issues using the web interface and CLI tools.

Task 5.6聽聽聽聽 Troubleshoot zone protection, packet buffer protection and DoS protection

• Troubleshoot zone protection pro铿乴es.
• Troubleshoot denial-of-service
• Troubleshoot packet buffer

Task 5.7聽聽聽聽 Troubleshoot GlobalProtect

• Troubleshoot connection problems to Portal.
• Troubleshoot connection problems to
• Troubleshoot connection problems to the provided
• Troubleshoot GP

Task 5.8聽聽聽聽 Troubleshooting PAN-OS-based SD-WAN

• Troubleshoot simple SD-WAN event
• Troubleshoot interpreting
• Troubleshoot VPN
• Troubleshoot App-Performance via Panorama
• Troubleshoot Link Performance via Panorama