About this Course

Code TPPA-210
Duration 5 Days
Special Notices

If both classroom and virtual dates are available for this course please specify your preference when booking.

The Palo Alto Networks Firewall 8.1 Essentials: Configuration and Management (210) course is five days of instructor-led training that will enable you to:

  • Configure and manage the essential features of Palo Alto Networks® next- generation firewalls
  • Configure and manage GlobalProtect to protect systems that are located outside of the data center perimeter
  • Configure and manage firewall high availability
  • Monitor network traffic using the interactive web interface and firewall reports


Students must have a basic familiarity with networking concepts including routing, switching, and IP addressing. Students also should be familiar with basic security concepts. Experience with other security technologies (IPS, proxy, and content filtering) is a plus.

Delegates will learn how to

Successful completion of this five-day, instructor-led course will enhance the student’s understanding of how to configure and manage Palo Alto Networks® next-generation firewalls. The student will learn and get hands-on experience configuring, managing, and monitoring a firewall in a lab environment.


Module 1: Next Generation Security Platforms and Architecture

  • Security platform overview
  • Next-generation firewall architecture
  • Zero Trust security model
  • Public cloud security
  • Firewall offerings

Module 2: Virtual and Cloud Deployment

  • VM-Series Firewall
  • Cloud Overview
  • Cloud Infrastructure
  • Public Cloud Use Case: AWS

Module 3: Initial Configuration

  • Administrative Controls
  • Initial System Access
  • VM-Series Initial Configuration
  • Configuration Management
  • Licensing and Software Updates
  • Account Administration
  • Viewing and Filtering Logs

Module 4: Interface Configuration

  • Security zones and interfaces
  • Tap interfaces
  • Virtual Wire interfaces
  • Layer 2 interfaces
  • Layer 3 interfaces
  • Virtual routers
  • VLAN interfaces
  • Loopback interfaces
  • Policy-based forwarding

Module 5: Security and NAT Policies

  • Security policy fundamental concepts
  • Security policy administration
  • Network Address Translation
  • Source NAT configuration
  • Destination NAT configuration

Module 6: App-ID

  • Application Identification (App-ID) overview
  • Using App-ID in a Security policy
  • Identifying unknown application traffic
  • Updating App-ID

Module 7: Content-ID

  • Content-ID overview
  • Vulnerability Protection Security Profiles
  • Antivirus Security Profiles
  • Anti-Spyware Security Profiles
  • File Blocking Profiles
  • Attaching Security Profiles to Security policy rules
  • Telemetry and threat intelligence
  • Denial of service protection

Module 8: URL Filtering

  • URL Filtering Security Profiles
  • Attaching URL Filtering Profiles

Module 9: Decryption

  • Decryption concepts
  • Certificate management
  • SSL Forward Proxy decryption
  • SSL Inbound Inspection
  • Other decryption topics:
    • Unsupported applications
    • No decryption
    • Decryption port mirroring
    • Hardware security modules
    • Troubleshooting SSL session terminations

Module 10: WildFire™

  • WildFire concepts
  • Configuring and managing WildFire
  • WildFire reporting

Module 11: User-ID

  • User-ID overview
  • User mapping methods overview
  • Configuring User-ID
  • PAN-OS® Integrated agent configuration
  • Windows-based agent configuration
  • Configuring group mapping
  • User-ID and Security policy

Module 12: GlobalProtect

  • GlobalProtect overview
  • Preparing the firewall for GlobalProtect
  • Configuration: GlobalProtect Portal
  • Configuration: GlobalProtect Gateway
  • Configuration: GlobalProtect agents

Module 13: Site-to-Site VPN's

  • Site-to-site VPN
  • Configuring site-to-site tunnels
  • IPsec troubleshooting

Module 14: Monitoring and Reporting

  • Dashboard, ACC, and Monitor
  • Log forwarding
  • Syslog
  • Configuring SNMP

Module 15: Active/Passive High Availability

  • HA components and operation
  • Active/passive HA configuration
  • Monitoring HA state

Module 16: Next Generation Security Practices

  • Migration Guidelines
  • Analyzing ACC Information
  • Optimizing Security Profiles
  • Heatmap and Best Practice Assessment (BPA)

5 Days


This is a QA approved partner course

Delivery Method

Delivery method


Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.