As the new year hits, I have new resolutions, and these entail getting my feet wet with Palo Alto Networks, due to my job and many other factors I’m open to learning and get certified on the PCNSE, which stands for Palo Alto Networks Certified Network Security Engineer
The Certification Requirements
This exam contains 75 questions and over 80 minutes - The intended audience are engineers that currently work with Next-generation firewalls and would like to take their knowledge to the next level. They recommend having 3 to 5 years of experience
Recommended Training
Firewall Essentials: Configuration and Management (EDU-210) or digital learning (EDU-110) Panorama: Managing Firewalls at Scale (EDU-220) or digital learning (EDU-120)
In my case I have been using the Digital Learning version of their training, this seems to be available if you are PAN partner, luckily I have access to it, I have not tested with an account that is not associated with a Partner company, so my knowledge of availability is limited on that one.
What will you be tested on?
Like any other exam, this one is tested by different Knloledge domains:
16% - Plan
23% - Deploy and Configure
20% - Operate
18% - Configuration and Troubleshooting
23% - Core Concepts
Plan
This section concentrates on different objective domains that contain lots of PAN tools and available software to help enforce the Network Security of an enterprise
Securing the Enterprise
Securing the Cloud
It goes over few other aspects as sizing and understanding of the platforms, so lots of Product placing on this section, and lots of other helpful stuff that is critical for success on the certification exam, as well as in real life
Firewall Sizing
Security Policies
Security Zones
Traffic Processing sequences
Enterprise Management of Firewalls
Virtual Firewall in the Cloud
The next visible section talks about High Availability and the different options of HA you have, some of the demonstrations I will have on these posts will be limited to only one device, yes I was able to score a Virtual appliance but not 2 :(
High Availability
HA Modes
Active/Active
Active/Passive
Another important aspect for this section of the exam is to identify the type of Interfaces available in your PAN appliance or VM
TAP
Virtual Wire
Layer 2
Layer 3
Decrypt Mirror
Aggregate Interfaces
Virtual Interfaces
VLAN Interfaces
Loopback Interfaces
Tunnel Interfaces
Virtual Routers
GRE Tunnels
Planning for Logging is critical and is also part of this section
Event Logging on Firewall
Distributed Log Collection
On-Premises and Cloud Log Collection
Virtual Firewalls and Public Cloud is also key and important to understand, there is a big section that goes over this
Virtual Firewalls
Public Cloud
Hybrid Cloud
The next few sections can be condensed to best practices configuration items as follows:
Admin Accounts and Roles
Authentication, Authorization, MFA
Panorama Access Domains
Certificate Operations
Dynamic Routing
Mitigation of Resource Exhaustion (Zone Protection Profiles, DoS Protection Profiles
Deploy and Configure
For the interesting stuff, because we are here to also do for the sake of learning, the deployment and Configuration section is a lot of the things that were mentioned in the previous section.
Flagship functionality and Features - how to implement them in real life
User-ID
App-ID
URL Filtering
Some regular firewall stuff and how does it work with PANOS
VPN Connectivity (Remote VPN)
Site to Site VPN
Implementing NAT Policies
Implementing Security Profiles
Implementing Security Rules
Operate
This section is interesting because it starts by helping you make sense of many of the things that you configure and how to interpret the data
Logging Considerations
Destination Types and Formatting
Reports: User Activity Reports, APP Scores, Application Command Center, Automated Correlation Engine
Log Forwarding, Filtering and Tagging
Updating your Firewall (Standalone, HA)
Running Configuration and Candidate Configuration
Configuration and Troubleshooting
This is where we spend most of our times, troubleshooting and making sure we can block or forward packets as intended
Packet Captures and How to use them
Automatic Thread detection Captures
Manual Packet Captures
Troubleshoot Interfaces
Troubleshooting SSL Decryption
Core Concepts
Not sure why this one is listed as the last component on the Study Guide, but I suspect is the combination of the multiple things we went over, so I will list them for reference
Policies and Matching of policies
Mitigating APT
Security Policies and Profiles
Management and Data Planes
WildFire
What to Look Forward to?
As I continue studying for this exam you will see more information that I think will be useful for me to succeed on the exam. I hope this helps someone out there as well :)
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration) With more than 15 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.