Module 1 – Initial Configuration
• What Is Panorama?
• Flexible Deployment Options
• Modes in Panorama
• Panorama in the Cloud
• Connecting to Panorama
• Panorama Web Interface: Initial View
• Licensing Panorama
• Applying a Support License to Panorama
• Upgrading Panorama
• Downloading Panorama Dynamic Updates
• Scheduling Panorama Dynamic Updates
• Panorama Plugin Architecture
• Configure Management Interface Settings
• Configure Services
• Panorama Commit
• Committing to Panorama
• Committing to Panorama (Cont.)
• Pushing Changes to Managed Firewalls
• Scheduling a Configuration Push
• Editing Push Scope Selection
• Device Commit Monitoring
• Device Commit Monitoring (Cont.)
• Panorama Configuration Management
• Scheduled Panorama Configuration Export
• Firewall Configuration Backups on Panorama
Lab 1 Scenario: Initial Configuration
• Connect to the Class Desktop
• Connect to Panorama and Each Firewall
• Use the Panorama Web Interface to Verify License and System Information
• Configure Panorama Management Interface
• Verify Panorama DNS and Update Servers
• Verify Panorama NTP Servers
• Configure General Settings
• Schedule Panorama Config Export
• Configure Dynamic Updates for Panorama
• Save the Named Panorama Configuration Snapshot
• Export the Named Panorama Configuration Snapshot
Module 2 – Add Firewalls
• Adding New Firewalls to Panorama
• Configure Panorama to Connect to the Firewalls
• Configure the Firewall to Connect to Panorama
• Validating Firewall Connectivity
• Organizing Summary Information
• Manage Device Licenses
• Deploy PAN-OS Software to Firewalls from Panorama
• Pushing Content Updates from Panorama to Firewalls
• Schedule Dynamic Updates to Firewalls from Panoram
Lab 2 Scenario: Adding Managed Firewalls to Panorama
• Copy the Serial Number from firewall-a
• Copy the Serial Number from firewall-bAdd the Firewalls to Panorama
• Configure firewall-a to Communicate with Panorama
• Set the Location of firewall-a
• Configure firewall-b to Communicate with Panorama
• Set the Location of firewall-b
• Verify Both Firewalls are Connected to Panorama
• Modify Columns in the Summary Window
• Verify Firewall Licenses in Panorama
• Schedule Dynamic Updates to Firewalls
Module 3 – Templates
• Templates Overview
• Template Stacks
• Template Stack Examples
• Template Components Example
• Common Template Organization Strategies
• Example Template Structure
• Creating a Template
• Templates List
• Adding Elements to Templates
• Cloning a Template
• Creating Template Stacks
• Pushing Template Stack to Devices
• Overriding Template Settings on Firewall
• Overview of Template Variables
• Variable Use Case Example
• Template Variables
• Defining a Template Variable
• Creating a CSV File to Apply Template Variable Values
• Importing a CSV File to Apply Template Variable Values
Lab 3 Scenario: Templates
• Create a Global-Settings Template
• Configure the Global-Settings Template – General Settings
• Configure the Global-Settings Template – Log Settings
• Commit the Changes to Panorama
• Configure the Global-Settings Template – Administrator
• Create Interface Management Profiles
• Create Interfaces Variables
• Create Network Interfaces
• Modify Firewall Management Interface Settings
• Create a Virtual Router
• Create Security Zones
• Create a Template for the Americas Region
• Create a Syslog Server Profile in the Region-Americas Template
• Create an Email Server Profile in the Region-Americas Template
• Clone Region-Americas Template to Create Region-Europe Template
• Edit Settings in the Region-Europe Template
• Change the Header Banner
• Create Template Stacks
• Create a Template Stack for Germany Firewalls
• Create a Template Stack for US Firewalls
• Modify Variables for Firewalls
• Verify the Variables for Each Template Stack
• Push the Template Stacks to Firewalls
• Verify Template Settings on the Chicago Firewall
• Verify Template Settings on the Berlin Firewall
Module 4 – Device Groups
• Device Group Overview
• Common Device Group Organization Strategies
• Device Group Example
• Device Group Hierarchy
• Device Group Inheritance
• Device Group Inheritance Example
• Conflicting Object Values
• Adding Device Groups
• Device Groups, Templates, and Security Zones: Problem
• Device Groups, Templates, and Security Zones: Solution
• Example Objects
• Creating an Object
• Shared Group
• Inherited Objects
• Changing Inherited Object Values
• Override Inherited Object Values
• Managing Device Groups
• Moving an Object to Another Device Group
• Overview of Policies
• Policy Rule Order
• Policy Rules Hierarchy
• Viewing Inherited Rules
• Creating a Policy Rule
• Managing Policy Rules
• Verify Rulebase on Firewalls with Preview Rules
• Policy Rule Usage Counters
• Policy Rule Usage: Per-Device-Group Basis
• Policy Rule Targets
• Enforce Change Documentation for Policy Rules
• Rule Changes Archive
Lab 4 Scenario: Device Groups
• Create a Device Group Called Corp-DG
• Create a Device Group Called Branch-DG
• Create a Device Group called HQ-DG
• Create Security Profiles in the Corp-DG Device Group
• Create an Antivirus Security Profile
• Create an Anti-Spyware Security Profile
• Create a Vulnerability Security Profile
• Create a URL Filtering Security Profile
• Create a File Blocking Security Profile
• Create a WildFire Analysis Security Profile
• Create a Security Profile Group in the Corp-DG Device Group
• Configure Security Policy Pre-Rules
• Configure Security Policy Post-Rules
• Modify the intrazone-default Security Policy Rule
• Modify the interzone-default Security Policy Rule
• Create a Security Policy Post-Rule for Users to Extranet
• Create a Security Policy Rule for Extranet Traffic
• Create a NAT Post-Rule for Users_Net Traffic
• Create a NAT Post-Rule for Extranet Traffic
• Preview the Rules in Panorama
• Push the Configuration to the Firewalls
• Test Internet Access from User Hosts
• Confirm the Configurations on Each Firewall
Module 5 – Log Collection and Forwarding
• Standard Deployment Using Panorama in an HA Pair
• Distributed Log Collection Deployment
• Design Considerations for Log Storage
• Distributed Deployment Using Cortex Data Lake
• Log Redundancy
• Why Forward Log Events to Panorama?
• Log Event Forwarding Options: Firewalls
• Log Forwarding Options
• Log Forwarding Profile Components
• Log File Profile Components
• Log Forwarding Profile: Summary
• Creating a Log Forwarding Profile: Panorama Only Example
• Creating a Log Forwarding Profile: Syslog and SNMP Example
• Log Forwarding Profile: Traffic Log Example
• Forwarding Panorama Log Events
• Defining Panorama Server Profiles
• Defining Log Forwarding Profiles for Panorama
Lab 5 Scenario: Log Collection and Forwarding
• Push the Configuration to Firewalls
• Create a Default Log Forwarding Profile
• Modify Security Rules to Use the Default Log Forwarding Profile
• Create a New Security Policy Rule
• Create Panorama Server Profiles
• Forward Panorama System Log Events to Syslog
• Forward Panorama Commit Log Events to Email
• Verify Panorama Commit Email
• Generate Log Entries on Chicago Firewall
• Run the Traffic Script on the Berlin Firewall
• Verify That Firewalls Forward Traffic Logs Events to Panorama
• Verify That Firewalls Forward Threat Events to Panorama
• Verify That Firewalls Forward URL Filtering Logs to Panorama
• Verify Threat Email from Firewalls
Module 6 – Using Panorama Logs
• Customize Log File Views in Panorama
• Reorganizing Columns
• Filters Overview
• Creating Search Filters
• Using the Filter Builder
• Export Filtered Data
Lab 6 Scenario: Using Panorama Logs
• Push the Configuration to Firewalls
• Generate Traffic Through Both Firewalls
• Identify Inappropriate Web Browsing
• Use the Filter Builder
• Save This Filter
• Identify Unauthorized Online Storage Traffic
• Export the Filtered Traffic to CSV
• Modify Security Policy Rules to Block Dropbox
• Modify the URL Filtering Profile to Block Categories
• Generate Traffic
• Examine the Traffic Log
• Examine the URL Filtering Log
• Create a Combined Filter
Module 7 – Administrative Accounts
• Authenticating Panorama Administrators
• Panorama Authentication: Local Database
• Creating a Local Administrator
• External Authentication Methods
• External Authentication Components
• External Authentication Components: Authentication Sequence
• Creating an External Server Profile: LDAP
• Creating an Authentication Profile for LDAP
• Creating an Authentication Sequence (Optional)
• Admin Types
• Admin Type: Dynamic
• Admin Roles: Panorama
• Panorama Administrator Role Examples
• Admin Roles: Device Group and Template
• Administrator Account Components
• Creating an Administrator Account
• Access Domains
• Concurrent Administration
• Configuration Locks
• Configuration Lock Messages
• Removing a Lock
• Committing Changes per Admin
Lab 7 Scenario: Panorama Administration Accounts
• Configure a RADIUS Server Profile
• Create a RADIUS Authentication Profile
• Test the RADIUS Authentication Profile from Panorama CLI
• Configure an Admin Role Profile
• Configure an Administrator Account
• Commit the Changes
• Validate Administrator Access
Module 8 – Reporting
• Panorama Data Sources
• Panorama Monitoring and Reporting Tools
• Panorama Centralized Reporting
• Panorama Reports
• Example Reports
• Building a Custom Report
• Create, Schedule, and Email Operational Reports
Lab 8 Scenario: Reporting
• Push Configuration to Firewalls
• Generate Traffic Through Firewalls
• Create a Custom Report for Threats Within the Last 24 Hours
• Create a Custom Report for Applications Used Within the Last 7 Days
• Create a Custom Report for URL Categories Blocked within the Last 7 Days
• Create a Weekly Report Group
• Create an Email Schedule
Module 9 – Troubleshooting
• Device Summary Information
• Panorama Fails to Communicate with a Firewall
• Panorama and the Firewall Are Not Communicating
• Panorama App-ID on the Firewall
• Ping to Test Connectivity
• tcpdump Command for Packet Captures
• Examine tcpdump Command Output
• Examine Commit Failure Messages
• Panorama Configuration Push Fails
• Determine the Root Cause of the Failure
• Test Policy Functionality
• Does Panorama Have Enough Horsepower?
• Symptoms of an Over-taxed Panorama
• Importance of Monitoring Panorama
• Configuring SNMP Settings on Panorama
• Solutions for an Overworked Panorama
Lab 9 Scenario: Troubleshooting
• Examine Commit Error Messages
• Verify that Berlin Firewall is Connected to Panorama
• Troubleshoot the Berlin Firewall Commit Failure
• Push the Configuration to the Firewalls
• Delete Unused Files from Panorama
• Configure SNMP on Panorama
• Poll Panorama for CPU Utilization
• Detailed Lab Steps
• Examine Commit Error Messages
• Verify that Berlin Firewall is Connected to Panorama
• Troubleshoot the Berlin Firewall Commit Failure
• Push the Configuration to the Firewalls
• Delete Unused Files from Panorama
• Configure SNMP on Panorama
• Poll Panorama for SNMP Data
Appendix
• Transition locally configured firewalls to Panorama
• Planning the Transition
• Transition Steps
• Importing the Local Firewall Configuration into Panorama
• Moving the Firewall to an Appropriate Device Group
• Moving the Firewall to an Appropriate Template Stack
• Modifying the Configuration and Pushing to the Firewall
• Adding Multiple Firewalls to Panorama Simultaneously
• Importing the CSV File
• Firewalls Imported
• Creating the CSV File
• Log Collector Groups Overview
• Maximum Log Collection Rate
• Collector Groups with Single or Multiple Log Collectors
• Determining the Log Rate: New Customer
• Determining the Log Rate: Existing Customer
• Determining the Logging Rate Using Panorama
• Logging Rate via SNMP
• Determine the Total Log Storage Required
• Deploying a Dedicated Log Collector
• Adding a Log Collector to Panorama
• Adding a Log Collector to the Collector Group
• Adding the Firewalls to a Collector Group
• Collector Log Forwarding
• Collector Log Forwarding Example
• Committing Changes and Pushing to Managed Devices
• Collector Group Status
• Steps to Replace a Managed Firewall
• Step 1: Configure the New Firewall
• Reassigning Licenses to the New Firewall
• Step 2: Export the Device State of the Old Firewall
• Steps 3 and 4: Import the Device State into the New Firewall
• Verifying Panorama Connectivity
• Step 5: Synchronize the New Firewall with Panorama
• Purpose and Benefit of a Panorama HA Pair
• Priority and Failover on Panorama in HA
• Steps to Configure High Availability
• Configuring Panorama High Availability
• HA Encryption
• Monitoring HA Devices
• Configuring Path Monitoring
• High Availability Status
• Testing Panorama HA Failover
• Migrating HA Peers to Panorama Management