Module 1 – Prisma Access Overview
• Use cases
• Challenges with traditional network designs
• Mobile Users
• Remote Networks
• Prisma Access solution
• Secure Access Service Edge (SASE)
• Network solutions like SD-WAN lag security
• Security solutions lag network capability of SD-WAN
• SASE brings the two together
• Prisma Access provides security as a service for existing SD- WAN solutions
• Prisma Access definitions
• Regions & Locations
• Service Connection & Corporate Access Node “CAN”
• Service Infrastructure Subnet
• Mobile User Gateway “GW”
• Security Processing Node “SPN”
• Access corporate service like LDAP, User-ID through the service connection
• Zones
• Prisma Access components
• Panorama
• Cortex Data Lake
• Prisma Access licenses
• Prerequisites
• Mobile User License
• Remote Networks License
• Service Connection
• Shared ownership model
Module 2 – Planning and Design
• Routing considerations
• Routing examples
• SD-WAN overview
• SD-WAN integration
• Plan the service infrastructure
• Plan for remote networks
• Plan for mobile users
• High availability tunnels
Module 3 – routing and SD-WAN Design
• Routing examples
• Routing modes
• Traffic steering
• SD-WAN integration
• Prisma SD-WAN (a.k.a. CloudGenix)
Module 4 – Activate and Configure
• Activate Prisma Access
• Configure the service infrastructure
• Demo configure the service infrastructure
• IPSEC Site to Site VPNs
• IPSEC VPN Theory
• IPSEC VPN Configuration
• IPSEC VPN troubleshooting
• IPsec VPN tunnel configuration on Prisma Access
• Configure a service connection
• Demo configure a service connection
Module 5 – Security Processing Nodes
• Application Identification of a TCP Flow
• Flow logic
• Security policy rules
• Demo Security Rules
• Managing certificates
• Demo Certificate Management
• SSL decryption
• Overview of SSL session setup
• SSL Outbound – Forward Proxy
• Configuration Best Practices
• Troubleshooting
• Security processing node comparison
Module 6 – Panorama Operations for Prisma Access
• Templates
• Zone Mapping
• Template stacks
• Device groups
• Device groups Hierarchy
• Device groups Inheritance
• Device group policies
• Device group objects
• Configuration Demo
Module 7 – Remote Networks
• Prerequisites
• IPsec tunnels for remote networks
• Configure remote networks
• Security policy rules
• Onboard a new remote network
• Verify connectivity
• Dual ISPs in active/active mode
• Configuration Demo
Module 8 – Mobile Users
• Prerequisites for mobile users
• Mobile user authentication
• User Authentication Demo
• Configure mobile users
• Mobile Users Onboarding
• Portals and mobile user security processing nodes (MU- SPNs)
• Office 365 Azure AD authentication using SAML
• Security policy rules and zones
• Prisma Access with on-premises gateways
Module 9 – Cloud Secure Web Gateway
• Overview
• Explicit proxy Client Configuration
• Explicit proxy Workflow
• Explicit proxy Onboarding and Configuration
• Logs
• Known Functionality
Module 10 – Tune, Monitor, and Troubleshoot
• Deploy User-ID
• Overview
• User-ID redistribution
• Scenarios
• Onboard networks with configuration import
• Onboarding Demo
• Clientless VPN
• Manage IP addresses
• Troubleshooting
Module 11 – Manage Multiple Tenants
• Multitenancy overview
• Device groups and templates
• Configuring multitenancy
• Create role-based access control
• Logging
• Multitenancy configuration demo