Prisma Access SASE Security: Design and Operation (EDU-318)

Module 1 – Prisma Access Overview

• Use cases
• Challenges with traditional network designs
• Mobile Users
• Remote Networks
• Prisma Access solution
• Secure Access Service Edge (SASE)
• Network solutions like SD-WAN lag security
• Security solutions lag network capability of SD-WAN
• SASE brings the two together
• Prisma Access provides security as a service for existing SD- WAN solutions
• Prisma Access definitions
• Regions & Locations
• Service Connection & Corporate Access Node “CAN”
• Service Infrastructure Subnet
• Mobile User Gateway “GW”
• Security Processing Node “SPN”
• Access corporate service like LDAP, User-ID through the service connection
• Zones
• Prisma Access components
• Panorama
• Cortex Data Lake
• Prisma Access licenses
• Prerequisites
• Mobile User License
• Remote Networks License
• Service Connection
• Shared ownership model

Module 2 – Planning and Design

• Routing considerations
• Routing examples
• SD-WAN overview
• SD-WAN integration
• Plan the service infrastructure
• Plan for remote networks
• Plan for mobile users
• High availability tunnels

Module 3 – routing and SD-WAN Design

• Routing examples
• Routing modes
• Traffic steering
• SD-WAN integration
• Prisma SD-WAN (a.k.a. CloudGenix)

Module 4 – Activate and Configure

• Activate Prisma Access
• Configure the service infrastructure
• Demo configure the service infrastructure
• IPSEC Site to Site VPNs
• IPSEC VPN Theory
• IPSEC VPN Configuration
• IPSEC VPN troubleshooting
• IPsec VPN tunnel configuration on Prisma Access
• Configure a service connection
• Demo configure a service connection

Module 5 – Security Processing Nodes

• Application Identification of a TCP Flow
• Flow logic
• Security policy rules
• Demo Security Rules

• Managing certificates
• Demo Certificate Management
• SSL decryption
• Overview of SSL session setup
• SSL Outbound – Forward Proxy
• Configuration Best Practices
• Troubleshooting
• Security processing node comparison

Module 6 – Panorama Operations for Prisma Access

• Templates
• Zone Mapping
• Template stacks
• Device groups
• Device groups Hierarchy
• Device groups Inheritance
• Device group policies
• Device group objects
• Configuration Demo

Module 7 – Remote Networks

• Prerequisites
• IPsec tunnels for remote networks
• Configure remote networks
• Security policy rules
• Onboard a new remote network
• Verify connectivity
• Dual ISPs in active/active mode
• Configuration Demo

Module 8 – Mobile Users

• Prerequisites for mobile users
• Mobile user authentication
• User Authentication Demo
• Configure mobile users
• Mobile Users Onboarding
• Portals and mobile user security processing nodes (MU- SPNs)
• Office 365 Azure AD authentication using SAML
• Security policy rules and zones
• Prisma Access with on-premises gateways

Module 9 – Cloud Secure Web Gateway

• Overview
• Explicit proxy Client Configuration
• Explicit proxy Workflow
• Explicit proxy Onboarding and Configuration
• Logs
• Known Functionality

Module 10 – Tune, Monitor, and Troubleshoot

• Deploy User-ID
• Overview
• User-ID redistribution
• Scenarios
• Onboard networks with configuration import
• Onboarding Demo
• Clientless VPN
• Manage IP addresses
• Troubleshooting

Module 11 – Manage Multiple Tenants

• Multitenancy overview
• Device groups and templates
• Configuring multitenancy
• Create role-based access control
• Logging
• Multitenancy configuration demo

• Participants must complete the Firewall Essentials: Configuration and Management (EDU-210) course and the Panorama: Managing Firewalls at Scale (EDU-220) course or have equivalent experience. Participants also must have experience with networking concepts including routing, switching, and IP addressing.