CNSE 4.1 Exam Preparation GuideV3.pptx - Palo Alto Networks

More documents

Recommendations

Info

Security Policy Operation • All traffic flowing from one security zone to another security zone requires a policy to allow the traffic • The policy list is evaluated from the top down • The first rule that matches the traffic is used • No further rules are evaluated after the match • When configuring a security to allow an application through the firewall, the service field should be set to “application-default” for inbound services. That will restrict the application to only use its standard ports (example: DNS will be restricted to only use port 53). It is a best practice to configure application-default or an explicit port(s) for increased control of the communication on the network • Note that intra-zone traffic is allowed by default • If you create a rule at the end of the list that says to deny (and log) all traffic, that will block intra-zone traffic (which may not be your intention) Page 18 |
Scheduling Security Policies • Policies can be scheduled to occur at particular times of day, or be a one-time occurrence • Schedules are defined under Objects tab-> Schedules Once defined, these Schedules can be reused across multiple rules • Possible schedule choices: • Schedules are assigned under Policies tab -> Security Policy-> Options column Page 19 |
Page 1 and 2: Palo Alto Networks CNSE 4.1 Exam Pr
Page 3 and 4: General Advice • 100 multiple-cho
Page 5 and 6: PA appliances as of PAN-OS 4.1: 400
Page 7 and 8: PA Appliances as of PAN-OS 4.1: 200
Page 9 and 10: Logical Interfaces Supported • Su
Page 11 and 12: Available Features in Different Int
Page 13 and 14: Device Management • Managing the
Page 15 and 16: Application Selection Window Within
Page 17: Application Groups and Application
Page 21 and 22: Monitoring Traffic • The default
Page 23 and 24: Log Forwarding • The logs on the
Page 25 and 26: Steps to Define a New Application 1
Page 27 and 28: Source Address Translation • NAT
Page 29 and 30: Security Profiles • Security Prof
Page 31 and 32: Anti-Virus Profiles Page 31 | • A
Page 33 and 34: Email Protocols and AV/Spyware Prot
Page 35 and 36: Custom Response Pages • Response
Page 37 and 38: URL Filtering Profile • Actions c
Page 39 and 40: Default Block Pages Page 39 |
Page 41 and 42: Data Filtering Overview • Scan tr
Page 43 and 44: Data Filtering Password Setup • P
Page 45 and 46: WildFire • WildFire relies upon t
Page 47 and 48: Packet Flow • Refer to this docum
Page 49 and 50: User-ID: Enterprise Directory Integ
Page 51 and 52: User-ID Agent Setup and Upgrade Pro
Page 53 and 54: Terminal Server Agent • Runs on t
Page 55 and 56: Captive Portal (2) • How to confi
Page 57 and 58: Steps to Configure an IPSec site-to
Page 59 and 60: GlobalProtect - SSL VPN • PAN-OS
Page 61 and 62: SSL Decryption • The Palo Alto fi
Page 63 and 64: Configuring SSL Outbound Decryption
Page 65 and 66: Misc. SSL Decryption • When SSL i
Page 67 and 68: HA Failure States • Link Failure
Page 69 and 70:
Active/Active | HA3 interface • A
Page 71 and 72:
Panorama • Central source to view
Page 73 and 74:
Adding Devices to Panorama Page 73
Page 75 and 76:
View and Commit You can view a comb
Page 77:
Topics that have minimal or no ques
show all

CNSE 4.1 Exam Preparation GuideV3.pptx - Palo Alto Networks

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?