Palo Alto Networks Certified Next-Generation Firewall Engineer °ê»Ú»{¥iÃҮѽҵ{

Palo Alto Networks ¬O¤@®a¥þ²y©Êªººô¸ô¦w¥þ¤½¥q¡AÁ`³¡¦ì©ó¬ü°ê¡C¸Ó¤½¥q¦¨¥ß©ó 2005 ¦~¡A¦®¦b´£¨Ñ³Ì¥ý¶iªººô¸ô¦w¥þ§Þ³N¡AÀ°§U«È¤á«OÅ@¨äºô¸ô¤£¨ü´c·N³nÅé¡Bºô¸ô§ðÀ»©M¸ê®Æ¥~¬ªªº«I®`¡C

Palo Alto Networks ¶}µo©M´£¨Ñ¤@¨t¦Cºô¸ô¦w¥þ¸Ñ¨M¤è®×¡A¥]¬A¤U¤@¥N¨¾¤õÀð (Next Generation Firewall)¡B¶³ºÝ¦w¥þ (Prisma Cloud)¡Bºô¸ô¦w¥þ¤ÀªR (Cortex XDR) ©MºÝÂI«OÅ@ (Endpoint Protection)µ¥¡C

³o¨Ç¸Ñ¨M¤è®×³£°ò©ó¦Û¥D¬ãµoªº§Þ³N¡A¦p¦w¥þ³W«h (Security Policy)¡B«Â¯Ù±¡³ø (Threat Intelligence)©M¦Û°Ê¤Æ¦w¥þ±±¨îµ¥ (Cortex XSOAR)¡A¥H½T«O«È¤áªººô¸ô¦w¥þ¡C

Palo Alto Networks ªº«È¤á¥]¬A¥þ²y½d³ò¤ºªº¥ø·~¡B¬F©²¾÷ºc¡B±Ð¨|¾÷ºc©MªA°È´£¨Ñ°Óµ¥¡C

Palo Alto Networks ¦b¥þ²y¾Ö¦³¦h­Ó¬ãµo¤¤¤ß©M¿ì¨Æ³B¡A¹µ¥Î¤F¼Æ¤d¦W­û¤u¡A¬Oºô¸ô¦w¥þ¦æ·~ªº¤T¤j»â¾ÉªÌ¤§¤@¡A¸Ô¨£¥H¤U Gartner - Magic Quadrant for Network Firewalls:

§@¬°¤@®a­P¤O©óºô¸ô¦w¥þªº¤½¥q¡APalo Alto Networks ª`­«±À°Êºô¸ô¦w¥þªº³Ð·s©Mµo®i¡A»P·~¤º¨ä¥L¤½¥q©M²Õ´¦X§@¡A¦@¦PÀ³¹ï¤£Â_¥X²{ªººô¸ô«Â¯Ù¡C

Palo Alto Networks ªº¥«­È¬ù¬° 1250 »õ¬ü¤¸ (¶W¹L 9750 »õ´ä¤¸)¡A¸Ó¤½¥qªÑ»ù¥ç¥Ñ 5 ¦~«e¬ù 24 ¬ü¤¸²r¤É¦Ü²{¦bªñ 200 ¬ü¤¸¡A¬O¥þ²yºô¸ô¦w¥þ¦æ·~ªº»â¥ý¥ø·~¤§¤@¡C

®Ú¾Ú¸Ó¤½¥qªº¦~«×°]³ø¼Æ¾ÚÅã¥Ü¡A¨ä¥þ¦~À禬¬° 80 »õ¬ü¤¸¡A¸û¤W¦~¦P´Á¼Wªø 16.5%¡F¤ò§Q¬ù¬° 59 »õ¬ü¤¸¡C

Palo Alto Networks ¦bºô¸ô¦w¥þ¥«³õ¦û¦³¬Û·í¤jªº¥«³õ¥÷ÃB¡A¯S§O¬O¦b¤U¤@¥N¨¾¤õÀð (Next Generation Firewall) ©Mºô¸ô¦w¥þ¤ÀªRµ¥»â°ìªí²{Àu²§¡C

¾Ú¥«³õ¬ã¨s¾÷ºc IDC ³Ìªñªº³ø§iÅã¥Ü¡G

• Palo Alto Networks ¦b <<¥þ²y¨¾¤õÀ𥫳õ¥÷ÃB>> ±Æ¦W²Ä¤@¡A¥«³õ¦û¦³²v¬° 22.4%¡F

Á`Åé¦Ó¨¥¡APalo Alto Networks ¦bºô¸ô¦w¥þ¦æ·~¾Ö¦³Ã­°·ªº°]°Èª¬ªp©M±j¤jªº¥«³õ¦a¦ì¡A¨Ã«ùÄò³q¹L§Þ³N³Ð·s©M·~°È©Ý®i¨Ó±À°Ê¨ä¦b¥«³õ¤¤ªºÄvª§¤O¡C

Palo Alto Networks ªº®Ö¤ß§Þ³N¡GPAN-OS (¥»½Òµ{ªº¥D­n¤º®e)

PAN-OS °ò©ó±M¥ÎµwÅé (¥]¬A PA ¨t¦C Next Generation Firewall) ©MµêÀÀ¤Æ¥­¥x (¥]¬A VM ¨t¦C¤Î CN ¨t¦C)¡A´£¨Ñ¤F¤@¨t¦Cºô¸ô¦w¥þ¸Ñ¨M¤è®×¡A¥]¬A¤U¤@¥N¨¾¤õÀð¡B¶³ºÝ¦w¥þ¡Bºô¸ô¦w¥þ¤ÀªR©MºÝÂI«OÅ@µ¥¡CPAN-OS ¾Ö¦³¤@¨t¦C¥ý¶iªº¥\¯à¡A¥]¬A¡G

• ´¼¯à¨¾¤õÀð¡G§Q¥Î²`«×¾Ç²ß (Machine Learning powered) ©M¤H¤u´¼¼z (Artificial Intelligence) §Þ³N¡A¹ïºô¸ô¬y¶q¶i¦æ¹ê®É¤ÀªR©M¿ëÃÑ¡A¨Ã¯à°÷¦Û°Ê¾Ç²ß©M½Õ¾ã¨¾¤õÀð³W«h¡C

• ¦w¥þ¤ÀªR¡GPalo Alto WildFire ±N¤j¶qªººô¸ô¦w¥þ¼Æ¾Ú¶i¦æ¦¬¶°©M¤ÀªR¡A¥H«K¤Î®Éµo²{©MÀ³¹ï¦UºØ«Â¯Ù¡A¥]¬A´c·N³nÅé¡Bºô¸ô§ðÀ»©M¸ê®Æ¥~¬ªµ¥¡C

• ºô¸ô¤À¬q¡G³q¹L¤À³Îºô¸ô¬y¶q¡A¨Ï±o¦U­Ó³¡ªù©Î¥Î¤á¤§¶¡ªº¬y¶q¤¬¬Û¹jÂ÷¡A¥H´î¤Ö«Â¯ÙªºÂX´²©M­·ÀIªº¶Ç¼½¡C

• ¦Û°Ê¤Æ¦w¥þ±±¨î¡G³q¹L¦Û°Ê¤Æ§Þ³N¡A¥i¥H¦Û°Ê¤Æ°õ¦æ¦w¥þ¾Þ§@¡A¦pªý¤îºô¸ô¬y¶q¡B¹jÂ÷·P¬V¥D¾÷©M¨¾¤î¸ê®Æ¥~¬ªµ¥¡C

Palo Alto Networks PA/VM/CN ¨t¦C¨¾¤õÀð¬O°ª«×¶°¦¨©M¦Û°Ê¤Æªº§Þ³N¡A¥i¥H¦³®Ä¦a¨¾¤îºô¸ô¨ü¨ì¦UºØ¦yºÝªº«Â¯Ù¡A¦p¯f¬r¡B´c·N³n¥óµ¥¡C

Àò±o Palo Alto Networks Certified Next-Generation Firewall Engineer »{ÃÒªº¤H¤h¡A®i¥Ü¤F¥L­Ì¨ã³Æ¦³¾Þ§@ Palo Alto Networks ¤U¤@¥N¨¾¤õÀð¨Ó«OÅ@ºô¸ô§K¨ü¦yºÝºô¸ô«Â¯Ùªº¯à¤O¡C

½Òµ{¦WºÙ¡G	Palo Alto Networks Certified Next-Generation Firewall Engineer °ê»Ú»{¥iÃҮѽҵ{ - ²ºÙ¡GPalo Alto Networks Firewall Training Course (´£¨Ñ 7x24 ¹ê²ß¾¹§÷)
½Òµ{®É¼Æ¡G	¦X¦@ 30 ¤p®É (¦@ 10 °ó)
¾A¦X¤H¤h¡G	¹ï¹q¸£ºô¸ô¦w¥þ¦³°ò¥»»{ÃѩΦ³§Ó§ë¨­ I.T. ¬Éªº¤H¤h
±Â½Ò»y¨¥¡G	¥H¼sªF¸Ü¬°¥D¡A»²¥H­^»y
½Òµ{µ§°O¡G	¥»¤¤¤ß¾É®v¿Ë¦Û½s¼g­^¤å¬°¥Dµ§°O¡A¦Ó³¡¥÷­^¤å¦rªþ¦³¤¤¤å¹ï·Ó¡C

1. Larry Chan ¿Ë¦Û±Ð±Â¡G	Larry µ½©ó±±¨î¾Ç²ß¸`«µ¡A²`¤J²L¥X¡A¥O¾Ç­û¦b»´ÃP®ðª^¤U¡A´x´¤¹q¸£§Þ¥©¡C
2. Larry Chan ¿Ë¦Û½s¼gµ§°O¡G	Larry ¿Ë¦Û½s¼gµ§°O¡Aµ´¹ï¾A¦X Firewall Engineer ¦Ò¸Õ¤Î¹ê»Ú¤u§@¤§¥Î¡C
3. ´£¨Ñ¼ÒÀÀ¦Ò¸ÕÃD¥Ø¡G	¥»¤¤¤ß¬°¾Ç­û´£¨Ñ Firewall Engineer ªº¼ÒÀÀ¦Ò¸ÕÃD¥Ø¡A¨C±ø¦Ò¸ÕÃD¥Ø§¡ªþ¦³¼Ð·Çµª®×¡C¦Ó¸ûÃø²z¸ÑªºÃD¥Ø¡A§¡·|ªþ¦³ Larry ªº¸ÑÄÀ¡C
4. ²z½×»P¹ê²ß¨Ã­«¡G	¥»¤¤¤ßªº Firewall Engineer ½Òµ{¤j³¡¥÷®É¶¡¥H¹ê²ß¥Ü½d§Î¦¡±Ð±Â¡A¥O¾Ç­û¯u¥¿¤F¸Ñ¤Î´x´¤ Palo Alto PAN-OS ¨¾¤õÀðºÞ²zªº­«­n§Þ¥©¡C
5. ÀH®ÉÀH¦a¥H¥ô¦óÂsÄý¾¹¨É¥Î¤@®M±MÄÝ©ó§Aªº¾É®v¾¹§÷¡A¨Ó¶i¦æ¥þ­Ó½Òµ{ªº©Ò¦³¹ê²ß¡G	ÀH®É¡G¥Ñ½Òµ{¶}©l¤é°_­pªº 10 ¬P´Á¤º¡A¨C¬P´Á 7 ¤é¡A¨C¤é 24 ¤p®É¡C ÀH¦a¡G©ó¥»¤¤¤ß¤W½Ò®Éªº½Ò«Ç¡B¾Ç­û®a¤¤¡B¬Æ¦Ü¬OÂ÷´ä®È¹C®Éªº¦í©Òµ¥µ¥¦a¤è¡C ¥ô¦óÂsÄý¾¹¡G¤£½×¬O Windows PC¡BMacbook¡BiPad¡BAndroidµ¥µ¥¡A¥u­n¦³¥ô¦óªº¤@­Óºô­¶ÂsÄý¾¹¡C ¤@®M±MÄÝ©ó§Aªº¾É®v¾¹§÷¡A¨Ó¶i¦æ¥þ­Ó½Òµ{ªº©Ò¦³¹ê²ß¡G¾Ç­û³z¹L¤Wºô±µ»é¦Ü¶³ºÝ¦øªA¾¹¡A«K¯à­Ó¤H¿W¨É¤@®M¾¹§÷¡A¦Ó³o®M¾¹§÷µ¥¦P©ó¾É®v±Ð¾Ç®É©Ò¥Îªº¾¹§÷¡A¬G¾Ç­û¯à¨Ì·Ó½Òµ{µ§°O¨Ó¶i¦æ¥þ­Ó½Òµ{ªº©Ò¦³¹ê²ß¡C ¹ê²ß³]³Æ»P¤ä´©¡G ³o®M±MÄÝ©ó§Aªº¾É®v¾¹§÷¡A¤ºùؤw¨Æ¥ý¦w¸Ë¦n Palo Alto Firewall¡AÅý§A¥i¥HÀH®É¶i¦æ¹ê²ß¡C¦Ó¾¹§÷ùØ¥ç·|¥]¬A©Ò»Ý­nªº Palo Alto Firewall ¦w¸ËÀÉ¡A¥O§A¥i¿ï¾Ü«ö½Òµ{µ§°O¤ºªº¹ê²ß¨BÆJ¡A¨Ó¶i¦æ¦w¸Ë¦ÓµL»Ý¨Æ¥ýªá®É¶¡¥h¤U¸ü¡C ¦Ó½Òµ{¤º»Ý­n¥Î§@´ú¸Õªº Web Server, Internet Router, Penetration Testing Tools ¤Î Vulnerability Scanner µ¥µ¥¤w¥Ñ¾É®v¨Æ¥ý¦w¸Ë¤Î³]©w§´·í¨Ó°t¦X½Òµ{¤º®e©Ò»Ý¡A¥O§A¥i¥H±Mª`©ó¾Ç²ß Palo Alto Firewall ªºª¾ÃѦӵL»ÝªáÃB¥~ªº®É¶¡¦bÁcº¾ªº¦w¸Ë¤Î³]©w¤W¡C ¹ê²ß¸ê·½»P¶i«×ºÞ²z¡G ¶i¦æ¹ê²ß®É¡A¹ê²ß¤¤ªº§@·~¨t²Î¤Î»Ý­n¹B¦æªº³n¥ó§¡¤£·|¨Ï¥Î§A¹q¸£¤Wªº¸ê·½¡A¦]¦¹¦b¶i¦æ¹ê²ß®É¡A¹ï§A¹q¸£¹B¦æ¤¤ªº¨ä¥L³n¥ó©Î¤u§@ (¨Ò¦p¦P®ÉÆ[¬Ý¥»¤¤¤ßªº½Ò°ó¼v¤ùµ¥) ªº¼vÅT¥i´î¨ì³Ì§C¡C ¦Ó¾Ç­û©ó³o 10 ¬P´Á¤ºªº¹ê²ß¶i«×·|³QÀx¦s°_¡A¥H¤è«K¾Ç­û©ó¤U¤@¦¸°µ¹ê²ß®É¯àºò±µ¤§«eªº¶i«×¡C ¾Ç­û¥ç¥i¥H¦b¹ê²ß Palo Alto Firewall ªº¤§«e¡B³~¤¤©Î¤§«á¡AÀx¦s¨¾¤õÀ𪬺A¦¨¤@­Ó¤p«¬ªº XML ÀɮסA¥H«K¤é«áÀH®ÉÁ٭쨾¤õÀð¦Ü¥ô¦ó¤@­Óª¬ºA¡A±q¦Ó¥O§A¥i¥H¤ÏÂнm²ß©Î§ó¥¿§A©ó¹ê²ß®É°¸º¸µo¥Íªº¥¢»~¡C¦Ó¾É®v·|©óµ§°O¤º´£¨ÑÀx¦s¤ÎÁ٭쨾¤õÀ𪬺Aªº¨BÆJ¡A¨Ã§@²{³õ¥Ü½d¡A¹Lµ{¥u»Ý¤@¨â¤ÀÄÁ¡A¨Ï¥Î«D±`¤è«K¡I ­Y¾Ç­û§Ñ°OÀx¦s¨¾¤õÀ𪬺A¥H¦Ü¥¼¯àÁÙ­ì¡A¥i¥HÁpµ¸¾É®v¨ú±oÁÙ­ì©Ò»Ýªº¤p«¬ XML ÀɮסA¾É®v·|¼Ö·N¦V§A¤À¨É¡C ¾Ç­û¹ê²ß¹s¦¨¥»¡A¾Ç²ß°ª®Ä¯q ¥»½Òµ{µL¶·­n¾Ç­ûªá®É¶¡¤Îª÷¿ú¨Ó²K¸m¾¹§÷©Î¦Û¦æ¯²¥Î¶³ºÝªA°È¡A¥çµL¶·¾Ç­û¦Û¦æÁʶRPalo Alto Firewall¡C ¦Ó¾Ç­û³z¹L¤Wºô©Ò±µ»éªº¶³ºÝ¦øªA¾¹¡A¨ä³W®æ¦p¤U¡G Intel Xeon Processor 8 ®Öªä 32GB RAM 256GB ¥ø·~¯Å SSD ©TºAµwºÐÀx¦sªÅ¶¡ ¥H¤Wªº¶³ºÝ¦øªA¾¹µw¥ó¡A­Y¬O¾Ç­û¦Û¦æ¯²¥Î¶³ºÝªA°Èªº¸Ü¡A¨ä¯²¥Î¶O¤w®t¤£¦h¬O¥»½Òµ{ªº¾Ç¶O¤F¡C µù¡G ¾É®v¾¹§÷·|¦³ 1 ³¡ VM ¨t¦C Palo Alto Next-Generation Firewall¡B2 ³¡ Web Server¡B2 ³¡ Windows 11 Enterprise¡B1 ³¡ Internet Router¡B1 ³¡ Penetration Testing Tools ¤Î 1 ³¡ Vulnerability Scanner¡C
6. §K¶O­«Åª¡G	¶Ç²Î½Ò°ó¾Ç­û¥i©ó½Òµ{µ²§ô«á¤T­Ó¤ë¤º§K¶O­«¬Ý½Ò°ó¿ý¼v¡C

¥u­n§A©ó¤U¦C¬ì¥Ø¨ú±o¦X®æ¦¨ÁZ¡A«K¥iÀò Palo Alto ¹{µo Palo Alto Networks Certified Next-Generation Firewall Engineer °ê»Ú»{¥iÃҮѡG ¦Ò¸Õ½s¸¹ ¬ì¥Ø¦WºÙ NGFW-Engineer Palo Alto Networks Certified Next-Generation Firewall Engineer

¥»¤¤¤ß¬° Palo Alto Networks «ü©wªº NGFW-Engineer ¦Ò¸Õ¸Õ³õ¡A³ø¦Ò®É½Ð­P¹q¥»¤¤¤ß¡Aµn°O±ý³ø¦Ò¤§¬ì¥Ø¦Ò¸Õ½s¸¹ (§Y NGFW-Engineer)¡B¦Ò¸Õ¤é´Á¤Î®É¶¡ (³Ì§Ö¥i§Y¤é³ø¦Ò)¡CÁ{¦Ò¸Õ«e­n¥X¥Ü¨­¥÷ÃÒ¤Îú¥I¦Ò¸Õ¶O HK$2,050¡C ¦Ò¸ÕÃD¥Ø¥Ñ¿D¬w¦Ò¸Õ¤¤¤ß¶Ç°e¨ì§A­nÀ³¦Òªº¹q¸£¡A¦Ò¸Õ®É¥H¹q¸£§@µª¡C©Ò¦³¦Ò¸ÕÃD¥Ø§¡¬°­^¤å¡A¦Ó¤j¦h¼Æªº¦Ò¸ÕÃD¥Ø¬°³æ¶µ¿ï¾ÜÃD (·N§Y O) ©Î¦h¶µ¿ï¾ÜÃD (·N§Y ¤f)¡C§@µª§¹¦¨«á·|¥ß§Y¥X²{§Aªº¤À¼Æ¡Aµ²ªG§Y¦Ò§Yª¾¡I¦Ò¸Õ¤£¦X®æ«K¥i­«·s³ø¦Ò¡A¤£­­¦¸¼Æ¡C±ýª¾¹D§@µª®É¶¡¡BÃD¥ØÁ`¼Æ¡B¦X®æ¤À¼Æµ¥¸Ô²Ó¦Ò¸Õ¸ê®Æ¡A¥iÂsÄý¥»¤¤¤ßºô­¶ "¦U¬ì¦Ò¸Õ¤À¼Æ¸ê®Æ"¡C

½Òµ{¦WºÙ¡GPalo Alto Networks Certified Next-Generation Firewall Engineer °ê»Ú»{¥iÃҮѽҵ{ - ²ºÙ¡GPalo Alto Networks Firewall Training Course (´£¨Ñ 7x24 ¹ê²ß¾¹§÷)

1. Device Management and Services
1.1 Firewall Management Interfaces
1.1.1 Management interfaces
1.1.2 Methods of access
1.1.3 Web interface
1.1.4 Panorama
1.1.5 XML API
1.1.6 Access restrictions
1.2 Introduction to PANOS
1.2.1 App-ID
1.2.2 Content-ID
1.2.3 Device-ID
1.2.4 User-ID
1.2.5 WildFire Inline ML
1.3 Deploying the VM-Series Firewall
1.3.1 VM-Series Models
1.3.2 Supported Deployments on VMware vSphere
1.3.3 VM-Series on VMware System Requirements and Limitations
1.3.4 Plan the Interfaces for the VM-Series for ESXi
1.3.5 Deploying the OVA for practice
1.3.6 Perform Initial Configuration on the VM-Series on ESXi
1.4 Licensing
1.4.1 License Types
1.4.2 Flexible vCPUs and Fixed Model Licensing
1.4.3 Flexible vCPUs and Fixed Model Deployment
1.4.4 When licenses expire
1.5 Deploying Palo Alto VM-Series Next Generation Firewall on Clouds
1.5.1 About the VM-Series Firewall on Azure
1.5.2 Azure Networking and VM-Series Firewall
1.5.3 VM-Series Firewall Templates on Azure Cloud
1.5.4 Deployments scenarios supported on Azure Cloud
1.5.5 Deploy the VM-Series Firewall from the Azure Marketplace (Solution Template)

2. Network Segmentation with Interfaces and Zones
2.1 Designing Network Segmentation for a Reduced Attack Surface
2.1.1 Background
2.2 Configure Interfaces and Zones
2.3 Configure a Basic Security Policy between Zones
2.3.1 Background information and General concepts of Security Policy
2.3.2 Detailed Firewall Packet processing flow
2.4 Assessing Network Traffic
2.5 Service Route

3. Firewall Administration
3.1 Understanding the Candidate Configuration
3.2 Save and Export Firewall Configurations
3.2.1 Saving a local backup
3.2.2 Exporting Configurations
3.3 Restoring and Reverting Firewall Configuration
3.3.1 Revert to the current running configuration (file named running-config.xml).
3.3.2 Revert to a previous version of the running configuration that is stored on the firewall
3.3.3 Revert to Custom-named candidate configuration snapshot
3.3.4 Revert to a running or candidate configuration that you previously exported to an external host

4. Administrative Accounts
4.1 Administrative Role Types
4.1.1 Role Based
4.1.2 Dynamic
4.2 Configuring Admin Role Profile
4.3 Inside an Admin Role Profile Construction
4.4 Create and Configure Firewall Administrator Account
4.5 Configure Tracking of Administrator Activity

5. Zone Protection and DoS Protection
5.1 Packet Buffer Protection
5.1.1 Global Packet Buffer Protection
5.1.2 Per-Zone Packet Buffer Protection
5.1.3 Packet Buffer Protection Based on Buffer Utilization
5.2 Zone Attacks
5.3 Zone Defense Tools
5.3.1 Zone Protection profiles
5.3.2 DoS Protection profiles and policy rules
5.3.3 Summary
5.3.4 Firewall Placement for DoS Protection
5.4 Configuring and Applying a Zone Protection Profile
5.4.1 Flood protection in Zone Protection profile
5.4.2 Reconnaissance Protection in Zone Protection profile
5.4.3 Packet-Based Attack Protection
5.4.4 Protocol Protection
5.4.5 Ethernet SGT Protection
5.4.6 L3 & L4 Header Inspection
5.4.7 Configure Email notification for Alerts
5.5 DoS Protection Profiles and Policy Rules

6. App-ID
6.1 Introduction to App-ID
6.2 Streamlined App-ID Policy Rules
6.2.1 Create an Application Filter Using Tags
6.2.2 Background information about Decryption and APP-ID policy inspection
6.2.3 Keys and Certificates for Decryption Policies
6.2.4 Configuring SSL Decryption with SSL Forward Proxy
6.2.5 Creating a Decryption Policy rule
6.2.6 Verify Decryption
6.3 Decryption Exclusions
6.3.1 Reasons to Exclude Web sites from being decrypted by PA firewall
6.3.2 Palo Alto Networks Predefined Decryption Exclusions
6.3.3 Exclude a Web Site from Decryption for Technical Reasons
6.3.4 Exclude a Web Site from Decryption for Compliance and Privacy Reasons
6.3.5 Temporarily Disable SSL Decryption
6.3.6 Decryption Log

7. Security Profiles
7.1 Antivirus Profile
7.2 Anti-Spyware profiles
7.2.1 Default profile
7.2.2 Strict profile
7.3 Vulnerability Protection profiles
7.4 URL Filtering Profiles
7.5 Data Filtering Profiles
7.5.1 Creating a Data Filtering Profile
7.6 File Blocking Profiles
7.6.1 Basic file blocking
7.6.2 Strict file blocking

8. External Dynamic List
8.1 Introduction to External Dynamic List
8.2 EDL Types
8.2.1 Predefined IP Address
8.2.2 Predefined URL List
8.2.3 IP Address
8.2.4 Domain
8.2.5 URL
8.2.6 Equipment Identity
8.2.7 Subscriber Identity
8.3 EDL Formatting
8.3.1 IP Address List
8.3.2 Domain List
8.4 Built-in External Dynamic Lists
8.4.1 Palo Alto Networks Bulletproof IP Addresses
8.4.2 Palo Alto Networks High-Risk IP Addresses
8.4.3 Palo Alto Networks Known Malicious IP Addresses
8.4.4 Palo Alto Networks Tor Exit IP Addresses
8.5 Configure the Firewall to Access an External Dynamic List
8.6 Enforce Policy on an External Dynamic List
8.7 Retrieve an External Dynamic List from the Web Server
8.8 Using EDL Hosting Service feeds

9. Advanced WildFire
9.1 Introduction
9.2 Available subscription options
9.2.1 WildFire
9.2.2 Advanced WildFire
9.2.3 Standalone WildFire API
9.3 WildFire Features
9.3.1 Real-Time Updates
9.3.2 Five-Minute Updates (All PAN-OS versions)
9.3.3 Advanced WildFire Inline ML¡X(PAN-OS 10.0 and later)
9.3.4 File Type Support
9.3.5 Advanced WildFire API
9.3.6 WildFire Private and Hybrid Cloud Support
9.3.7 Intelligent Run-time Memory Analysis
9.4 Advanced WildFire Concepts
9.4.1 Samples
9.4.2 Firewall Forwarding
9.4.3 Advanced WildFire Analysis Environment
9.4.4 Advanced WildFire Inline ML
9.4.5 Advanced WildFire Verdicts

10. Managing Policy Objects
10.1 Address and Address Group Objects
10.1.1 How to tag objects
10.1.2 Address Object
10.1.3 Address Group object
10.2 Services
10.3 Application Filters
10.4 Application groups
10.5 Nesting application groups and filters
10.6 Application Characteristics
10.7 Policy Design and Evaluation
10.7.1 Create Security Policy Rules by App-ID instead of by Service
10.7.2 Rule Shadowing
10.7.3 Policy Usage statistics
10.7.4 Security Policy Rule Logging options
10.7.5 A Brief description of User-ID
10.7.6 Policy test match tool
10.7.7 Traffic Logging with Tap zone interface
10.7.8 Virtual Wire Interface
10.8 Layer2 vs Layer3 Interfaces
10.9 Sub-Interfaces
10.9.1 VLAN tags in conjunction with IP classifiers (address, range, or subnet).
10.10 Tunnel Interface
10.11 Aggregate interfaces

11. High Availability
11.1 Palo Alto HA Overview
11.2 HA Modes
11.2.1 Active/Passive
11.2.2 Active/Active
11.3 Failover Triggers
11.3.1 Heartbeat Polling and Hello messages
11.3.2 Link Monitoring
11.3.3 Path Monitoring
11.4 Floating IP Address and Virtual MAC Address
11.5 ARP Load-Sharing
11.6 Route-Based Redundancy
11.7 Firewall Session Owner
11.8 Firewall Session Setup
11.8.1 Session Setup Option
11.9 Prerequisites for Active/Passive HA
11.10 Configure Active/Passive HA
11.11 Verify Failover

12. Security in Quantum Computing Era
12.1 Quantum Security Concepts
12.2 Quantum Computing Threat
12.2.1 What Is A Quantum Computer?
12.2.2 How Does the Quantum Threat Affect My Network?
12.2.3 What to Do Now to Mitigate Harvesting Attacks
12.3 How RFC 8784 Resists Quantum Computing Threats
12.4 Support for Post-Quantum Features
12.4.1 RFCs Supported and Interoperability
12.4.2 HA Support
12.4.3 Upgrade and Downgrade Considerations
12.5 Post-Quantum Migration Planning and Preparation
12.5.1 Assign Resources and Build Awareness
12.5.2 Define Responsibilities
12.5.3 Develop a Crypto Inventory and Priority List
12.5.4 Evaluate Solutions, Experiment, and Test
12.5.5 Continue to Monitor Progress
12.6 VPN Configuration Best Practices
12.6.1 RFC 8784 Best Practices
12.6.2 RFC 9242 and RFC 9370 Best Practices
12.7 Configure Post-Quantum IKEv2 VPNs with RFC 9242 and RFC 9370 Hybrid Keys

13. GlobalProtect
13.1 Overview of GlobalProtect
13.2 Components of GlobalProtect
13.2.1 GlobalProtect Portal
13.2.2 GlobalProtect Gateways
13.2.3 GlobalProtect App
13.3 Basic Setup Concepts
13.3.1 Create Interfaces and Zones for GlobalProtect
13.4 Enable SSL Between GlobalProtect Components
13.4.1 About GlobalProtect Certificate Deployment
13.4.2 GlobalProtect Certificate Best Practices

14. Panorama
14.1 Panorama Overview
14.2 Panorama Models
14.2.1 Panorama virtual appliance
14.2.2 M-Series appliance
14.3 Centralized Firewall Configuration and Update Management
14.4 Context Switch¡XFirewall or Panorama
14.5 Total Configuration Size for Panorama
14.6 Centralized Logging and Reporting
14.7 Log Forwarding Options
14.8 Centralized Reporting
14.9 Forward Logs to Strata Logging Service

15. CN-Series Firewall for Kubernetes
15.1 Overview of CN-Series
15.1.1 Prevent Data Exfiltration from Kubernetes Environments
15.1.2 Prevent Lateral Spread of Threats Across Kubernetes Namespace Boundaries
15.2 CN-Series core concepts

¥H¤U¦C¥X¨Ï¥Î PAN-OS ªº PA ¨t¦C Next Generation Firewall¡G

PA-220R Firewall

PA-400 Series Firewalls

PA-500 Firewall

PA-800 Series Firewalls

PA-1400 Series Firewalls

PA-3000 Series Firewalls

PA-3200 Series Firewalls

PA-3400 Series Firewalls

PA-5000 Series Firewalls

PA-5200 Series Firewalls

PA-5400 Series Firewalls

PA-5450 Firewall

PA-7000 Series Firewalls

VM (Virtual Machine) Series Firewalls

CN (Container) Series Firewall