Palo Alto Networks Firewall Troubleshooting Training Course

Introduction

• Overview of Palo Alto Networks' next-generation firewalls

Using Tools and Resources

• Basic troubleshooting methodologies
• Options for information and support
• Using status monitoring tools
• Using maintenance mode

Understanding Flow Logic

• Session flow and app-ID
• Overview of flow logic
• TCP sessions and states
• Tracing packet flow

Packet Captures and Packet-Diagnostics Logs

• Understanding packet capture concepts
• Configuring packet captures
• Using debug-level diagnostic log features
• Interpreting the flow-basic output
• Using hardware assistance and offloading

Host-Inbound and Transit Traffic

• Troubleshooting transit traffic
• Blocking tor
• Troubleshooting host-inbound traffic

Using System Services

• Identifying performance issues
• Using baseline service performance
• Performance troubleshooting use cases
• Using system services daemons
• Gathering more data

Certificate Management and SSL Decryption

• Verify SSL decryption is applied via the certificate chain
• Accessing the site via its IP vs FQDN
• Intermediate CA missing
• Excluding URLs / certificates
• Using client authentication and SSL decryption exclusion
• Working with external factors that complicate SSL decryption

User-ID

• User-ID mapping flow
• Troubleshooting User-ID

GlobalProtect

• Using connection sequence
• Troubleshooting GlobalProtect

Support Escalation and RMAs

• Case management
• Dealing with hardware failure and return merchandise authorizations (RMAs)
• Managing escalation and support events

Summary and Next Steps