Palo Alto Networks Certified Network Security Engineer

Training on Real Equipment with Subject Matter Expert Trainer and Consultant

Fortray Networks Ltd


£495.99 inc VAT
Study method
Online with live classes
40 Hours, Part-time
Certified Network Security Engineer (CNSE)
Professional What's this?
Additional info
  • Tutor is available to students

4 students enquired about this course


Palo Alto Networks is a next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide. Gartner has positioned it in the "Leader’s" quadrant of May 25, 2016, as "Magic Quadrant for Enterprise Network Firewalls" for the fifth consecutive year and is trusted by over 31,000 customers in 140 countries.

Fortray’s Palo Alto Networks Certified Network Security Engineer (PCNSE) course covers topics in PAN-OS 8.x, Panorama 8.x, GlobalProtect, and other aspects of the Palo Alto Networks network security platform that a firewall administrator.

Fortray’s Palo Alto PCNSE- Security Professional course will ensure that the learner gains extensive hands-on experience on the Real & Licensed hardware along with an industry-experienced trainer with only one vision in mind.

Successful completion of this hands-on, instructor-led course will enhance the student’s understanding of how to configure and manage Palo Alto Networks®
Next-Generation firewalls on Panorama. The student will learn and get hands-on experience configuring, managing, and monitoring a firewall in a live environment.


Certified Network Security Engineer (CNSE)
Awarded by Palo Alto Networks


Detailed Course Outline

Module 1: Platforms and Architecture

  • Security platform overview
  • Next-generation firewall architecture
  • Zero Trust security model
  • Public cloud security
  • Firewall offerings

Module 2: Initial Configuration

  • Administrative controls
  • Initial access to the system
  • Configuration management
  • Licensing and software updates
  • Account administration
  • Viewing and filtering logs

Module 3: Interface Configuration

  • Security zones and interfaces
  • Tap interfaces
  • Virtual Wire interfaces
  • Layer 2 interfaces
  • Layer 3 interfaces
  • Virtual routers
  • VLAN interfaces
  • Loopback interfaces
  • Policy-based forwarding

Module 4: Security and NAT Policies

  • Security policy fundamental concepts
  • Security policy administration
  • Network Address Translation
  • Source NAT configuration
  • Destination NAT configuration

Module 5: App-ID™

  • Application Identification (App-ID) overview
  • Using App-ID in a Security policy
  • Identifying unknown application traffic
  • Updating App-ID

Module 6: Basic Content-ID™

  • Content-ID overview
  • Vulnerability Protection Security Profiles
  • Antivirus Security Profiles
  • Anti-Spyware Security Profiles
  • File Blocking Profiles
  • Attaching Security Profiles to Security policy rules
  • Telemetry and threat intelligence
  • Denial of service protection

Module 7: URL Filtering

  • URL Filtering Security Profiles
  • Attaching URL Filtering Profiles

Module 8: Decryption

  • Decryption concepts
  • Certificate management
  • SSL Forward Proxy decryption
  • SSL Inbound Inspection
  • Other decryption topics:
    • Unsupported applications
    • No decryption
    • Decryption port mirroring
    • Hardware security modules
    • Troubleshooting SSL session terminations

Module 9: WildFire™

  • WildFire concepts
  • Configuring and managing WildFire
  • WildFire reporting

Module 10: User-ID™

  • User-ID overview
  • User mapping methods overview
  • Configuring User-ID
  • PAN-OS® Integrated agent configuration
  • Windows-based agent configuration
  • Configuring group mapping
  • User-ID and Security policy

Module 11: GlobalProtect™

  • GlobalProtect overview
  • Preparing the firewall for GlobalProtect
  • Configuration: GlobalProtect Portal
  • Configuration: GlobalProtect Gateway
  • Configuration: GlobalProtect agents

Module 12: Site-to-Site VPNs

  • Site-to-site VPN
  • Configuring site-to-site tunnels
  • IPsec troubleshooting

Module 13: Monitoring and Reporting

  • Dashboard, ACC, and Monitor
  • Log forwarding
  • Syslog
  • Configuring SNMP

Module 14: Active/Passive High Availability

  • HA components and operation
  • Active/passive HA configuration
  • Monitoring HA state

Who is this course for?

Network Security Engineer

Network Analyst

Firewall Engineer


Students must have a basic familiarity with networking concepts including routing, switching, and IP address. Students also should be familiar with basic security concepts. Experience with other security technologies (IPS, proxy, and content filtering) is a plus

Questions and answers

Rating and reviews

There haven't been any reviews for this course yet.

Please sign in to review this course.