Palo Alto Networks AAC Lab Creation Guidelines v1.0



Similar documents
Remote PC Guide Series - Volume 1

About the VM-Series Firewall

Elevated Privileges and User ID in Active Directory Environments

About the VM-Series Firewall

Meraki MX50 Hardware Installation Guide

Wireless G Broadband quick install

Configuring Global Protect SSL VPN with a user-defined port

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Set Up a VM-Series Firewall on an ESXi Server

Dramatically simplifying voice and data networking HOW-TO GUIDE. Bundle Quick Start Guide

Edgewater Routers User Guide

WildFire Cloud File Analysis

Lab Developing ACLs to Implement Firewall Rule Sets

Edgewater Routers User Guide

Set Up a VM-Series Firewall on an ESXi Server

White Paper Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

Set Up Panorama. Palo Alto Networks. Panorama Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Abstract. Avaya Solution & Interoperability Test Lab

V310 Support Note Version 1.0 November, 2011

Document No. FO1004 Issue Date: Draft: Work Group: FibreOP Technical Team July 23, 2013 Final: Single Static IP Customer Owned LAN Router Support

Microsoft Labs Online

How it works. b) IP addresses are allocated dynamically and may change any time.

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Using SonicWALL NetExtender to Access FTP Servers

Manage Firewalls. Palo Alto Networks. Panorama Administrator s Guide Version 6.1. Copyright Palo Alto Networks

VMware vsphere 5.0 Evaluation Guide

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

Remote PC Guide for Standalone PC Implementation

Quick Start Guide. for Installing vnios Software on. VMware Platforms

Installation of the On Site Server (OSS)

OfficeConnect Internet Firewall 25 Internet Firewall DMZ. QuickStart Guide (3C16770, 3C16771)

Virtual Appliance Setup Guide

Set Up a VM-Series NSX Edition Firewall

Palo Alto Networks User-ID Services. Unified Visitor Management

In this lab you will explore the Windows XP Firewall and configure some advanced settings.

Using a VPN with Niagara Systems. v0.3 6, July 2013

Thinspace deskcloud. Quick Start Guide

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Recommended Network Setup

How to Create a Virtual Switch in VMware ESXi

Configuring User Identification via Active Directory

Scenario 1: One-pair VPN Trunk

Lab - Configure a Windows XP Firewall

Using Cisco UC320W with Windows Small Business Server

Network Configuration Settings

Simulating Transparent Mode for Multiple Subnets

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

How to configure your Thomson SpeedTouch 780WL for ADSL2+

High Availability. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Acellus Lab Cart. User s Manual. Version 4B. Acellus Corporation Copyright 2010 Acellus Corporation. All Rights Reserved.

Configuring PA Firewalls for a Layer 3 Deployment

EXAM Recertification for MCSE: Server Infrastructure. Buy Full Product.

VM-Series Firewall Deployment Tech Note PAN-OS 5.0

IOS NAT Load Balancing for Two ISP Connections

Configuring a single-tenant BIG-IP Virtual Edition in the Cloud

GlobalProtect Features

7 6.2 Windows Vista / Windows IP Address Syntax Mobile Port Windows Vista / Windows Apply Rules To Your Device

Lab Diagramming Intranet Traffic Flows

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Manage Licenses and Updates

Best Practices: Pass-Through w/bypass (Bridge Mode)

Set Up a VM-Series Firewall on the Citrix SDX Server

CompTIA Exam N CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

Appendix C Network Planning for Dual WAN Ports

Palo Alto Networks GlobalProtect VPN configuration for SMS PASSCODE SMS PASSCODE 2015

Quick Guide of HiDDNS Settings (with UPnP)

Microsoft Labs Online

Panorama High Availability

F-Secure Messaging Security Gateway. Deployment Guide

Configure your firewall for administrative access via RADIUS authentication

Protecting the Home Network (Firewall)

Quick Installation Guide For Mac users

SSL-VPN 200 Getting Started Guide

MIP 5000 VoIP Radio Console VPN Solution Guide

ipad Installation and Setup

VMware vcenter Log Insight Getting Started Guide

To get started, you will need the following items Product Key Router with firewall capability Network cables

VMware vcloud Air Networking Guide

Configuring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.

ProSafe Plus Switch Utility

Web Authentication Application Note

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Using Remote Desktop Software with the LAN-Cell

Lab Diagramming External Traffic Flows

Quick Installation Guide-For MAC users

Installing and Configuring vcenter Support Assistant

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Virtual Appliance Setup Guide

Lab Configuring Access Policies and DMZ Settings

Option nv, Gaston Geenslaan 14, B-3001 Leuven Tel Fax Page 1 of 14

Lab - Configure a Windows 7 Firewall

Setting the Management IP Address

vcloud Director User's Guide

How To Configure Apple ipad for Cyberoam L2TP

Using a VPN with CentraLine AX Systems

Connecting to the Internet. LAN Hardware Requirements. Computer Requirements. LAN Configuration Requirements

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

Transcription:

Palo Alto Networks AAC Lab Creation Guidelines v1.0

Contact Information Corporate Headquarters: Palo Alto Networks 3300 Olcott Street Santa Clara, CA 95054 http://www.paloaltonetworks.com/ About this Guide This guide gives recommendations for creating a lab environment to support Palo Alto Networks classes. To provide feedback, please contact: education@paloaltonetworks.com. Palo Alto Networks, Inc. www.paloaltonetworks.com 2013 Palo Alto Networks. All rights reserved. Palo Alto Networks, PAN-OS, and Panorama are trademarks of Palo Alto Networks, Inc. All other trademarks are the property of their respective owners.

Table of Contents 1. Lab Equipment Requirements 2. Lab Designs 201/205 221 311 3. Lab Licensing

1 Lab Equipment Requirements Effective delivery of the Palo Alto Networks courses requires the support of a lab environment for student use. Currently, there are four courses that require a lab environment: EDU-201, EDU- 205, EDU-221, and EDU-311. The following requirements assume a minimum class size of 8 students, with up to 2 students sharing a single lab environment. It is strongly recommended that each lab environment be planned to accommodate each student with a dedicated desktop and firewall. All Palo Alto Networks training lab hardware and software must be purchased through an authorized NextWave channel partner. ATC Partners are welcome to leverage NFR pricing and promotions offered through Palo Alto Networks regional channel marketing team. Technical support and subscription services must also be purchased for every device and kept current annually. FIREWALLS: DESKTOPS: VIRTUAL ENVIRONMENTS REQUIREMENTS EDU-201/205/311 4 student firewalls (VM-100 or larger) 1 instructor firewall (PA-200 or larger; optional) EDU-221 8 student firewalls (VM-100 or larger) VIRTUAL ENVIRONMENTS EDU-201/205/221/311 4 student desktops (Windows XP or newer) 1 instructor desktop (Windows XP or newer) 2 browser clients (minimum) Telnet/SSH clients for each desktop Support for multiple network adapters

NETWORKING EQUIPMENT: SERVERS: VIRTUAL ENVIRONMENTS EDU-201 Virtual Switch: Support for 3 adapters Switches: Sufficient ports for connecting to SANS, ESXi servers, uplinks to the network edge, and remote access solutions. Gateway Device: Acts as your edge device. Remote Access Option: Hardware or RDP may be used. SANS EDU-205 Same as 201, plus: Virtual Switches: Additional virtual adapter EDU-221 Same as 201 EDU-311 Same as 201, plus: Router/Firewall: A device needs to provide OSPF support VIRTUAL ENVIRONMENTS EDU-201/205/221/311 1 Domain Controller (Windows 2000 or newer) 1 Physical Server for hosting ESXi

2 Lab Designs EDU-201 (Virtual) VIRTUAL LAB Remote Student Student Desktop Student Desktop Student Desktop Student Desktop PA PA PA PA Pano rama Active Directory Server VPN Local Student Laptop Diagram 1 For these environments, a gateway device will need to be in place to provide edge services for the lab network environment. This device will not be directly accessible by the Instructors or their students. This device should support 802.1Q VLAN tagging in order to ensure segregation of network traffic.

The gateway device will provide connectivity for two distinct network subnets within the environment: the Management Network (10.30.11.0/24) and the Untrust-L3 (172.16.x.0/24) network. Cables will need to connect between the gateway device and a switch to support these networks. WAN IP PA- 2050 10.30.11.x.24 172.16.x.0/24 ESXi WAN IP: As per your network Gateway Device Management LAN IP: 10.30.11.254 Gateway Device Student LAN IPs: 172.16.x.254* * x = Student ID Number Diagram 2

The switch will need to connect an uplink to the gateway device, while also connecting the Management adapter on the desktops, the Management Interface of the firewalls, and the Untrust- L3 interface of the firewalls. The firewall itself will have three cables connected: one to the upstream switch (Untrust-L3), one to the desktop (-L3; 192.168.x.0/24), and another cable to the switch (Management Port). The desktops will have a total of 2 network connections using different network adapters: one for the management network (10.30.11.0/24) and the other for the -L3 network (192.168.x.0/24). WAN IP PA- 2050 10.30.11.x.24 172.16.x.0/24 Managemet 10.30.11.X/24 Management 192.168.X.0/24 MGT PA Un Untrust 172.16.x.0/24 ESXi Diagram 3 PANW Firewall Untrust-L3 IP: 172.16.x.1 PANW Firewall Untrust-L3 Gateway IP: 172.16.x.254* PANW Firewall MGT IP: 10.30.11.x* PANW Firewall MGT Gateway IP: 10.30.11.254 Desktop MGT Adapter IP: 10.30.11.1x* Desktop MGT Adapter Gateway IP: 10.30.11.254 * x = Student ID Number

The following example is a diagram of what the lab would look like if configured for students 1 and students 2: WAN IP PA- 2050 10.30.11.x/24 172.16.x.0/24 Managemet 10.30.11.X/24 10.30.11.1/24 MGT 10.30.11.2/24 - L3 Dynamic 192.168.X.0/24 ESXi MGT: 10.30.11.X/24 1/ 2: 192.168.1.1/24 1/ 2: 192.168.2.1/24 PA PA MGT: 10.30.11.X/24 1/1.201: 172.16.1.1/24 Un 1/1.202: 172.16.2.1/24 Untrust 172.16.x.0/24 Diagram 4

EDU-205 (VIRTUAL) The configuration is the same as for the 201 class, with one exception: an additional cable will need to connect interface 1/6 of the student firewalls to the switch. WAN IP PA- 2050 10.30.11.x.24 172.16.x.0/24 OSPF- Router Managemet 10.30.11.X/24 Management 192.168.X.0/24 MGT 1/ 2 PA 1/6 1/1.201 Un Untrust 172.16.x.0/24 ESXi Diagram 5

The completed configuration of the student 1 and 2 firewalls: WAN IP 10.30.11.x/24 PA- 2050 172.16.x.0/24 OSPF- Router Managemet 10.30.11.X/24 10.30.11.1/24 MGT 10.30.11.2/24 - L3 Dynamic MGT: 10.30.11.X/24 1/ 2 192.168.1.1/24 192.168.X.0/24 ESXi 1/ 2 192.168.2.1/24 MGT: 10.30.11.X/24 PA 1/1.201: 172.16.1.1/24 Un PA 1/6 10.199.1.1/24 1/1.202 172.16.2.1/24 1/6 10.199.2.1/24 Untrust 172.16.x.0/24 Diagram 6

3 Lab Licensing OVF templates and VM-100 Capacity Licenses for lab device installation are provided to AACs by Palo Alto Networks. Feature licensing of the virtual devices is the responsibility of the Academy. Standard License Bundles are offered at a 90% discount of current suggested retail price. For purchases, Academies should contact their local Sales Representative for additional details. To install the licenses, please open the Management Interface of the respective VM-100 and log in as an Administrator, then navigate to Device > Licenses, and click on Activate feature using auth code. To install Support licenses, navigate to Device > Support. For additional information on setting up and licensing an individual VM-100, refer to the Getting Started Guide located at support.paloaltonetworks.com (you will need a support account for logging into the site, and then you will need to navigate to the Documentation section via the options on the center pane of the site).

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information