PAN-EDU-285 Palo Alto Networks: Traps 4.2 - Deploy and Optimize

Duration: 2 days
Price: $2195

Palo Alto Networks® Traps™ Advanced Endpoint Protection prevents sophisticated vulnerability exploits and unknown malware-driven attacks. Successful completion of this two-day, instructor-led course should prepare the student to deploy Traps in large-scale or complex configurations and optimize its configuration.

By the end of the course, students should learn how to design, build, implement, and optimize large-scale Traps deployments: those with multiple servers and/or thousands of endpoints. In hands-on lab exercises, students will distribute Traps endpoint software in an automated way; prepare master images for VDI deployment; build multi-ESM deployments; design and implement customized policies; test Traps with exploits created using Metasploit; and examine prevention dumps with windbg.

Course Modules

  1. Scaling Server Infrastructure
    • Small site architectures
    • Large site architectures
    • TLS/SSL deployment considerations

  2. Scaling Agent Deployment
    • Distributing Traps via GPO
    • Configuring Virtual Desktop Infrastructure with Traps

  3. ESM Tuning
    • Tuning ESM settings
    • External logging and SIEM integration
    • Role Based Access Control (RBAC)
    • Defining Conditions
    • Tuning Policies
    • Implementing ongoing maintenance

  4. Windows migrations for Traps
    • SQL database migration
    • SSL certificate migration

  5. Advanced Traps Forensics
    • Best practices for managing forensic data
    • Agent queries
    • Resources for malicious software testing
    • Exploit challenge testing with Metasploit
    • Exploit dump analysis with windbg

  6. Advanced Traps Troubleshooting
    • ESM and Traps architecture
    • Troubleshooting scenarios using dbconfig and cytool
    • Troubleshooting application compatibility and BITS connectivity

This course is recommended for Security Engineers, System Administrators, and Technical Support Engineers.


Students should have completed "Traps 4.1: Install, Configure, and Manage" or (for Palo Alto Networks employee and partner SEs) "PSE: Endpoint Associate" training. Windows system administration skills and familiarity with enterprise security concepts also are required.

At this time there is no associated certification with this course.