When it comes to Palo Alto Accredited Configuration Engineer (ACE) Exam preparations, options are quite minimal in terms of virtual resources. As discussed in my previous post one can either relies on Palo Alto PA -200 firewall or their Palo Alto VM 100 firewall, you may need to contact your local Palo Alto team to get the trial access with license.
If you got hold of Palo Alto VM 100 firewall then preparing the lab scenario using Unified Networking Lab is quite easier.
You can find out more details about Unified Networking Lab by visiting their web site and I recommend you to download the unetllab from their website. Still it’s in beta version yet it is more powerful. You can simulate scenarios using many vendors’ virtual products.
Once you downloaded and installed the Unified Networking Lab do follow the instructions mentioned in this blog by Andrea the creator of Unified Networking Lab. This blog shows you how to copy the Palo Alto VM 100 firewall into Unified Networking Lab
In the next post I will show how to create the topology recommended by Palo Alto for the Palo Alto Accredited Configuration Engineer (ACE) Exam.
When it comes to preparations for any Certification exams, it is key to have an access to the appliance either in Physical or Virtual form. When it comes to Palo Alto certification preparations its quite challenging to find the virtual resources. Palo Alto recommends to practice their Firewall Installation, Configuration, and Management: Essentials I -Lab Manual on PA – 200 firewall which is a hardware appliance not a virtual appliance.
Palo Alto recommends the below shown topology for preparations of Palo Alto Accredited Configuration Engineer (ACE) Exam – PAN-OS 6.0
Source: Palo Alto Firewall Installation, Configuration, and Management: Essentials I -Lab Manual
Well I believe the same topology can be created on the virtual environment especially when Palo Alto is marketing their virtual firewalls. Like F5 they can offer a trial license of 30 days purely for study purpose or certification purposes or like Cisco’s VIRL which can be bought at very nominal price. When it comes to preparations of much advance Palo Alto certifications like Palo Alto Networks Certified Network Security Engineer (PCNSE), one has to purely rely on either on Official Palo Alto training or hands on experience
It would be worth Palo Alto give a serious thought on coming out with a solution for their certification preparations especially when they are growing and trying to dominate the Next Generation Firewall world.
Palo Alto launched a Fuel community in 2014 is headquartered in Chicago, Illinois. The organization is governed by a volunteer Board of Directors and is managed by a headquarters staff
Basically Fuel is created for those professionals who are responsible for securing information and critical infrastructure, Fuel gives an opportunity to create a professional community and its members are empowered to influence and shape the future of security through meaningful online and in-person engagement with peers and industry experts.
Any one can be part of Fuel community and can be part of any local Fuel Chapter; Fuel also gives an opportunity for Security professionals to enhance their leadership qualities by heading a local chapter in their area. If you don’t find a Chapter in your Area you can approach Fuel team to create a Local Chapter in your area and you are fully supported by the Fuel Team.
Some of the benefits you can availed being part of Fuel Local Chapter are
Connect on member forums that are specific to a topic, industry, region or interest area. Learn best practices, ask questions and discuss challenges and solutions with other members.
Fuel’s file library contains all recent and past webcasts, presentations, technical papers and articles regarding cybersecurity. Fuel’s year-round training resources allow members to keep current within their role and industry.
Exclusive and early access to Palo Alto Networks News
Be in the know. Fuel members receive exclusive Palo Alto Networks product information and news first.
I strongly recommend you to access Fuel Website to see more details.
Good news for Saudi Palo Alto lovers is,a local chapter has been created and named as Saudi Arabia User Group. So be part of Saudi Arabia User Group to avail all the benefits of Fuel and do spread the word among your peers.
When it comes it comes to CCIE lab preparations most of us talk about the technical resources one should refer, hardly I see some one talks about the non-technical part of preparation. Well I am not trying to reinvent the wheel, yet would like to suggest two titles that will keep you motivated and help you to build a complete CCIE journey strategy.
There was great initiative by two gentlemen Dean Bahizad and Vivek Tiwari both of them are CCIE’s, they understood the pain and come out with an amazing title called “Your CCIE Lab Success Strategy: The Non-Technical Guidebook”
An amazing title, which serves as a personnel coach to some one who is preparing for the CCIE lab, they have crafted their journey in an interesting fashion and does offer lots of tips and strategies one could imagine of. So I certainly recommend to have this in your book self. This book offers a lot and its quite simple and a small book, which can be read in a week’s time.
Its been observed we give up the things even before starting the CCIE journey, we are afraid of failure, incompetency, no self confidence, no motivation to move forward, negativity, laziness and much more, in order to over come all these trials once could refer to Tony Robbins “ Awaken the giant with in “
Both these titles are quite helpful and will be your best friends for the journey of CCIE.
When it comes to choosing a CCIE track most of the CCIE aspirers are confused, everyday I encounter at least one CCIE aspirers approaching me for an advice. Some times I petty them but there are in need of guidance, so I morally try to support them and guide them to best of my ability.
Why are most of them are confused in choosing CCIE tracks?
Its been observed that most of them are confused at the step 1 of CCIE, they struggle to choose a CCIE track for them, some of them try to meet instructor after instructor of different tracks to select the CCIE track, this makes them more confused. Even I have seem some people start with a CCIE track A for few months and then again they change their track to track B, this is not a good sign for some one who already started the journey of CCIE.
I believe most of them want to choose a CCIE track for different reasons like
- Which CCIE track is in more demand?
- Which CCIE track is easy to pass?
- Which CCIE track offers me more remuneration?
- Which CCIE track is easy to simulate?
- Which CCIE track costs less?
So and so forth, well these are not the valid reasons to select a CCIE track. I strongly believe there should be strong desire and passion towards a particular track, which comes out when you ask the series of questions which mentioned in the article “ The Journey of CCIE – Series 1”. Yet some people may need some sort of Pre CCIE counseling in selecting a CCIE track and planning their journey.
Well as per my knowledge no one is offering such service, if some one wants to seek any guidance they can reach me out I can assist them in choosing their passions. Yes CCIE is a passion and can be only achieved when some one gives more than 100%. Please do feel free to reach me out, I will more than glad to help you.
Yesterday I passed the Palo Alto Accredited Configuration Engineer (ACE) Exam – PAN-OS 6.0 Version, the exam was quite easier provided you have hands on experience on Palo Alto firewall.
The Palo Alto Accredited Configuration Engineer (ACE) Exam – PAN-OS 6.0 Version is an entry-level exam of Palo Alto Certifications, which tests your knowledge of the core features and functions of Palo Alto Networks next-generation firewalls. The ACE exam is web-based and consists of 50 multiple-choice questions. The exam is not timed, and you can retake it as many times as necessary to earn a passing score.
Those who wants to be an Accredited Configuration Engineer (ACE) Exam – PAN-OS 6.0 Version, they just need to visit Palo Alto education website and get registered. Once done with registration, one can straight away attempt the Accredited Configuration Engineer (ACE) Exam provided he/she has the through knowledge of Palo Alto firewall. If not the best way to master ACE concepts is to register for Firewall Installation, Configuration, & Management (EDU-101 or EDU-201), EDU-101 is available at no cost as a self-paced online learning experience. EDU-201 is instructor-led with lab exercises and is offered through Palo Alto Network Authorized Training Centers (ATCs).
I took Firewall Installation, Configuration, & Management (EDU-101) self-paced online course which is about 6 hours long. The course is quite informative and the instructor has done an amazing job in explaining the concepts in simple language.
Certainly the Firewall Installation, Configuration, & Management (EDU-101) gives any one a good understanding of the concepts, but what about the hands on experience? You can certainly use the Firewall Installation, Configuration, and Management: Essentials I -Lab Manual for this purpose provided you have an access to any Palo Alto firewall which is not under production. Palo Alto recommends PA -200 firewall for this lab, however if you don’t have physical appliances one can make use of Unified Networking Lab for the preparation of the Accredited Configuration Engineer (ACE) Exam. In the upcoming post I will try to shed some light on Unified Networking Lab and how you can make it as your source of preparation.
Recently Cisco announced threat-focused next-generation firewall (NGFW). Cisco is trying to integrate FirePOWER with Cisco ASA to provide the features of next-generation firewall (NGFW). Only time will say how successful Cisco will be capturing the Next Generation firewall market.
Currently we all know Cisco has a very little presence when it comes to Security products, leaders like Palo Alto, Check point , Juniper and to certain extent Fortinet are making their impact and presence in the firewall world.
According to Cisco the ASA with FirePOWER Services features these comprehensive capabilities:
- Site-to-site and remote access VPN and advanced clustering provide highly secure, high-performance access and high availability to help ensure business continuity.
- Granular Application Visibility and Control (AVC) supports more than 3,000 application-layer and risk-based controls that can launch tailored intrusion prevention system (IPS) threat detection policies to optimize security effectiveness.
- The industry-leading Cisco ASA with FirePOWER next-generation IPS (NGIPS) provides highly effective threat prevention and full contextual awareness of users, infrastructure, applications, and content to detect multivector threats and automate defense response.
- Reputation- and category-based URL filtering offer comprehensive alerting and control over suspicious web traffic and enforce policies on hundreds of millions of URLs in more than 80 categories.
- AMP provides industry-leading breach detection effectiveness, a low total cost of ownership, and superior protection value that helps you discover, understand, and stop malware and emerging threats missed by other security layers.
I do expect Cisco may have some impact on the market share, especially after acquiring Source Fire things may change the trends for Cisco. Cisco is trying to add the rich features and flavors of Source Fire products into its ASA firewall. Once I get an access to their Next Generation Firewall it will be much easier to comment on the services Cisco is offering and can be compared with their competitors.
There is always an end to every journey, so this will be the last series I am going to write on my journey of CCIE, I will come back with articles in future that may hit the topics of CCIE Routing and Switching exam. But as a series this will be the last one.
Lets summarize all the ten series in this post, so that if some one wants to access all the previous series he/she may use the links mentioned here.
Series 5 – We reviewed INE’s CCIE Routing and Switching version 5 workbooks and the great thing about the INE offers with this workbook and the virtual support they render for practicing their workbooks.
I wish you all the best and I am pretty sure hard work never goes into vein, irrespective of the lab result the journey of CCIE it self teaches a lot.
Sometimes we tend to get out of focus and don’t take our preparations seriously, it happened with me many times. We were at our peak, but suddenly for obvious reasons we lost the interest. This situation is really hard to overcome and many people give up at this stage which is so sad.
The best way to overcome this phobia is to schedule the lab and pay for it. This huge step makes life easier in terms of preparations. Your life now evolves most of the times about the lab and the preparations for the lab. You live each and every day not only thinking about the lab but also finding the ways to overcome the challenges you face. So that you are ready to take the challenge in more optimistic way.
So whenever you feel you are getting out of focus and cannot concentrate, then take a break, monitor your progress, estimate the time you need to get ready for lab, and then schedule the lab and pay for it.
By doing so you are empowering your brain to focus more on the lab rather than the distractions. So schedule you lab and enjoy the journey.
I have been asked by many networking professionals to choose which CCIE track? As we all know Cisco is offering CCIE tracks in CCIE Routing and Switching, CCIE Service Provider, CCIE Data Center, CCIE Security, CCIE Collaboration and CCIE Wireless. Cisco will never come out with these tracks if there was no value for any particular CCIE track. Hence there is no point in either asking or following what others are doing, its been observed some of the Networking Professionals failed to follow their heart rather they go with the trends or what their peers are doing. This is not a right approach. Remember in the first post we asked ourselves why do we want to be a CCIE? This question should give you a clarity and reason to focus.
So its better not to follow the mass, follow you heart, drive by your passions. When you do this, the journey of CCIE becomes interesting and easier. When you follow your passions, you have zeal to excel, reason to conquer and motivation to move forward.
While I was attempting to CCIE Routing and Switching Lab exam, most of my professional friends advised me to go with CCIE Data Center, simply because there was a huge demand for CCIE Data Center and there are very few Data Center CCIE’s. Thank to Almighty I followed my passion, followed my heart and attempted the track on which I have good experience and understanding of concepts and I passed my lab.
When you choose a CCIE track, ask yourself what track you are personally comfortable with, in which area you have an experience. Then go for it. Then only the journey becomes easier and interesting.
So follow your passions and live your dreams.