Cisco Training - HD TelePresence // S-FIREWALL

Deploying Cisco ASA Firewall Solutions v1.0

Reduce Risk to Your IT Infrastructure. Get the skills to implement and maintain Cisco ASA adaptive security appliance-based perimeter solutions

Course Description

The Deploying Cisco ASA Firewall Features (FIREWALL) 1.0 course is a five-day course that aims at providing network security engineers with the knowledge and skills needed to implement and maintain Cisco ASA adaptive security appliance-based perimeter solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA adaptive security appliance features, and provide detailed operations support for the Cisco ASA adaptive security appliance.

Audience

This course is designed for Network Security Engineers (NSEs) and anyone with their CCNA Security Certification or perusing a CCNP Security Certification. This course covers topics associated with Cisco Exam #642-617

Prerequisites

Before taking this course, students should have working knowledge of Microsoft Windows operating systems and knowledge attained from attending the following prerequisite Cisco courses:

What You Will Learn

  • Evaluate the basic technology, features, and hardware models of the Cisco ASA adaptive security appliance product line
  • Implement and maintain basic Cisco ASA adaptive security appliance connectivity and device management plane features
  • Implement and maintain data plane access control features of the Cisco ASA adaptive security appliance product family
  • Implement and maintain Cisco ASA adaptive security appliance features that integrate it with the local and global routing and switching infrastructure
  • Implement and maintain Cisco ASA adaptive security appliance virtualization and high availability features
  • Evaluate Cisco ASA adaptive security appliance SSM modules, their major features, and integrate them with the Cisco ASA adaptive security appliance

Course Outline

1. Introduction to the Cisco ASA Adaptive Security Appliance
Introducing Cisco ASA Adaptive Security Appliance Technology and Features
  • Firewalls and Security Domains
  • Firewall Technologies
  • Overview of Cisco ASA Adaptive Security Appliance Features
  • Common Cisco ASA Adaptive Security Appliance Use Cases

Introducing the Cisco ASA Adaptive Security Appliance Family

  • Cisco ASA Adaptive Security Appliance Platforms and Models
  • Cisco ASA Adaptive Security Appliance Security Services Modules
  • Cisco ASA Adaptive Security Appliance Licensing Model
  • Basic Cisco ASA Adaptive Security Appliance Hardware Troubleshooting
2. Implementation of Basic Connectivity and Device Management
Getting Started with the Cisco ASA Adaptive Security Appliance and Cisco ASDM
  • Managing the Cisco ASA Adaptive Security Appliance Boot Process
  • Managing the Cisco ASA Adaptive Security Appliance Using the CLI
  • Managing the Cisco ASA Adaptive Security Appliance Using Cisco ASDM
  • Navigating Basic Cisco ASDM Features

Configuring Interfaces and Static Routing

  • Overview of Basic Configuration Choices, Basic Procedures, and Required Input Parameters
  • Managing Cisco ASA Adaptive Security Appliance Security Levels
  • Configuring and Verifying Interface Network Parameters
  • Configuring and Verifying VLAN Interfaces Configuring and Verifying Static Routing
  • Configuring and Verifying the Cisco ASA Adaptive Security Appliance DHCP Server
  • Troubleshooting Basic Connectivity

Configuring Basic Device Management Features

  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying Basic Device Management Settings
  • Managing Time Settings / Event and Session Logging
  • Managing the Cisco ASA Adaptive Security Appliance File System
  • Managing Cisco ASA Adaptive Security Appliance Software and Feature Activation
  • Using Other Troubleshooting and Management Tools

Configuring Management Access

  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Managing Remote Management Channels
  • Managing Authentication for Management Access
  • Verifying and Troubleshooting AAA for Management Access
  
3. Deployment of Cisco ASA Adaptive Security Appliance Access Control
Configuring Basic Access Control
  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Connection Table and Local Host Table
  • Configuring and Verifying Interface Access Rules
  • Configuring and Verifying Object Groups
  • Configuring, Verifying & Troubleshooting Other Basic Access Controls

Using Cisco ASA Adaptive Security Appliance Modular Policy Framework

  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying Policies for OSI Layers 3 and 4
  • Configuring and Verifying Policies for OSI Layers 5 to 7
  • Configuring and Verifying a Policy for Management Traffic

Tuning Basic Stateful Inspection Features

  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Tuning Basic Inspection of OSI Layers 3 and 4
  • Tuning the Cisco ASA Adaptive Security Appliance TCP Normalizer
  • Configuring Support for Dynamic Protocols
  • Troubleshooting Inspection of OSI Layers 3 and 4 on the Cisco ASA Adaptive Security Appliance

Configuring Application Layer Policies

  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying HTTP Inspection
  • Evaluating FTP Inspection
  • Evaluating DNS Inspection
  • Evaluating ESMTP Inspection
  • Evaluating Inspection of Other Protocols
  • Troubleshooting Application Layer Inspection

Configuring Advanced Access Controls

  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying Cisco TCP Intercept
  • Configuring and Verifying the Cisco Botnet Traffic Filter
  • Configuring and Verifying Basic Threat Detection
  • Configuring and Verifying Advanced Threat Detection
  • Configuring and Verifying Scanning Threat Detection

Configuring Resource Limits and Guarantees

  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying Connection Limits
  • Configuring and Verifying Traffic Policing and Shaping
  • Configuring and Verifying Traffic Priority Queuing

Configuring User-Based Policies (Cut-Through Proxy)

  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying User Authentication
  • Configuring Authentication Prompts and Timeouts
  • Configuring and Verifying User Authorization
  • Configuring and Verifying User Session Accounting
  • Troubleshooting Operation of User-Based Controls
 4. Deployment of Cisco ASA Adaptive Security Appliance Network Integration Features
Deploying Network Address Translation
  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring NAT Control
  • Configuring and Verifying Dynamic Inside NAT and PAT
  • Configuring and Verifying Static Inside NAT and PAT
  • Configuring NAT Rules to Bypass Address Translations
  • Configuring Outside NAT
  • Integrating NAT with Cisco ASA Adaptive Security Appliance Access Control
  • Troubleshooting NAT

Configuring Cisco ASA Adaptive Security Appliance Transparent Operations

  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying Transparent Firewall Mode
  • Configuring OSI Layer 3–7 Access Control in Transparent Firewall Mode
  • Configuring OSI Layer 2 Access Control in Transparent Firewall Mode
  • Troubleshooting Transparent Firewall Operation       
5. Deployment of Cisco ASA Adaptive Security Appliance Virtualization and High Availability Features
Deploying Cisco ASA Adaptive Security Appliance Virtualization Features
  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying Security Contexts
  • Managing Security Contexts
  • Configuring and Verifying Resource Management
  • Troubleshooting Security Contexts
Deploying Cisco ASA Adaptive Security Appliance Redundant Interfaces
  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying Redundant Interfaces
  • Troubleshooting Redundant Interfaces
Deploying Active/Standby High Availability Failover
  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying Active/Standby Failover
  • Tuning and Managing Active/Standby Failover
  • Remote Command Execution
  • Troubleshooting Active/Standby Failover
Deploying Active/Active High-Availability Failover
  • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring and Verifying Active/Active Failover
  • Tuning and Managing Active/Active Failover
  • Troubleshooting Active/Active Failover
6. Integration of Cisco ASA Adaptive Security Appliance Security Service Modules
Introducing Cisco ASA Adaptive Security Appliance Security Service Modules
  • Cisco Security Service Modules Overview
  • Cisco Content Security Control SSM
  • Cisco Advanced Inspection and Protection SSM and SSC

Integrating the Cisco ASA Adaptive Security Appliance AIP-SSM and AIP-SSC Modules

  • Cisco AIP-SSM and Cisco AIP SSC Installation
  • Managing Cisco ASA AIP-SSM and Cisco ASA AIP SSC Basic Features
  • Initializing Cisco ASA AIP-SSM and Cisco ASA AIP SSC
  • Configuring Cisco ASA Adaptive Security Appliance Traffic Redirection Policy

Integrating the Cisco ASA Adaptive Security Appliance CSC-SSM Module

  • Cisco CSC-SSM Installation
  • Managing Cisco CSC-SSM Basic Features
  • Initializing Cisco CSC-SSM
  • Configuring Cisco ASA Adaptive Security Appliance Traffic Redirection Policy