Deploying Cisco ASA Firewall Features (FIREWALL)

Deploying Cisco ASA Firewall Features is a 5 day instructor-led training class  that is presented by Cisco training partners to their end customers. Channel Partners nationwide hire proven AMS Subject Matter Expert Cisco Certified Systems Instructors (CCSI’s) to teach on-site or on-line classes.

This course is intended for:

  • Network Security Engineers (NSEs) involved in firewall design,
    implementation and maintenance
  • Cisco customers who implement and maintain Cisco ASA (adaptive security
    appliance) based perimeter solutions

Other who would find this course useful include:

  • Cisco channel partners who sell, implement and maintain Cisco ASA security
    appliances
  • Cisco engineers who support the sale of Cisco ASA security appliances

The course is used in these certifications, specializations, curricula, and
learning maps: Certifications:

  • Cisco Certified Network Professional Security (CCNP Security)

Curricula, specializations, and learning maps:

  • CCNP Security (and optionally some related specializations within the CCNP
    Security program)

Certifications

This course is part of the following Certifications:

  • Cisco Network Professional Security (CCNP Security)
  • CCIE Security

Prerequisites

The knowledge and skills you must have before attending this course are as
follows:

  • Cisco Certified Network Associate (CCNA) certification or equivalent
    knowledge
  • Cisco Certified Network Associate Security (CCNA Security) certification or
    equivalent knowledge
  • !IINS or equivalent knowledge
  • Working knowledge of the Microsoft Windows operating system

Course Objectives

Upon completing this course, the learner will be able to meet these overall
objectives:

  • Evaluate the basic firewall technology, features, hardware models and
    licensing options of the Cisco ASA security appliance
  • Implement and troubleshoot basic Cisco ASA security appliance connectivity
    and device
  • Management plane features
  • Configure and verify Cisco ASA security appliance network integration
  • Configure and verify Cisco ASA security appliance policy
  • Configure and verify high availability and virtualization on Cisco ASA
    security appliances

Course Content

The Deploying Cisco ASA FIREWALL Solutions (FIREWALL) course is part of the
curriculum path leading to the Cisco Certified Network Professional Security
(CCNP Security) certification. It is a five-day instructor-led course that is
aimed at providing you with the knowledge and skills that are needed to
implement and maintain perimeter solutions that are based on Cisco ASA security
appliances. At the end of the course, you will be able to reduce risk to your IT
infrastructure and applications using Cisco ASA security appliance features, and
provide detailed operations support for the Cisco ASA security
appliance.

Detailed Course Outline

Module 1: Cisco ASA Adaptive Security Appliance Introduction

Evaluate the basic firewall technology, features, hardware models, and
licensing options of the Cisco ASA security appliance

Lesson 1: Introducing Cisco ASA Adaptive Security Appliance
Technologies

  • Describe the concepts of a firewall and of network segmentation into
    security domains
  • Describe and evaluate technologies that you can use for firewall systems
  • Describe the Cisco ASA security appliance firewall and VPN-related access
    control features using case studies

Lesson 2: Identifying the Cisco ASA Adaptive Security Appliance
Families

  • Choose appropriate Cisco ASA security appliance hardware
  • Evaluate and choose appropriate Cisco ASA security service modules

Lesson 3: Identifying Cisco ASA Adaptive Security Appliance Licensing
Options

  • Choose the appropriate Cisco ASA security appliance licensing
  • Identify requirements that are model specific for licensing on the Cisco ASA
    security appliance

Module 2: Basic Connectivity and Device Management

Implement and troubleshoot basic Cisco ASA security appliance connectivity
and device management plane features

Lesson 1: Preparing the Cisco ASA Adaptive Security Appliance for
Network Integration

  • Explain the Cisco ASA security appliance boot process
  • Use the Cisco ASA security appliance CLI to configure the appliance
  • Describe the Cisco ASDM and its operating requirements
  • Configure the Cisco ASA security appliance using the Cisco ASDM
  • Upgrade the Cisco ASA security appliance when no firewall configuration is
    present
  • Lab 2-1: Preparing the Cisco ASA Adaptive Security Appliance for Network
    Integration

Lesson 2: Managing Basic Cisco ASA Adaptive Security Appliance
Network Settings

  • Configure Cisco ASA security appliance network interface security levels
  • Configure and verify network interface parameters on Cisco ASA security
    appliances
  • Configure and verify VLANs on Cisco ASA security appliances
  • Configure a default route for Internet access
  • Configure and verify the DHCP server feature on Cisco ASA security
    appliances
  • Troubleshoot basic connectivity on Cisco ASA security appliances
  • Lab 2-2: Configuring the Cisco ASA Adaptive Security Appliance for Secure
    Network Integration

Lesson 3: Configuring Cisco ASA Adaptive Security Appliance Device
Management Features

  • Configure and verify basic management settings on Cisco ASA security
    appliances
  • Describe file system and configuration management on Cisco ASA security
    appliances
  • Manage image upgrades and activation keys
  • Configure and verify time settings and support for NTP on Cisco ASA security
    appliances
  • Configure and verify logging settings and NetFlow on Cisco ASA security
    appliances
  • Configure and verify remote management channels on Cisco ASA security
    appliances
  • Configure and verify AAA for management access on Cisco ASA security
    appliances
  • Troubleshoot management access that failed to the Cisco ASA security
    appliance
  • Lab 2-3: Configuring Management Features

Module 3: Network Integration

Configure and verify Cisco ASA security appliance network integration

Lesson 1: Configuring Cisco ASA Adaptive Security Appliance NAT
Features

  • Explain how to manage NAT on Cisco ASA Software Version 8.2 and earlier
  • Describe the NAT functions on Cisco ASA Software Versions 8.3 and later
  • Configure NAT on the Cisco ASA security appliance using object (auto) NAT
  • Configure NAT on the Cisco ASA security appliance using manual NAT
  • Tune and troubleshoot NAT on the Cisco ASA security appliance using the
    Cisco ASDM and CLI tools
  • Lab 3-1: Configuring NAT

Lesson 2: Configuring Cisco ASA Adaptive Security Appliance Basic
Access Control Features

  • Describe the connection table, the local host table, connection objects, and
    local host objects
  • Configure and verify interface ACLs on Cisco ASA security appliances
  • Configure and verify global ACLs on the Cisco ASA security appliance
  • Configure and verify object groups on Cisco ASA security appliances
  • Configure and verify public servers on Cisco ASA security appliances using
    Cisco ASDM
  • Configure and verify other basic access controls, such as uRPF and shun, on
    Cisco ASA security appliances
  • Troubleshoot ACLs on Cisco ASA security appliances
  • Lab 3-2: Configuring Basic Cisco Access Control Features

Lesson 3: Configuring Cisco ASA Adaptive Security Appliance Routing
Feature
s

  • Configure and verify static routing on Cisco ASA security appliances
  • Discuss dynamic routing support on Cisco ASA security appliances
  • Configure and verify EIGRP on Cisco ASA security appliances
  • Evaluate multicast support on Cisco ASA security appliances

Lesson 4: Configuring the Cisco ASA Adaptive Security Appliance
Transparent Firewall

  • Evaluate transparent mode features and plan the deployment of transparent
    mode on Cisco ASA security appliances
  • Configure and verify transparent mode on Cisco ASA security appliances
  • Configure and verify Layer 3 through Layer 7 access controls in transparent
    firewall mode
  • Configure and verify Layer 2 access controls in transparent firewall mode
  • Troubleshoot transparent firewall on Cisco ASA security appliances
  • Lab 3-3: Configuring Transparent Firewall (Optional)

Module 4: Cisco ASA Adaptive Security Appliance Policy Control

Configure and verify Cisco ASA security appliance policy

Lesson 1: Defining the Cisco ASA Adaptive Security Appliance
MPF

  • Plan the deployment of the Cisco MPF on the Cisco ASA security appliance
  • Configure and verify OSI Layer 3 and Layer 4 policies on the Cisco ASA
    security appliance
  • Configure and verify a management traffic policy on the Cisco ASA security
    appliance

Lesson 2: Configuring Cisco ASA Adaptive Security Appliance
Connection Policy and QoS Settings

  • Describe the Cisco ASA security appliance basic stateful inspection tuning
    options
  • Tune OSI Layer 3 and Layer 4 inspection policy on the Cisco ASA security
    appliance
  • Configure and verify connection settings using MPF on the Cisco ASA security
    appliance
  • Configure and verify support for dynamic protocols using MPF on the Cisco
    ASA security appliance
  • Configure support for the Botnet Traffic Filter on the Cisco ASA security
    appliance
  • Configure QoS support on the Cisco ASA security appliance
  • Troubleshoot OSI Layer 3 and Layer 4 inspection policy on the Cisco ASA
    security appliance
  • Lab 4-1: Configuring MPF, Basic Stateful Inspections, and QoS

Lesson 3: Configuring Cisco ASA Adaptive Security Appliance Advanced
Application Inspections

  • Introduce Layer 5 to Layer 7 application inspection on the Cisco ASA
    security appliance
  • Configure and verify application inspection of HTTP traffic
  • Configure and verify application inspection of FTP traffic
  • Describe support for other Layer 5 to Layer 7 application policy enforcement
    on the Cisco ASA security appliance
  • Troubleshoot application layer inspection on Cisco ASA security appliances
  • Lab 4-2: Configuring MPF Advanced Application Inspections

Lesson 4: Configuring Cisco ASA Adaptive Security Appliance
User-Based Policies

  • Plan the deployment of user-based access control on the Cisco ASA security
    appliance
  • Configure and verify cut-through authentication on the Cisco ASA security
    appliance
  • Configure authentication prompts and timeouts on the Cisco ASA security
    appliance
  • Configure and verify cut-through authorization on the Cisco ASA security
    appliance
  • Configure and verify cut-through accounting on the Cisco ASA security
    appliance
  • Troubleshoot cut-through proxy operations on the Cisco ASA security
    appliance
  • Lab 4-3: Configuring Cut-Through Proxy

Module 5: Cisco ASA Adaptive Security Appliance High Availability and
Virtualization

Configure and verify high availability and virtualization on Cisco ASA
security appliances

Lesson 1: Configuring Cisco ASA Adaptive Security Appliance Interface
Redundancy Features

  • Configure and verify EtherChannel on the Cisco ASA security appliance
  • Configure and verify redundant interfaces on the Cisco ASA security
    appliance
  • Troubleshoot redundant interfaces on the Cisco ASA security appliance

Lesson 2: Configuring Cisco ASA Active/Standby High
Availability

  • Describe active/standby failover and plan the deployment of failover on the
    Cisco ASA security appliance
  • Configure and verify active/standby failover on the Cisco ASA security
    appliance
  • Tune and manage active/standby failover on the Cisco ASA security appliance
  • Describes remote command execution when using the Cisco ASA security
    appliance in failover configuration
  • Troubleshoot active/standby failover on the Cisco ASA security appliance
  • Lab 5-1: Configuring Active/Standby High Availability

Lesson 3: Configuring Security Contexts on the Cisco ASA Adaptive
Security Appliance

  • Describe security contexts and plan the deployment of security contexts on
    the Cisco ASA security appliance
  • Configure security contexts on the Cisco ASA security appliance
  • Verify and manage security contexts on the Cisco ASA security appliance
  • Configure and verify resource management on the Cisco ASA security appliance
  • Troubleshoot the operation of the Cisco ASA in multi-context mode

Lesson 4: Configuring Cisco ASA Active/Active High
Availability

  • Describe active/active failover and plan the deployment of failover on the
    Cisco ASA security appliance
  • Configure and verify active/active failover on the Cisco ASA security
    appliance
  • Tune active/active failover on the Cisco ASA security appliance
  • Troubleshoot active/active failover on the Cisco ASA security appliance
  • Lab 5-2: Configuring Active/Active High Availability

To Hire an AMS Cisco Certified Systems Instructor and Subject Matter Expert that teaches this class, call 800-798-3901 today!

Leave a Reply