Implementing Advanced Cisco ASA Security (SASAA)

Detailed Outlines

Course Outlines

Module 1 Cisco ASA Product Family

Module 1 Lesson 1 Introducing the Cisco ASA 5500-X Series Next-Generation Firewalls

  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA 5500-X Series USB 2.0 Ports
  • Cisco ASA 5500-X Series SSDs
  • Cisco ASA NGE Support
  • Cisco ASA 5585-X Dual Firewall Support

Module 1 Lesson 2 Installing Cisco ASA 5500-X Series IPS Software Module

  • IPS Software Module
  • IPS Software Module Installation
  • sw-module module ips Command
  • IPS Software Module CLI Access
  • setup Command
  • IPS Software Module Management Interface Configuration
  • Cisco ASA-to-IPS Software Module Traffic Redirection
  • IPS Software Licenses

Module 1 Lab 1-1 Remote Lab Environment Access
Module 1 Lab 1-2 Cisco ASA 5500-X IPS and CX Software Module Installation and Setup

Module 1 Lesson 3 Introducing the Cisco ASASM

  • Cisco ASASM Supported Platforms
  • Cisco ASASM Performance Numbers
  • Cisco ASASM Architecture
  • Cisco ASASM Features Parity
  • Cisco ASASM VLAN Interface Configurations

Module 1 Lesson 4 Introducing the Cisco ASA 1000V Cloud Firewall

  • Cisco ASA 1000V and VSG Cloud Firewall Roles
  • Cisco ASA 1000V Firewall Deployment Scenario
  • Cisco ASA 1000V Cloud Firewall Performance Numbers
  • Cisco ASA 1000V Environment
  • Cisco ASA 1000V Management

Module 2: Cisco ASA Identity Firewall

Module 2 Lesson 1 Describing the Cisco ASA Identity Firewall Solution

  • Cisco ASA Identity Firewall Benefits
  • Cisco ASA Identity Firewall Flow
  • Cisco Identity Firewall Policies

Module 2 Lesson 2 Setting Up Cisco CDA

  • Cisco CDA versus Active Directory Agent
  • Cisco CDA Hardware Appliance and VM Requirements
  • Cisco CDA Installation
  • Cisco CDA Setup
  • Cisco CDA Application Status Verification
  • Cisco CDA CLI Operations
  • Cisco CDA GUI

Module 2 Lesson 3 Configuring Cisco CDA

  • Active Directory Server Configuration
  • Cisco ASA Configuration
  • Syslog Server Configuration
  • Cisco CDA User-Account Configuration
  • Cisco CDA GUI Password Policy Configuration
  • Cisco CDA Session Timeout Configuration
  • IP-to-Identity Mapping Display
  • Registered-Device Verification

Module 2 Lesson 4 Configuring Cisco ASA Identity Firewall

  • Identity-Based Firewall Configuration Tasks
  • Active Directory Server Configuration
  • Cisco CDA Configuration
  • User-Identity Options Configuration Using Cisco ASDM
  • User-Identity Option Configuration Using the CLI
  • User-Identity-Based Access Rules
  • User Object Group Configuration
  • FQDN Network Object Configuration
  • Identity Firewall with Cut-Through Proxy Use Case
  • Identity Firewall with Remote-Access VPN Use Case

Module 2 Lesson 5 Verifying and Troubleshooting Cisco Identity Firewall

  • Cisco CDA and Active Directory Server Connectivity Test
  • show user-identity Command
  • show user-identity Command for Cisco CDA Verification
  • show user-identity Command for Active Directory User Verification
  • show user-identity Command for Active Directory Group Verification
  • show user-identity Command for Memory-Usage Verification
  • Identity-Based Firewall Cisco ASDM Monitoring Panes
  • Cisco CDA Management with the CLI
  • Cisco CDA Live Log Monitoring
  • Cisco CDA Troubleshooting

Module 2 Lab 2-1 Context Directory Agent Configuration
Module 2 Lab 2-2 ASA Identity-Based Firewall Configuration

Module 3: Cisco ASA CX

Module 3 Lesson 1 Introducing Cisco ASA CX (Next-Generation Firewall)

  • Cisco ASA CX Benefits and Components
  • Cisco ASA CX Broad and Web AVC
  • Cisco ASA CX Policy Types
  • Compatibility with Existing Cisco ASA Features
  • Cisco ASA 5585-X CX-SSP Hardware Module
  • Cisco ASA 5500-X CX Software Module

Module 3 Lesson 2 Describing the Cisco ASA CX Management Architecture

  • Cisco ASA CX Management Architecture
  • On-Box and Off-Box Cisco PRSM
  • On-Box and Off-Box Cisco PRSM GUI Differences

Module 3 Lesson 3 Installing the Cisco Off-Box PRSM and Cisco ASA CX

  • Off-Box Cisco PRSM Setup
  • Cisco PRSM GUI Basic Functions
  • Cisco ASA CX System Package Installation
  • Cisco ASA CX Status Verification
  • Cisco ASA CX Management Interface
  • Cisco ASA CX CLI Operations

Module 3 Lesson 4 Redirecting Cisco ASA-to-Cisco ASA CX Traffic

  • Cisco ASA-to-Cisco ASA CX Traffic Redirection

Module 3 Lesson 5 Performing Cisco PRSM Device Discovery and Configuration Import

  • Cisco ASA CX Policy Structure
  • Off-Box Cisco PRSM Device Discovery
  • Off-Box Cisco PRSM Device Groups

Module 3 Lesson 6 Configuring Cisco ASA CX Policy Objects

  • Cisco ASA CX Policy Object Types
  • Cisco ASA CX Network Objects
  • Cisco ASA CX Service Objects and Service Groups
  • Cisco ASA CX Application Objects and Application Service Objects
  • Cisco ASA CX URL Objects
  • Cisco ASA CX User Agent Objects
  • Cisco ASA CX Identity Objects
  • Cisco ASA CX Source Object and Destination Object Groups
  • Cisco ASA CX Secure Mobility Objects
  • Cisco ASA CX Action Profile Objects
  • Policy Objects in Cisco ASA CX Policies
  • Tags, Ticket IDs, and Metadata

Module 3 Lesson 7 Configuring Cisco ASA CX Access Policies

  • Cisco ASA CX Access Policy Configuration
  • Cisco ASA CX Application Control Configuration
  • Cisco ASA CX URL Filtering Configuration
  • Cisco ASA CX File Filtering Profile Configuration
  • ASA CX Web Reputation Profile Configuration

Module 3 Lesson 8 Configuring Cisco ASA CX Identity Policies

  • Cisco ASA CX Active and Passive Authentications
  • Cisco ASA CX Authentication Realms
  • Cisco ASA CX ADI
  • Cisco ASA CX Identity-Based Policy Configuration
  • LDAP Authentication Realm and Server Configurations
  • Active Directory Authentication Realm and Server Configurations
  • Cisco ASA CX-to-Cisco CDA Integration Configurations
  • Cisco ASA CX Identity Policies with Active Authentication
  • Cisco ASA CX Identity Policies with Passive Authentication
  • Cisco ASA CX Authentication Settings Configuration
  • Cisco ASA CX Access and Decryption Policies with Identity Objects
  • Cisco ASA CX User Identity in Event Viewer

Module 3 Lesson 9 Configuring Cisco ASA CX Decryption Policies

  • Cisco ASA CX Decryption Policies
  • Cisco ASA CX Decryption Configurations
  • Cisco ASA CX Decryption Policy Configuration
  • Cisco ASA CX Identity, Decryption, and Access Policy Interactions

Module 3 Lesson 10 Licensing Cisco ASA CX and Cisco PRSM

  • Cisco ASA CX Licenses
  • Cisco PRSM License
  • Cisco ASA CX and Off-Box Cisco PRSM License Management

Module 3 Lesson 11 Monitoring Cisco ASA CX

  • Cisco PRSM Dashboards and Reports
  • Cisco PRSM Event Viewer
  • Cisco SIO Update Verifications

Module 3 Lesson 12 Using Cisco PRSM for Administration

  • Cisco PRSM Administration Menu Options
  • Configuration Database Backup and Restore
  • Cisco PRSM Change History
  • Cisco PRSM User-Account Configuration
  • Cisco PRSM Server Certificate
  • Certificate Management Options
  • Cisco ASA CX and Cisco PRSM Logging-Level Configurations

Module 3 Lesson 13 Troubleshooting Cisco ASA CX

  • Cisco ASA CX Access Policies Troubleshooting
  • Cisco ASA CX Identity-Policy Troubleshooting
  • Cisco ASA CX Decryption-Policy Troubleshooting
  • Cisco ASA CX Module Troubleshooting

Module 3 Lab 3-1 ASA CX and PRSM Exploration
Module 3 Lab 3-2 ASA CX Access Policy Configuration
Module 3 Lab 3-3 ASA CX Identity Policy Configuration
Module 3 Lab 3-4 ASA CX Decryption Policy Configuration
Module 3 Lab 3-5 PRSM Administration

Module 4: Cisco ASA Cloud Web Security Integration

Module 4 Lesson 1 Introducing Cisco ASA with Cisco Cloud Web Security

  • Cisco ASA with Cisco Cloud Web Security
  • Cisco ScanCenter

Module 4 Lesson 2 Licensing Cisco ASA with Cisco Cloud Web Security

  • Cisco ASA with Cloud Web Security Authentication Keys

Module 4 Lesson 3 Configuring Cisco ASA with Cisco Cloud Web Security

  • Cisco ASA and Cloud Web Security Proxy-Server Configuration
  • ScanCenter Generation of an Authentication Key for Cisco ASA
  • Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
  • Cisco ASA and Cloud Web Security Proxy Server User-Identity Configuration

Module 4 Lesson 4 Verifying Cisco ASA and Cloud Web Security Operations

  • Cisco ASA and Cloud Web Security Operations Verification with the CLI
  • Cisco ASA and Cloud Web Security Operations Verification by Using Cisco ASDM
  • Verification of Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
  • Cisco ASA and Cloud Web Security Syslog Messages
  • Cisco ASA and Cloud Web Security Operations Verification with debug scansafe

Module 4 Lab 4-1 Cisco ASA and Cloud Web Security Integration

Module 5: Cisco ASA IPv6 Enhancements

Module 5 Lesson 1 Describing the Cisco ASA IPv4 and IPv6 Unified ACL

  • IPv4 and IPv6 Unified ACL
  • IPv4 and IPv6 Unified ACL Migration
  • Mixed IPv6 and IPv4 Object Groups
  • IPv4 and IPv6 FQDN Objects

Module 5 Lesson 2 Describing Other Cisco ASA IPv6 Support Enhancements

  • NAT46, NAT64, and DNS Doctoring
  • NAT66 Support
  • DHCPv6 Relay
  • OSPFv3 Support
  • IPv6 Application Inspections
  • Cisco ASA and Cisco AnyConnect IPv6 VPN Support

Module 6: Cisco ASA Security Group Firewall

Module 6 Lesson 1 Introducing Cisco Security Group Tagging

  • Cisco Secure Access Architecture

Module 6 Lesson 2 Configuring Cisco ASA Security Group Firewall

  • SG Firewall Configuration
  • SGACL Operations Monitoring

Module 7: Cisco ASA Multicontext Enhancements

Module 7 Lesson 1 Describing Cisco ASA Multicontext Mode

  • Cisco ASA Multicontext Mode
  • Cisco ASA Security-Context Resource Management

Module 7 Lesson 2 Describing Multicontext Enhancements in Cisco ASA Software Release 9.0

  • Mixed-Mode Support in Multicontext Mode
  • Dynamic-Routing Support in Multicontext Mode
  • Site-to-Site VPN Support in Multicontext Mode

Module 8: Cisco ASA Cluster

Module 8 Lesson 1 Describing Cisco ASA Cluster Features

  • Cluster Performance Figures and Supported Platforms
  • Cluster Data-Interface Modes
  • Cluster Data-Interface Connections
  • CCL Functions
  • Cluster Master and Slave Unit Election
  • Centralized, Distributed, and Unsupported Cisco ASA Features
  • Cluster Dynamic-Routing Operations
  • Cluster NAT and PAT Operations

Module 8 Lesson 2 Describing Cisco ASA Cluster Terminology and Data Flows

  • Cluster Terminology
  • TCP Sequence Number Randomization
  • TCP Traffic Flows
  • Asymmetric UDP Traffic Flows
  • Short-Lived Traffic Flows
  • Centralized-Feature Traffic Flows
  • Traffic Flows with Secondary Connections
  • TCP Flow Rebalancing
  • Cluster Health-Check Mechanisms

Module 8 Lesson 3 Using the CLI to Configure a Cisco ASA Cluster

  • Cluster Management
  • Cluster Configuration with the CLI
  • Cluster Interface-Mode Configuration on Each Unit
  • CCL Configuration on Each Unit
  • Cluster Management Interface Configuration from the Master Unit
  • Spanned EtherChannel (Layer 2) Interface Configuration from the Master Unit
  • Individual (Layer 3) Interface Configuration from the Master Unit
  • Cluster Bootstrap Configuration and Enabling Clustering on Each Unit
  • Sample Configuration of a Two-Unit Cluster with Spanned EtherChannel Interface
  • Sample Configuration of a Two-Unit Cluster with Individual Interface
  • How to Configure Other Cluster Options

Module 8 Lesson 4 Using Cisco ASDM to Configure a Cisco ASA Cluster

  • Cisco ASDM Cluster Dashboards
  • Cluster Configuration via Cisco ASDM
  • Cisco ASDM High Availability and Scalability Wizard
  • Cisco ASDM ASA Cluster Pane

Module 8 Lesson 5 Verifying Cisco ASA Cluster Operations

  • Cluster Licensing
  • Cluster Interface-Mode Verification
  • Cluster Member-Status Verification
  • Cluster Health-Status Verification
  • Cluster Connections State Table Verification
  • Cluster EtherChannel Status Verification
  • Cluster Aggregated ACL Hit-Count Verification
  • Cluster Memory and CPU Usage Verification
  • Cluster Traffic-Distribution Verification
  • TCP Flow-Rebalancing Verification
  • Cluster Operation Verification via Cisco ASDM

Module 8 Lesson 6 Troubleshooting a Cisco ASA Cluster

  • Cluster Packet Captures
  • Cluster Syslog Messages
  • The debug cluster CLI Command
  • Cluster Crashinfo and Coredump
  • Split-Cluster Scenario

Objectives and Pre-requisites

Course Objectives

  • Explain the features of Cisco ASA 5500-X Series Next-Generation Firewalls, ASASM, and ASA 1000V Cloud Firewall, and install and set up the Cisco IPS and Cisco ASA CX software modules
  • Implement Cisco ASA Identity Firewall policies by using Cisco CDA and Cisco ASA
  • Implement Cisco ASA CX policies
  • Implement Cisco ASA and Cisco Cloud Web Security integration
  • Describe the multicontext enhancements in Cisco ASA Software Release 9.0
  • Describe the IPv6 features in Cisco ASA Software Release 9.0
  • Describe Security Group Firewall support in Cisco ASA Software Release 9.0
  • Implement a Cisco ASA cluster

Prerequisites

The knowledge and skills you must have before attending this course are as follows:


   
 
Classroom training
Duration: 5 days
Price: US$ ----
CLC: 35

 
Course Schedule:
Egypt, Cairo,  Jan 2015
Dubai,  Feb, 2015
Qatar, Doha, May 2015

 
   PDF
PDF of this course
                                                  
 

User Rating: 0 / 5

Star inactiveStar inactiveStar inactiveStar inactiveStar inactive
 
 Privacy Policy
Terms & Conditions