Duration:
3 Days
Course Description:
In this 3-day course students will learn to deploy, configure, and manage Cisco Secure Firewall/Firepower Threat Defense. This hands-on course will help develop the skills to use and configure Cisco FTD, starting with the initial device setup and configuration. Students will learn to implement Next-Generation Firewall (NGFW) and Next-Generation Intrusion Prevention System (NGIPS) features. Students will also learn to analyze events, system administration, and basic troubleshooting.
Audience:
Employees of federal, state and local governments; and businesses working with the government.
This course is intended for:
- Network Security Administrators
- Network Security Engineers
- Network Security Managers
- Security Sales Engineers
- Security System Engineers
- Anyone else who wants to learn about Cisco Secure Firewall
Prerequisites:
- Before taking this course, it would be good to have some understanding of Network Security fundamentals.
- Exposure to working with any Network firewall will be an advantage.
Course Objectives:
After completing this course, students will be able to:
- Describe the operating principles of a Next-Generation Firewall
- Configure any Cisco Secure Firewall using the GUI
- Ensure that proper perimeter security is enabled using Cisco Secure Firewall
- Describe the different common use cases of Cisco Secure Firewall
Course Outline:
Overview of Cisco Secure Firewall (CSF)
- Basic firewall and IPS terminologies
- Understand CSF features
- Examine different platforms
- Examine licensing
- General implementation use cases
Device Configuration
- Device Registration
- Differentiate between FXOS and FTD image
- Differentiate between management options FDM and FMC
- Initial device activation and configuration
- Examining different policies
- Define objects
- Explore system configuration
- Configure Health Monitoring
- Discuss device/ platform management options
- Overview of High Availability
Cisco Secure Firewall Traffic Control
- Describe packet processing
- Explain traffic bypassing
- Discuss pre-filter policy
Network Address Translation (NAT) Configurations
- Overview of NAT
- Different NAT rule types
- Implementing and configuring NAT
Network Discovery
- Explain Network Discovery
- Configure Network Discovery
Access Control Policies
- Overview of Access Control Policies (ACP)
- Describe Access Control Policy rules and default action
- Define further inspection feature in a rule
- Overview of logging options for a rule
- Advanced Settings in an ACP
- Deploying the change in an ACP
Security Intelligence
- Overview of Security Intelligence (SI)
- Configure Security Intelligence objects
- Deploy SI
File Control and Advanced Malware Protection
- Overview of malware and file policy
- Discuss Advanced Malware Protection
Next-Generation Intrusion Prevention Systems
- Overview of Intrusion Prevention and Snort rules
- Explain variables and variable sets
- Configure intrusion policies
- Describe firepower recommendations
Analyzing different Events
- Discuss different types of events
- Explore analysis tools
- Analyze threats
General System Administration
- Manage device updates
- Explore user account management features
- Configuring different user accounts
Basic Troubleshooting
- Identify common misconfigurations
- Basic troubleshooting commands
- Using packet trace
Lab Exercises
Initial Device Setup
- FTD initial boot up and n/w configuration (walkthrough/ no hands-on)
- FMC initial boot up and n/w configuration (walkthrough/ no hands-on)
- FTD onboarding to FMC
Basic Configuration and Verification
- Verify/ create different objects
- Verify/ create interface and routing configuration
Configure Security Intelligence
- Configure Security Intelligence objects
- Modify/ customize Security Intelligence
Configure Intrusion Policy
- Reuse base IPS policy (SNORT2/ SNORT3)
- Create a new IPS policy (SNORT2/ SNORT3)
Configure/ Modify the Access Control Policy
- Allow internal/ DMZ access (inbound)
- Allow Internet access (outbound)
- [Use a SNORT2/ SNORT3 Intrusion Policy configured in exercise 4]
Configure NAT Policies
- Dynamic NAT
- Static NAT
Configure/ Modify Network Discovery Policy
- Understand/ differentiate hosts, users, and applications
- Configure/ tune the network discovery policy based on your environment
Deploy Changes
- Review the changes that will apply to the NGFW
- Deploy all the configuration changes to the NGFW
Test/ Analyze the NGFW Traffic
- Connectivity
- IPS functionality
- Malware blocking capabilities
System Administration Overview
- Health Monitoring
- Device Backup and Restore
- Reporting Overview
- Scheduling Tasks
- Change Reconciliation