KB CCIE Security


Cybersecurity is one of the most critical fields in the IT industry, with a constantly growing need for security professionals. These weekend Live Classes conducted by Khawar Butt will give you the knowledge and skills to master the technologies detailed in the CCIE Security v6.1 curriculum. The course covers Security Technologies from scratch. Technologies covered include VPNs, Firewalls (ASA,FTD & Zone-based), ISE, ESA, WSA, & SDA. The course also comes with a Comprehensive CCIE Security v6.1 Workbook. The Workbook contains Technology labs and a Full Mock Lab. All technology labs will be demonstrated and performed during the class including a special 8 hour long Super Lab.

What’s included


  • Classes start on Jul 13, 2024 at 1700 UTC / 1:00pm New York / 9:00pm Dubai time

  • CCIE Security Super Lab including the Super Lab workbook included in the purchase

  • 40 hours of KCloud 2.0, 20 hours of SDA lab and 24 hours of Super Lab practice hours included in the purchase (Sole class on the internet with this feature!)

  • The detailed online LIVE classes will last 4 hours each

  • The Workbook contains 100+ Technology Labs & Super Lab

  • Each Lab will be demonstrated

  • One-year access to class recordings and future CCIE Security Live classes included in the purchase


Subscribers sign-in for $750


Upon course completion, students will be able to:

  • Design, Initialize & Configure the ASA Firewall 9.X
  • Design, Initialize & Configure the Firepower Threat Defence (FTD) Firewall
  • Design, Initialize & Configure Zone-based Firewalls
  • Configure VPNs using IPSec, mGRE & DMVPN
  • Configure IKEv2 based VPNs
  • Configure Advanced VPNs like GET VPN, Flex VPNs & SSL VPNs
  • Design, Initialize & Configure the E-Mail Security Appliance (ESA)
  • Design, Initialize & Configure the Web Security Appliance (WSA)
  • Design, Initialize & Configure a Controller-based Wireless LAN
  • Design, Initialize & Configure Endpoint Security using ISE
  • Configure Device Administration using TACACS+ & ISE
  • Implementing SDA
  • Design & Configure Umbrella
  • Configure Router & Switch Security
  • Automation using Python Scripting


Before attending this course students should have some prior knowledge of Routing and Switching Concepts. Security Technologies will be taught from scratch.

Class Outline


Configuring Virtual Private Networks [VPN]

  • IPSec Overview
  • LAN-to-LAN IPSec VPNS [with NAT-T & without NAT-T]
  • Static-Virtual Tunnel interface [S-VTI]
  • Advanced VPNs
  • VRF-Aware VPNs
  • VPNs using Certificates with Router as a CA Server
  • IKEv2 VPNs
  • D-VTI /S-VTI based Site-To-Site VPN
  • D-VTI /S-VTI based Spoke-to-Spoke using NHRP

Firewalls – ASA (Basic Configuration)

  • Interface Configuration
  • Security Levels
  • Management [Telnet / SSH]
  • Routing [RIPv2, EIGRP, EIGRP, BGP]

Firewalls – ASA (NAT)

  • Dynamic NAT
  • Static NAT
  • Dynamic PAT
  • Static PAT
  • Destination NAT
  • Manual NAT/Twice-NAT
  • Access Policies

Firewalls – ASA (Transparent Firewall)

  • Initialization
  • Access policies/Routing Protocol Access
  • Ethertype ACLs

Firewalls – ASA (Redundancy)

  • Redundant Interfaces
  • Port-channels
  • Security Contexts [Virtual Firewalls]
  • Failover
  • Active/Standby
  • Active/Active
  • Clustering
  • Spanned Mode
  • Individual Interface Mode

Firewalls – ASA (VPNs)

  • Site-to-Site IPSec
  • Remote access
  • SSL

Firewalls – Firepower Threat Defence [FTD] (Basic Configuration)

  • FMC & FTD Integration
  • Interface configuration
  • Routing [Static Routing, RIPv2, OSPF, BGP]
  • NAT [Dynamic/Static NAT, Dynamic/Static PAT, Destination -NAT, Manual NAT]

Firewalls – FTD (Advanced Features)

  • Geolocation Filtering
  • URL Filtering
  • Application Visibility Controls (AVC)
  • Intrusion Policies
  • Loggin Alerting
  • File Policies / Network AMP

Firewalls – FTD (Redundancy)

  • Active - Standby Failover - High Availability
  • Multi-Instance Overview

Firewalls – FTD (Transparent Firewalls)

  • Initialization
  • Access Policies

Content Filtering using WSA & ESA (WSA)

  • Initialization
  • Integration with Routers/Switches/Firewall using WCCP
  • Configuring traffic policies
  • Configuring custom categories

Content Filtering using WSA & ESA (ESA)

  • Initialization
  • Integration with E-mail servers and DNS
  • Configuring Mail flow policies
  • Configuring outgoing mail filters
  • Configuring incoming mail filters

Basic Wireless LAN Configuration

  • Configuring the base network
  • Configure the switches for the base network
  • Configure DHCP server
  • WLC Configuration
  • Initialization of the WLC
  • Configuring VLAN interfaces
  • Configuring WLANs

Identity Management using ISE (Wired ISE)

  • Configuring the relationship between Switch & ISE
  • Configuring Identity groups and users
  • Configuring Dot1x authentication with VLAN assignment and DACL
  • Configuring MAB for IP Phone

Identity Management using ISE (Wireless ISE)

  • Configuring the relationship between WLC & ISE
  • Configuring Dot1x authentication with VLAN assignment
  • Configuring SXP between ISE, WLC & Firewall to implement filtering using SGT

Identity Management using ISE (Device Administration)

  • Router/Switch Authentication
  • Router/Switch Exec & Command authorization
  • Router/Switch Accounting

Software Defined Access (SDA)

  • Overview of SDA and its components
  • Fabric Setup using Manual method
  • Fabric Setup using LAN Automation
  • Configuring the Fabric (Host Onboarding & L3 Handoff)
  • Configuring the Fusion Router to support Macro Segmentation
  • Configuring Micro Segmentation using SGTs using ISE

Router / Switch Security (Router Security)

  • NTP
  • uRPF
  • DHCP server / DHCP Relay Agent
  • Syslog

Router / Switch Security (Switch Security)

  • Port-security
  • DHCP snooping
  • ARP Inspection
  • Source guard