Security Technologies

Implementing a Cisco ASA 9.x Firewall

Overview and Basic Initialization

  • ASA Overview and Traffic Flow
  • Basic Initialization

Configuring Routing on the ASA

  • Routing on the ASA - Static Routes
  • Routing on the ASA - RIPv2
  • Routing on the ASA - EIGRP
  • Routing on the ASA - OSPF
  • Routing on the ASA - BGP

Traffic Flow

  • Controlling Thru Traffic Using an Access Control Lists (ACL)
  • Controlling Traffic to the Firewall

Remote Management

  • Remote Management Access to the Firewall
  • Configuring Management Access Using TELNET
  • Configuring Management Access Using SSH
  • Configuring Management Access Using HTTP using ASDM

Network Address Transalation (NAT)

  • Overview of NAT and Dynamic NAT
  • Static NAT
  • Destination NAT
  • Dynamic PAT
  • Static PAT
  • Policy NAT

Transparent Layer 2 Firewall

  • Overview and Basic Initialization of Transparent Firewall
  • Routing Thru a Transparent Firewall
  • Ethertype ACLs on a Transparent Firewall

Virtualization and Redundancy

  • Redundant Interfaces
  • Port-Channels
  • Security Contexts
  • Active Standby Failover - Stateless
  • Active Standby Failover - Stateful
  • Active Active Failover
  • ASA Clustering Overview
  • ASA Clustering - Spanned Mode

Deep Packet Inspection (DPI)

  • Deep Packet Inspection Overview
  • DPI - ICMP Inspection
  • DPI - FTP on a Non-Standard Port

Virtual Private Networks (VPNs)

  • IPSec Overview
  • Site-To-Site IPSec thru a Firewall - without NAT-T
  • Site-To-Site IPSec thru a Firewall - with NAT-T
  • LAN-To-LAN VPN between a Router and an ASA
  • Configuring ASDM for Management
  • Configuring WebVPN
  • Remote Access VPN using AnyConnect

Virtual Private Networks (VPNs)

Basic VPNs

  • VPN Overview
  • LAN-To-LAN Tunnel without NAT-T
  • LAN-To-LAN Tunnel with NAT-T
  • Point-to-Point GRE
  • Encrypting GRE Tunnels using IPSec
  • IPSec Tunnel Interface - Static Virtual Tunnel Interface

Advanced VPNs

  • Multipoint GRE (mGRE) Tunnel
  • Configuring DMVPN – Phase I
  • Configuring DMVPN – Phase II
  • Configuring DMVPN – Phase III
  • Configuring DMVPN Phase III with Dual Hub
  • Encrypting DMVPN Traffic using IPSec
  • Configuring GETVPN-small
  • Configuring GETVPN with Redundancy
  • Configuring VRF aware VPN
  • Configuring a Router as a CA Server

Configuring VPNs using IKEV2

  • Site-To-Site IPSec VPN using IKEv2 – Crypto Maps
  • Site-To-Site IPSec VPN using IKEv2 – S-VTI

Configuring FLEX VPNs

  • Site-To-Site IPSec VPN using IKEv2 – Crypto Maps
  • Site-To-Site IPSec VPN using IKEv2 – S-VTI

ASA VPNs

  • Site-To-Site IPSec thru a Firewall - without NAT-T
  • Site-To-Site IPSec thru a Firewall - with NAT-T
  • LAN - To -LAN VPN between a Router and an ASA
  • Configuring ASDM for Management
  • Configuring WebVPN
  • Remote Access VPN using AnyConnect

Firepower Threat Defense (FTD)

Overview of FTD & Basic Configuration

  • Overview of FTD - Video
  • Initializing the FMC - CLI
  • Initializing the FMC - GUI
  • Initializing the FTD - CLI
  • Integrating FTD with FMC
  • Basic Intialization of FTD Interfaces

Routing on the FTD

  • Routing Configuration - Static Routing
  • Routing Configuration - OSPF
  • Redsitributing Static Routes into OSPF
  • Routing Configuration - RIPv2 with Redistribution
  • Routing Configuration - BGP
  • Verifying Routing on the Routers
  • Allowing traffic thru the FTD using a Basic Access Control Policy
  • Review of Basic Setup & EIGRP Flex Config

Network Address Translation (NAT)

  • Overview of NAT
  • Dynamic NAT
  • Static NAT
  • Dynamic PAT
  • Static PAT
  • Policy NAT- Manual NAT
  • ACP Using L3-L4 Characteristics
  • Verifying NAT & ACP

Access Control Policy (ACP) - Advanced

  • Geo Location based Blocking
  • URL Filtering
  • Access Control Policy Analysis
  • Application Visibility Control (AVC) Control
  • Logging & Alerting
  • Intrusion Prevention Overview
  • Intrusion Prevention Policies - Default Policies
  • Intrusion Prevention Policies - Custom Policies
  • Network AMP-File Policies
  • Packet flow thru the FTD
  • Creating the Pre-Filter

Redundancy & Multi-Instance

  • Redundancy & Multi-Context Overview
  • Configuring Active-Standby Failover
  • Multi-Instance Overview
  • Verifying Active-Standby Failover

Transparent Firewalls

  • Configuring a Transparent Firewall Overview
  • Configuring Transparent Firewall - CLI
  • Configuring Transparent Firewall - GUI
  • Configuring the Access Policy

ISE

Overview and Initialization of ISE

  • Overview of ISE
  • Configuring the base network for Wired ISE
  • ISE Common CLI Configurations
  • ISE Initial Configuration in GUI

Integrating ISE and Switch for 801.1X Authentication

  • Configure the relationship between ISE & Switch
  • Create Groups and Assign Users to them
  • Create an Authorization Profile to specify the VLAN to be assigned
  • Configure an Authorization Policy to link the Group to the Profile
  • Configuring the Switch for Dot1x Authentication use the ISE Configuration Validator Tool
  • Configuring the SVIs and DHCP Pools on SW2
  • Configuring the Clients for Dot1x Authentication and Verifying the VLAN Assignments
  • Downloadable ACLs (DACLs)

Configuring ISE for a Wireless Network

  • Configuring the Wired Topology including Smart Macro
  • Configuring Routing Protocols for the Wired Topology
  • Configuring DHCP & DHCP Relay Agent for a wireless network to register the AP to the WLC
  • Registering APs to WLC - Manual Configurations
  • Initializing the WLC - CLI
  • Verifying AP registrations on the WLC
  • Configuring a Wifi Network - Controller-based Central Switched

Integration ISE & WLC

  • Integrating ISE & WLC for Authentication
  • Create Groups and Assign Users to them
  • Create an Authorization Profile to specify the VLAN to be assigned
  • Configure an Authorization Policy to link the Group to the Profile
  • Configuring WLAN using WPA+WPA2 (802.1x with ISE)
  • Recap of ISE-WLC Integration and DACL

Integrating Active Directory & ISE

  • Add Active Directory to ISE
  • Incorporating the AD Groups into your Policy
  • Using AD with Certificate based Authentication

Configuring MAB

  • Configuring MAB for Access Points

Device Administration using ISE

Overview and Initialization of ISE

  • Device Administration Overview
  • Configuring Network Devices in NDGs using TACACS+ & RADIUS

Overview of AAA

  • Authentication Overview
  • Authorization Overview
  • Accounting Overview

Configuring Device Administration using TACACS+

  • Using TACACS+ for Authentication, Authorization & Accounting for Routers - Routers
  • Using TACACS+ for Authentication, Authorization & Accounting for Routers - ISE
  • Using TACACS+ for Authentication, Authorization & Accounting for Routers - Verification
  • Using TACACS+ for Authentication, Authorization & Accounting for Switches - Switches
  • Using TACACS+ for Authentication, Authorization & Accounting for Switches - ISE
  • Using TACACS+ for Authentication, Authorization & Accounting for Switches - Verifications
  • Using TACACS+ for Authentication, Authorization & Accounting for WLC - WLC
  • Using TACACS+ for Authentication, Authorization & Accounting for WLC - ISE
  • Using TACACS+ for Authentication, Authorization & Accounting for WLC - Verification
  • Using TACACS+ for Authentication, Authorization & Accounting for ASA - ISE
  • Using TACACS+ for Authentication, Authorization & Accounting for ASA - ASA
  • Using TACACS+ for Authentication, Authorization & Accounting for ASA - Verification

Configuring Device Administration using RADIUS

  • Using RADIUS for Authentication & Accounting for Routers - Routers
  • Using RADIUS for Authentication & Accounting for Routers - ISE
  • Using RADIUS for Authentication & Accounting for Routers - Verification
  • Using RADIUS for Authentication & Accounting for Switches - Switches
  • Using RADIUS for Authentication & Accounting for Switches - ISE
  • Using RADIUS for Authentication & Accounting for Switches - Verification
  • Using RADIUS for Authentication & Accounting for WLC - WLC
  • Using RADIUS for Authentication & Accounting for WLC - ISE
  • Using RADIUS for Authentication & Accounting for WLC - Verification

Web Security Appliance (WSA)

Overview and Initialization of WSA

  • Overview of WSA
  • Configuring the base network for WSA
  • Initialization of WSA from CLI
  • Initialization of WSA from GUI

Configuring Transparent Redirection

  • Configure the WCCP Relationship between the WSA & Router - WSA
  • Configure the WCCP Relationship between the WSA & Router - Router
  • Verifying Transparent Redirection

Configuring Identities & Access Policies

  • Configure Identities
  • Configure Access Policies to block specific Sites for Specific Identities

Configuring Custom Categories

  • Configuring Custom Categories - Whitelist
  • Using Custom Categories in your Access Policies - Whitelist
  • Configuring Custom Categories - Blacklist
  • Using Custom Categories in your Access Policies - Blacklist

E-Mail Security Appliance (ESA)

Overview Mail and ESA

  • Overview of E-Mail propagation
  • Forwarding E-Mails normally without an ESA
  • Overview of ESA

Initializing & Configuring the ESA Appliance

  • Initialization of ESA from CLI
  • Initialization of ESA from GUI
  • Configuring the ESA as the Relay Host
  • Re-configuring the DNS Server
  • Verifying of forwarding of the E-mails thru the ESA

Configuring Custom Filters

  • Configure Outgoing Content Filters
  • Configure Incoming Content Filters
  • Configure Incoming Mail Policy
  • Configure Outgoing Mail Policy
  • Verifying the use of the Mail Policy