Course Outline
FIREWALL: Deploying Cisco ASA Firewall Features
This is a 5 day, instructor-led course.
The Deploying Cisco ASA FIREWALL Solutions (FIREWALL) v2.0 course is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP Security) certification. This version 2.0 course covers ASA code versions 8.3 and 8.4, and goes over newer features on the ASA 5520 Appliances. It is a five-day instructor-led course that is aimed at providing network security engineers with the knowledge and skills that are needed to implement and maintain perimeter solutions that are based on Cisco ASA security appliances. At the end of the course, students will be able to reduce risk to their IT infrastructure and applications using Cisco ASA security appliance features, and provide detailed operations support for the Cisco ASA security appliance.
Upon completing this course, the learner will be able to meet these overall objectives:
• Evaluate the basic firewall technology, features, hardware models, and licensing options of
• The Cisco ASA security appliance
• Implement and troubleshoot basic Cisco ASA security appliance connectivity and device
• Management plane features
• Configure and verify Cisco ASA security appliance network integration
• Configure and verify Cisco ASA security appliance policy
• Configure and verify high availability and virtualization on Cisco ASA security appliances
The primary audience for this course is as follows:
• Network Security Engineers (NSEs) involved in firewall design, implementation and maintenance.
• Cisco customers who implement and maintain Cisco ASA (adaptive security appliance) based perimeter solutions.
The secondary audience for this course is as follows:
• Cisco channel partners who sell, implement, and maintain Cisco ASA security appliances
• Cisco engineers who support the sale of Cisco ASA security appliances
The knowledge and skills that a learner must have before attending this course are as follows:
• Cisco Certified Network Associate (CCNA) certification or equivalent knowledge
• Cisco Certified Network Associate Security (CCNA Security) certification or equivalent knowledge
• IINS or equivalent knowledge
• Working knowledge of the Microsoft Windows operating system
FIREWALL: Deploying Cisco ASA Firewall Features
This is a 5 day, instructor-led course.
The Deploying Cisco ASA FIREWALL Solutions (FIREWALL) v2.0 course is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP Security) certification. This version 2.0 course covers ASA code versions 8.3 and 8.4, and goes over newer features on the ASA 5520 Appliances. It is a five-day instructor-led course that is aimed at providing network security engineers with the knowledge and skills that are needed to implement and maintain perimeter solutions that are based on Cisco ASA security appliances. At the end of the course, students will be able to reduce risk to their IT infrastructure and applications using Cisco ASA security appliance features, and provide detailed operations support for the Cisco ASA security appliance.
Upon completing this course, the learner will be able to meet these overall objectives:
• Evaluate the basic firewall technology, features, hardware models, and licensing options of
• The Cisco ASA security appliance
• Implement and troubleshoot basic Cisco ASA security appliance connectivity and device
• Management plane features
• Configure and verify Cisco ASA security appliance network integration
• Configure and verify Cisco ASA security appliance policy
• Configure and verify high availability and virtualization on Cisco ASA security appliances
The knowledge and skills that a learner must have before attending this course are as follows:
• Cisco Certified Network Associate (CCNA) certification or equivalent knowledge
• Cisco Certified Network Associate Security (CCNA Security) certification or equivalent knowledge
• IINS or equivalent knowledge
• Working knowledge of the Microsoft Windows operating system
Course Contents
Module 1: Cisco ASA Adaptive Security Appliance Introduction
Evaluate the basic firewall technology, features, hardware models, and licensing options of the Cisco ASA security appliance
Lesson 1: Introducing Cisco ASA Adaptive Security Appliance Technologies
• Describe the concepts of a firewall and of network segmentation into security domains
• Describe and evaluate technologies that you can use for firewall systems
• Describe the Cisco ASA security appliance firewall and VPN-related access control features using case studies
Lesson 2: Identifying the Cisco ASA Adaptive Security Appliance Families
• Choose appropriate Cisco ASA security appliance hardware
• Evaluate and choose appropriate Cisco ASA security service modules
Lesson 3: Identifying Cisco ASA Adaptive Security Appliance Licensing Options
• Choose the appropriate Cisco ASA security appliance licensing
• Identify requirements that are model specific for licensing on the Cisco ASA security appliance
Module 2: Basic Connectivity and Device Management
Implement and troubleshoot basic Cisco ASA security appliance connectivity and device management plane features
Lesson 1: Preparing the Cisco ASA Adaptive Security Appliance for Network Integration
• Explain the Cisco ASA security appliance boot process
• Use the Cisco ASA security appliance CLI to configure the appliance
• Describe the Cisco ASDM and its operating requirements
• Configure the Cisco ASA security appliance using the Cisco ASDM
• Upgrade the Cisco ASA security appliance when no firewall configuration is present
• Lab 2-1: Preparing the Cisco ASA Adaptive Security Appliance for Network Integration
Lesson 2: Managing Basic Cisco ASA Adaptive Security Appliance Network Settings
• Configure Cisco ASA security appliance network interface security levels
• Configure and verify network interface parameters on Cisco ASA security appliances
• Configure and verify VLANs on Cisco ASA security appliances
• Configure a default route for Internet access
• Configure and verify the DHCP server feature on Cisco ASA security appliances
• Troubleshoot basic connectivity on Cisco ASA security appliances
• Lab 2-2: Configuring the Cisco ASA Adaptive Security Appliance for Secure Network Integration
Lesson 3: Configuring Cisco ASA Adaptive Security Appliance Device Management Features
• Configure and verify basic management settings on Cisco ASA security appliances
• Describe file system and configuration management on Cisco ASA security appliances
• Manage image upgrades and activation keys
• Configure and verify time settings and support for NTP on Cisco ASA security appliances
• Configure and verify logging settings and NetFlow on Cisco ASA security appliances
• Configure and verify remote management channels on Cisco ASA security appliances
• Configure and verify AAA for management access on Cisco ASA security appliances
• Troubleshoot management access that failed to the Cisco ASA security appliance
• Lab 2-3: Configuring Management Features
Module 3: Network Integration
Configure and verify Cisco ASA security appliance network integration
Lesson 1: Configuring Cisco ASA Adaptive Security Appliance NAT Features
• Explain how to manage NAT on Cisco ASA Software Version 8.2 and earlier
• Describe the NAT functions on Cisco ASA Software Versions 8.3 and later
• Configure NAT on the Cisco ASA security appliance using object (auto) NAT
• Configure NAT on the Cisco ASA security appliance using manual NAT
• Tune and troubleshoot NAT on the Cisco ASA security appliance using the Cisco ASDM and CLI tools
• Lab 3-1: Configuring NAT
Lesson 2: Configuring Cisco ASA Adaptive Security Appliance Basic Access Control Features
• Describe the connection table, the local host table, connection objects, and local host objects
• Configure and verify interface ACLs on Cisco ASA security appliances
• Configure and verify global ACLs on the Cisco ASA security appliance
• Configure and verify object groups on Cisco ASA security appliances
• Configure and verify public servers on Cisco ASA security appliances using Cisco ASDM
• Configure and verify other basic access controls, such as uRPF and shun, on Cisco ASA security appliances
• Troubleshoot ACLs on Cisco ASA security appliances
• Lab 3-2: Configuring Basic Cisco Access Control Features
Lesson 3: Configuring Cisco ASA Adaptive Security Appliance Routing Features
• Configure and verify static routing on Cisco ASA security appliances
• Discuss dynamic routing support on Cisco ASA security appliances
• Configure and verify EIGRP on Cisco ASA security appliances
• Evaluate multicast support on Cisco ASA security appliances
Lesson 4: Configuring the Cisco ASA Adaptive Security Appliance Transparent Firewall
• Evaluate transparent mode features and plan the deployment of transparent mode on Cisco ASA security appliances
• Configure and verify transparent mode on Cisco ASA security appliances
• Configure and verify Layer 3 through Layer 7 access controls in transparent firewall mode
• Configure and verify Layer 2 access controls in transparent firewall mode
• Troubleshoot transparent firewall on Cisco ASA security appliances
• Lab 3-3: Configuring Transparent Firewall (Optional)
Module 4: Cisco ASA Adaptive Security Appliance Policy Control
Configure and verify Cisco ASA security appliance policy
Lesson 1: Defining the Cisco ASA Adaptive Security Appliance MPF
• Plan the deployment of the Cisco MPF on the Cisco ASA security appliance
• Configure and verify OSI Layer 3 and Layer 4 policies on the Cisco ASA security appliance
• Configure and verify a management traffic policy on the Cisco ASA security appliance
Lesson 2: Configuring Cisco ASA Adaptive Security Appliance Connection Policy and QoS Settings
• Describe the Cisco ASA security appliance basic stateful inspection tuning options
• Tune OSI Layer 3 and Layer 4 inspection policy on the Cisco ASA security appliance
• Configure and verify connection settings using MPF on the Cisco ASA security appliance
• Configure and verify support for dynamic protocols using MPF on the Cisco ASA security appliance
• Configure support for the Botnet Traffic Filter on the Cisco ASA security appliance
• Configure QoS support on the Cisco ASA security appliance
• Troubleshoot OSI Layer 3 and Layer 4 inspection policy on the Cisco ASA security appliance
• Lab 4-1: Configuring MPF, Basic Stateful Inspections, and QoS
Lesson 3: Configuring Cisco ASA Adaptive Security Appliance Advanced Application Inspections
• Introduce Layer 5 to Layer 7 application inspection on the Cisco ASA security appliance
• Configure and verify application inspection of HTTP traffic
• Configure and verify application inspection of FTP traffic
• Describe support for other Layer 5 to Layer 7 application policy enforcement on the Cisco ASA security appliance
• Troubleshoot application layer inspection on Cisco ASA security appliances
• Lab 4-2: Configuring MPF Advanced Application Inspections
Lesson 4: Configuring Cisco ASA Adaptive Security Appliance User-Based Policies
• Plan the deployment of user-based access control on the Cisco ASA security appliance
• Configure and verify cut-through authentication on the Cisco ASA security appliance
• Configure authentication prompts and timeouts on the Cisco ASA security appliance
• Configure and verify cut-through authorization on the Cisco ASA security appliance
• Configure and verify cut-through accounting on the Cisco ASA security appliance
• Troubleshoot cut-through proxy operations on the Cisco ASA security appliance
• Lab 4-3: Configuring Cut-Through Proxy
Module 5: Cisco ASA Adaptive Security Appliance High Availability and Virtualization
Configure and verify high availability and virtualization on Cisco ASA security appliances
Lesson 1: Configuring Cisco ASA Adaptive Security Appliance Interface Redundancy Features
• Configure and verify EtherChannel on the Cisco ASA security appliance
• Configure and verify redundant interfaces on the Cisco ASA security appliance
• Troubleshoot redundant interfaces on the Cisco ASA security appliance
Lesson 2: Configuring Cisco ASA Active/Standby High Availability
• Describe active/standby failover and plan the deployment of failover on the Cisco ASA security appliance
• Configure and verify active/standby failover on the Cisco ASA security appliance
• Tune and manage active/standby failover on the Cisco ASA security appliance
• Describes remote command execution when using the Cisco ASA security appliance in failover configuration
• Troubleshoot active/standby failover on the Cisco ASA security appliance
• Lab 5-1: Configuring Active/Standby High Availability
Lesson 3: Configuring Security Contexts on the Cisco ASA Adaptive Security Appliance
• Describe security contexts and plan the deployment of security contexts on the Cisco ASA security appliance
• Configure security contexts on the Cisco ASA security appliance
• Verify and manage security contexts on the Cisco ASA security appliance
• Configure and verify resource management on the Cisco ASA security appliance
• Troubleshoot the operation of the Cisco ASA in multi-context mode
Lesson 4: Configuring Cisco ASA Active/Active High Availability
• Describe active/active failover and plan the deployment of failover on the Cisco ASA security appliance
• Configure and verify active/active failover on the Cisco ASA security appliance
• Tune active/active failover on the Cisco ASA security appliance
• Troubleshoot active/active failover on the Cisco ASA security appliance
• Lab 5-2: Configuring Active/Active High Availability
Price per delegate
£2995
Scheduled Classes
Indicia Training, Glasgow:
Please complete the contact form below or call 0141 221 5676 for further course information and available dates.
Alternatively you can email us at info@indiciatraining.com