Seminar \ nr. 59567

Schulung - Implementing Advanced Cisco ASA Security (SASAA)

  • 5 Tage
  • Präsenztraining
Download als PDF
Seminar
Inhouse
Individuell
Durchführung in unseren Räumen
Seminar Nr. : 59567
Dauer : 5 Tage (30 Stunden)

Preis
3.190,00 € netto
3.796,10 € inkl. 19% MwSt.

Ort
Datum
Jetzt buchen

Nach Absprache in Ihren oder unseren Räumen
Seminar Nr. : 59567
Dauer : 5 Tage (30 Stunden)

Inhouse-Paket*
Auf Anfrage

On-demand Training

Sind Sie an diesem Thema interessiert?
Unsere Experten entwickeln Ihr individuell angepasstes Seminar!

Teilen Sie dieses Seminar

Zielgruppe

Wer sollte teilnehmen:

Zielgruppe

This course is intended for network engineers supporting Cisco ASA 9.x implementations

Voraussetzungen

Prior to attending this course, it is reccomended that students have taken Deploying Cisco ASA Firewall Features (FIREWALL) or have an equivalent knowledge of the Cisco ASA.

Trainingsprogramm

Trainingsprogramm

Module 1 Cisco ASA Product Family

Module 1 Lesson 1 Introducing the Cisco ASA 5500-X Series Next-Generation Firewalls

- Cisco ASA 5500-X Series Next-Generation Firewalls

- Cisco ASA 5500-X Series USB 2.0 Ports

- Cisco ASA 5500-X Series SSDs

- Cisco ASA NGE Support

- Cisco ASA 5585-X Dual Firewall Support



Module 1 Lesson 2 Installing Cisco ASA 5500-X Series IPS Software Module

- IPS Software Module

- IPS Software Module Installation

- sw- module module ips Command

- IPS Software Module CLI Access

- setup Command

- IPS Software Module Management Interface Configuration

- Cisco ASA- to- IPS Software Module Traffic Redirection

- IPS Software Licenses

Module 1 Lab 1-1 Remote Lab Environment Access

Module 1 Lab 1-2 Cisco ASA 5500-X IPS and CX Software Module Installation and Setup



Module 1 Lesson 3 Introducing the Cisco ASASM

- Cisco ASASM Supported Platforms

- Cisco ASASM Performance Numbers

- Cisco ASASM Architecture

- Cisco ASASM Features Parity

- Cisco ASASM VLAN Interface Configurations



Module 1 Lesson 4 Introducing the Cisco ASA 1000V Cloud Firewall

- Cisco ASA 1000V and VSG Cloud Firewall Roles

- Cisco ASA 1000V Firewall Deployment Scenario

- Cisco ASA 1000V Cloud Firewall Performance Numbers

- Cisco ASA 1000V Environment

- Cisco ASA 1000V Management



Module 2: Cisco ASA Identity Firewall


Module 2 Lesson 1 Describing the Cisco ASA Identity Firewall Solution

- Cisco ASA Identity Firewall Benefits

- Cisco ASA Identity Firewall Flow

- Cisco Identity Firewall Policies



Module 2 Lesson 2 Setting Up Cisco CDA

- Cisco CDA versus Active Directory Agent

- Cisco CDA Hardware Appliance and VM Requirements

- Cisco CDA Installation

- Cisco CDA Setup

- Cisco CDA Application Status Verification

- Cisco CDA CLI Operations

- Cisco CDA GUI



Module 2 Lesson 3 Configuring Cisco CDA

- Active Directory Server Configuration

- Cisco ASA Configuration

- Syslog Server Configuration

- Cisco CDA User-Account Configuration

- Cisco CDA GUI Password Policy Configuration

- Cisco CDA Session Timeout Configuration

- IP-to-Identity Mapping Display

- Registered- Device Verification



Module 2 Lesson 4 Configuring Cisco ASA Identity Firewall

- Identity- Based Firewall Configuration Tasks

- Active Directory Server Configuration

- Cisco CDA Configuration

- User-Identity Options Configuration Using Cisco ASDM

- User-Identity Option Configuration Using the CLI

- User-Identity-Based Access Rules

- User Object Group Configuration

- FQDN Network Object Configuration

- Identity Firewall with Cut-Through Proxy Use Case

- Identity Firewall with Remote- Access VPN Use Case



Module 2 Lesson 5 Verifying and Troubleshooting Cisco Identity Firewall

- Cisco CDA and Active Directory Server Connectivity Test

- show user-identity Command

- show user-identity Command for Cisco CDA Verification

- show user-identity Command for Active Directory User Verification

- show user-identity Command for Active Directory Group Verification

- show user-identity Command for Memory-Usage Verification

- Identity- Based Firewall Cisco ASDM Monitoring Panes

- Cisco CDA Management with the CLI

- Cisco CDA Live Log Monitoring

- Cisco CDA Troubleshooting

Module 2 Lab 2-1 Context Directory Agent Configuration

Module 2 Lab 2-2 ASA Identity-Based Firewall Configuration



Module 3: Cisco ASA CX


Module 3 Lesson 1 Introducing Cisco ASA CX (Next-Generation Firewall)

- Cisco ASA CX Benefits and Components

- Cisco ASA CX Broad and Web AVC

- Cisco ASA CX Policy Types

- Compatibility with Existing Cisco ASA Features

- Cisco ASA 5585-X CX-SSP Hardware Module

- Cisco ASA 5500-X CX Software Module



Module 3 Lesson 2 Describing the Cisco ASA CX Management Architecture

- Cisco ASA CX Management Architecture

- On-Box and Off-Box Cisco PRSM

- On-Box and Off-Box Cisco PRSM GUI Differences



Module 3 Lesson 3 Installing the Cisco Off-Box PRSM and Cisco ASA CX

- Off- Box Cisco PRSM Setup

- Cisco PRSM GUI Basic Functions

- Cisco ASA CX System Package Installation

- Cisco ASA CX Status Verification

- Cisco ASA CX Management Interface

- Cisco ASA CX CLI Operations



Module 3 Lesson 4 Redirecting Cisco ASA- to- Cisco ASA CX Traffic

- Cisco ASA-to-Cisco ASA CX Traffic Redirection



Module 3 Lesson 5 Performing Cisco PRSM Device Discovery and Configuration Import

- Cisco ASA CX Policy Structure

- Off- Box Cisco PRSM Device Discovery

- Off- Box Cisco PRSM Device Groups



Module 3 Lesson 6 Configuring Cisco ASA CX Policy Objects

- Cisco ASA CX Policy Object Types

- Cisco ASA CX Network Objects

- Cisco ASA CX Service Objects and Service Groups

- Cisco ASA CX Application Objects and Application Service Objects

- Cisco ASA CX URL Objects

- Cisco ASA CX User Agent Objects

- Cisco ASA CX Identity Objects

- Cisco ASA CX Source Object and Destination Object Groups

- Cisco ASA CX Secure Mobility Objects

- Cisco ASA CX Action Profile Objects

- Policy Objects in Cisco ASA CX Policies

- Tags, Ticket IDs, and Metadata



Module 3 Lesson 7 Configuring Cisco ASA CX Access Policies

- Cisco ASA CX Access Policy Configuration

- Cisco ASA CX Application Control Configuration

- Cisco ASA CX URL Filtering Configuration

- Cisco ASA CX File Filtering Profile Configuration

- ASA CX Web Reputation Profile Configuration



Module 3 Lesson 8 Configuring Cisco ASA CX Identity Policies

- Cisco ASA CX Active and Passive Authentications

- Cisco ASA CX Authentication Realms

- Cisco ASA CX ADI

- Cisco ASA CX Identity- Based Policy Configuration

- LDAP Authentication Realm and Server Configurations

- Active Directory Authentication Realm and Server Configurations

- Cisco ASA CX- to- Cisco CDA Integration Configurations

- Cisco ASA CX Identity Policies with Active Authentication

- Cisco ASA CX Identity Policies with Passive Authentication

- Cisco ASA CX Authentication Settings Configuration

- Cisco ASA CX Access and Decryption Policies with Identity Objects

- Cisco ASA CX User Identity in Event Viewer



Module 3 Lesson 9 Configuring Cisco ASA CX Decryption Policies

- Cisco ASA CX Decryption Policies

- Cisco ASA CX Decryption Configurations

- Cisco ASA CX Decryption Policy Configuration

- Cisco ASA CX Identity, Decryption, and Access Policy Interactions



Module 3 Lesson 10 Licensing Cisco ASA CX and Cisco PRSM

- Cisco ASA CX Licenses

- Cisco PRSM License

- Cisco ASA CX and Off- Box Cisco PRSM License Management



Module 3 Lesson 11 Monitoring Cisco ASA CX

- Cisco PRSM Dashboards and Reports

- Cisco PRSM Event Viewer

- Cisco SIO Update Verifications



Module 3 Lesson 12 Using Cisco PRSM for Administration

- Cisco PRSM Administration Menu Options

- Configuration Database Backup and Restore

- Cisco PRSM Change History

- Cisco PRSM User- Account Configuration

- Cisco PRSM Server Certificate

- Certificate Management Options

- Cisco ASA CX and Cisco PRSM Logging- Level Configurations



Module 3 Lesson 13 Troubleshooting Cisco ASA CX

- Cisco ASA CX Access Policies Troubleshooting

- Cisco ASA CX Identity- Policy Troubleshooting

- Cisco ASA CX Decryption- Policy Troubleshooting

- Cisco ASA CX Module Troubleshooting

Module 3 Lab 3-1 ASA CX and PRSM Exploration

Module 3 Lab 3-2 ASA CX Access Policy Configuration

Module 3 Lab 3-3 ASA CX Identity Policy Configuration

Module 3 Lab 3-4 ASA CX Decryption Policy Configuration

Module 3 Lab 3-5 PRSM Administration



Module 4: Cisco ASA Cloud Web Security Integration


Module 4 Lesson 1 Introducing Cisco ASA with Cisco Cloud Web Security

- Cisco ASA with Cisco Cloud Web Security

- Cisco ScanCenter



Module 4 Lesson 2 Licensing Cisco ASA with Cisco Cloud Web Security

- Cisco ASA with Cloud Web Security Authentication Keys



Module 4 Lesson 3 Configuring Cisco ASA with Cisco Cloud Web Security

- Cisco ASA and Cloud Web Security Proxy- Server Configuration

- ScanCenter Generation of an Authentication Key for Cisco ASA

- Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers

- Cisco ASA and Cloud Web Security Proxy Server User- Identity Configuration



Module 4 Lesson 4 Verifying Cisco ASA and Cloud Web Security Operations

- Cisco ASA and Cloud Web Security Operations Verification with the CLI

- Cisco ASA and Cloud Web Security Operations Verification by Using Cisco ASDM

- Verification of Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers

- Cisco ASA and Cloud Web Security Syslog Messages

- Cisco ASA and Cloud Web Security Operations Verification with debug scansafe

Module 4 Lab 4-1 Cisco ASA and Cloud Web Security Integration



Module 5: Cisco ASA IPv6 Enhancements


Module 5 Lesson 1 Describing the Cisco ASA IPv4 and IPv6 Unified ACL

- IPv4 and IPv6 Unified ACL

- IPv4 and IPv6 Unified ACL Migration

- Mixed IPv6 and IPv4 Object Groups

- IPv4 and IPv6 FQDN Objects



Module 5 Lesson 2 Describing Other Cisco ASA IPv6 Support Enhancements

- NAT46, NAT64, and DNS Doctoring

- NAT66 Support

- DHCPv6 Relay

- OSPFv3 Support

- IPv6 Application Inspections

- Cisco ASA and Cisco AnyConnect IPv6 VPN Support



Module 6: Cisco ASA Security Group Firewall


Module 6 Lesson 1 Introducing Cisco Security Group Tagging

- Cisco Secure Access Architecture



Module 6 Lesson 2 Configuring Cisco ASA Security Group Firewall

- SG Firewall Configuration

- SGACL Operations Monitoring



Module 7: Cisco ASA Multicontext Enhancements


Module 7 Lesson 1 Describing Cisco ASA Multicontext Mode

- Cisco ASA Multicontext Mode

- Cisco ASA Security- Context Resource Management



Module 7 Lesson 2 Describing Multicontext Enhancements in Cisco ASA Software Release 9.0

- Mixed-Mode Support in Multicontext Mode

- Dynamic-Routing Support in Multicontext Mode

- Site-to-Site VPN Support in Multicontext Mode



Module 8: Cisco ASA Cluster


Module 8 Lesson 1 Describing Cisco ASA Cluster Features

- Cluster Performance Figures and Supported Platforms

- Cluster Data-Interface Modes

- Cluster Data-Interface Connections

- CCL Functions

- Cluster Master and Slave Unit Election

- Centralized, Distributed, and Unsupported Cisco ASA Features

- Cluster Dynamic-Routing Operations

- Cluster NAT and PAT Operations



Module 8 Lesson 2 Describing Cisco ASA Cluster Terminology and Data Flows

- Cluster Terminology

- TCP Sequence Number Randomization

- TCP Traffic Flows

- Asymmetric UDP Traffic Flows

- Short-Lived Traffic Flows

- Centralized-Feature Traffic Flows

- Traffic Flows with Secondary Connections

- TCP Flow Rebalancing

- Cluster Health-Check Mechanisms



Module 8 Lesson 3 Using the CLI to Configure a Cisco ASA Cluster

- Cluster Management

- Cluster Configuration with the CLI

- Cluster Interface- Mode Configuration on Each Unit

- CCL Configuration on Each Unit

- Cluster Management Interface Configuration from the Master Unit

- Spanned EtherChannel (Layer 2) Interface Configuration from the Master Unit

- Individual (Layer 3) Interface Configuration from the Master Unit

- Cluster Bootstrap Configuration and Enabling Clustering on Each Unit

- Sample Configuration of a Two-Unit Cluster with Spanned EtherChannel Interface

- Sample Configuration of a Two-Unit Cluster with Individual Interface

- How to Configure Other Cluster Options



Module 8 Lesson 4 Using Cisco ASDM to Configure a Cisco ASA Cluster

- Cisco ASDM Cluster Dashboards

- Cluster Configuration via Cisco ASDM

- Cisco ASDM High Availability and Scalability Wizard

- Cisco ASDM ASA Cluster Pane



Module 8 Lesson 5 Verifying Cisco ASA Cluster Operations

- Cluster Licensing

- Cluster Interface-Mode Verification

- Cluster Member-Status Verification

- Cluster Health-Status Verification

- Cluster Connections State Table Verification

- Cluster EtherChannel Status Verification

- Cluster Aggregated ACL Hit-Count Verification

- Cluster Memory and CPU Usage Verification

- Cluster Traffic-Distribution Verification

- TCP Flow-Rebalancing Verification

- Cluster Operation Verification via Cisco ASDM



Module 8 Lesson 6 Troubleshooting a Cisco ASA Cluster

- Cluster Packet Captures

- Cluster Syslog Messages

- The debug cluster CLI Command

- Cluster Crashinfo and Coredump

- Split-Cluster Scenario

Schulungsmethode

Schulungsmethode

Weitere Informationen
Ein Fehler ist aufgetreten. Bitte versuchen Sie es später noch einmal