Font size:

Description:

This is a bundled training package. It contains training for each of the bundled items below:

Course Price
Cisco FIREWALL 2.0: Configuring Cisco ASA Basic Access Control Features $74.95
Cisco FIREWALL 2.0: ASA Interface Redundancy and Active/Standby Availability $74.95
Cisco FIREWALL 2.0: Configuring Routing Features and the Transparent Firewall $74.95
Cisco FIREWALL 2.0: The Modular Policy Framework and Traffic Inspection Policies $74.95
Cisco FIREWALL 2.0: ASA Advanced Application Inspections and User-Based Policies $74.95
Cisco FIREWALL 2.0: ASA Security Contexts and Active/Active High Availability $74.95

Bundle Price: $219.00
Total Savings: $230.70


Cisco FIREWALL 2.0: Configuring Cisco ASA Basic Access Control Features

The Cisco ASA Adaptive Security Appliance provides the administrator with a rich set of access control methods that can tightly control access between networks. This course discusses the most fundamental of these controls: interface access rules that enforce a basic Layer 3 and Layer 4 policy, permanent automatic antispoofing mechanisms, and temporary host-blocking mechanisms that may be required for incident response.
  • describe the connection and local host tables
  • identify the considerations when configuring interface access rules
  • describe how to configure interface access rules on the Cisco ASA
  • describe how to configure time-based interface access rules on the Cisco ASA
  • configure Access rules using the Cisco ASDM
  • describe how to configure and verify global ACLs on the Cisco ASA Security Appliance
  • recognize how to configure and verify object groups on the Cisco ASA
  • configure service groups and network objects using the ASDM
  • describe how to configure and verify public servers on Cisco ASA Security Appliances
  • recognize how to configure and verify Unicast Reverse Path Forwarding and shunning on the Cisco ASA
  • describe the features used to troubleshoot basic access control on the Cisco ASA
  • configure uRPF and use the Real-time Log Viewer

Cisco FIREWALL 2.0: ASA Interface Redundancy and Active/Standby Availability

To support high availability on the Cisco ASA Adaptive Security Appliance, you can use several high-availability features on the appliance. EtherChannel enables you to improve the bandwidth from the Cisco ASA Security Appliance to a switch that also supports EtherChannel and it provides logical interface redundancy. Other high-availability features are redundant interfaces, in which you can pair two physical interfaces to provide interface-level redundancy. One interface in a pair is designated as active and one is waiting as a standby member. If the active interface fails, the standby interface takes over and starts forwarding traffic. This course describes how to configure EtherChannel and redundant interfaces on the Cisco ASA Security Appliance. To provide device redundancy, you can deploy Cisco ASA Adaptive Security Appliances in an active/standby high-availability failover configuration. Using this feature, you can pair two Security Appliances, where one is active and forwards user traffic, and the other is in a hot standby state. With active device failure, the standby device will take over. If the active/standby failover is deployed and configured correctly, users may not experience any network disruption. This course provides a description of the active/standby failover and then demonstrates how to configure, tune, and troubleshoot active/standby failover functionality.
  • identify the considerations for using the EtherChannel port link aggregation technology
  • describe how redundant interfaces work on the Cisco ASA Security Appliance
  • recognize how to troubleshoot redundant interfaces on the Cisco ASA Security Appliance
  • identify the guidelines for implementing active/standby failover on the Cisco ASA Security Appliance
  • describe how to configure active/standby failover on the Cisco ASA Security Appliance
  • describe how to tune and manage active/standby failover on the Cisco ASA Security Appliance
  • describe the remote execution of commands when using the Cisco ASA Security Appliance in failover configuration
  • describe how to troubleshoot active/standby failover on the Cisco ASA Security Appliance

Cisco FIREWALL 2.0: Configuring Routing Features and the Transparent Firewall

Some small deployments and most medium- to large-size deployments require the Cisco ASA Adaptive Security Appliance to forward traffic to hosts that are not on directly connected networks. For the Cisco ASA Security Appliance to forward traffic correctly, it must have current routing information from which it can make a path selection. This course examines how routes are added to the routing table of the Cisco ASA Security Appliance and it examines the need for multicast support in secure environments. When you need to integrate the Cisco ASA Adaptive Security Appliance into an existing network and do not want or are unable to readdress the network, you might consider using the Cisco ASA Security Appliance transparent mode. This course also describes the differences between transparent and routed firewall mode, and it describes how to configure a transparent firewall, how to enable access control on a transparent firewall, and how to troubleshoot transparent firewall operation.
  • describe the characteristics of static routing on Cisco ASA security appliances
  • identify the protocols supported by dynamic routing
  • describe how to configure EIGRP on Cisco ASA security appliances
  • describe multicast support on Cisco ASA security appliances
  • describe the features of transparent mode
  • sequence the steps to configure transparent mode on Cisco ASA security appliances
  • describe how to configure and verify Layer 3 through Layer 7 access controls in transparent firewall mode
  • describe how transparent firewall mode handles different traffic types
  • describe how to configure and verify Layer 2 access controls in transparent firewall mode
  • troubleshoot transparent firewall on Cisco ASA security appliances

Cisco FIREWALL 2.0: The Modular Policy Framework and Traffic Inspection Policies

The Cisco ASA adaptive security appliance helps enforce security policies within your networks. Different types of traffic traversing the Cisco ASA adaptive security appliance should have different policies. For example, you should analyze traffic coming from the Internet for any sign of malicious software, and you should prioritize VoIP traffic on all appliance interfaces to prevent delays and packet losses. The Cisco Modular Policy Framework (MPF) configuration tool enables you to assign different network policies to different traffic flows in a flexible and granular manner. The Cisco MPF enhances Cisco ASA security appliance interface access control lists (ACLs) by allowing the administrator to specify a multitude of additional access controls on network flows independently of interface ACLs. This course starts with an overview of the Cisco MPF tool, continues with a description of policies for Open Systems Interconnection (OSI) Layers 3 and 4, and concludes with a description of management service policies, which you use to control traffic that is destined for the Cisco ASA security appliance. The Cisco ASA adaptive security appliance enforces a strict inspection and filtering policy that may sometimes interfere with unusual network designs or the use of network protocols by applications. The policy may also cause legitimate applications to experience connectivity issues over security appliances. The Cisco ASA security appliance supports many features that enable you to create exceptions in its behavior for traffic in such environments. This course describes some of the inspection tuning methods that you can configure on the appliance to integrate with such environments.
  • describe the deployment of the Cisco MPF on the Cisco ASA security appliance
  • describe how to configure and verify OSI Layer 3 and Layer 4 policies on the Cisco ASA security appliance
  • recognize how to configure and verify a Management Traffic policy on the Cisco ASA
  • describe the default inspection policy and its tuning options on the Cisco ASA
  • recognize how to tune inspection on the Cisco ASA for OSI Layers 3 and 4
  • configure ICMP and FTP Inspection on the Cisco ASA
  • recognize how to configure and verify advanced connection settings using the Cisco MPF on the Cisco ASA
  • identify the steps to configure TCP Intercept on the Cisco ASA
  • enable the TCP Intercept feature of the Cisco ASA security appliance to prevent SYN flooding attacks
  • recognize how to configure and verify support for dynamic protocols using the Cisco MPF on the Cisco ASA
  • describe how to configure support for the Cisco ASA Botnet Traffic Filter on Cisco ASA security appliances
  • describe how to configure QoS support on the Cisco ASA security appliance
  • describe how to troubleshoot OSI Layer 3 and Layer 4 inspection on the Cisco ASA

Cisco FIREWALL 2.0: ASA Advanced Application Inspections and User-Based Policies

Deploying access control that is based on parameters for Open Systems Interconnection (OSI) Layer 3 and 4 establishes a minimal connectivity policy for network applications. However, this filtering alone cannot provide protection for exposed applications. The Cisco ASA adaptive Security Appliance Application Inspection and Control (AIC) features provide advanced application layer (OSI Layers 5 to 7) filtering to address these scenarios when risk assessment demands them. This course enables you to configure, verify, and troubleshoot these advanced applications inspections and controls of the Cisco ASA Security Appliance. You can configure the Cisco ASA adaptive Security Appliance for user-based policies (also known as cut-through proxy), where you can implement different network access policies for different users based on their authenticated identity. You implement user-based policies using the authentication, authorization, and accounting (AAA) system on the Cisco ASA Security Appliance. This course describes the Cisco ASA Security Appliance user authentication capabilities, followed by per-user authorization and traffic accounting features that you can integrate with the AAA infrastructure of an organization.
  • describe how to plan the deployment of application layer inspection on the Cisco ASA
  • describe how application inspection provides additional security services to OSI Layers 5 to 7 traffic flows using regular expressions
  • recognize the tasks to configure OSI Layers 5 to 7 application policies
  • recognize the CLI commands for configuring OSI Layers 5 to 7 policies
  • describe how to configure and verify application inspection of HTTP traffic using the GUI
  • describe how to configure and verify HTTP protection policy using the CLI
  • recognize the implementation guidelines for verifying HTTP inspection
  • recognize how to configure an application layer policy between an internal network, reachable over the inside interface of the appliance, to all web servers that are reachable over the outside interface of the appliance
  • configure HTTP inspection on a Cisco ASA
  • identify how to evaluate FTP inspection on the Cisco ASA
  • describe how to troubleshoot application layer inspection on the Cisco ASA
  • identify the general deployment guidelines for user-based policies on the Cisco ASA
  • describe how to configure cut-through authentication on the Cisco ASA Security Appliance
  • recognize how to use authentication timeouts on the Cisco ASA Security Appliance
  • describe how to configure cut-through authorization on the Cisco ASA Security Appliance
  • describe how to troubleshoot cut-through accounting on the Cisco ASA Security Appliance

Cisco FIREWALL 2.0: ASA Security Contexts and Active/Active High Availability

When you implement different security policies for traffic from different customers or departments, you can use the virtualization features available on the Cisco ASA adaptive security appliance. You can configure several security contexts, each acting as a separate virtual security appliance on the same physical hardware. On each security context, you can configure most of the features that are available on single-mode Cisco ASA security appliances. This course describes the security contexts feature and how to configure and manage multiple security contexts. You can deploy Cisco ASA adaptive security appliances in an active/active high-availability failover to provide device redundancy and load sharing in order to increase performance. Using this active/active failover feature, you can pair two security appliances, in which both devices process traffic at the same time and act as a backup for each other. When both devices are operational, each processes a share of network traffic, depending on your traffic routing configuration. If one of the two appliances fails, the other takes over and processes all network traffic. This course describes the active/active failover feature and how to configure, tune, and troubleshoot active/active failover functionality.
  • identify the guidelines for using multiple context mode on the Cisco ASA security appliance
  • identify the considerations for configuring security contexts on the Cisco ASA security appliance
  • sequence the steps to configure security contexts on the Cisco ASA security appliance
  • describe how security contexts can be managed on the Cisco ASA security appliance
  • describe resource management on the Cisco ASA security appliance
  • describe how to troubleshoot the operation of the Cisco ASA security appliance in multiple-context mode
  • identify the features of active/active failover on the Cisco ASA security appliance
  • sequence the steps to configure active/active failover on the Cisco ASA security appliance
  • describe how to tune active/active failover on the Cisco ASA security appliance
  • describe how to troubleshoot active/active failover on the Cisco ASA security appliance
Register Now
Firewall 2.0 : Deploying Cisco ASA Firewall Solutions Part 2 e-learning bundle
  • Course ID:
    252743
  • Duration:
    11 hours
  • Price:
    $219