In this 3-day, lab intense course students will learn about many of the advanced features, day-2 operations and management of Cisco Secure Firewall / Firepower Threat Defense. Through intense lab exercises students will develop the skills to configure, manage and troubleshoot problems with Cisco FTD devices. After a short review of CSF, we will cover advanced features like security intelligence, file control, advanced malware protection, redundancy, external threat intelligence, domain management, SNORT3, and advanced packet flow analysis. We will also have a look at what’s new in version 7.x. You will gain leading-edge skills for high-demand security focused responsibilities.
Student Testimonials
Instructor did a great job, from experience this subject can be a bit dry to teach but he was able to keep it very engaging and made it much easier to focus.
Student
Excellent presentation skills, subject matter knowledge, and command of the environment.
Student
Instructor was outstanding. Knowledgeable, presented well, and class timing was perfect.
Student
Click here to print this page »
Prerequisites
Before taking this course, it would be good to have a basic understanding of Cisco Secure Firewall and some hands-on experience working on the device (Cisco Secure Firewall). If you don’t have the pre-requisites described above, then a good way to prepare for this course is to attend our course ’Introduction to Cisco Secure Firewall’.
Detailed Class Syllabus
Overview of Cisco Secure Firewall (CSF)
Device Configuration
Traffic Control
NAT Overview
Network Discovery
Overview of Policies
Next-Generation Features of Cisco Secure Firewall (CSF)
Security Intelligence (SI)
File Control and Advanced Malware Protection
Malware and File Policy
Overview of Intrusion Prevention and Snort Rules
Firepower Recommendations
Cisco Secure Firewall Redundancy
Overview of High Availability (HA)
Discuss active / standby HA
External Threat Intelligence
Overview of external feeds
Describe incidents
Explain Cisco Threat Intelligence Director (CTID)
Understanding subscription of CTID to external feeds
Domain Management
Introduction to multi-tenancy using domains
Managing domains
Creating new domains
Moving devices between domains
VPNs
Site-to-Site VPN
RA-VPN
SNORT3
Introduction to Snort3
Explain Elephant Flow
Discuss Snort3 recommendations
Explain rule actions
Advance Packet Flow Analysis
Using the ’Packet-Tracer’ feature
Using the ’Capture with Trace’ feature
What’s New in 7.x
VPN Load Balancing for FMC-managed devices
Explain FQDN NAT
Understand network wildcard mask object
Discuss direct Internet access
Describe AnyConnect with SAML external browser
Explain encrypted visibility engine
Discuss enhancement in TLS (focus on TLS 1.3)
Lab Exercises
Configuring CTID
Configure FQDN NAT
Using Wildcard Mask
Configure Direct Internet Access (DIA) with Policy Based Routing (PBR)
Configure Site-to-Site VPN
Configuring AnyConnect VPN
Configuring and detecting Elephant Flow using Snort3
Configuring Snort3 Firepower recommendations
Configuring additional rule actions for Snort3
Configuring and validating enhanced Captive Portal
Setting up an Encrypted Visibility Engine for reports, events, and telemetry
TLS 1.3 ESNI extension (overview/ no hands-on)
Advance Packet Flow Analysis
Configure High Availability (Active / Standby)
Remote deployments, selective deployment, and rollbacks (overview/ no hands-on