Cisco Courses - Cisco ASA Training

Course

In Cardiff

£ 5,995 + VAT

Description

  • Type

    Course

  • Location

    Cardiff (Wales)

  • Duration

    5 Days

  • Start date

    Different dates available

Delegate pack consisting of course notes and exercises Manual Certificate Experienced Instructor Refreshments

Facilities

Location

Start date

Cardiff
See map
Castle Street, CF10 1SZ

Start date

Different dates availableEnrolment now open

Questions & Answers

Add your question

Our advisors and other users will be able to reply to you

Who would you like to address this question to?

Fill in your details to get a reply

We will only publish your name and question

Reviews

This centre's achievements

2016

All courses are up to date

The average rating is higher than 3.7

More than 50 reviews in the last 12 months

This centre has featured on Emagister for 8 years

Subjects

  • Management
  • Monitoring
  • Access
  • Security
  • Options
  • Cisco
  • Server
  • IT
  • Network
  • Proxy
  • IPV6 training
  • Firewall
  • Installation
  • Active Directory
  • Performance
  • Web
  • IT Security
  • IPV4 to IPV6
  • TCP
  • Network Training
  • IT Management

Course programme

The Knowledge Academy Implementing Advanced Cisco ASA Security 5 day course covers the following topics:

Introduction

This course provides Cisco ASA firewall administrators and engineers with update training on the main post-8.4.1 release Cisco ASA features including most 9.x features such as CX and Clustering.

The course includes detailed coverage of Cisco ASA 5500-X Series Next-Generation Firewalls, the Cisco Catalyst 6500 Series ASA Services Module (ASASM), and the ASA 1000V Cloud Firewall.

It also provides a hands-on experience with installing and setting up the Cisco IPS and Cisco ASA CX software modules, implementing Identity Firewall policies with Cisco CDA, implementing CX policies, and integrating Cisco Cloud Web Security.

Who should attend?

  • This course is intended for network engineers supporting Cisco ASA 9.x implementations.

Pre-requisites

  • Prior to attending this course, it is recommended that students have taken Deploying Cisco ASA Firewall Features (FIREWALL) or have an equivalent knowledge of the Cisco ASA.

Course Objectives

Upon completing this course, you will be able to meet these objectives:

  • Explain the features of Cisco ASA 5500-X Series Next-Generation Firewalls, ASASM, and ASA 1000V Cloud Firewall, and install and set up the Cisco IPS and Cisco ASA CX software modules
  • Implement Cisco ASA Identity Firewall policies by using Cisco CDA and Cisco ASA
  • Implement Cisco ASA CX policies
  • Implement Cisco ASA and Cisco Cloud Web Security integration
  • Describe the multi context enhancements in Cisco ASA Software Release 9.0
  • Describe the IPv6 features in Cisco ASA Software Release 9.0
  • Describe Security Group Firewall support in Cisco ASA Software Release 9.0
  • Implement a Cisco ASA cluster

Course Outline

Module 1 Cisco ASA Product Family

1: Introducing the Cisco ASA 5500-X Series Next-Generation Firewalls

  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA 5500-X Series USB 2.0 Ports
  • Cisco ASA 5500-X Series SSDs
  • Cisco ASA NGE Support
  • Cisco ASA 5585-X Dual Firewall Support

2: Installing Cisco ASA 5500-X Series IPS Software Module

  • IPS Software Module
  • IPS Software Module Installation
  • sw-module module ips Command
  • IPS Software Module CLI Access
  • setup Command
  • IPS Software Module Management Interface Configuration
  • Cisco ASA-to-IPS Software Module Traffic Redirection
  • IPS Software Licenses
  • Module 1 Lab 1-1 Remote Lab Environment Access Module 1 Lab 1-2 Cisco ASA 5500-X IPS and CX Software Module Installation and Setup

3: Introducing the Cisco ASASM

  • Cisco ASASM Supported Platforms
  • Cisco ASASM Performance Numbers
  • Cisco ASASM Architecture
  • Cisco ASASM Features Parity
  • Cisco ASASM VLAN Interface Configurations

4: Introducing the Cisco ASA 1000V Cloud Firewall

  • Cisco ASA 1000V and VSG Cloud Firewall Roles
  • Cisco ASA 1000V Firewall Deployment Scenario
  • Cisco ASA 1000V Cloud Firewall Performance Numbers
  • Cisco ASA 1000V Environment
  • Cisco ASA 1000V Management

Module 2: Cisco ASA Identity Firewall

1: Describing the Cisco ASA Identity Firewall Solution

  • Cisco ASA Identity Firewall Benefits
  • Cisco ASA Identity Firewall Flow
  • Cisco Identity Firewall Policies

2: Setting Up Cisco CDA

  • Cisco CDA versus Active Directory Agent
  • Cisco CDA Hardware Appliance and VM Requirements
  • Cisco CDA Installation
  • Cisco CDA Setup
  • Cisco CDA Application Status Verification
  • Cisco CDA CLI Operations
  • Cisco CDA GUI

3: Configuring Cisco CDA

  • Active Directory Server Configuration
  • Cisco ASA Configuration
  • Syslog Server Configuration
  • Cisco CDA User-Account Configuration
  • Cisco CDA GUI Password Policy Configuration
  • Cisco CDA Session Timeout Configuration
  • IP-to-Identity Mapping Display
  • Registered-Device Verification

4: Configuring Cisco ASA Identity Firewall

  • Identity-Based Firewall Configuration Tasks
  • Active Directory Server Configuration
  • Cisco CDA Configuration
  • User-Identity Options Configuration Using Cisco ASDM
  • User-Identity Option Configuration Using the CLI
  • User-Identity-Based Access Rules
  • User Object Group Configuration
  • FQDN Network Object Configuration
  • Identity Firewall with Cut-Through Proxy Use Case
  • Identity Firewall with Remote-Access VPN Use Case

5: Verifying and Troubleshooting Cisco Identity Firewall

  • Cisco CDA and Active Directory Server Connectivity Test
  • show user-identity Command
  • show user-identity Command for Cisco CDA Verification
  • show user-identity Command for Active Directory User Verification
  • show user-identity Command for Active Directory Group Verification
  • show user-identity Command for Memory-Usage Verification
  • Identity-Based Firewall Cisco ASDM Monitoring Panes
  • Cisco CDA Management with the CLI
  • Cisco CDA Live Log Monitoring
  • Cisco CDA Troubleshooting
  • Module 2 Lab 2-1 Context Directory Agent Configuration
  • Module 2 Lab 2-2 ASA Identity-Based Firewall Configuration

Module 3: Cisco ASA CX

1: Introducing Cisco ASA CX (Next-Generation Firewall)

  • Cisco ASA CX Benefits and Components
  • Cisco ASA CX Broad and Web AVC
  • Cisco ASA CX Policy Types
  • Compatibility with Existing Cisco ASA Features
  • Cisco ASA 5585-X CX-SSP Hardware Module
  • Cisco ASA 5500-X CX Software Module

2: Describing the Cisco ASA CX Management Architecture

  • Cisco ASA CX Management Architecture
  • On-Box and Off-Box Cisco PRSM
  • On-Box and Off-Box Cisco PRSM GUI Differences

3: Installing the Cisco Off-Box PRSM and Cisco ASA CX

  • Off-Box Cisco PRSM Setup
  • Cisco PRSM GUI Basic Functions
  • Cisco ASA CX System Package Installation
  • Cisco ASA CX Status Verification
  • Cisco ASA CX Management Interface
  • Cisco ASA CX CLI Operations

4: Redirecting Cisco ASA-to-Cisco ASA CX Traffic

  • Cisco ASA-to-Cisco ASA CX Traffic Redirection

5: Performing Cisco PRSM Device Discovery and Configuration Import

  • Cisco ASA CX Policy Structure
  • Off-Box Cisco PRSM Device Discovery
  • Off-Box Cisco PRSM Device Groups

6: Configuring Cisco ASA CX Policy Objects

  • Cisco ASA CX Policy Object Types
  • Cisco ASA CX Network Objects
  • Cisco ASA CX Service Objects and Service Groups
  • Cisco ASA CX Application Objects and Application Service Objects
  • Cisco ASA CX URL Objects
  • Cisco ASA CX User Agent Objects
  • Cisco ASA CX Identity Objects
  • Cisco ASA CX Source Object and Destination Object Groups
  • Cisco ASA CX Secure Mobility Objects
  • Cisco ASA CX Action Profile Objects
  • Policy Objects in Cisco ASA CX Policies
  • Tags, Ticket IDs, and Metadata

7: Configuring Cisco ASA CX Access Policies

  • Cisco ASA CX Access Policy Configuration
  • Cisco ASA CX Application Control Configuration
  • Cisco ASA CX URL Filtering Configuration
  • Cisco ASA CX File Filtering Profile Configuration
  • ASA CX Web Reputation Profile Configuration

8: Configuring Cisco ASA CX Identity Policies

  • Cisco ASA CX Active and Passive Authentications
  • Cisco ASA CX Authentication Realms
  • Cisco ASA CX ADI
  • Cisco ASA CX Identity-Based Policy Configuration
  • LDAP Authentication Realm and Server Configurations
  • Active Directory Authentication Realm and Server Configurations
  • Cisco ASA CX-to-Cisco CDA Integration Configurations
  • Cisco ASA CX Identity Policies with Active Authentication
  • Cisco ASA CX Identity Policies with Passive Authentication
  • Cisco ASA CX Authentication Settings Configuration
  • Cisco ASA CX Access and Decryption Policies with Identity Objects
  • Cisco ASA CX User Identity in Event Viewer

9: Configuring Cisco ASA CX Decryption Policies

  • Cisco ASA CX Decryption Policies
  • Cisco ASA CX Decryption Configurations
  • Cisco ASA CX Decryption Policy Configuration
  • Cisco ASA CX Identity, Decryption, and Access Policy Interactions

10: Licensing Cisco ASA CX and Cisco PRSM

  • Cisco ASA CX Licenses
  • Cisco PRSM License
  • Cisco ASA CX and Off-Box Cisco PRSM License Management

11: Monitoring Cisco ASA CX

  • Cisco PRSM Dashboards and Reports
  • Cisco PRSM Event Viewer
  • Cisco SIO Update Verifications

12: Using Cisco PRSM for Administration

  • Cisco PRSM Administration Menu Options
  • Configuration Database Backup and Restore
  • Cisco PRSM Change History
  • Cisco PRSM User-Account Configuration
  • Cisco PRSM Server Certificate
  • Certificate Management Options
  • Cisco ASA CX and Cisco PRSM Logging-Level Configurations

13: Troubleshooting Cisco ASA CX

  • Cisco ASA CX Access Policies Troubleshooting
  • Cisco ASA CX Identity-Policy Troubleshooting
  • Cisco ASA CX Decryption-Policy Troubleshooting
  • Cisco ASA CX Module Troubleshooting
  • Module 3 Lab 3-1 ASA CX and PRSM Exploration
  • Module 3 Lab 3-2 ASA CX Access Policy Configuration
  • Module 3 Lab 3-3 ASA CX Identity Policy Configuration
  • Module 3 Lab 3-4 ASA CX Decryption Policy Configuration
  • Module 3 Lab 3-5 PRSM Administration

Module 4: Cisco ASA Cloud Web Security Integration

1: Introducing Cisco ASA with Cisco Cloud Web Security

  • Cisco ASA with Cisco Cloud Web Security
  • Cisco ScanCenter

2: Licensing Cisco ASA with Cisco Cloud Web Security

  1. Cisco ASA with Cloud Web Security Authentication Keys

3: Configuring Cisco ASA with Cisco Cloud Web Security

  • Cisco ASA and Cloud Web Security Proxy-Server Configuration
  • ScanCenter Generation of an Authentication Key for Cisco ASA
  • Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
  • Cisco ASA and Cloud Web Security Proxy Server User-Identity Configuration

4: Verifying Cisco ASA and Cloud Web Security Operations

  • Cisco ASA and Cloud Web Security Operations Verification with the CLI
  • Cisco ASA and Cloud Web Security Operations Verification by Using Cisco ASDM
  • Verification of Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
  • Cisco ASA and Cloud Web Security Syslog Messages
  • Cisco ASA and Cloud Web Security Operations Verification with debug scansafe
  • Module 4 Lab 4-1 Cisco ASA and Cloud Web Security Integration

Module 5: Cisco ASA IPv6 Enhancements

1: Describing the Cisco ASA IPv4 and IPv6 Unified ACL

  • IPv4 and IPv6 Unified ACL
  • IPv4 and IPv6 Unified ACL Migration
  • Mixed IPv6 and IPv4 Object Groups
  • IPv4 and IPv6 FQDN Objects

2: Describing Other Cisco ASA IPv6 Support Enhancements

  • NAT46, NAT64, and DNS Doctoring
  • NAT66 Support
  • DHCPv6 Relay
  • OSPFv3 Support
  • IPv6 Application Inspections
  • Cisco ASA and Cisco AnyConnect IPv6 VPN Support

Module 6: Cisco ASA Security Group Firewall

1: Introducing Cisco Security Group Tagging

  • Cisco Secure Access Architecture

2: Configuring Cisco ASA Security Group Firewall

  • SG Firewall Configuration
  • SGACL Operations Monitoring

Module 7: Cisco ASA Multicontext Enhancements

1: Describing Cisco ASA Multicontext Mode

  • Cisco ASA Multicontext Mode
  • Cisco ASA Security-Context Resource Management

2: Describing Multicontext Enhancements in Cisco ASA Software Release 9.0

  • Mixed-Mode Support in Multicontext Mode
  • Dynamic-Routing Support in Multicontext Mode
  • Site-to-Site VPN Support in Multicontext Mode

Module 8: Cisco ASA Cluster

1: Describing Cisco ASA Cluster Features

Cluster Performance Figures and Supported Platforms

  • Cluster Data-Interface Modes
  • Cluster Data-Interface Connections
  • CCL Functions
  • Cluster Master and Slave Unit Election
  • Centralized, Distributed, and Unsupported Cisco ASA Features
  • Cluster Dynamic-Routing Operations
  • Cluster NAT and PAT Operations

2: Describing Cisco ASA Cluster Terminology and Data Flows

  • Cluster Terminology
  • TCP Sequence Number Randomization
  • TCP Traffic Flows
  • Asymmetric UDP Traffic Flows
  • Short-Lived Traffic Flows
  • Centralized-Feature Traffic Flows
  • Traffic Flows with Secondary Connections
  • TCP Flow Rebalancing
  • Cluster Health-Check Mechanisms

3: Using the CLI to Configure a Cisco ASA Cluster

  • Cluster Management
  • Cluster Configuration with the CLI
  • Cluster Interface-Mode Configuration on Each Unit
  • CCL Configuration on Each Unit
  • Cluster Management Interface Configuration from the Master Unit
  • Spanned EtherChannel (Layer 2) Interface Configuration from the Master Unit
  • Individual (Layer 3) Interface Configuration from the Master Unit
  • Cluster Bootstrap Configuration and Enabling Clustering on Each Unit
  • Sample Configuration of a Two-Unit Cluster with Spanned EtherChannel Interface
  • Sample Configuration of a Two-Unit Cluster with Individual Interface
  • How to Configure Other Cluster Options

4: Using Cisco ASDM to Configure a Cisco ASA Cluster

  • Cisco ASDM Cluster Dashboards
  • Cluster Configuration via Cisco ASDM
  • Cisco ASDM High Availability and Scalability Wizard
  • Cisco ASDM ASA Cluster Pane

5: Verifying Cisco ASA Cluster Operations

  • Cluster Licensing
  • Cluster Interface-Mode Verification
  • Cluster Member-Status Verification
  • Cluster Health-Status Verification
  • Cluster Connections State Table Verification
  • Cluster EtherChannel Status Verification
  • Cluster Aggregated ACL Hit-Count Verification
  • Cluster Memory and CPU Usage Verification
  • Cluster Traffic-Distribution Verification
  • TCP Flow-Rebalancing Verification
  • Cluster Operation Verification via Cisco ASDM

6: Troubleshooting a Cisco ASA Cluster

  • Cluster Packet Captures
  • Cluster Syslog Messages
  • The debug cluster CLI Command
  • Cluster Crashinfo and Coredump
  • Split-Cluster Scenario

Additional information

  • Cisco training provided by the Largest Training Company globally
  • This Cisco classroom based course also includes Lab Activities
  • Network Engineers are recommended to attend this course
  • GUARANTEED LOWEST PRICE IN THE INDUSTRY
  • Learn the Cisco ASA features including most 9.x features such as CX and Clustering
  • Courses delivered by world class Cisco training instructors in luxury venues 
  • The Cisco training course includes material, manuals and exam preparation
  • Book Online or Call 01344 203999 to speak to a Cisco training advisor today

Cisco Courses - Cisco ASA Training

£ 5,995 + VAT