Implementing Advanced Cisco ASA Security 1.0 (SASAA) Training

Implementing Advanced Cisco ASA Security 1.0 (SASAA) Training

Introduction:

This course provides Cisco ASA firewall administrators and engineers with update training on the main post-8.4.1 release Cisco ASA features including most 9.x features such as CX and Clustering. The course includes detailed coverage of Cisco ASA 5500-X Series Next-Generation Firewalls, the Cisco Catalyst 6500 Series ASA Services Module (ASASM), and the ASA 1000v Cloud Firewall. It also provides a hands-on experience with installing and setting up the Cisco IPS and Cisco ASA CX software modules, implementing Identity Firewall policies with Cisco CDA, implementing CX policies, and integrating Cisco Cloud Web Security

Customize It:

With onsite Training, courses can be scheduled on a date that is convenient for you, and because they can be scheduled at your location, you don’t incur travel costs and students won’t be away from home. Onsite classes can also be tailored to meet your needs. You might shorten a 5-day class into a 3-day class, or combine portions of several related courses into a single course, or have the instructor vary the emphasis of topics depending on your staff’s and site’s requirements.

Audience/Target Group

Network engineers supporting Cisco ASA 9.x implementations.

Implementing Advanced Cisco ASA Security 1.0 (SASAA) TrainingRelated Courses:

Duration: 5 days

Skilled Gained:

Explain the features of Cisco ASA 5500-X Series Next-Generation Firewalls, ASASM, and ASA 1000V Cloud Firewall, and install and set up the Cisco IPS and Cisco ASA CX software modules
Describe how to implement Cisco ASA Identity Firewall policies by using Cisco CDA and Cisco ASA
Demonstrate how to implement Cisco ASA CX policies
Demonstrate how to implement Cisco ASA and Cisco Cloud Web Security integration
Describe the IPv6 features in Cisco ASA Software Release 9.0
Describe SGACL support in Cisco ASA Software Release 9.0
Describe the multicontext enhancements in Cisco ASA Software Release 9.0
Demonstrate how to implement a Cisco ASA cluster

Course Content:

Module 1: Cisco ASA Product Family

Lesson 1 Introducing the Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco ASA 5500-X Series Next-Generation Firewalls
Cisco ASA 5500-X Series USB 2.0 Ports
Cisco ASA 5500-X Series SSDs
Cisco ASA NGE Support
Cisco ASA 5585-X Dual Firewall Support

Lesson 2 Installing Cisco ASA 5500-X Series IPS Software Module

IPS Software Module
IPS Software Module Installation
sw-module module ips Command
IPS Software Module CLI Access
setup Command
IPS Software Module Management Interface Configuration
Cisco ASA-to-IPS Software Module Traffic Redirection
IPS Software Licenses

Lesson 3 Introducing the Cisco ASASM

Cisco ASASM Supported Platforms
Cisco ASASM Performance Numbers
Cisco ASASM Architecture
Cisco ASASM Features Parity
Cisco ASASM VLAN Interface Configurations

Lesson 4 Introducing the Cisco ASA 1000V Cloud Firewall

Cisco ASA 1000V and VSG Cloud Firewall Roles
Cisco ASA 1000V Firewall Deployment Scenario
Cisco ASA 1000V Cloud Firewall Performance Numbers
Cisco ASA 1000V Environment
Cisco ASA 1000V Management

Module 2: Cisco ASA

Lesson 1 Describing the Cisco ASA Identity Firewall Solution

Cisco ASA Identity Firewall Benefits
Cisco ASA Identity Firewall Flow
Cisco Identity Firewall Policies

Lesson 2 Setting Up Cisco CDA

Cisco CDA versus Active Directory Agent
Cisco CDA Hardware Appliance and VM Requirements
Cisco CDA Installation
Cisco CDA Setup
Cisco CDA Application Status Verification
Cisco CDA CLI Operations
Cisco CDA GUI

Lesson 3 Configuring Cisco CDA

Active Directory Server Configuration
Cisco ASA Configuration
Syslog Server Configuration
Cisco CDA User-Account Configuration
Cisco CDA GUI Password Policy Configuration
Cisco CDA Session Timeout Configuration
IP-to-Identity Mapping Display
Registered-Device Verification

Lesson 4 Configuring Cisco ASA Identity Firewall

Identity-Based Firewall Configuration Tasks
Active Directory Server Configuration
Cisco CDA Configuration
User-Identity Options Configuration Using Cisco ASDM
User-Identity Option Configuration Using the CLI
User-Identity-Based Access Rules
User Object Group Configuration
FQDN Network Object Configuration
Identity Firewall with Cut-Through Proxy Use Case
Identity Firewall with Remote-Access VPN Use Case

Lesson 5 Verifying and Troubleshooting Cisco Identity Firewall

Cisco CDA and Active Directory Server Connectivity Test
show user-identity Command
show user-identity Command for Cisco CDA Verification
show user-identity Command for Active Directory User Verification
show user-identity Command for Active Directory Group Verification
show user-identity Command for Memory-Usage Verification
Identity-Based Firewall Cisco ASDM Monitoring Panes
Cisco CDA Management with the CLI
Cisco CDA Live Log Monitoring
Cisco CDA Troubleshooting

Module 3: Cisco ASA CX

Lesson 1 Introducing Cisco ASA CX (Next-Generation Firewall)

Cisco ASA CX Benefits and Components
Cisco ASA CX Broad and Web AVC
Cisco ASA CX Policy Types
Compatibility with Existing Cisco ASA Features
Cisco ASA 5585-X CX-SSP Hardware Module
Cisco ASA 5500-X CX Software Module

Lesson 2 Describing the Cisco ASA CX Management Architecture

Cisco ASA CX Management Architecture
On-Box and Off-Box Cisco PRSM
On-Box and Off-Box Cisco PRSM GUI Differences

Lesson 3 Installing the Cisco Off-Box PRSM and Cisco ASA CX

Off-Box Cisco PRSM Setup
Cisco PRSM GUI Basic Functions
Cisco ASA CX System Package Installation
Cisco ASA CX Status Verification
Cisco ASA CX Management Interface
Cisco ASA CX CLI Operations

Lesson 4 Redirecting Cisco ASA-to-Cisco ASA CX Traffic

Cisco ASA-to-Cisco ASA CX Traffic Redirection

Lesson 5 Performing Cisco PRSM Device Discovery and Configuration Import

Cisco ASA CX Policy Structure
Off-Box Cisco PRSM Device Discovery
Off-Box Cisco PRSM Device Groups

Lesson 6 Configuring Cisco ASA CX Policy Objects

Cisco ASA CX Policy Object Types
Cisco ASA CX Network Objects
Cisco ASA CX Service Objects and Service Groups
Cisco ASA CX Application Objects and Application Service Objects
Cisco ASA CX URL Objects
Cisco ASA CX User Agent Objects
Cisco ASA CX Identity Objects
Cisco ASA CX Source Object and Destination Object Groups
Cisco ASA CX Secure Mobility Objects
Cisco ASA CX Action Profile Objects
Policy Objects in Cisco ASA CX Policies
Tags, Ticket IDs, and Metadata

Lesson 7 Configuring Cisco ASA CX Access Policies

Cisco ASA CX Access Policy Configuration
Cisco ASA CX Application Control Configuration
Cisco ASA CX URL Filtering Configuration
Cisco ASA CX File Filtering Profile Configuration
ASA CX Web Reputation Profile Configuration

Lesson 8 Configuring Cisco ASA CX Identity Policies

Cisco ASA CX Active and Passive Authentications
Cisco ASA CX Authentication Realms
Cisco ASA CX ADI
Cisco ASA CX Identity-Based Policy Configuration
LDAP Authentication Realm and Server Configurations
Active Directory Authentication Realm and Server Configurations
Cisco ASA CX-to-Cisco CDA Integration Configurations
Cisco ASA CX Identity Policies with Active Authentication
Cisco ASA CX Identity Policies with Passive Authentication
Cisco ASA CX Authentication Settings Configuration
Cisco ASA CX Access and Decryption Policies with Identity Objects
Cisco ASA CX User Identity in Event Viewer

Lesson 9 Configuring Cisco ASA CX Decryption Policies

Cisco ASA CX Decryption Policies
Cisco ASA CX Decryption Configurations
Cisco ASA CX Decryption Policy Configuration
Cisco ASA CX Identity, Decryption, and Access Policy Interactions

Lesson 10 Licensing Cisco ASA CX and Cisco PRSM

Cisco ASA CX Licenses
Cisco PRSM License
Cisco ASA CX and Off-Box Cisco PRSM License Management

Lesson 11 Monitoring Cisco ASA CX

Cisco PRSM Dashboards and Reports
Cisco PRSM Event Viewer
Cisco SIO Update Verifications

Lesson 12 Using Cisco PRSM for Administration

Cisco PRSM Administration Menu Options
Configuration Database Backup and Restore
Cisco PRSM Change History
Cisco PRSM User-Account Configuration
Cisco PRSM Server Certificate
Certificate Management Options
Cisco ASA CX and Cisco PRSM Logging-Level Configurations

Lesson 13 Troubleshooting Cisco ASA CX

Cisco ASA CX Access Policies Troubleshooting
Cisco ASA CX Identity-Policy Troubleshooting
Cisco ASA CX Decryption-Policy Troubleshooting
Cisco ASA CX Module Troubleshooting

Module 4: Cisco ASA Cloud Web Security Integration

Lesson 1 Introducing Cisco ASA with Cisco Cloud Web Security

Cisco ASA with Cisco Cloud Web Security
Cisco ScanCenter

Lesson 2 Licensing Cisco ASA with Cisco Cloud Web Security

Cisco ASA with Cloud Web Security Authentication Keys

Lesson 3 Configuring Cisco ASA with Cisco Cloud Web Security

Cisco ASA and Cloud Web Security Proxy-Server Configuration
ScanCenter Generation of an Authentication Key for Cisco ASA
Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
Cisco ASA and Cloud Web Security Proxy Server User-Identity Configuration

Lesson 4 Verifying Cisco ASA and Cloud Web Security Operations

Cisco ASA and Cloud Web Security Operations Verification with the CLI
Cisco ASA and Cloud Web Security Operations Verification by Using Cisco ASDM
Verification of Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
Cisco ASA and Cloud Web Security Syslog Messages
Cisco ASA and Cloud Web Security Operations Verification with debug scansafe

Module 5: Cisco ASA IPv6 Enhancements

Lesson 1: Describing the Cisco ASA IPv4 and IPv6 Unified ACL

IPv4 and IPv6 Unified ACL
IPv4 and IPv6 Unified ACL Migration
Mixed IPv6 and IPv4 Object Groups
IPv4 and IPv6 FQDN Objects

Lesson 2 Describing Other Cisco ASA IPv6 Support Enhancements

NAT46, NAT64, and DNS Doctoring
NAT66 Support
DHCPv6 Relay
OSPFv3 Support
IPv6 Application Inspections
Cisco ASA and Cisco AnyConnect IPv6 VPN Support

Module 6: Cisco ASA Security Group Firewall

Lesson 1 Introducing Cisco Security Group Tagging

Cisco Secure Access Architecture

Lesson 2 Configuring Cisco ASA Security Group Firewall

SG Firewall Configuration
SGACL Operations Monitoring

Module 7: Cisco ASA Multicontext Enhancements

Lesson 1 Describing Cisco ASA Multicontext Mode

Cisco ASA Multicontext Mode
Cisco ASA Security-Context Resource Management

Lesson 2 Describing Multicontext Enhancements in Cisco ASA Software Release 9.0

Mixed-Mode Support in Multicontext Mode
Dynamic-Routing Support in Multicontext Mode
Site-to-Site VPN Support in Multicontext Mode

Module 8: Cisco ASA Cluster

Lesson 1 Describing Cisco ASA Cluster Features

Cluster Performance Figures and Supported Platforms
Cluster Data-Interface Modes
Cluster Data-Interface Connections
CCL Functions
Cluster Master and Slave Unit Election
Centralized, Distributed, and Unsupported Cisco ASA Features
Cluster Dynamic-Routing Operations
Cluster NAT and PAT Operations

Lesson 2 Describing Cisco ASA Cluster Terminology and Data Flows

Cluster Terminology
TCP Sequence Number Randomization
TCP Traffic Flows
Asymmetric UDP Traffic Flows
Short-Lived Traffic Flows
Centralized-Feature Traffic Flows
Traffic Flows with Secondary Connections
TCP Flow Rebalancing
Cluster Health-Check Mechanisms

Lesson 3 Using the CLI to Configure a Cisco ASA Cluster

Cluster Management
Cluster Configuration with the CLI
Cluster Interface-Mode Configuration on Each Unit
CCL Configuration on Each Unit
Cluster Management Interface Configuration from the Master Unit
Spanned EtherChannel (Layer 2) Interface Configuration from the Master Unit
Individual (Layer 3) Interface Configuration from the Master Unit
Cluster Bootstrap Configuration and Enabling Clustering on Each Unit
Sample Configuration of a Two-Unit Cluster with Spanned EtherChannel Interface
Sample Configuration of a Two-Unit Cluster with Individual Interface
How to Configure Other Cluster Options

Lesson 4 Using Cisco ASDM to Configure a Cisco ASA Cluster

Cisco ASDM Cluster Dashboards
Cluster Configuration via Cisco ASDM
Cisco ASDM High Availability and Scalability Wizard
Cisco ASDM ASA Cluster Pane

Lesson 5 Verifying Cisco ASA Cluster Operations

Cluster Licensing
Cluster Interface-Mode Verification
Cluster Member-Status Verification
Cluster Health-Status Verification
Cluster Connections State Table Verification
Cluster EtherChannel Status Verification
Cluster Aggregated ACL Hit-Count Verification
Cluster Memory and CPU Usage Verification
Cluster Traffic-Distribution Verification
TCP Flow-Rebalancing Verification
Cluster Operation Verification via Cisco ASDM

Lesson 6 Troubleshooting a Cisco ASA Cluster

Cluster Packet Captures
Cluster Syslog Messages
The debug cluster CLI Command
Cluster Crashinfo and Coredump
Split-Cluster Scenario

Labs:

Lab 1-1 Remote Lab Environment Access
Lab 1-2 Cisco ASA 5500-X IPS and CX Software Module Installation and Setup
Lab 2-1 Context Directory Agent Configuration
Lab 2-2 ASA Identity-Based Firewall Configuration
Lab 3-1 ASA CX and PRSM Exploration
Lab 3-2 ASA CX Access Policy Configuration
Lab 3-3 ASA CX Identity Policy Configuration
Lab 3-4 ASA CX Decryption Policy Configuration
Lab 3-5 PRSM Administration
Lab 4-1 Cisco ASA and Cloud Web Security Integration

No Comments Yet.

Leave a comment