SAEXS v1.5 - Cisco ASA Express Security

Networking/Server/Operating Systems
Schedules
Optional
  LearnITAnytime Online Subscription (1 Year Subscription - $195.00)
  IT Online Library (1 Year Subscription - $1595.00)
  Private Mentoring 3 Hours ($225)
Quantity
If quantity is more than 1, Please add all Attendees' Names /Voucher #/ Learning Credit below separated with a comma. If not specified, we will contact you prior to the class start date. Special Instructions

Description

The goal of the course is to provide an understanding of the Cisco ASA solution portfolio and successfully configure various aspects of the Cisco ASA components including Cisco ASA firewall features and functions, Cisco ASA with FirePOWER Services and Cisco ASA Remote Access VPN including Clientless and AnyConnect.

Objectives

Upon completing this course, you will be able to:

  • Describe the Cisco ASA technology
  • Describe how to configure network integration and manage network settings for the Cisco ASA
  • Choose, configure, and troubleshoot Cisco ASA security appliance features
  • Introduce and deploy Cisco Remote Access VPN
  • Describe NGFW capabilities provided by the Cisco ASA with FirePOWER Service Module and their configuration using FireSIGHT Management Center
  • Describe how to configure IPS for NGFW Settings and Filtering
  • Describe the Cisco ASA NFWG WSE and AVC solutions and how to configure Cisco ASA NGFW Objects and Policies
  • Describe the features of Ciscos ASA Cloud Web Security
  • Explore Cisco ASA Active/Standby High Availability

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

  • Knowledge of IP networking and IP header fields
  • Basic understanding of firewall uses and roles
  • Basic understanding of firewall functions such as NAT, Application Inspection, Packet Filtering
  • Basic understanding of common security threats and mitigation techniques such malware, DoS, Intrusion Prevention, URL filtering

Who Should Attend

The primary audience for this course is as follows:

  • Network Security Engineers

Outline

Module 1: Introducing Cisco ASA Solutions

    Lesson 1: Firewall Technologies
    • Firewall Technologies
    • Cisco ASA Adaptive Security Appliance Features


    Lesson 2: Cisco ASA Adaptive Security Appliance Features

    • Cisco ASA Adaptive Security Appliance Hardware

Module 2: Exploring Cisco ASA Connectivity Basics

    Lesson 1: Preparing the Cisco ASA Adaptive Security Appliance for Network Integration
    • Managing the Cisco ASA Adaptive Security Appliance Boot Process
    • Managing the Cisco ASA Adaptive Security Appliance Using Cisco ASDM
    • Navigating Basic Cisco ASDM Features
    • Managing the Cisco ASA Adaptive Security Appliance Basic Upgrade


    Lesson 2: Managing Basic Cisco ASA Adaptive Security Appliance Network Settings

    • Managing Cisco ASA Adaptive Security Appliance Security Levels
    • Managing Basic Cisco ASA Adaptive Security Appliance Network Settings
    • Configuring and Verifying Interface VLANs
    • Configuring a Default Route


    Lesson 3: Configuring Cisco ASA Adaptive Security Appliance Routing Features

    • Static Routing
    • Dynamic Routing
    • EIGRP Configuration and Verification


    Lesson 4: Backing up and Restoring Cisco ASA

    • Cisco ASA Backup and Restore Overview
    • Cisco ASA Backup Configuring
    • Cisco ASA Restore - Configuring

Module 3: Configuring ASA Basic Access Control Foundation

    Lesson 1: Configuring Cisco ASA Adaptive Security Appliance NAT Features
    • NAT on Cisco ASA Security Appliances
    • Configuring Object (Auto) NAT
    • Configuring Manual NAT
    • Configuring and Verifying Public Servers
    • Tuning and Troubleshooting NAT on the Cisco ASA Adaptive Security Appliance


    Lesson 2: Configuring Cisco ASA Adaptive Security Appliance Basic Access Control Features

    • Connection Table and Local Host Table
    • Configuring and Verifying Interface ACLs
    • Configuring and Verifying Global ACLs
    • Configuring and Verifying Object Groups
    • Configuring and Verifying Other Basic Access Controls

Module 4: Deploying Cisco Remote Access VPN

    Lesson 1: Deploying Basic Clientless VPN Solutions
    • Cisco ASA Clientless SSL VPN Solution
    • Configuration Choices and Configuration Procedure
    • Configuring Basic Cisco ASA Adaptive Security Appliance Gateway Features and Gateway Authentication
    • Configuring Basic User Authentication
    • Configuring Basic Access Control
    • Tuning Gateway Content Rewriting


    Lesson 2: Cisco AnyConnect SSL VPN Overview

    • Introduction to Cisco AnyConnect Client
    • Cisco AnyConnect Client Core Features
    • Cisco AnyConnect Network Access Manager
    • Cisco AnyConnect Secure Mobility Modules
    • Cisco AnyConnect Secure Reporting and Troubleshooting Modules
    • Cisco AnyConnect Secure Mobility Licensing


    Lesson 3: Deploying a Cisco AnyConnect Client SSL VPN Solution

    • Basic Cisco AnyConnect SSL VPN
    • Additional Cisco AnyConnect Deployment Options
    • Configuring Cisco ASA Gateway Features
    • Configuring Local User Authentication and IP Address Assignment
    • Configuring Access Control and Split Tunneling
    • Deploying DTLS
    • Installing and Configuring Cisco AnyConnect 3.0
    • Managing Cisco AnyConnect Software

Module 5: Introducing the Cisco ASA FirePOWER Services (SFR) Module

    Lesson 1: Introducing the Cisco ASA 5500-X Series FirePOWER Services (SFR) Module
    • NGFW Security Services
    • Introducing Cisco ASA with FirePOWER Services (SFR) Module
    • Cisco ASA FirePOWER Services (SFR) Module Overview
    • Cisco FireSIGHT Management Center Overview
    • ASA 5506-X and 5508-X Overview
    • Cisco ASA FirePOWER Services Module Management Interface
    • Cisco ASA FirePOWER Services Module Package Installation
    • Redirect Traffic to Cisco ASA FirePOWER Services Module
    • Cisco ASA FirePOWER Services Module Verification
    • Summary


    Lesson 2: Cisco FireSIGHT Management Center

    • FireSIGHT Management Center Virtual Machine Installation and Setup
    • Add the FirePOWER Services Module into FireSIGHT
    • FirePOWER Services Module and FireSIGHT License Requirements
    • FireSIGHT Policy Types Overview
    • System Policy Overview
    • Health Policy Overview
    • Task Status Monitoring
    • Object Management Overview
    • Security Zones Overview
    • Network Discovery Overview
    • Active Directory Integration Overview
    • SourceFire User Agent Overview
    • Access Control Policy Overview
    • Intrusion Policy Overview
    • FireSIGHT Recommended Rules Overview
    • File Policy Overview
    • Indication of Compromise Overview
    • Connection Events Monitoring
    • Events Display Time Range
    • Switch Workflow
    • Intrusion Event Impact Levels Overview
    • IPS Events Monitoring
    • File Events Monitoring
    • Users Monitoring
    • Context Explorer
    • Dashboards
    • System Updates
    • Summary


    Lesson 3: Module Summary

    • Module Summary

Module 6: Cisco ASA Cloud Web Security

    Lesson 1: Introducing Cisco ASA with Cisco Cloud Web Security
    • Cisco ASA with Cisco Cloud Web Security
    • Cisco Cloud Web Security URL Filtering, AVC and Reporting Features Overview
    • Cisco Cloud Web Security Scanning Processes and Day Zero Outbreak Intelligence Overview
    • Cisco ScanCenter
    • Cisco ASA Cloud Web Security Licenses
    • Summary


    Lesson 2: Configuring Cisco ASA with Cisco Cloud Web Security

    • Cisco ASA and Cloud Web Security Proxy-Server Configuration
    • ScanCenter Generation of an Authentication Key for Cisco ASA
    • Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
    • Cisco ASA and Cloud Web Security Proxy Server User-Identity Configuration
    • Summary


    Lesson 3: Verifying Cisco ASA Cloud Web Security Operations

    • Cisco ASA Cloud Web Security Operations Verification using the CLI
    • Cisco ASA Cloud Web Security Operations Verification by Using Cisco ASDM
    • Verification of Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
    • Cisco ASA Cloud Web Security Syslog Messages
    • Cisco ASA Cloud Web Security Operations Verification using the debug scansafe CLI command
    • Summary


    Lesson 4: Describing the Web Filtering Policy in Cisco ScanCenter

    • ScanCenter Web Filtering Policy Overview
    • ScanCenter Web Filtering Policy Configuration
    • ScanCenter HTTPS Inspection Configuration Overview
    • ScanCenter Web Filtering Reporting
    • Summary


    Lesson 5: Describing Cisco ASA Cloud Web Security AMP and CTA

    • Cisco ASA CWS Advanced Malware Protection Overview
    • Cisco Cloud Web Security Cognitive Threat Analytics
    • Cisco ASA Cloud Web Security ScanCenter Threats Reporting Overview
    • Summary


    Lesson 6: Module Summary

    • References

Module 7: Introducing Cisco ASA High Availability

    Lesson 1: Overview of Cisco ASA Active/Standby High Availability
    • Cisco ASA Adaptive Security Appliance Active/Standby Failover Overview
    • Active Unit Election
    • Switchover Event
    • Failover Management
    • Failover Deployment Options


    Lesson 2: Configuring Cisco ASA Adaptive Security Appliance Active/Standby High Availability

    • Configuring and Verifying Active/Standby Failover
    • Tuning and Managing Active/Standby Failover
    • Remote Command Execution

Lab Outline

Hardware Lab 1: Preparing Cisco ASA for Network Integration and Configuring Basic Settings

  • Verify Cisco ASA Security Appliance and Cisco ASDM Versions
  • Initialize the Cisco ASA Security Appliance from the CLI
  • Launch Cisco ASDM and Test SSH Access
  • Configure and Verify Interfaces
  • Configure System Management Parameters


Hardware Lab 2: Configuring NAT and Basic Access Control

  • Configure Object NAT for the Client Network and DMZ Server
  • Configure Manual NAT for the DMZ Server and Client Network


Hardware Lab 3: Configure Cisco AnyConnect Client SSL VPN Solution

  • Configure Basic Cisco AnyConnect Client SSL VPN Support on the Cisco ASA Security Appliance
  • Configure a Connection Profile, Group Policy, and User Account in the Local User Database
  • Establish a Cisco AnyConnect Client SSL VPN using WebLaunch


Hardware Lab 4: Cisco ASA 5500-X FirePOWER Services (SFR) Module Installation and Setup

  • Install and Set Up the ASA FirePower (SFR) Services Module
  • Redirect Traffic to the ASA FirePOWER Services Module


Hardware Lab 5: Cisco FireSIGHT Management Center Configuration

  • Add the ASA FirePOWER Services Module in the Cisco FireSIGHT Management Center
  • Edit the Default FireSIGHT Network Discovery Rule
  • Configure the IPS Policy, File Policy and Access Control Policy
  • Test ASA FirePOWER Basic IPS Operations
  • Test ASA FirePOWER Basic AMP Operations
  • Examine the FireSIGHT Network Discovery Results
  • Integrate FireSIGHT with Microsoft Active Directory
  • Setup and Test User Based Access Control Policy
  • Verify the Traffic Redirection to the ASA FirePOWER Services Module
  • Disable Traffic Redirection to the ASA FirePOWER Services Module
  • Shut Down and Uninstall the ASA FirePower Services Module


Hardware Lab 6: Cisco ASA and Cloud Web Security Integration (Optional)

  • Configure the Cisco ASA-to-Cloud Web Security Integration