3 Days

Course Description:

In this 3-day, lab intense course students will learn about many of the advanced features, day-2 operations and management of Cisco Secure Firewall / Firepower Threat Defense. Through intense lab exercises students will develop the skills to configure, manage and troubleshoot problems with Cisco FTD devices. After a short review of CSF, we will cover advanced features like security intelligence, file control, advanced malware protection, redundancy, external threat intelligence, domain management, SNORT3, and advanced packet flow analysis. We will also have a look at what’s new in version 7.x. You will gain leading-edge skills for high-demand security focused responsibilities.


Employees of federal, state and local governments; and businesses working with the government.

This course is designed for professionals in the following job roles:

  • Network Security Administrators
  • Network Security Engineers
  • Network Security Managers
  • Security Sales Engineers
  • Security System Engineers
  • Anyone else who wants to learn about Cisco Secure Firewall


Before taking this course, it would be good to have a basic understanding of Cisco Secure Firewall and some hands-on experience working on the device (Cisco Secure Firewall). If you don’t have the pre-requisites described above, then a good way to prepare for this course is to attend our course ’Introduction to Cisco Secure Firewall’.

Training Objectives:

After completing this course, students will be able to:

  • Describe the advanced features of a Next-Generation Firewall
  • Explain the newly release features
  • Configure advanced and newly released features
  • Understand advanced packet flow analysis

Course Outline:

Overview of Cisco Secure Firewall (CSF)

  • Device Configuration
  • Traffic Control
  • NAT Overview
  • Network Discovery
  • Overview of Policies

Next-Generation Features of Cisco Secure Firewall (CSF)

  • Security Intelligence (SI)
  • File Control and Advanced Malware Protection
  • Malware and File Policy
  • Overview of Intrusion Prevention and Snort Rules
  • Firepower Recommendations

Cisco Secure Firewall Redundancy

  • Overview of High Availability (HA)
  • Discuss active / standby HA

External Threat Intelligence

  • Overview of external feeds
  • Describe incidents
  • Explain Cisco Threat Intelligence Director (CTID)
  • Understanding subscription of CTID to external feeds

Domain Management

  • Introduction to multi-tenancy using domains
  • Managing domains
  • Creating new domains
  • Moving devices between domains


  • Site-to-Site VPN
  • RA-VPN


  • Introduction to Snort3
  • Explain Elephant Flow
  • Discuss Snort3 recommendations
  • Explain rule actions

Advance Packet Flow Analysis

  • Using the ’Packet-Tracer’ feature
  • Using the ’Capture with Trace’ feature

What’s New in 7.x

  • VPN Load Balancing for FMC-managed devices
  • Explain FQDN NAT
  • Understand network wildcard mask object
  • Discuss direct Internet access
  • Describe AnyConnect with SAML external browser
  • Explain encrypted visibility engine
  • Discuss enhancement in TLS (focus on TLS 1.3)

Lab Exercises

  • Configuring CTID
  • Configure FQDN NAT
  • Using Wildcard Mask
  • Configure Direct Internet Access (DIA) with Policy Based Routing (PBR)
  • Configure Site-to-Site VPN
  • Configuring AnyConnect VPN
  • Configuring and detecting Elephant Flow using Snort3
  • Configuring Snort3 Firepower recommendations
  • Configuring additional rule actions for Snort3
  • Configuring and validating enhanced Captive Portal
  • Setting up an Encrypted Visibility Engine for reports, events, and telemetry
  • TLS 1.3 ESNI extension (overview/ no hands-on)
  • Advance Packet Flow Analysis
  • Configure High Availability (Active / Standby)
  • Remote deployments, selective deployment, and rollbacks (overview/ no hands-on