3 Days

Course Description:

In this 3-day course students will learn to deploy, configure, and manage Cisco Secure Firewall/Firepower Threat Defense. This hands-on course will help develop the skills to use and configure Cisco FTD, starting with the initial device setup and configuration. Students will learn to implement Next-Generation Firewall (NGFW) and Next-Generation Intrusion Prevention System (NGIPS) features. Students will also learn to analyze events, system administration, and basic troubleshooting.


Employees of federal, state and local governments; and businesses working with the government.

This course is intended for:

  • Network Security Administrators
  • Network Security Engineers
  • Network Security Managers
  • Security Sales Engineers
  • Security System Engineers
  • Anyone else who wants to learn about Cisco Secure Firewall


  • Before taking this course, it would be good to have some understanding of Network Security fundamentals.
  • Exposure to working with any Network firewall will be an advantage.

Course Objectives:

After completing this course, students will be able to:

  • Describe the operating principles of a Next-Generation Firewall
  • Configure any Cisco Secure Firewall using the GUI
  • Ensure that proper perimeter security is enabled using Cisco Secure Firewall
  • Describe the different common use cases of Cisco Secure Firewall

Course Outline:

Overview of Cisco Secure Firewall (CSF)

  • Basic firewall and IPS terminologies
  • Understand CSF features
  • Examine different platforms
  • Examine licensing
  • General implementation use cases

Device Configuration

  • Device Registration
  • Differentiate between FXOS and FTD image
  • Differentiate between management options FDM and FMC
  • Initial device activation and configuration
  • Examining different policies
  • Define objects
  • Explore system configuration
  • Configure Health Monitoring
  • Discuss device/ platform management options
  • Overview of High Availability

Cisco Secure Firewall Traffic Control

  • Describe packet processing
  • Explain traffic bypassing
  • Discuss pre-filter policy

Network Address Translation (NAT) Configurations

  • Overview of NAT
  • Different NAT rule types
  • Implementing and configuring NAT

Network Discovery

  • Explain Network Discovery
  • Configure Network Discovery

Access Control Policies

  • Overview of Access Control Policies (ACP)
  • Describe Access Control Policy rules and default action
  • Define further inspection feature in a rule
  • Overview of logging options for a rule
  • Advanced Settings in an ACP
  • Deploying the change in an ACP

Security Intelligence

  • Overview of Security Intelligence (SI)
  • Configure Security Intelligence objects
  • Deploy SI

File Control and Advanced Malware Protection

  • Overview of malware and file policy
  • Discuss Advanced Malware Protection

Next-Generation Intrusion Prevention Systems

  • Overview of Intrusion Prevention and Snort rules
  • Explain variables and variable sets
  • Configure intrusion policies
  • Describe firepower recommendations

Analyzing different Events

  • Discuss different types of events
  • Explore analysis tools
  • Analyze threats

General System Administration

  • Manage device updates
  • Explore user account management features
  • Configuring different user accounts

Basic Troubleshooting

  • Identify common misconfigurations
  • Basic troubleshooting commands
  • Using packet trace

Lab Exercises

Initial Device Setup

  • FTD initial boot up and n/w configuration (walkthrough/ no hands-on)
  • FMC initial boot up and n/w configuration (walkthrough/ no hands-on)
  • FTD onboarding to FMC

Basic Configuration and Verification

  • Verify/ create different objects
  • Verify/ create interface and routing configuration

Configure Security Intelligence

  • Configure Security Intelligence objects
  • Modify/ customize Security Intelligence

Configure Intrusion Policy

  • Reuse base IPS policy (SNORT2/ SNORT3)
  • Create a new IPS policy (SNORT2/ SNORT3)

Configure/ Modify the Access Control Policy

  • Allow internal/ DMZ access (inbound)
  • Allow Internet access (outbound)
  • [Use a SNORT2/ SNORT3 Intrusion Policy configured in exercise 4]

Configure NAT Policies

  • Dynamic NAT
  • Static NAT

Configure/ Modify Network Discovery Policy

  • Understand/ differentiate hosts, users, and applications
  • Configure/ tune the network discovery policy based on your environment

Deploy Changes

  • Review the changes that will apply to the NGFW
  • Deploy all the configuration changes to the NGFW

Test/ Analyze the NGFW Traffic

  • Connectivity
  • IPS functionality
  • Malware blocking capabilities

System Administration Overview

  • Health Monitoring
  • Device Backup and Restore
  • Reporting Overview
  • Scheduling Tasks
  • Change Reconciliation