Duration
3 Days
Audience:
Employees of federal, state and local governments; and businesses working with the government.
Course Overview
This course is hands-on training on Cisco SD-WAN advanced policy implementations, basic and advanced Cisco SD-WAN Security, basic security features that are available on both vEdge and cEdge routers like Zone Based Firewall, and advanced security features on cEdge router with the latest IOS-EX code that has advanced features like URL Filtering, IPS, Application Aware Firewall, AMP Integration and many other advanced features are covered as a part of this training. This course also provides hands-on training on Cisco SD-WAN Programmability features.
Course Objectives:
Upon completing this course, you will be able to meet the following objectives:
- Implement advanced SD-WAN Policies
- Understand Cisco SD-WAN Security Features
- Implement Zone Based Firewall on the WAN Edge
- Implement Firewall and IPS Policies
- Understand Cisco SD-WAN Programmability features
- Script APIs to automate Cisco SD-WAN vManage configurations
Course Outline:
Module 1: SD-WAN Policy Deep Dive
- Centralized Control Policy and Use Cases
- Hub and Spoke Policy
- Service Insertion Policy
- Firewall Insertion Policy
- Data Center Priority
- App-Aware Routing
- Security Policy and Use Cases
- DIA / Internet Breakout Policy
Module 2: Introduction & Security Basics in the SDWAN Ecology
- Introduction
- SD-WAN Security Challenges
- SD-WAN Threat Defense
- Security Infrastructure
- Device Identity & Security
- Control Plane and Data Plan Security
- Zone Based Firewalls
- Deploying ZBF
- Verifying ZBF
Module 3: SD-WAN Security Components
- Building New Security Applications
- Firewall DNS & IPS Packet Flows
- Container Architecture
- Security Container Deployment
- Exploring the Security Dashboard
Module 4: Firewall and IPS Policies
- Compliance: Firewall
- Firewall Policy: Intra VRF Creation and Deployment
- Firewall Policy: Inter VRF Creation and Deployment
- Introduction to IPS
- IPS: Policy Creation
- IPS: Rule Verification
Module 5: SD-WAN Security – Guest Access
- Introduction to URL Filtering
- URL Filtering Example
- URL Filtering Verification via CLI
- Introduction to Cisco Umbrella
- Integrating vManage and Umbrella
- Umbrella Configuration and Verification
Module 6: SD-WAN Security – Direct Cloud Access
- Introduction to Direct Cloud Access
- Application Firewall
- IPS
- Advanced Malware Protection
- DNS Security
- Integrating – Direct Cloud Access
- Verifying – Direct Cloud Access
Module 7: Direct Internet Access
- Introduction to DIA
- Application Firewall
- IPS
- Advanced Malware Protection
- DNS Security
- Integrating – Direct Internet Access
- Verifying – Direct Internet Access
Module 8: Programmable API
- SD-WAN Programmability Overview
- API Overview
- General use cases for API’s
- Examples of API’s
- Cisco Programming Basics
- Overview
- APIs 101
- Python
- Basics
- Lists, Dictionaries, & Tuples
- If-else statements
- Loops
- Functions
- REST APIs
- vManage REST APIs Overview
- *API Template*
- Using the vManage REST APIs
- Cisco SD-WAN Introduction
- High-level Cisco SD-WAN Deployment models and use cases
- Application level SD-WAN solution
- Cisco SDWAN high availability solution
- Cisco SD-WAN Scalability
- Cisco SD-WAN Solution Benefits
- Alarms, Events and Audit Log API’s
- vManage Simple Query
- Alarms, Audit Log, and Events APIs
- Alarms
- Audit Log
- Events
- Bulk vManage APIs
- Overview of Bulk API Operations
- State
- Statistics
- Monitoring vManage APIs
- Application-Aware Routing
- App Logs
- ARP
- BFD
- BGP
- Show all
- Device and Configuration APIs for vManage APIs
- Device Templates
- vSmart Policy
- Device Inventory APIs
- Connected Devices
- Controllers
- vEdges
- Software Maintenance vManage APIs
- Activate Software
- Delete Software
- Reboot Device
- Set Default Software
- Upgrade Software
- Show all
- Troubleshooting vManage APIs
- Dashboard
- Device Dashboard
Hands On Labs:
- Lab 1 – Setting up the Admin PC for Development
- Lab 2 – Exploring the REST API
- Lab 3 – Using Postman with the REST API
- Lab 4 – Installing Python and Setting up your Python Development Environment
- Lab 5 – Using Python Scripting and the REST API
- Lab 6 – Using the vManage REST API to Gather Information
- Lab 7 – Using the vManage REST API to Monitor the Deployment
- Lab 8 – Using the vManage REST API to Manage and Configure SDWAN devices
- Case Study 1
- Lab 9 – Posting to Webex Teams when a Policy is Activated or Deactivated
- Case Study 2
- Lab 10 – Opening a Ticket in ServiceNow