Duration

3 Days

Audience:

Employees of federal, state and local governments; and businesses working with the government.

Course Overview

This course is hands-on training on Cisco SD-WAN advanced policy implementations, basic and advanced Cisco SD-WAN Security, basic security features that are available on both vEdge and cEdge routers like Zone Based Firewall, and advanced security features on cEdge router with the latest IOS-EX code that has advanced features like URL Filtering, IPS, Application Aware Firewall, AMP Integration and many other advanced features are covered as a part of this training. This course also provides hands-on training on Cisco SD-WAN Programmability features.

Course Objectives:

Upon completing this course, you will be able to meet the following objectives:

  • Implement advanced SD-WAN Policies
  • Understand Cisco SD-WAN Security Features
  • Implement Zone Based Firewall on the WAN Edge
  • Implement Firewall and IPS Policies
  • Understand Cisco SD-WAN Programmability features
  • Script APIs to automate Cisco SD-WAN vManage configurations

Course Outline:

Module 1: SD-WAN Policy Deep Dive

  • Centralized Control Policy and Use Cases
    • Hub and Spoke Policy
    • Service Insertion Policy
    • Firewall Insertion Policy
    • Data Center Priority
  • App-Aware Routing
  • Security Policy and Use Cases
  • DIA / Internet Breakout Policy

Module 2: Introduction & Security Basics in the SDWAN Ecology

  • Introduction
  • SD-WAN Security Challenges
  • SD-WAN Threat Defense
  • Security Infrastructure
  • Device Identity & Security
  • Control Plane and Data Plan Security
  • Zone Based Firewalls
  • Deploying ZBF
  • Verifying ZBF

Module 3: SD-WAN Security Components

  • Building New Security Applications
  • Firewall DNS & IPS Packet Flows
  • Container Architecture
  • Security Container Deployment
  • Exploring the Security Dashboard

Module 4: Firewall and IPS Policies

  • Compliance: Firewall
  • Firewall Policy: Intra VRF Creation and Deployment
  • Firewall Policy: Inter VRF Creation and Deployment
  • Introduction to IPS
  • IPS: Policy Creation
  • IPS: Rule Verification

Module 5: SD-WAN Security – Guest Access

  • Introduction to URL Filtering
  • URL Filtering Example
  • URL Filtering Verification via CLI
  • Introduction to Cisco Umbrella
  • Integrating vManage and Umbrella
  • Umbrella Configuration and Verification

Module 6: SD-WAN Security – Direct Cloud Access

  • Introduction to Direct Cloud Access
  • Application Firewall
  • IPS
  • Advanced Malware Protection
  • DNS Security
  • Integrating – Direct Cloud Access
  • Verifying – Direct Cloud Access

Module 7: Direct Internet Access

  • Introduction to DIA
  • Application Firewall
  • IPS
  • Advanced Malware Protection
  • DNS Security
  • Integrating – Direct Internet Access
  • Verifying – Direct Internet Access

Module 8: Programmable API

  • SD-WAN Programmability Overview
    • API Overview
    • General use cases for API’s
    • Examples of API’s
  • Cisco Programming Basics
    • Overview
    • APIs 101
    • Python
    • Basics
    • Lists, Dictionaries, & Tuples
    • If-else statements
    • Loops
    • Functions
  • REST APIs
    • vManage REST APIs Overview
    • *API Template*
    • Using the vManage REST APIs
  • Cisco SD-WAN Introduction
    • High-level Cisco SD-WAN Deployment models and use cases
    • Application level SD-WAN solution
    • Cisco SDWAN high availability solution
    • Cisco SD-WAN Scalability
    • Cisco SD-WAN Solution Benefits
  • Alarms, Events and Audit Log API’s
    • vManage Simple Query
    • Alarms, Audit Log, and Events APIs
    • Alarms
    • Audit Log
    • Events
  • Bulk vManage APIs
    • Overview of Bulk API Operations
    • State
    • Statistics
  • Monitoring vManage APIs
    • Application-Aware Routing
    • App Logs
    • ARP
    • BFD
    • BGP
    • Show all
  • Device and Configuration APIs for vManage APIs
    • Device Templates
    • vSmart Policy
    • Device Inventory APIs
    • Connected Devices
    • Controllers
    • vEdges
  • Software Maintenance vManage APIs
    • Activate Software
    • Delete Software
    • Reboot Device
    • Set Default Software
    • Upgrade Software
    • Show all
  • Troubleshooting vManage APIs
    • Dashboard
    • Device Dashboard

Hands On Labs:

  • Lab 1 – Setting up the Admin PC for Development
  • Lab 2 – Exploring the REST API
  • Lab 3 – Using Postman with the REST API
  • Lab 4 – Installing Python and Setting up your Python Development Environment
  • Lab 5 – Using Python Scripting and the REST API
  • Lab 6 – Using the vManage REST API to Gather Information
  • Lab 7 – Using the vManage REST API to Monitor the Deployment
  • Lab 8 – Using the vManage REST API to Manage and Configure SDWAN devices
  • Case Study 1
  • Lab 9 – Posting to Webex Teams when a Policy is Activated or Deactivated
  • Case Study 2
  • Lab 10 – Opening a Ticket in ServiceNow