SASAA – Implementing Advanced Cisco ASA Security v1.2

Duration

5 Days

Audience:

Employees of federal, state and local governments; and businesses working with the government.

Course Description

This course provides advanced training on the key Cisco ASA 9.x features including the following:

  • Features of Cisco ASA 5500-X Series Next-Generation Firewalls, ASASM, ASA 1000V Cloud Firewall and Cisco ASAv
  • Install and set up the Cisco ASAv
  • Implement Cisco ASA Identity Firewall policies by using Cisco CDA and Cisco ASA
  • Install and set up the Cisco SFR (FirePOWER Services)
  • Implement Cisco ASA and Cisco Cloud Web Security integration
  • Implement a Cisco ASA cluster
  • Install and set up the Cisco CX (NGFW Services)
  • IPv6 features in Cisco ASA Software Release 9.0
  • Multicontext enhancements in Cisco ASA 9.0
  • SGFW support in Cisco ASA 9.0
  • CoA support

What You’ll Learn

  • An overview of the Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASASM, and Cisco ASA 1000V Cloud Firewall
  • How to implement the Cisco ASA Identity Firewall Feature, including the use of the Cisco CDA
  • How to implement the Cisco ASA SFR (FirePOWER Services) module, including key functions of FireSIGHT Management Center integration, Access Control Policy, Intrusion Prevention Policy, File Policy, Network Discovery Policy, Application Detection Policy, Active Directory Integration, and User Based Access Control
  • How to implement the Cisco ASA CX, including the key functions of performing user identification through active or passive authentication, broad Application Visibility and Control (AVC), Web AVC, URL Filtering, TLS/SSL decryption, and NGFW IPS
  • How to configure Cisco ASA to integrate with Cisco Cloud Web Security to provide web security and filtering services through an SaaS model
  • Understand the IPv6 enhancements in Cisco ASA Software 9.0 and later including IPv4 and IPv6 unified ACLs, NAT46, NAT64, NAT66, DHCPv6 relay, and IPv6 VPN features
  • Understand the Security Group Access Control (SGACL) feature in Cisco ASA Software 9.0 and later.
  • Examine the multicontext enhancements in Cisco ASA Software 9.0 and later
  • How to implement a Cisco ASA Cluster feature which allows as many as eight Cisco ASA appliances to be joined in a single cluster

Who Needs to Attend

  • Network administrators, managers, coordinators
  • Anyone who requires advanced training on the ASA 5500-X
  • Security technicians, administrators, and engineers

Prerequisites

  • SASAC – Implementing Core Cisco ASA Security v1.0

Course Outline

1. Cisco ASA Product Family

  • Introducing the Cisco ASA 5500-X Series NGFW
  • Introducing the Cisco ASA 1000V Cloud Firewall
  • Introducing the Cisco ASAv
  • Introducing the Cisco ASASM

2. Cisco ASA Identity Firewall

  • Describing the Cisco IDFW Solution
  • Setting Up Cisco CDA
  • Configuring Cisco CDA
  • Configuring Cisco ASA IDFW
  • Verifying and Troubleshooting Cisco ASA IDFW

3. Cisco ASA FirePOWER (SFR) Module

  • Installing Cisco ASA 5500-X Series FirePOWER (SFR) Module
  • Cisco Virtual FireSIGHT Management Center

4. Cisco ASA Cloud Web Security Integration

  • Introducing Cisco ASA with Cisco Cloud Web Security
  • Licensing Cisco ASA with Cisco Cloud Web Security
  • Configuring Cisco ASA with Cisco Cloud Web Security
  • Verifying Cisco ASA with Cisco Cloud Web Security
  • Describing the Web Filtering Policy in Cisco ScanCenter
  • Cisco Cloud Web Security Advanced Malware Protection and Threat Analytics

5. Cisco ASA Cluster

  • Describing Cisco ASA Cluster Features
  • Describing Cisco ASA Cluster Terminology and Data Flows
  • Using the CLI to Configure a Cisco ASA Cluster
  • Using the ASDM to Configure a Cisco ASA Cluster
  • Verifying Cisco ASA Cluster Operations
  • Troubleshooting a Cisco ASA Cluster Operations
  • Describing Cisco ASA v9.1.4 and later Clustering Features

6. Cisco ASA CX (Next-Generation Firewall Services) (Self-Study/Optional)

7. Cisco ASA Multicontext Enhancements (Self-Study/Optional)

8. Cisco ASA Security Group Firewall (Self-Study/Optional)

9. Cisco ASA IPv6 Enhancements (Self-Study/Optional)

Labs

Lab 1: Cisco Adaptive Security Virtual Appliance (ASAv) Basic Setup

Lab 2: Context Directory Agent (CDA) Configuration

Lab 3: Identity-Based Firewall Configuration

Lab 4: ASA 5500-X FirePOWER Services (SFR) Module Installation and Setup

Lab 5: ASA Cloud Web Security Integration

Lab 6: ASA Cluster Configuration

Lab 7: ASA CX and PRSM Exploration

Lab 8: ASA CX Access Policy Configuration

Lab 9: ASA CX Identity Policy

Lab 10: ASA CX Decryption Policy Configuration

Lab 11: ASA CX NGIPS Policy Configuration

Lab 12: PRSM Administration

Lab 13: Configuring ASA Security Group (TrustSec) Firewall