Download PDF
of this course

SASAA - Implementing Advanced Cisco ASA Security v2.1 (SASAA)

  • Overview
  • Who Should Attend
  • Certifications
  • Prerequisites
  • Objectives
  • Content
  • Schedule
Course Overview

Course Duration: 5 days

This course provides advanced training on the key Cisco Adaptive Security Appliance (ASA) 9.x features including the following:

  • Cisco ASA 5500-X Series Next-Generation Firewalls, ASAv, ASA 5506-X, 5508-X, 5516-X and ASA SM and implement new ASA 9.4.1 features

  • Cisco ASA Identity Firewall policies

  • Install and Set up the Cisco FirePOWER Services Module (SFR)

  • Implement Cisco ASA Cloud Web Security

  • Implement a Cisco ASA cluster

  • Cisco ASA security group firewall and change of authorization support

Who Should Attend

  • Network administrators, managers, coordinators

  • Anyone who requires advanced training on the ASA 5500-X

  • Security technicians, administrators, and engineers

Course Certifications

This course is part of the following Certifications:

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

  • SASAC - Implementing Core Cisco ASA Security v1.0

 

Course Objectives

  • Cisco ASA 5500-X Series Next-Generation Firewalls and the Cisco ASA Services Module (ASA SM)

  • Implement ASA Security Zones and Equal Cost Mulitpathing

  • Configure ASA 9.3/9.4 new features including: REST API for configuration, Policy Based Routing, ACL Manual Commit and ACL Forward Refernece

  • Implement the Cisco ASA Identity Firewall Feature, including the use of the Cisco CDA

  • Implement the Cisco ASA SFR (FirePOWER Services) module

  • Configure Cisco ASA to integrate with Cisco Cloud Web Security to provide web security and filtering services through an SaaS model

  • Security Group Access Control (SGACL) feature in Cisco ASA Software 9.0 and later.

  • Implement a Cisco ASA Cluster feature which allows as many as eight Cisco ASA appliances to be joined in a single cluster

Course Content

Module 1: Cisco ASA Product Family

Lesson 1: Introducing the Cisco ASA 5500-X Next-Generation Firewalls

  • Cisco ASA 5500-X Series Next-Generation Firewalls

  • Cisco ASA 5500-X Series SSDs

  • Cisco ASA 5585-X Dual Firewall Support

  • Cisco ASA 5506-X, 5508-X, and 5516-X Overview

  • Cisco ASA NGE Support

  • Cisco ASA FirePOWER Services, CWS, NGFW Services, IPS Modules Comparisons

 

Lesson 2: Introducing the Cisco ASAv
 
  • ASAv Initial 9.2.1 Release Overview

  • Deploy the ASAv OVF Template

  • ASAv 9.3.2+ KVM Hypervisor Support

  • ASAv Digitally Signed Image

  • ASAv Management Options

  • ASAv 9.3.2+ Smart Licensing

  • Verify the ASAv VM Using the CLI

  • Verify the ASAv VM Using the ASDM

  • ASA 9.2.1 BGP IPv4 Support

 

Lesson 3: Implementing ASA 9.3 and 9.4.1 New Features

  • ASA REST API Basics

  • ASA ACL Forward Reference and ACL Manual Commit

  • ASA CLI Config Backup and Restore

  • ASA Policy Based Routing

  • ASA Equal Cost Multiple Path Routing

  • ASA NSF Support

  • ASA 9.4.1+ VXLAN Support

  • Other New ASA Features

 

Lesson 4: Introducing the Cisco ASASM

  • Cisco ASASM Supported Platforms

  • Cisco ASASM Performance Numbers

  • Cisco ASASM Architecture

  • Cisco ASASM Features Parity

  • Cisco ASASM VLAN Interface

 

 

Module 2: Cisco ASA Identity Firewall

Lesson 1: Describing the Cisco ASA Identity Firewall Solution

  • Cisco ASA Identity Firewall Benefits

  • Cisco ASA Identity Firewall Flow

  • Cisco ASA Identity Firewall Policies

 

Lesson 2: Setting Up Cisco CDA

  • Cisco CDA versus Active Directory Agent

  • Cisco CDA Hardware Appliance and VM Requirements

  • Cisco CDA Installation

  • Cisco CDA Setup

  • Cisco CDA Application Status Verification

  • Cisco CDA CLI Operations

  • Cisco CDA GUI

 

Lesson 3: Configuring Cisco CDA

  • Active Directory Server Configuration

  • Cisco ASA Configuration

  • Syslog Server Configuration

  • Cisco CDA User-Account Configuration

  • Cisco CDA GUI Password Policy Configuration

  • Cisco CDA Session Timeout Configuration

  • IP-to-Identity Mapping Display

  • Registered-Device Verification

 

Lesson 4: Configuring Cisco ASA Identity Firewall

  • Identity-Based Firewall Configuration Tasks

  • Active Directory Server Configuration

  • Cisco CDA Configuration

  • User-Identity Options Configuration Using Cisco ASDM

  • User-Identity Option Configuration Using the CLI

  • User-Identity-Based Access Rules

  • User Object Group Configuration

  • FQDN Network Object Configuration

  • Identity Firewall with Cut-Through Proxy Use Case

  • Identity Firewall with Remote-Access VPN Use Case

 

Lesson 5: Verifying and Troubleshooting Cisco ASA Identity Firewall

  • Cisco CDA and Active Directory Server Connectivity Test

  • Verify User-Identity Operations Using the CLI

  • ASA to CDA Connectivity Verifications

  • Active Directory Users Verifications

  • Verify the Active Directory Groups

  • Memory Usage Verifications

  • Identity-Based Firewall Cisco ASDM Monitoring Panes

  • Cisco CDA Management with the CLI

  • Cisco CDA Live Log Monitoring

  • Cisco CDA Troubleshooting

 

 

Module 3: Cisco ASA FirePOWER Services

Lesson 1: Installing the Cisco ASA FirePOWER Services Module

  • Cisco ASA FirePOWER Services (SFR) Module Overview

  • Cisco FireSIGHT Management Center Overview

  • Cisco ASA FirePOWER Services Software Module Management Interface

  • Cisco ASA FirePOWER Services Module Package Installation

  • Cisco ASA FirePOWER Services Module Verification

  • Redirect Traffic to Cisco ASA FirePOWER Services Module

 

Lesson 2: Managing the Cisco ASA FirePOWER Services Module Using the FireSIGHT Management Center

  • FireSIGHT Management Center VM Installation and Setup

  • FirePOWER Services Module and FireSIGHT License Requirements

  • Add the FirePOWER Services Module into FireSIGHT

  • FireSIGHT Policy Types Overview

  • Task Status Monitoring

  • System Policy Overview

  • Health Policy Overview

  • Objects Management Overview

  • Network Discovery Overview

  • Security Zones Overview

  • Active Directory Integration Overview

  • SourceFire User Agent Overview

  • Access Control Policy Overview

  • Intrusion Policy Overview

  • FireSIGHT Recommended Rules Overview

  • Intrusion Event Impact Levels Overview

  • File Policy Overview

  • Connection Events Monitoring

  • Events Display Time Range

  • Switch Workflow

  • IPS Events Monitoring

  • File Events Monitoring

  • Users Monitoring

  • Indication of Compromise Overview

  • Context Explorer

  • Dashboards

  • System Updates

 

Lesson 3: Describing the Cisco ASA 5506-X, 5508-X, and 5516-X FirePOWER Services

  • ASDM and FirePOWER On-Box FireSIGHT Manager

  • ASA FirePOWER Dashboard, Reporting, and Status

  • ASA FirePOWER Events Viewer

  • Gather ASA FirePOWER Troubleshooting Information for Cisco TAC

  • FirePOWER Licensing

 

 

Module 4: Cisco ASA Cloud Web Security

Lesson 1: Introducing Cisco ASA Cisco Cloud Web Security

  • Cisco ASA with Cisco Cloud Web Security

  • Cisco Cloud Web Security URL Filtering, AVC, and Reporting Features Overview

  • Cisco Cloud Web Security Scanning Processes and Day Zero Outbreak Intelligence Overview

  • Cisco ScanCenter

  • Cisco ASA Cloud Web Security Licenses

 

Lesson 2: Configuring Cisco ASA with Cisco CLoud Web Security

  • Cisco ASA and Cloud Web Security Proxy-Server Configuration

  • ScanCenter Generation of an Authentication Key for Cisco ASA

  • Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers

  • Cisco ASA and Cloud Web Security Proxy Server User-Identity Configuration

 

Lesson 3: Verifying Cisco ASA Cloud Web Security Operations

  • Cisco ASA Cloud Web Security Operations Verification Using the CLI

  • Cisco ASA Cloud Web Security Operations Verification by Using Cisco ASDM

  • Verification of Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers

  • Cisco ASA Cloud Web Security Syslog Messages

  • Cisco ASA Cloud Web Security Operations Verification Using Debug

 

Lesson 4: Describing the Web Fltering Policy in Cisco ScanCenter

  • ScanCenter Web Filtering Policy Overview

  • ScanCenter Web Filtering Policy Configuration

  • ScanCenter HTTPS Inspection Configuration Overview

  • ScanCenter Web Filtering Reporting

 

Lesson 5: Describing CIsco ASA CLoud Web Security AMP and CTA

  • Cisco ASA CWS Advanced Malware Protection Overview

  • Cisco Cloud Web Security Cognitive Threat Analytics

  • Cisco ASA Cloud Web Security ScanCenter Threats Reporting Overview

 

 

Module 5: Cisco ASA Clustering

Cluster Performance Figures and Supported Platforms

  • Cluster Data-Interface Modes

  • Cluster Data-Interface Connections

  • CCL Functions

  • Cluster Master and Slave Unit Election

  • Centralized, Distributed, and Unsupported Cisco ASA Features

  • Cluster Dynamic-Routing Operations

  • Cluster NAT and PAT Operations

 

Lesson 2: Describing CIsco ASA Cluster Terminology and Data Flows

  • Cluster Terminology

  • TCP Sequence Number Randomization

  • TCP Traffic Flows

  • Asymmetric UDP Traffic Flows

  • Short-Lived Traffic Flows

  • Centralized-Feature Traffic Flows

  • Traffic Flows with Secondary Connections

  • TCP Flow Rebalancing

  • Cluster Health-Check Mechanisms

  • Clustering with Multi-Context

 

Lesson 3: Using the CLI to Configure a Cisco ASA Cluster

  • Cluster Management

  • Cluster Configuration with the CLI

  • Cluster Interface-Mode Configuration on Each Unit

  • CCL Configuration on Each Unit

  • Cluster Management Interface Configuration from the Master Unit

  • Spanned EtherChannel (Layer 2) Interface Configuration from the Master Unit

  • Individual (Layer 3) Interface Configuration from the Master Unit

  • Cluster Bootstrap Configuration and Enabling Clustering on Each Unit

  • Sample Configuration of a Two-Unit Cluster with Spanned EtherChannel Interface

  • Sample Configuration of a Two-Unit Cluster with Individual Interface

  • Cluster Configuration Options

 

Lesson 4: Using the ASDM to Configure a Cisco ASA Cluster

  • Cisco ASDM Cluster Dashboards

  • Cluster Configuration Using Cisco ASDM

  • Cisco ASDM High Availability and Scalability Wizard

  • Cisco ASDM ASA Cluster Pane

 

Lesson 5: Verifying Cisco ASA Cluster Operations

  • Cluster Licensing

  • Cluster Interface-Mode Verification

  • Cluster Member-Status Verification

  • Cluster Health-Status Verification

  • Cluster Connections State Table Verification

  • Cluster EtherChannel Status Verification

  • Cluster Aggregated ACL Hit-Count Verification

  • Cluster Memory and CPU Usage Verification

  • Cluster Traffic-Distribution Verification

  • TCP Flow-Rebalancing Verification

  • Cluster Operation Verification Using ASDM

 

Lesson 6: Troubleshooting Cisco ASA Cluster Operations

  • Cluster Packet Captures

  • Cluster Syslog Messages

  • Cluster Debug

  • Cluster Crashinfo and Coredump

  • Slit-Cluster Scenario

 

Lesson 7: Describing Cisco ASA Version 9.1.4 and Later CLustering Features

  • More Switches Support for Clustering

  • ASA 5500-X Clustering Support (v9.1.4+)

  • 16 Units Cluster with 32 Active Members Port Channel Support (v9.2.1+)

  • BGP Support with Clustering (v9.3.1+)

  • Cluster Selective Interface Monitoring Support (v9.4.1+)

  • Individual Mode Inter-DC Clustering: Routed Firewall Mode Only (v9.1.4+)

  • Extended Spanned EtherChannel for Inter-DC Clustering: Transparent Firewall Mode Only (v9.2.1+)

  • Spilt Spanned EtherChannel Inter-DC Clustering: Transparent Firewall Mode Only (v9.2.1+)

  • Inter-DC Redundancy with a Split Cluster

 

 

Module 6: Cisco ASA Security Grup FIrewall and CoA

Lesson 1: Introducing Cisco Security Group Tagging

  • IEEE 802.1X Overview

  • Cisco Secure Access Architecture

 

Lesson 2: Configuring Cisco ASA Security Group Firewall

  • SG Firewall Configuration

  • SGACL Operations Monitoring

 

Lesson 3: Describing the Cisco ASA 9.2.1 and Later Releases SGT Features

  • Cisco ASA 9.2.1 SGT Support for VPN Users

  • Cisco ASA 9.3.1 VPN Inline SGT Tagging Support

  • Cisco ASA 9.3.1 Inline SGT Tagging Support

  • Cisco ASA Inline SGT Tagging Configurations

 

Lesson 4: Describing the Cisco ASA 9.2.1 and Later Releases CoA Support

  • RADIUS Change of Authorization Overview

  • ASA CoA Support Overview

  • ASA CoA CLI Configurations

  • ASA CoA ASDM Configurations

 

Course ID: SASAA

5 Days Course
SGD 4850.00
 
Singapore
5 Days Course
USD 1,600.00
or 16 CLC
India (USD)

Show Schedule for 1 Month  3 Months  All 
Date Country Location Register
13 Mar 2017 - 17 Mar 2017 Singapore Singapore
15 May 2017 - 19 May 2017 Singapore Singapore
19 Jun 2017 - 23 Jun 2017 Singapore Singapore
27 Feb 2017 - 03 Mar 2017 India (USD) Bangalore/Chennai
02 Mar 2017 - 06 Mar 2017 India (USD) Bangalore/Chennai
20 Apr 2017 - 24 Apr 2017 India (USD) Bangalore/Chennai
18 May 2017 - 22 May 2017 India (USD) Bangalore/Chennai
12 Jun 2017 - 16 Jun 2017 India (USD) Bangalore/Chennai