Trending Courses

Vendors

Skip Navigation Links

Overview

Take control of application experience and security at scale—master advanced Cisco SD WAN policy and SASE integrations in just 3 days. Designed for engineers and architects, this intensive course dives deep into the SD WAN policy framework (centralized/local control & data policies, application aware routing, QoS, segmentation, and security policies, showing you how to harden the edge with SD-WAN integrated security (Firewall, IPS/IDS, Malware Protection and URL filtering). This course also covers the integration between SD-WAN and Cisco Umbrella’s full stack—DNS Security, Cloud Delivered Firewall, and Secure Internet Gateway.

Through step by step design patterns and hands on labs, you’ll learn how to integrate, operate, and troubleshoot secure Cisco SD WAN across enterprise and service provider environments, enforcing zero trust principles while boosting performance and visibility. By the end, you’ll be able to build policy with intent, secure users and sites anywhere, and apply best practices that translate directly into reliable, high performing production deployments
img-course-overview.jpg

What You'll Learn

  • Describe the Cisco SD-WAN architecture, explain its key concepts and identify the control components and their roles
  • Explain the Secure Enterprise Network (SEN) approach with the secure control plane using DTLS tunnels and secure data plabe using IPSec tunnels for a Zero trust networking
  • Define Direct Internet Access (DIA) at branch locations in the SD-WAN infrastructure and identify the security challenges associated to it
  • List the network security considerations when migrating enterprise applications and services to public cloud and summarize what is “Cloud on Ramp” and how it addresses security concerns in the context of SaaS and IaaS
  • List the multiple security mechanisms included in the SD-WAN integrated security approach, including Zone Based Firewall, Intrusion Detection and Prevention, Advanced Malware Protection and URL filtering, and the uses cases and scenarios where they are applied
  • Design and deploy security policies with integrated services in SD-WAN infrastructures using SD-WAN Manager workflows
  • Identify the security risks involved with the domain name resolution services (DNS) and what are the strategies to shield the DNS lookups
  • Design, implement, verify, operate and support DNA security using Cisco Umbrella
  • Describe the Secure Internet Gateway (SIG) approach to deploy security into SD-WAN solutions as a Cloud-based service and match the benefits of Cisco Umbrella as SIG solution
  • Integrate SD-WAN with Cisco Umbrella for Cloud Firewall services
  • Troubleshoot SD-WAN and Cisco Umbrella Integration, diagnosing and solving integration and security policy issues

Who Should Attend

  • Systems Engineers
  • Technical Solutions Architects
  • Field Engineers
img-who-should-learn.png

Prerequisites

The knowledge and skills that the learner should have before attending this course are as follows:

  • Knowledge of WAN architectures and routing networking concepts
  • High-level familiarity with basic network protocols and applications
  • Familiarity with common application delivery methods
  • Fundamental Understanding of perimeter security
  • Basic Cisco SD-WAN familiarity

Learning Journey

Coming Soon...

Module 1: Cisco SD-WAN Introduction

  • High-level Cisco SD-WAN Deployment models
  • Application-level SD-WAN solution
  • Cisco SDWAN plan for HA and Scalability
  • Cisco SD-WAN solution components: vManage NMS, vSmart Controller, vBond Orchestrator
  • Edge Routers (cEdge, vEdge, and Catalyst 8K)
  • Cloud Based Deployment vs On-Premises Deployment

Module 2: Zero Touch Provisioning

  • Overview
  • User Input Required for the ZTP Automatic Authentication Process
  • Authentication between the vBond Orchestrator and WAN Edges
  • Authentication between the Edge Routers and the vManage NMS
  • Authentication between the vSmart Controller and the Edge Routers

Module 3: Cisco SD-WAN Solution

  • Overlay Management Protocol (OMP)
  • Cisco SD-WAN Circuit Aggregation Capabilities
  • Secure Connectivity in Cisco SD-WAN
  • Performance Tracking Mechanisms
  • Application Discovery
  • Dynamic Path Selection
  • Performance Based Routing
  • Direct Internet Access
  • Advanced Routing (OSPF, BGP, LISP, VXLAN, MPLS)
  • Application Aware Routing
  • Localized and Centralized Policies (Data and Control)
  • Cisco SD-WAN In-built Security features: App Aware FW, Talos IPS, URL Filtering, Umbrella Integration, and Advanced Malware Protection
  • Dynamic Cloud Access: Cloud On-Ramp for SaaS and IaaS (AWS, Azure & GPC)
  • API and Programmatic Interaction via Python

Module 4: Deeper Insight into Cisco SD-WAN Security

  • Designing Security Requirements within Cisco SD-WAN
  • DIA Security
  • Direct Cloud Access Security
  • Guest User Security
  • Compliance Requirements
  • Security Implementation at the Branch Site
  • Implementing Zone Based Firewalls on Cisco WAN Edge
  • Implementing UTD on Cisco WAN Edge
  • Configuring URL Filtering
  • Configuring Snort IPS
  • Best Practices for UTD setup (Based on production deployment experiences)
  • Implementing Advanced Malware Protection
  • Configuring AMP
  • Overview of integration with Threat Grid

Module 5: Designing and Implementing DNS Security

  • Prerequisite check before integrating Umbrella with Cisco SD-WAN
  • Making sure you have the correct licensing
  • Platform support check
  • Internet Connectivity check
  • Walking through the Umbrella Dashboard
  • Dashboard Overview
  • DNS Policy GUI Overview
  • Firewall Policy GUI Overview
  • Web Policy GUI Overview
  • Umbrella AD/SAML Integration Overview (optional)
  • Integrating Cisco Umbrella for DNS Security
  • Umbrella API Integration
  • Configuring the DNS Encryption Policy
  • Excluding the local domains
  • Configuring the Security Policy in vManage
  • Implementing the policy at the DIA Sites
  • Verification
  • Checking the logs on Umbrella Dashboard
  • Checking the vManage Security Dashboard

Module 6: Cisco SD-WAN and Cisco Umbrella SIG Integration

  • SIG Integration Overview
  • Configuring Cisco vManage Templates for SIG Tunnel Creation
  • Using the pre-configured Feature Templates in vManage 20.X
  • Adding the SD-WAN Routers and Sites in Umbrella Identities
  • Validate that the routers show up from the Umbrella Dashboard
  • Designing and Configuring Policy for SIG Redirection
  • Setting up the vSmart Centralized Policies for SIG Redirection on DIA Traffic
  • Verification
  • Checking the logs on Umbrella Dashboard
  • Checking the vManage Security Dashboard

Module 7: Cisco SD-WAN and Cisco Umbrella Cloud Firewall Integration

  • Umbrella Cloud Firewall Integration Overview
  • Configuring Cisco vManage Templates for Firewall Tunnel Creation
  • Using the pre-configured Feature Templates in vManage 20.X
  • Adding the SD-WAN Routers and Sites in Umbrella Identities
  • Validate that the routers show up from the Umbrella Dashboard
  • Designing and Configuring Policy for Firewall Redirection
  • Setting up the vSmart Centralized Policies for Umbrella FW Redirection on DIA Traffic
  • Verification
  • Checking the logs on Umbrella Dashboard
  • Checking the vManage Security Dashboard

Module 8: Troubleshooting Umbrella Integration

  • Troubleshooting DNS Security
  • API Integration not working
  • DNS for local domain failing
  • No redirection to Cisco Umbrella for external domains
  • Troubleshooting SIG and Firewall
  • Making sure the IPSec Tunnels to Troubleshooting the vManage policies for redirection
  • Load balancing using vManage policies
  • Reviewing logs in Umbrella
  • Checking Alarms and Notifications
  • Checking Alarms on vManage
  • Checking Alarms on Cisco Umbrella

Lab Outline:

Labs are designed to assure learners a whole practical experience, through the following practical activities:

  • Onboard Edge
  • Onboard Edge via ZTP
  • Onboard vSmart Controller
  • AVC integration and Traffic Visibility
  • Application Aware Routing Lab
  • Local DIA and Regional DIA
  • Backup and Restore using Python API
  • Intra Zone Firewall
  • Inter Zone Firewall
  • UTD integration
  • URL Filtering
  • Snort IPS
  • Umbrella Integration
  • DNS Policy
  • Web Policy
  • SIG Tunnel Creation
  • SIG Tunnel Redirection Policy
  • Configuring Policy for Umbrella Firewall Redirection
  • Trouble Ticket 1
  • Trouble Ticket 2
  • Trouble Ticket 3

img-exam-cert

Frequently Asked Questions (FAQs)

  • Why get Cisco certified?

    Cisco certifications validate your expertise in networking and cybersecurity, making you a sought-after professional in the IT industry.

    These globally recognized credentials demonstrate your ability to design, implement, and manage complex networks, enhancing your career prospects and earning potential.

    Cisco-certified professionals are highly valued by employers worldwide for their knowledge and skills in managing critical infrastructure and ensuring secure communications.

  • What to expect for the examination?

    Cisco offers a wide range of certification exams, catering to various levels of expertise and specializations.

    The exams typically consist of multiple-choice questions, simulations, and sometimes lab exercises. Exam formats and content vary depending on the specific certification level and track you choose.

    Note: Certification requirements and policies may be updated by Cisco from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • How long is Cisco certification valid for?

    Most Cisco certifications are active for three years from the date you earn the certification.

    You can recertify at any time during the active period by re-taking the exam for your existing certification, advancing to the next level of certifications, earning Continuing Education credits, or a combination of both.

    Note: Certification requirements and policies may be updated by Cisco from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • Why take this course with Trainocate?

    Here’s what sets us apart:

    - Global Reach, Localized Accessibility: Benefit from our geographically diverse training hubs in 24 countries (and counting!).

    - Top-Rated Instructors: Our team of subject matter experts (with high average CSAT and MTM scores) are passionate to help you accelerate your digital transformation.

    - Customized Training Solutions: Choose from on-site, virtual classrooms, or self-paced learning to fit your organization and individual needs.

    - Experiential Learning: Dive into interactive training with our curated lesson plans. Participate in hands-on labs, solve real-world challenges, and take on comprehensive assessments.

    - Learn From The Best: With 30+ authorized training partnerships and countless awards from Microsoft, AWS, Google – you're guaranteed learning from the industry's elite.

    - Your Bridge To Success: We provide up-to-date course materials, helpful exam guides, and dedicated support to validate your expertise and elevate your career.

Keep Exploring

Course Curriculum

Course Curriculum

Training Schedule

Training Schedule

Exam & Certification

Exam & Certification

FAQs

Frequently Asked Questions

img-improve-career.jpg

Improve yourself and your career by taking this course.

More Courses By Cisco

Browse All Courses
mpls-implementing-cisco-mpls-v3
Service Provider

Implementing Cisco MPLS v3.1

Learn about VPN technology issues involving MPLS from the service provider perspective & how to configure some of those features and functions in an existing routed environment
ILT VILT
Course Duration 5 Days
mcast-implementing-cisco-multicast-v2
Routing and Switching

Implementing Cisco Multicast v2.0

Learn how to provide technical solutions for simple deployments of IP multicast within a provider or customer network.
ILT VILT
Course Duration 5 Days
dcit-troubleshooting-cisco-data-center-infrastructure-v7
Data Center and Storage

Troubleshooting Cisco Data Center Infrastructure v7.2

Trainocate’s Troubleshooting Cisco Data Center Infrastructure (DCIT) training provides hands-on skills in diagnosing Cisco data center issues. Earn certification in 5 days.
ILT VILT
Course Duration 5 Days
img-get-info.jpg

Ready to Take Your Business from Great to Awesome?

Level-up by partnering with Trainocate. Get in touch today.

Name*
Email*
Phone*
I'm inquiring for
Inquiry Details

By submitting this form, you consent to Trainocate processing your data to respond to your inquiry and provide you with relevant information about our training programs, including occasional emails with the latest news, exclusive events, and special offers.

You can unsubscribe from our marketing emails at any time. Our data handling practices are in accordance with our Privacy Policy.

Stay Connected. Be the first to Know.

Company

Vendors

Services

Customer Service

© Copyright Trainocate 2026. All rights reserved.