Who should attend

The primary audience for this course is as follows:

• Network Security Engineers (NSEs) involved in firewall design, implementation and maintenance.
• Cisco customers who implement and maintain Cisco ASA (adaptive security appliance) based perimeter solutions.

The secondary audience for this course is as follows:

• Cisco channel partners who sell, implement, and maintain Cisco ASA security appliances
• Cisco engineers who support the sale of Cisco ASA security appliances

Certifications

This course is part of the following Certifications:

• Cisco Certified Network Professional Security (CCNP SECURITY)

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

• Cisco Certified Network Associate (CCNA) certification or equivalent knowledge
• Cisco Certified Network Associate Security (CCNA Security) certification or equivalent knowledge
• Implementing Cisco IOS Network Security (IINS) or equivalent knowledge
• Working knowledge of the Microsoft Windows operating system

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

• Evaluate the basic technology, features, and hardware models of the Cisco ASA adaptive security appliance product line
• Implement and maintain basic Cisco ASA adaptive security appliance connectivity and device management plane features
• Implement and maintain data plane access control features of the Cisco ASA adaptive security appliance product family
• Implement and maintain Cisco ASA adaptive security appliance features that integrate it with the local and global routing and switching infrastructure
• Implement and maintain Cisco ASA adaptive security appliance virtualization and high availability features
• Evaluate Cisco ASA adaptive security appliance SSM modules, their major features, and integrate them with the Cisco ASA adaptive security appliance

Course Content

The Deploying Cisco ASA Firewall Features (FIREWALL) 1.0 course is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course aims at providing network security engineers with the knowledge and skills needed to implement and maintain Cisco ASA adaptive security appliance-based perimeter solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA adaptive security appliance features, and provide detailed operations support for the Cisco ASA adaptive security appliance.

High-Level Course Outline

This subtopic provides an overview of how the course is organized. The course contains these components:

• Course Introduction
• Introducing the Cisco ASA Adaptive Security Appliance
• Implementing Basic Connectivity and Device Management
• Deploying Cisco ASA Adaptive Security Appliance Access Control Features
• Deploying Cisco ASA Adaptive Security Appliance Network Integration Features
• Deploying Cisco ASA Adaptive Security Appliance Virtualization and High Availability Features
• Integrating Cisco ASA Adaptive Security Appliance Security Service Modules
• Appendix A: Configuring Routing on the Cisco ASA Adaptive Security Appliance
• Appendix B: Lab (Optional): Configuring Dynamic Routing
• Lab Guide

Detailed Course Outline

Day 1: Introducing the Cisco ASA Adaptive Security Appliance, Implementing Basic Connectivity and Device Management

• Course Introduction
• Lesson 1-1: Introducing Cisco ASA Adaptive Security Appliance Technology and Features
• Lesson 1-2: Introducing the Cisco ASA Adaptive Security Appliance Family
• Lesson 2-1: Getting Started with the Cisco ASA Adaptive Security Appliance and Cisco ASDM
• Lesson 2-2: Configuring Interfaces and Static Routing
• Lab 2-1: Configuring Basic Connectivity
• Lesson 2-3: Configuring Basic Device Management Features
• Lesson 2-4: Configuring Management Access

Day 2: Implementing Basic Connectivity and Device Management, Deploying Cisco ASA Adaptive Security Appliance Access Control Features

• Review of Day 1
• Lab 2-2: Configuring Management Features
• Lesson 3-1: Configuring Basic Access Control
• Lab 3-1: Configuring Basic Access Control
• Lesson 3-2: Using Cisco ASA Adaptive Security
• Appliance Modular Policy Framework
• Lesson 3-3: Tuning Basic Stateful Inspection Features
• Lab 3-2: Tuning Basic Cisco ASA Adaptive Security
• Appliance Stateful Inspection Features

Day 3: Deploying Cisco ASA Adaptive Security Appliance Access Control Features

• Review of Day 2
• Lesson 3-4: Configuring Application-Layer Policies
• Lab 3-3: Configuring Application-Layer Policies
• Lesson 3-5: Configuring Advanced Access Controls
• Lab 3-4: Configuring Advanced Access Controls
• Lesson 3-6: Configuring Resource Limits and Guarantees
• Lesson 3-7: Configuring User-Based Policies (Cut-Through Proxy)
• Lab 3-5: Configuring User-Based Policies (Cut-Through Proxy)

Day 4: Deploying Cisco ASA Adaptive Security Appliance Network Integration Features, Deploying Cisco ASA Adaptive Security Appliance Virtualization and High Availability Features

• Review of Day 3
• Lesson 4-1: Deploying Network Address Translation
• Lab 4-1: Configuring Cisco ASA Adaptive Security Appliance NAT
• Lesson 4-2: Configuring Cisco ASA Adaptive Security Appliance Transparent Operation
• Lab 4-2: Configuring Transparent Firewall Mode
• Lesson 5-1: Deploying Cisco ASA Adaptive Security Appliance Virtualization Features
• Lesson 5-2: Deploying Cisco ASA Adaptive Security Appliance Redundant Interfaces
• Lesson 5-3: Deploying Active/Standby High Availability Failover

Day 5: Deploying Cisco ASA Adaptive Security Appliance Virtualization and High Availability Features, Integrating Cisco ASA Adaptive Security Appliance Security Service Modules

• Review of Day 4
• Lab 5-1: Deploying a Cisco ASA Adaptive Security Appliance Active/Standby Failover
• Lesson 5-4: Deploying Active/Active High Availability Failover
• Lab 5-2: Deploying a Cisco ASA Adaptive Security Appliance Active/Active Failover
• Lesson 6-1: Introduction to Cisco ASA Adaptive Security Appliance Security Service Modules
• Lesson 6-2: Integrating the Cisco ASA Adaptive Security Appliance AIP-SSM and AIP-SSC Modules
• Lesson 6-3: Integrating the Cisco ASA Adaptive Security Appliance CSC-SSM Module
• Wrap-up