The Course Name: Implementing Advanced Cisco ASA Security (SASAA)
The Course Duration: 5 Days
The Overview:
The purpose of this course is to teach participants how to implement the key features of ASA, including FirePOWER services, ASA Identity Firewall, ASA Cloud Web security, ASA Clustering and Virtual ASA (ASAv).
What You Will Learn:
- How to describe the Cisco ASA 5500-X Series Next-Generation Firewalls, ASAv, ASA 5506-X, 5508-X, 5516-X, and ASASM
- How to implement new ASA 9.4.1 features
- How to implement Cisco ASA Identity Firewall policies
- How to install and set up the Cisco Firepower Services Module (SFR)
- How to implement Cisco ASA Cloud Web Security
- How to implement Cisco ASA Clustering
- How to describe Cisco ASA Security Group Firewall and Change of Authorization Support
The Course Index:
1. Cisco ASA Product Family
Introduction to ASA series firewalls
Introduction to ASAv
Deploy ASAv
ASAv Other hypervisors support, digitally signed image and management options
Verify ASAv VM
ASA 9.2.1 BGP IPv6 support
ASA 9.3 features
ASA 9.4.1 + VXLAN support
Describe the Cisco ASASM platforms, architecture, and features
Module 2: Cisco ASA Identity Firewall
ASA Identity Firewall benefits, flow and policies
Cisco CDA basic network configuration
Application status verification
Active directory server configuration
CDA user-account configuration
CDA GUI password policy configuration
Configure identity firewall policies on ASA
Using ASDM
Using CLI
FQDN network object configuration
Verify user-identity operations
CDA management with CLI, live log monitoring and troubleshooting
Module 3: Cisco ASA Firepower Services
SFR introduction
FireSIGHT management
SFR management interface, package installation and verification
FireSIGHT VM installation and setup
License requirement
Policy types introduction
Recommended rules introduction
Monitoring
ASDM and Firepower on-box FireSIGHT manager
Firepower dashboard, reporting, status and events viewer
Licensing
Firepower 6.0 features
System configurations and device platform settings
Firepower multidomain management
Module 4: Cisco ASA Cloud Web Security (CWS)
ASA with CWS introduction
CWS scanning processes
Licenses
ASA with CWS integration
CWS operations verification
Verify traffic redirection
Syslog messages
ScanCenter web filtering policy introduction and configuration
ASA CWS AMP introduction
CWS cognitive threat analysis
Threats reporting
Module 5: Cisco ASA Clustering
Cluster performance figures and supported platforms
Cluster data-interface modes and connections
CLL functions
Cluster dynamic-routing, NAT and PAT operations
Cluster terminology
TCP, asymmetric UDP, short-lived and centralized-feature traffic flows
Cluster management
Configuration with the CLI
Each unit configuration
Master unit configuration
Sample configuration of a two-unit cluster with spanned etherchannel and individual interface
Configure ASA cluster using Cisco ASDM
Cluster licensing
Verification types
Troubleshoot ASA cluster operations
Cluster features of v9.1.4, v9.2.1, v9.3.1 and v9.4.1
Module 6: Cisco ASA Security Group Firewall and Change of Authorization
Cisco secure access architecture
SG Firewall configuration
SGACL operations monitoring
SGT features (post 9.0 releases)
Change of authorization introduction
Chang of authorization CLI and ASDM configurations
Labs:
Lab 1: Access the Remote Cisco Learning Lab Environment
Lab 2: Set Up and Test the ASAv
Lab 3: Implement New Features in ASA 9.3 and 9.4
Lab 4: Configure the Cisco CDA
Lab 5: Configure ASA IDFW
Lab 6: Cisco ASA Firepower Services Module Installation
Lab 7: Cisco Firepower Management Center Configuration
Lab 8: Configure ASA CWS
Lab 9: Cisco ASA Cluster Configuration