Стоимость:
- очно: для частных лиц - 81 872 руб., для организаций - 91 000 руб.
- дистанционно: для частных лиц - 81 872 руб., для организаций - 91 000 руб.
Оригинальное название: Implementing Advanced Cisco ASA Security
Курс «Внедрение расширенной безопасности на Cisco ASA» обеспечивает слушателей пониманием расширенного функционала безопасности на базе продуктов Cisco ASA и дает возможность внедрить ключевой функционал ASA, включая сервисы FirePOWER версии 6.0, ASA Identity Firewall, ASA Cloud Web security, кластеризацию ASA и виртуальную ASA.
Аудитория
• Сетевые инженеры
• Сетевые дизайнеры и администраторы
• Сетевые менеджеры
После посещения курса слушатели смогут:
• Объяснить функции Cisco ASA 5500-X Series Next-Generation Firewalls, ASASM и ASA 1000V Cloud Firewall, а также устанавливать и настраивать Cisco IPS и софтверные модули Cisco ASA CX
• Внедрять политики Cisco ASA Identity Firewall при помощи Cisco CDA и Cisco ASA
• Внедрять политики Cisco ASA CX
• Осуществлять интеграцию Cisco ASA и Cisco Cloud Web Security
• Описать мультиконтекстные улучшения Cisco ASA Software Release 9.2.2
• Описать функции IPv6 в Cisco ASA Software Release 9.2.2
• Описать поддержку Security Group Firewall в Cisco ASA Software Release 9.2.2
• Внедрять кластер Cisco ASA
Предварительная подготовка
• Объем знаний в рамках курса Внедрение основного функционала Cisco ASA для обеспечения безопасности сети передачи данных (SASAC)
• наличие эквивалентных знаний по Cisco ASA
Программа курса
Module 1 Cisco ASA Product Family
Module 1 Lesson 1 Introducing the Cisco ASA 5500-X Series Next-Generation Firewalls
- Cisco ASA 5500-X Series Next-Generation Firewalls
- Cisco ASA 5500-X Series USB 2.0 Ports
- Cisco ASA 5500-X Series SSDs
- Cisco ASA NGE Support
- Cisco ASA 5585-X Dual Firewall Support
Module 1 Lesson 2 Installing Cisco ASA 5500-X Series IPS Software Module
- IPS Software Module
- IPS Software Module Installation
- sw-module module ips Command
- IPS Software Module CLI Access
- setup Command
- IPS Software Module Management Interface Configuration
- Cisco ASA-to-IPS Software Module Traffic Redirection
- IPS Software Licenses
Module 1 Lab 1-1 Remote Lab Environment Access
Module 1 Lab 1-2 Cisco ASA 5500-X IPS and CX Software Module Installation and Setup
Module 1 Lesson 3 Introducing the Cisco ASASM
- Cisco ASASM Supported Platforms
- Cisco ASASM Performance Numbers
- Cisco ASASM Architecture
- Cisco ASASM Features Parity
- Cisco ASASM VLAN Interface Configurations
Module 1 Lesson 4 Introducing the Cisco ASA 1000V Cloud Firewall
- Cisco ASA 1000V and VSG Cloud Firewall Roles
- Cisco ASA 1000V Firewall Deployment Scenario
- Cisco ASA 1000V Cloud Firewall Performance Numbers
- Cisco ASA 1000V Environment
- Cisco ASA 1000V Management
Module 2: Cisco ASA Identity Firewall
Module 2 Lesson 1 Describing the Cisco ASA Identity Firewall Solution
- Cisco ASA Identity Firewall Benefits
- Cisco ASA Identity Firewall Flow
- Cisco Identity Firewall Policies
Module 2 Lesson 2 Setting Up Cisco CDA
- Cisco CDA versus Active Directory Agent
- Cisco CDA Hardware Appliance and VM Requirements
- Cisco CDA Installation
- Cisco CDA Setup
- Cisco CDA Application Status Verification
- Cisco CDA CLI Operations
- Cisco CDA GUI
Module 2 Lesson 3 Configuring Cisco CDA
- Active Directory Server Configuration
- Cisco ASA Configuration
- Syslog Server Configuration
- Cisco CDA User-Account Configuration
- Cisco CDA GUI Password Policy Configuration
- Cisco CDA Session Timeout Configuration
- IP-to-Identity Mapping Display
- Registered-Device Verification
Module 2 Lesson 4 Configuring Cisco ASA Identity Firewall
- Identity-Based Firewall Configuration Tasks
- Active Directory Server Configuration
- Cisco CDA Configuration
- User-Identity Options Configuration Using Cisco ASDM
- User-Identity Option Configuration Using the CLI
- User-Identity-Based Access Rules
- User Object Group Configuration
- FQDN Network Object Configuration
- Identity Firewall with Cut-Through Proxy Use Case
- Identity Firewall with Remote-Access VPN Use Case
Module 2 Lesson 5 Verifying and Troubleshooting Cisco Identity Firewall
- Cisco CDA and Active Directory Server Connectivity Test
- show user-identity Command
- show user-identity Command for Cisco CDA Verification
- show user-identity Command for Active Directory User Verification
- show user-identity Command for Active Directory Group Verification
- show user-identity Command for Memory-Usage Verification
- Identity-Based Firewall Cisco ASDM Monitoring Panes
- Cisco CDA Management with the CLI
- Cisco CDA Live Log Monitoring
- Cisco CDA Troubleshooting
Module 2 Lab 2-1 Context Directory Agent Configuration
Module 2 Lab 2-2 ASA Identity-Based Firewall Configuration
Module 3: Cisco ASA CX
Module 3 Lesson 1 Introducing Cisco ASA CX (Next-Generation Firewall)
- Cisco ASA CX Benefits and Components
- Cisco ASA CX Broad and Web AVC
- Cisco ASA CX Policy Types
- Compatibility with Existing Cisco ASA Features
- Cisco ASA 5585-X CX-SSP Hardware Module
- Cisco ASA 5500-X CX Software Module
Module 3 Lesson 2 Describing the Cisco ASA CX Management Architecture
- Cisco ASA CX Management Architecture
- On-Box and Off-Box Cisco PRSM
- On-Box and Off-Box Cisco PRSM GUI Differences
Module 3 Lesson 3 Installing the Cisco Off-Box PRSM and Cisco ASA CX
- Off-Box Cisco PRSM Setup
- Cisco PRSM GUI Basic Functions
- Cisco ASA CX System Package Installation
- Cisco ASA CX Status Verification
- Cisco ASA CX Management Interface
- Cisco ASA CX CLI Operations
Module 3 Lesson 4 Redirecting Cisco ASA-to-Cisco ASA CX Traffic
- Cisco ASA-to-Cisco ASA CX Traffic Redirection
Module 3 Lesson 5 Performing Cisco PRSM Device Discovery and Configuration Import
- Cisco ASA CX Policy Structure
- Off-Box Cisco PRSM Device Discovery
- Off-Box Cisco PRSM Device Groups
Module 3 Lesson 6 Configuring Cisco ASA CX Policy Objects
- Cisco ASA CX Policy Object Types
- Cisco ASA CX Network Objects
- Cisco ASA CX Service Objects and Service Groups
- Cisco ASA CX Application Objects and Application Service Objects
- Cisco ASA CX URL Objects
- Cisco ASA CX User Agent Objects
- Cisco ASA CX Identity Objects
- Cisco ASA CX Source Object and Destination Object Groups
- Cisco ASA CX Secure Mobility Objects
- Cisco ASA CX Action Profile Objects
- Policy Objects in Cisco ASA CX Policies
- Tags, Ticket IDs, and Metadata
Module 3 Lesson 7 Configuring Cisco ASA CX Access Policies
- Cisco ASA CX Access Policy Configuration
- Cisco ASA CX Application Control Configuration
- Cisco ASA CX URL Filtering Configuration
- Cisco ASA CX File Filtering Profile Configuration
- ASA CX Web Reputation Profile Configuration
Module 3 Lesson 8 Configuring Cisco ASA CX Identity Policies
- Cisco ASA CX Active and Passive Authentications
- Cisco ASA CX Authentication Realms
- Cisco ASA CX ADI
- Cisco ASA CX Identity-Based Policy Configuration
- LDAP Authentication Realm and Server Configurations
- Active Directory Authentication Realm and Server Configurations
- Cisco ASA CX-to-Cisco CDA Integration Configurations
- Cisco ASA CX Identity Policies with Active Authentication
- Cisco ASA CX Identity Policies with Passive Authentication
- Cisco ASA CX Authentication Settings Configuration
- Cisco ASA CX Access and Decryption Policies with Identity Objects
- Cisco ASA CX User Identity in Event Viewer
Module 3 Lesson 9 Configuring Cisco ASA CX Decryption Policies
- Cisco ASA CX Decryption Policies
- Cisco ASA CX Decryption Configurations
- Cisco ASA CX Decryption Policy Configuration
- Cisco ASA CX Identity, Decryption, and Access Policy Interactions
Module 3 Lesson 10 Licensing Cisco ASA CX and Cisco PRSM
- Cisco ASA CX Licenses
- Cisco PRSM License
- Cisco ASA CX and Off-Box Cisco PRSM License Management
Module 3 Lesson 11 Monitoring Cisco ASA CX
- Cisco PRSM Dashboards and Reports
- Cisco PRSM Event Viewer
- Cisco SIO Update Verifications
Module 3 Lesson 12 Using Cisco PRSM for Administration
- Cisco PRSM Administration Menu Options
- Configuration Database Backup and Restore
- Cisco PRSM Change History
- Cisco PRSM User-Account Configuration
- Cisco PRSM Server Certificate
- Certificate Management Options
- Cisco ASA CX and Cisco PRSM Logging-Level Configurations
Module 3 Lesson 13 Troubleshooting Cisco ASA CX
- Cisco ASA CX Access Policies Troubleshooting
- Cisco ASA CX Identity-Policy Troubleshooting
- Cisco ASA CX Decryption-Policy Troubleshooting
- Cisco ASA CX Module Troubleshooting
Module 3 Lab 3-1 ASA CX and PRSM Exploration
Module 3 Lab 3-2 ASA CX Access Policy Configuration
Module 3 Lab 3-3 ASA CX Identity Policy Configuration
Module 3 Lab 3-4 ASA CX Decryption Policy Configuration
Module 3 Lab 3-5 PRSM Administration
Module 4: Cisco ASA Cloud Web Security Integration
Module 4 Lesson 1 Introducing Cisco ASA with Cisco Cloud Web Security
- Cisco ASA with Cisco Cloud Web Security
- Cisco ScanCenter
Module 4 Lesson 2 Licensing Cisco ASA with Cisco Cloud Web Security
- Cisco ASA with Cloud Web Security Authentication Keys
Module 4 Lesson 3 Configuring Cisco ASA with Cisco Cloud Web Security
- Cisco ASA and Cloud Web Security Proxy-Server Configuration
- ScanCenter Generation of an Authentication Key for Cisco ASA
- Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
- Cisco ASA and Cloud Web Security Proxy Server User-Identity Configuration
Module 4 Lesson 4 Verifying Cisco ASA and Cloud Web Security Operations
- Cisco ASA and Cloud Web Security Operations Verification with the CLI
- Cisco ASA and Cloud Web Security Operations Verification by Using Cisco ASDM
- Verification of Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
- Cisco ASA and Cloud Web Security Syslog Messages
- Cisco ASA and Cloud Web Security Operations Verification with debug scansafe
Module 4 Lab 4-1 Cisco ASA and Cloud Web Security Integration
Module 5: Cisco ASA IPv6 Enhancements
Module 5 Lesson 1 Describing the Cisco ASA IPv4 and IPv6 Unified ACL
- IPv4 and IPv6 Unified ACL
- IPv4 and IPv6 Unified ACL Migration
- Mixed IPv6 and IPv4 Object Groups
- IPv4 and IPv6 FQDN Objects
Module 5 Lesson 2 Describing Other Cisco ASA IPv6 Support Enhancements
- NAT46, NAT64, and DNS Doctoring
- NAT66 Support
- DHCPv6 Relay
- OSPFv3 Support
- IPv6 Application Inspections
- Cisco ASA and Cisco AnyConnect IPv6 VPN Support
Module 6: Cisco ASA Security Group Firewall
Module 6 Lesson 1 Introducing Cisco Security Group Tagging
- Cisco Secure Access Architecture
Module 6 Lesson 2 Configuring Cisco ASA Security Group Firewall
- SG Firewall Configuration
- SGACL Operations Monitoring
Module 7: Cisco ASA Multicontext Enhancements
Module 7 Lesson 1 Describing Cisco ASA Multicontext Mode
- Cisco ASA Multicontext Mode
- Cisco ASA Security-Context Resource Management
Module 7 Lesson 2 Describing Multicontext Enhancements in Cisco ASA Software Release 9.0
- Mixed-Mode Support in Multicontext Mode
- Dynamic-Routing Support in Multicontext Mode
- Site-to-Site VPN Support in Multicontext Mode
Module 8: Cisco ASA Cluster
Module 8 Lesson 1 Describing Cisco ASA Cluster Features
- Cluster Performance Figures and Supported Platforms
- Cluster Data-Interface Modes
- Cluster Data-Interface Connections
- CCL Functions
- Cluster Master and Slave Unit Election
- Centralized, Distributed, and Unsupported Cisco ASA Features
- Cluster Dynamic-Routing Operations
- Cluster NAT and PAT Operations
Module 8 Lesson 2 Describing Cisco ASA Cluster Terminology and Data Flows
- Cluster Terminology
- TCP Sequence Number Randomization
- TCP Traffic Flows
- Asymmetric UDP Traffic Flows
- Short-Lived Traffic Flows
- Centralized-Feature Traffic Flows
- Traffic Flows with Secondary Connections
- TCP Flow Rebalancing
- Cluster Health-Check Mechanisms
Module 8 Lesson 3 Using the CLI to Configure a Cisco ASA Cluster
- Cluster Management
- Cluster Configuration with the CLI
- Cluster Interface-Mode Configuration on Each Unit
- CCL Configuration on Each Unit
- Cluster Management Interface Configuration from the Master Unit
- Spanned EtherChannel (Layer 2) Interface Configuration from the Master Unit
- Individual (Layer 3) Interface Configuration from the Master Unit
- Cluster Bootstrap Configuration and Enabling Clustering on Each Unit
- Sample Configuration of a Two-Unit Cluster with Spanned EtherChannel Interface
- Sample Configuration of a Two-Unit Cluster with Individual Interface
- How to Configure Other Cluster Options
Module 8 Lesson 4 Using Cisco ASDM to Configure a Cisco ASA Cluster
- Cisco ASDM Cluster Dashboards
- Cluster Configuration via Cisco ASDM
- Cisco ASDM High Availability and Scalability Wizard
- Cisco ASDM ASA Cluster Pane
Module 8 Lesson 5 Verifying Cisco ASA Cluster Operations
- Cluster Licensing
- Cluster Interface-Mode Verification
- Cluster Member-Status Verification
- Cluster Health-Status Verification
- Cluster Connections State Table Verification
- Cluster EtherChannel Status Verification
- Cluster Aggregated ACL Hit-Count Verification
- Cluster Memory and CPU Usage Verification
- Cluster Traffic-Distribution Verification
- TCP Flow-Rebalancing Verification
- Cluster Operation Verification via Cisco ASDM
Module 8 Lesson 6 Troubleshooting a Cisco ASA Cluster
- Cluster Packet Captures
- Cluster Syslog Messages
- The debug cluster CLI Command
- Cluster Crashinfo and Coredump
- Split-Cluster Scenario