Securing Networks with ASA Fundamentals SNAF Training Course

About Us

Press Releases

Dates for this class:

No dates are available for this class.

Course Details [choose new course] [printable version]

Securing Networks with ASA Fundamentals (SNAF)

Course Number: GK5698

Category: Networks & Operating Systems

Duration: 5.00 days

Description

In this Authorized Cisco course, you will gain the knowledge and skills needed to configure, maintain, and operate Cisco ASA 5500 Series Adaptive Security.

We have enhanced our delivery of SNAF by adding depth to the existing Cisco-developed hands-on labs. In a topology designed to simulate a typical production network, our advanced hands-on labs guide you through exercises such as executing general maintenance commands, configuring ACLs, and configuring VPN on the Security Appliance.

Our labs utilize ASA 5520 security appliances, though the content in this course and our labs is applicable across the ASA and PIX families of security appliances since the command syntax is generally the same. This course has been updated to cover the features and syntax of Cisco Security Appliance Software v8.0.

Following classroom instruction, you will receive 5 e-Lab credits for post-class lab practice, allowing you to hone your skills using the same hands-on lab equipment you used in the classroom.

Certifications

This course will prepare you for Cisco Exam 642-524 (SNAF).

Objectives

Functions of the three types of firewalls used to secure today's computer networks
Technology and features of Cisco security appliances
How Cisco Adaptive Security Appliances (ASAs) and Cisco PIX Security Appliances protect network devices from attacks and why each is an appropriate choice
Bootstrap the security appliance, prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM), and launch and navigate ASDM
Perform essential security appliance configuration using ASDM and the CLI
Configure dynamic and static address translations using ASDM
Configure switching and routing using ASDM
Use ASDM to configure ACLs, filter malicious active codes, and filter URLs that meet the requirements of the security policy
Use the packet tracer for troubleshooting
Use ASDM to configure object groups that meet the requirements of the security policy
Use ASDM to configure AAA to meet the requirements of the security policy
Configure a modular policy that supports the security policy using ASDM
Use ASDM to configure protocol inspection to meet security policy requirements
Configure threat detection to meet security policy requirements using ASDM and the CLI
Using ASDM, configure the security appliance to support a site-to-site VPN that meets policy requirements
Using ASDM, configure the security appliance to provide secure connectivity using remote access VPNs
Configure the security appliance to run in transparent firewall mode
Enable, configure, and manage multiple contexts to meet security policy requirements
Select and configure the type of failover that best suits the network topology
Monitor and manage an installed security appliance

Outline

1. Introducing Cisco Security Appliance Technology and Features

Functions of the three types of firewalls that are used to secure modern computer networks
Technology and features of Cisco security appliances

2. Cisco Adaptive Security Appliance and PIX Security Appliance Families

Cisco ASA security appliance models
Cisco ASA security appliance licensing options

3. Getting Started with Cisco Security Appliances

Four main access modes
Security appliance file management system
Security appliance security levels
ASDM requirements and capabilities
Use the CLI to configure and verify basic network settings, and prepare the security appliance for configuration via ASDM
Verify security appliance configuration and licensing via ASDM

4. Essential Security Appliance Configuration

Configure a security appliance for basic network connectivity
Verify the initial configuration
Set the clock and synchronize the time on security appliances
Configure the security appliance to send syslog messages to a syslog server

5. Configuring Translations and Connection Limits

Function of TCP and UDP protocols within the security appliance
Function of static and dynamic translations
Configure dynamic address translation
Configure static address translation
Set connection limits

6. Using ACLs and Content Filtering

Configure the basic function of ACLs
Configure additional functions of ACLs
Configure active code filtering (ActiveX and Java applets)
Configure the security appliance for URL filtering
Use the packet tracer for troubleshooting

7. Configuring Object Grouping

Object grouping feature of the security appliance and its advantages
Configure object groups and use them in ACLs

8. Switching and Routing on Security Appliances

Configure logical interfaces and VLANs
Configure static routes and static route tracking
Dynamic routing capabilities of Cisco security appliances
Configure passive RIP routing

9. Configuring AAA for Cut-Through Proxy

Define and compare AAA
Install and configure Cisco Secure ACS
Configure the local user database
Define and configure cut-through proxy authentication
Define and configure user authorization using downloadable ACLs
Define and configure accounting

10. Configuring the Cisco Modular Policy Framework

Cisco Modular Policy Framework feature for security appliances
Functionality of class maps
Functionality of policy maps
Functionality of service policies
Use ASDM to configure a service policy rule

11. Configuring Advanced Protocol Handling

Need for advanced protocol handling
How the security appliance implements inspection of common network applications
Issues with multimedia applications and how the security appliance supports multimedia call control and audio sessions

12. Configuring Threat Detection

Threat detection and statistics
Configure basic threat detection and scanning threat detection
Configure and view threat detection statistics

13. Configuring Site-to-Site VPNs Using Pre-Shared Keys

How security appliances enable a secure VPN
Perform the tasks necessary to configure security appliance IPsec support
Commands to configure security appliance IPsec support
Configure a VPN between security appliances

14. Configuring Security Appliance Remote Access VPNs

Cisco Easy VPN
Cisco VPN Client
Configure an IPsec Remote Access VPN
Configure Users and Groups

15. Configuring Cisco Security Appliances for SSL VPN

SSL VPN and its purpose
Use the SSL VPN Wizard to configure a basic clientless SSL VPN connection
Configure SSL VPN policies
Verify SSL VPN operations
Customize the clientless SSL VPN portal

16. Configuring Transparent Firewall Mode

Purpose of transparent firewall mode
How data traverses a security appliance in transparent mode
Enable transparent firewall mode
Monitor and maintain transparent firewall mode

17. Configuring Security Contexts

Purpose of security contexts
Enable and disable multiple context mode
Configure a security context
Manage a security context

18. Configuring Failover

Difference between hardware and stateful failover
Difference between active/standby and active/active failover
Security appliance failover hardware requirements
Configure redundant interfaces
How active/standby failover works
Security appliance roles of primary, secondary, active, and standby
How active/active failover works
Configure active/standby cable-based and LAN-based failover
Configure active/active failover
Use remote command execution

19. Managing Security Appliances

Configure Telnet access to the security appliance
Configure SSH access to the security appliance
Configure command authorization
Recover security appliance passwords using general password recovery procedures
Use TFTP to install and upgrade the software image on the security appliance



Search Courses