Associated Certifications
CCNP Security, Cisco Certified Specialist-Network Securtiy Firepower
Required Exam(s)
300-710 SNCF
Instructorctclc admin
TypeOnline Course
Duration
5 Days
Methods of Delivery
ILT, VIRTUAL, On-Site
Price$3995.00 / 40 CLCs
Buy NowBook Now

The Securing Networks with Cisco Firepower Next Generation Firewall (SSNGFW) v1.0 course shows you how to deploy and use Cisco Firepower® Threat Defense system. This hands-on course gives you knowledge and skills to use and configure Cisco® Firepower Threat Defense technology, beginning with initial device setup and configuration and including routing, high availability, Cisco Adaptive Security Appliance (ASA) to Cisco Firepower Threat Defense migration, traffic control, and Network Address Translation (NAT). You will learn how to implement advanced Next-Generation Firewall (NGFW) and Next-Generation Intrusion Prevention System (NGIPS) features, including network intelligence, file type detection, network-based malware detection, and deep packet inspection. You will also learn how to configure site-to-site VPN, remote-access VPN, and SSL decryption before moving on to detailed analysis, system administration, and troubleshooting.

This course helps you prepare to take the exam, Securing Networks with Cisco Firepower (300-710 SNCF), which leads to CCNP Security and Cisco Certified Specialist – Network Security Firepower certifications. The 300-710 SNCF exam has a second preparation course as well, Securing Networks with Cisco Firepower Next-Generation Intrusion Prevention System (SSFIPS). You can take these courses in any order.

Course Objectives

Who Should Attend

Prerequisites

Course Outline

Download Outline

Upon completing this course, the student will be able to:

  • Describe key concepts of NGIPS and NGFW technology and the Cisco Firepower Threat Defense system, and identify deployment scenarios
  • Perform initial Cisco Firepower Threat Defense device configuration and setup tasks
    Describe how to manage traffic and implement Quality of Service (QoS) using Cisco Firepower Threat Defense
    Describe how to implement NAT by using Cisco Firepower Threat Defense
    Perform an initial network discovery, using Cisco Firepower to identify hosts, applications, and services
    Describe the behavior, usage, and implementation procedure for access control policies
    Describe the concepts and procedures for implementing security intelligence features
    Describe Cisco Advanced Malware Protection (AMP) for Networks and the procedures for implementing file control and advanced malware protection
    Implement and manage intrusion policies
    Describe the components and configuration of site-to-site VPN
    Describe and configure a remote-access SSL VPN that uses Cisco AnyConnect®
    Describe SSL decryption capabilities and usage

The primary audience for this course is as follows:

  • Security Administrators
  • Security Consultants
  • Network Administrator
  • Systems Engineer
  • Technical Support Personnel
  • Cisco Integrators and Partner

To fully benefit from this course, you should have the following knowledge and skills:

  • Knowledge of TCP/IP and basic routing protocols
  • Familiarity with firewall, VPN, and Intrusion Prevention System (IPS) concepts

 

Module 1: Cisco Firepower Threat Defense Overview

  • Examining Firewall and IPS Technology
    Firepower Threat Defense Features and Components
    Examining Firepower Platforms
    Examining Firepower Threat Defense Licensing
    Cisco Firepower Implementation Use Cases

Module 2: Cisco Firepower NGFW Device Configuration

  • Firepower Threat Defense Device Registration
  • FXOS and Firepower Device Manager
    Initial Device Setup
    Managing NGFW Devices
    Examining Firepower Management Center Policies
    Examining Objects
    Examining System Configuration and Health Monitoring
    Device Management
    Examining Firepower High Availability
    Configuring High Availability
    Cisco ASA to Firepower Migration
    Migrating from Cisco ASA to Firepower Threat Defense

Module 3: Cisco Firepower NGFW Traffic Control

  • Firepower Threat Defense Packet Processing
    Implementing QoS
    Bypassing Traffic

Module 4: Cisco Firepower NGFW Address Translation

  • NAT Basics
  • Implementing NAT
  • NAT Rule Examples
  • Implementing NAT

Module 5: Cisco Firepower Discovery

  • Examining Network Discovery
  • Configuring Network Discovery

Module 6: Implementing Access Control Policies

  • Examining Access Control Policies
    Examining Access Control Policy Rules and Default Action
    Implementing Further Inspection
    Examining Connection Events
    Access Control Policy Advanced Settings
    Access Control Policy Considerations
    Implementing an Access Control Policy

Module 7: Security Intelligence

  • Examining Security Intelligence
  • Examining Security Intelligence Objects
  • Security Intelligence Deployment and Logging
  • Implementing Security Intelligence

Module 8: File Control and Advanced Malware Protection

  • Examining Malware and File Policy
  • Examining Advanced Malware Protection

Module 9: Next-Generation Intrusion Prevention Systems

  • Examining Intrusion Prevention and Snort Rules
  • Examining Variables and Variable Sets
  • Examining Intrusion Policies

Module 10: Site-to-Site VPN

  • Examining IPsec
  • Site-to-Site VPN Configuration
  • Site-to-Site VPN Troubleshooting
  • Implementing Site-to-Site VPN

Module 11: Remote-Access VPN

  • Examining Remote-Access VPN
  • Examining Public-Key Cryptography and Certificates
  • Examining Certificate Enrollment
  • Remote-Access VPN Configuration
  • Implementing Remote-Access VPN

Module 12: SSL Decryption

  • Examining SSL Decryption
  • Configuring SSL Policies
  • SSL Decryption Best Practices and Monitoring

Module 13: Detailed Analysis Techniques

  • Managing Updates
  • Examining User Account Management Features
  • Configuring User Accounts
  • System Administration

Module 14: System Administration

  • Examining Common Misconfigurations
  • Examining Troubleshooting Commands
  • Firepower Troubleshooting

 

LAB OUTLINE

  • Initial Device Setup
  • Device Management
    Configuring High Availability
    Migrating from Cisco ASA to Cisco Firepower Threat Defense
    Implementing QoS
    Implementing NAT
    Configuring Network Discovery
    Implementing an Access Control Policy
    Implementing Security Intelligence
    Implementing Site-to-Site VPN
    Implementing Remote Access VPN
    Threat Analysis
    System Administration
    Firepower Troubleshooting

SSNGFW