SSNGFW (EOL) 1.0
Securing Networks with Cisco Firepower Next Generation Firewall
od 26.02.2024 do 01.03.2024
Cena: 7500 PLN netto
Zdalne
Typ: Szkolenie z instruktorem w jęz. polskim
Czas trwania (dni): 5
Instruktor: Marcin Gorol
Cena: 7500 PLN netto
Szkolenia SSNGFW oraz SSFIPS z dniem 26.04.2024 zostają wycofane przez Cisco.
Zapraszamy na nowe szkolenia Cisco Secure Firewall:
SFWIPF Fundamentals of Cisco Firewall Threat Defense and Intrusion Prevention
SFWIPA Securing Data Center Networks and VPNs with Cisco Secure Firewall Threat Defense
Szkolenia pomagają przygotować się do egzaminu Securing Networks with Cisco Firepower (300-710 SNCF), który prowadzi do uzyskania certyfikatów CCNP Security i Cisco Certified Specialist – Network Security Firepower.
—
Kurs Securing Networks with Cisco Firepower Next Generation Firewall (SSNGFW) v1.0 pokazuje jak wdrożyć i wykorzystać system Cisco Firepower® Threat Defense. Ten praktyczny kurs daje wiedzę i umiejętności pozwalające na wykorzystanie i konfigurację technologii Cisco® Firepower Threat Defense, począwszy od wstępnego ustawienia i konfiguracji urządzenia, a skończywszy na routingu, wysokiej dostępności, migracji Cisco Adaptive Security Appliance (ASA) do Cisco Firepower Threat Defense, kontroli ruchu i translacji adresów sieciowych (NAT). Dowiesz się, jak wdrożyć zaawansowane funkcje Next-Generation Firewall (NGFW) i Next-Generation Intrusion Prevention System (NGIPS), w tym inteligencję sieciową, wykrywanie typów plików, wykrywanie złośliwego oprogramowania w sieci oraz głęboką inspekcję pakietów. Dowiesz się również, jak skonfigurować VPN site-to-site, VPN zdalnego dostępu oraz dekodowanie SSL przed przejściem do szczegółowej analizy, administracji systemu i rozwiązywania problemów.
Kurs pomaga przygotować się do egzaminu Securing Networks with Cisco Firepower (300-710 SNCF), który prowadzi do uzyskania certyfikatów CCNP Security i Cisco Certified Specialist – Network Security Firepower. Egzamin 300-710 SNCF ma również drugi kurs przygotowawczy, Securing Networks with Cisco Firepower Next-Generation Intrusion Prevention System (SSFIPS). Możesz wziąć udział w tych kursach w dowolnej kolejności.
Kurs ten pozwala również na zdobycie 40 punktów Continuing Education (CE) w celu uzyskania recertyfikacji.
How you’ll benefit
This class will help you:
- Implement Cisco Firepower NGFW to provide advanced threat protection before, during, and after attacks
- Gain leading-edge skills for high-demand responsibilities focused on security
- Earn 40 CE credits toward recertification
What to expect in the exam
The 300-710 SNCF exam certifies your knowledge of Cisco Firepower Threat Defense and Firepower, including policy configurations, integrations, deployments, management, and troubleshooting
After you pass 300-710 SNCF:
- You earn the Cisco Certified Specialist – Network Security Firepower certification.
- You will have satisfied the concentration exam requirement for the new CCNP Security certification. To complete your CCNP Security, you also need to pass the Implementing and Operating Cisco Security Core Technologies (350-701 SCOR) exam or its equivalent.
Who should enroll
- Security administrators
- Security consultants
- Network administrators
- System engineers
- Technical support personnel
- Cisco integrators and partners
Course Objectives
After taking this course, you should be able to:
- Describe key concepts of NGIPS and NGFW technology and the Cisco Firepower Threat Defense system, and identify deployment scenarios
- Perform initial Cisco Firepower Threat Defense device configuration and setup tasks
- Describe how to manage traffic and implement Quality of Service (QoS) using Cisco Firepower Threat Defense
- Describe how to implement NAT by using Cisco Firepower Threat Defense
- Perform an initial network discovery, using Cisco Firepower to identify hosts, applications, and services
- Describe the behavior, usage, and implementation procedure for access control policies
- Describe the concepts and procedures for implementing security intelligence features
- Describe Cisco Advanced Malware Protection (AMP) for Networks and the procedures for implementing file control and advanced malware protection
- Implement and manage intrusion policies
- Describe the components and configuration of site-to-site VPN
- Describe and configure a remote-access SSL VPN that uses Cisco AnyConnect®
- Describe SSL decryption capabilities and usage
Course Prerequisites
To fully benefit from this course, you should have
- Knowledge of TCP/IP and basic routing protocols
- Familiarity with firewall, VPN, and Intrusion Prevention System (IPS) concepts
Course outline
- Cisco Firepower Threat Defense Overview
- Examining Firewall and IPS Technology
- Firepower Threat Defense Features and Components
- Examining Firepower Platforms
- Examining Firepower Threat Defense Licensing
- Cisco Firepower Implementation Use Cases
- Cisco Firepower NGFW Device Configuration
- Firepower Threat Defense Device Registration
- FXOS and Firepower Device Manager
- Initial Device Setup
- Managing NGFW Devices
- Examining Firepower Management Center Policies
- Examining Objects
- Examining System Configuration and Health Monitoring
- Device Management
- Examining Firepower High Availability
- Configuring High Availability
- Cisco ASA to Firepower Migration
- Migrating from Cisco ASA to Firepower Threat Defense
- Cisco Firepower NGFW Traffic Control
- Firepower Threat Defense Packet Processing
- Implementing QoS
- Bypassing Traffic
- Cisco Firepower NGFW Address Translation
- NAT Basics
- Implementing NAT
- NAT Rule Examples
- Implementing NAT
- Cisco Firepower Discovery
- Examining Network Discovery
- Configuring Network Discovery
- Implementing Access Control Policies
- Examining Access Control Policies
- Examining Access Control Policy Rules and Default Action
- Implementing Further Inspection
- Examining Connection Events
- Access Control Policy Advanced Settings
- Access Control Policy Considerations
- Implementing an Access Control Policy
- Security Intelligence
- Examining Security Intelligence
- Examining Security Intelligence Objects
- Security Intelligence Deployment and Logging
- Implementing Security Intelligence
- File Control and Advanced Malware Protection
- Examining Malware and File Policy
- Examining Advanced Malware Protection
- Next-Generation Intrusion Prevention Systems
- Examining Intrusion Prevention and Snort Rules
- Examining Variables and Variable Sets
- Examining Intrusion Policies
- Site-to-Site VPN
- Examining IPsec
- Site-to-Site VPN Configuration
- Site-to-Site VPN Troubleshooting
- Implementing Site-to-Site VPN
- Remote-Access VPN
- Examining Remote-Access VPN
- Examining Public-Key Cryptography and Certificates
- Examining Certificate Enrollment
- Remote-Access VPN Configuration
- Implementing Remote-Access VPN
- SSL Decryption
- Examining SSL Decryption
- Configuring SSL Policies
- SSL Decryption Best Practices and Monitoring
- Detailed Analysis Techniques
- Examining Event Analysis
- Examining Event Types
- Examining Contextual Data
- Examining Analysis Tools
- Threat Analysis
- System Administration
- Managing Updates
- Examining User Account Management Features
- Configuring User Accounts
- System Administration
- Cisco Firepower Troubleshooting
- Examining Common Misconfigurations
- Examining Troubleshooting Commands
- Firepower Troubleshooting
Lab outline
- Initial Device Setup
- Device Management
- Configuring High Availability
- Migrating from Cisco ASA to Cisco Firepower Threat Defense
- Implementing QoS
- Implementing NAT
- Configuring Network Discovery
- Implementing an Access Control Policy
- Implementing Security Intelligence
- Implementing Site-to-Site VPN
- Implementing Remote Access VPN
- Threat Analysis
- System Administration
- Firepower Troubleshooting
