Deploying Cisco ASA Firewall Features (FIREWALL)

Download PDF
5 downloads 16495 Views 234KB Size Report
Comment
2011 Cisco and/or its affiliates. All rights reserved. Learning@Cisco. Datasheet. The Deploying Cisco ASA Firewall Features. (FIREWALL) v1.0 curriculum ...
Deploying Cisco ASA Firewall Features (FIREWALL)

The Deploying Cisco ASA Firewall Features (FIREWALL) v1.0 curriculum includes an instructor-led course presented by Cisco Authorized Learning Partners. This five-day course aims to provide network security engineers with the knowledge and skills needed to implement and maintain Cisco ASA adaptive security appliance-based perimeter solutions using Cisco ASA Software Version 8.2. Students will learn the skills they need to reduce risk to the IT infrastructure and applications using Cisco ASA adaptive security appliance features and to provide detailed operations support for the Cisco ASA adaptive security appliance. This curriculum is part of the official Cisco CCNP® Security curriculum and covers the skills that are required for the CCNP Security certification, Cisco ASA specialist certification, and Cisco Firewall Security specialist certification.

1

© 2011 Cisco and/or its affiliates. All rights reserved.

Learning@Cisco Datasheet

Intended Targeted Audiences ●

The primary audiences for this curriculum are network security engineers within the following:



Cisco channel partner organizations



Cisco customer organizations



Cisco service and support organizations

Curriculum Objectives Upon completing this curriculum, the learner will be able to meet these overall objectives: ●

Evaluate the basic technology, features, and hardware models of the Cisco ASA adaptive security appliance product line



Implement and maintain the basic Cisco ASA adaptive security appliance connectivity and device management plane features



Implement and maintain the data plane access control features of the Cisco ASA adaptive security appliance product family



Implement and maintain the Cisco ASA adaptive security appliance features that integrate it with the local and global routing and switching infrastructure



Implement and maintain the Cisco ASA adaptive security appliance virtualization and high-availability features



Evaluate the Cisco ASA adaptive security appliance Security Services Modules (SSMs) and their major features and then integrate them with the Cisco ASA adaptive security appliance

Deploying Cisco ASA Firewall Features (FIREWALL)

Learning@Cisco Datasheet

Technical Skills Covered

Recommended Prerequisites

Students will learn these technical skills:

Completion of the CCNA Security certification requires the prerequisite exams and recommended courses shown in Table 1.



Configuring the Cisco ASA adaptive security appliance using both the Cisco Adaptive Security Device Manager and command-line interface (CLI)



Configuring the Cisco ASA adaptive security appliance management features



Configuring basic Cisco ASA adaptive security appliance access control



Configuring interfaces and static routing on the Cisco ASA adaptive security appliance



Tuning basic Cisco ASA adaptive security appliance stateful inspection



Configuring Cisco ASA adaptive security appliance advanced application inspections and controls



Configuring advanced access controls on the Cisco ASA adaptive security appliance



Configuring resource limits and quality of service (QoS) features on the Cisco ASA adaptive security appliance



Configuring the Cisco ASA adaptive security appliance user-based policies (cut-through proxy)



Configuring the Cisco ASA adaptive security appliance to perform network address translation (NAT) operations



Configuring the Cisco ASA adaptive security appliance transparent firewall mode



Configuring the Cisco ASA adaptive security appliance active-standby failover



Configuring security contexts on the Cisco ASA adaptive security appliance



Configuring the Cisco ASA adaptive security appliance active-active failover



Integrating the Cisco ASA adaptive security appliance SSMs

Cisco Network Security Engineer Curriculum This curriculum is part of the recommended preparation for the CCNP Security certification, Cisco ASA Specialist certification, and Cisco Firewall Security Specialist certification.

2

© 2011 Cisco and/or its affiliates. All rights reserved.

Table 1 Required Exams and Recommended Courses Required Exams

Exam Name and Recommended Training

640-802

CCNA Composite

or

or

640-822 &

Interconnecting Cisco Network Devices 1 (ICND1)

640-816

Interconnecting Cisco Network Devices 2 (ICND2) 640-553

Implementing Cisco IOS Network Security (IINS)

Cisco Firewall Security Specialist Cisco firewalls are ubiquitous in the world of network security today. Professionals with the skills to design, implement and maintain Cisco firewall solutions using the Cisco ASA adaptive security appliance and zone-based firewall solutions in Cisco routers and switches are in high demand. The Cisco firewall security specialist is a focused certification that validates skills and knowledge in implementing perimeter security solutions using Cisco security appliances. These certified specialists are actively involved in developing secure business solutions and designing and delivering multiple levels of secure access to the network (see Table 2). Table 2 Cisco Firewall Security Specialist Exams Required Exams

Exam Name and Recommended Training

642-617

Deploying Cisco ASA Firewall Solutions (FIREWALL)

642-637

Securing Networks with Cisco Routers and Switches (SECURE)

Deploying Cisco ASA Firewall Features (FIREWALL) Cisco ASA Specialist Certification The Cisco ASA Specialist certification recognizes security professionals who have attained specialized in-depth expertise and proven knowledge of the recommended best practices in designing, implementing, maintaining, and troubleshooting network security solutions using the Cisco ASA adaptive security appliance technologies. The Cisco ASA adaptive security appliance is a best-of-class security appliance, widely deployed, and in use at leading enterprises and service providers worldwide. The Cisco ASA Security Specialist certification is recognized as the benchmark security product certification for engineers, consultants, and architects who configure advanced Cisco firewalls and virtual private network (VPN) solutions, including advanced access control, advanced application inspections and controls, IP Security (IPsec) remote access VPN, clientless Secure Sockets Layer (SSL) remote access VPN, Cisco AnyConnect full-tunnel SSL remote-access VPN, IPsec site-to-site VPNs, high availability, and failover features (see Table 3). Table 3 Cisco ASA Specialist Exams Required Exam

Exam Name and Recommended Training

642-617

Deploying Cisco ASA Firewall Solutions (FIREWALL)

642-647

Deploying Cisco ASA VPN Solutions (VPN)

CCNP Security Certification The CCNP Security Program is a three-year certification program intended to recognize the Cisco network security engineers who have the necessary skills to test, deploy, configure, maintain, and troubleshoot Cisco network security appliances and Cisco IOS® Software devices that establish the security posture of the network. Prior to attempting the CCNP Security certification or any of its associated specialist certifications, it is required that an individual has met the requirements for the Cisco CCNA® Security certification and has at least one to three years of experience in the field of network security (see Table 4).

3

© 2011 Cisco and/or its affiliates. All rights reserved.

Learning@Cisco Datasheet

Table 4 CCNP Security Exams Required Exams

Exam Name and Recommended Training

642-637

Securing Networks with Cisco Routers and Switches (SECURE)

642-627

Implementing Cisco Intrusion Prevention System (IPS)

642-617

Deploying Cisco ASA Firewall Solutions (FIREWALL)

642-647

Deploying Cisco ASA VPN Solutions (VPN)

Course Specifications Table 5 shows the details of the Deploying Cisco ASA Firewall Features (FIREWALL) v1.0 course. Table 5 Deploying Cisco ASA Firewall Features (FIREWALL) v1.0 Course Details Course name

Deploying Cisco ASA Firewall Features

Short identifier

FIREWALL

Associated certifications

CCNP Security, Cisco ASA Security Specialist certifications, Cisco Firewall Security Specialist certifications

Associated exam

642-617 Deploying Cisco ASA Firewall Features (FIREWALL), 120 minutes; available at all worldwide Pearson VUE testing centers

Duration

5 days (classroom or virtual classroom)

Delivered by

Cisco Authorized Learning Partners worldwide

Lab exercises

10 individual labs

Features and Benefits of Cisco Authored Professional Curriculum Subject matter experts around the world develop authored Cisco training from Cisco employee, partner, and customer organizations to align to the specific job tasks of professional-level network engineers who use current Cisco products and solutions. Cisco Authorized Learning Partners deliver authored Cisco curriculum utilizing certified instructors with a blend of lectures, labs, selfpaced lessons, and assessments (see Table 6). Table 6 Cisco Authored Professional Curriculum Primary Features

Primary Benefits

Customer-centered design

Input from Cisco employees, customers, and partners confirms relevancy

Job role focus

Curriculum aligns to specific tasks of network engineers

Blended learning curriculum

Mix of classroom and self-paced lessons offers flexibility

Extensive lab exercises

Hands-on practice strengthens skills

End-of-module assessments

Review reinforces learning objectives

Worldwide availability

Consistent curriculum in all regions

Cisco Authorized Learning Partners

Certified instructors deliver Cisco approved content

Aligned to certification

Establishes structured professional development and industry recognition of skills and knowledge

Current Cisco solutions and architectures

Assurance of latest technologies, knowledge, skills, and best practices of Cisco solutions and architectures

Accept Only the Best Only Cisco Authorized Learning Partners deliver the official Cisco security curriculum. Authorized training ensures that

you will gain the knowledge and expertise that you need to be successful in today’s competitive IT business environment. Cisco Learning Partners offer a comprehensive set of training resources, from instructor-led courses to remote-access labs and e-learning solutions to improve your technology expertise. Other benefits include the following: ●

Learning skills on the latest Cisco products and software: Authorized learning partners expose students to the latest revisions and newest products to help accelerate their skills for years to come.



Consistent expertise: Certified Cisco instructors assure students and businesses the same level of expertise, quality, and service from one class to the next.



Updated training: Cisco Authorized Learning Partners are aware of the latest product and technology updates, exam changes, and teaching methods.



High student satisfaction: Cisco Authorized Learning Partners are required to maintain a high level of satisfaction ratings.

Additionally, Cisco Learning Partners accept Cisco learning credits to cover fees for the Cisco security training curriculum. For more information and to check if these credits are available in your country, visit www.cisco.com/go/learningcredits.

Learn More For more information or to register for this program, visit http://www.ciscolearningnetwork.com