- This event has passed.
Cisco Firepower & Firepower Threat Defense (FTD) Administration Live Online! 10/16/17
October 16, 2017 - October 20, 2017$3795
Cisco Firepower with Firepower Threat Defense (FTD)– Best Value!
No experience necessary!
Become a Firepower Advanced administrator in 5-days
5-day Firepower Advanced Administration Class Includes:
- ASA with Firepower 6.2
- Firepower Threat Defense (FTD)
- Advanced Malware Protection (AMP)
- Identify Services Engine (ISE) with PxGrid
Intense hands-on Firepower Advanced 6.2 Administration course.
- This class is intense; no experience necessary!
- Receive your own pod with no sharing!
- Each pod has an ASA with Firepower, FTD, network and end-node AMP labs, integration with ISE/PxGrid, and more!
- More than 65 Intense Hands-on labs with detailed instruction!
- Learn with high-end equipment and the latest 6.2 code
- Firepower Management Center (FMC) 6.2
- ASA with FirePOWER! Migrate to FTD Device!
- Experience the new Firepower Threat Defense (FTD)
- Advanced Malware Protection (AMP)
- Integrated Services Engine (ISE)
Note: Includes Todd Lammle’s Bestselling Firepower (FTD) Study Guide found on Amazon
Upon completion of this course, you should be able to:
- Understand Sourcefire, Firepower 6.2, FireAMP, and Firepower Threat Defense (FTD)
- Install Firepower on a Cisco ASA
- Install and Configure the Firepower (SFR) Services Modules and the Firepower Management Center (FMC)
- Raise your confidence managing the Firepower Manager and Firepower Threat Defense (FTD)
- Describe the Cisco Firepower systems infrastructure
- Navigate the user interface and administrative features of the Cisco Firepower 6.2 system, including advanced analysis and reporting functionality to properly assess threats
- Describe how to deploy and manage Firepower modules in ASA’s, Meriaki firewalls, ISRG2 routers and Cisco appliances
- Describe the System Configuration and Health policies and implement them
- Describe the role Network Discovery (Firepower) technology plays in the Cisco devices
- Describe, create, and implement objects for use in Access Control policies
- Create DNS and URL policies and configure Sinkholes
- Describe advanced policy configuration and Firepower system configuration options
- Configure Malware Policies to find and stop Malware
- Understand Security Intelligence, and how to configure SI to stop attacks NOW!
- Configure policies to find and stop Ransomware
- Understand how to fine tune IPS polices
- Understand how to fine tune Snort Preprocessor polices (NAP)
- Configure Correlation events, white rules, traffic profiles and create respective events and remediate them
- Analyze events
- Create reporting templates and schedule them
- Configure backups, rule updates, Firepower Recommendations, URL updates, and more to run every week automatically
- Set up external authentication for users using LDAP, AD and the Sourcefire User Agent (SFUA)
- Configuring system integration, realms, and identity sources
- Understand network and host based AMP
- Configure and analyze host based AMP
- Understand Cisco Identity Services Engine (ISE)
- Configure ISE and integrate with Cisco FMC identity policy
- Migrate your ASA to an FTD box! No other class provides these labs!
- Configure your FTD Policies:
- ASA migration
Day 1: 9am CST
Module 1: Introduction: Firepower Overview
- What is Sourcefire/Firepower, Firepower Management Center (FMC) and Firepower Threat Defense (FTD)?
- 4/6.0/6.2/6.3 code, and Firepower Threat Defense (FTD)
- Cisco 2100/4100 and 9300 appliances
- Sourcefire Appliances, ASA’s, ISR routers and Meraki systems with Firepower modules.
- How to install the FP module on a Cisco ASA
- Firepower policies and how to upgrade or migrate to Firepower 6.2
Module 2: Understanding managed devices and the FMC
- Configure an ASA to be managed by a Firepower Management Center (FMC)
- Configure a class-map and service-policy to send packets to the Firepower module
- Configure fail-open, fail-closed or monitor-only modes
- Add your managed devices into the FMC and configure the advanced features such as Application bypass, Interfaces, inline mode, Licensing and more.
- Understand all features; configure your System Configuration Policy, set the NTP time for your network, configure SNMP management and ACL’s, as well as external authentication, and setup an email relay. Deploy and verify.
- Understand all possible features; configure your Health Policy, Health monitoring, setting up health email alerts and send troubleshooting files to Cisco TAC
- Create an Application Bypass policy using a Health Alert to email you if a snort policy takes more than 3 seconds to determine alert, drop or pass on a rule
- Hands-on Lab 1: Lab layout and logging into your equipment
- Hands-on Lab 2: Configuring your managed device to associate to a Firepower Management Center (FMC)
- Hands-on Lab 3: Logging into the FMC
- Hands-on Lab 4: Adding a managed device to the FMC and configuring licensing and Application Bypass
Module 3: Configuring and applying the System Configuration
- Understand what these policies are used for and the parameters
- Configuring and applying the policies to your managed device
- Hands-on Lab 5: Platform Settings. Creating a System policy and applying it to the managed device
Module 4: Configuring and applying Health Polices
- Hands-on Lab 6: Creating a Health policy and applying it to the managed device
- Hands-on Lab 7: Viewing Health information
Module 5: Creating Objects
- Demonstration of what Objects are and how to create them
- When to use Objects in an Access Control Policy
- Configuring your Network objects and groups
- Configuring your Security Intelligence IP feeds
- Configuring your Security Intelligence URL feeds
- Configuring Application risks
- Configuring your Variable Set
- Configuring Country objects
- DNS Sinkholes
- Hands-on Lab 8: Creating FTD Objects
Module 6: Module Malware/File Policy
- How does a managed device and FMC handle malware?
- What happens to packets when Firepower is determining file disposition?
- What is a File Policy?
- Creating a File/Malware Policy
- Understanding the Advanced Tab and how to inspect archives
- Sending hashes to the AMP cloud
- Sending files to Talos for dynamic analysis
- Hands-on Lab 9: Creating and implementing a Malware/File Policy
Day 2: 9am CST
Module 7: IPS policies
- Understanding layers
- Finding IPS rules and understanding their documentation
- Changing rule states
- Thresholding and Dynamic State
- Tuning IPS rules
- Creating an IPS policy
- Hands-on Lab 10: Creating an IPS Policy
Module 10: Access control Policies
- What is the purpose of the ACP?
- Choose your managed object targets
- Understand Security Intelligence and configure feeds from your object list for both IP and URL
- Add your White List objects
- Understand HTTP Responses and how to customize them
- Understand the Advanced Tab and how to add a Passive Identity, Network Access Policy, and advanced pre-processor settings
- Understand how to create an allow, block, and interactive block rules
- Set your default action and monitor your ACP
- Add your Malware Policy to your ACP
- Add your IPS policy to your ACP
- Hands-on Lab 11: Creating an Access control policy and adding your File and IPS policies
- Hands-on Lab 12: Testing the rules in the ACP and verifying your URL filter, AMP and IPS policy
- Hands-on Lab 13: Introduction to Analyzing your connection events
- Hands-on Lab 14: Introduction to Analyzing Snort events
Module 11: Identity Policy
- What is active and passive integration?
- Setting up your FMC to talk to LDAP/AD
- LDAP/AD and SFUA Configuration
- Configuring an Integration policy
- Hands-on Lab 15: Setting up LDAP and the SFUA
- Hands-on Lab 16: Creating a Passive Identity policy
Module 12: Network Discovery Policy (Firepower)
- Configuring the Network Discovery policy
- Applying Firepower Recommendation in an IPS Rule
- Hands-on Lab 17: Configuring a Discovery Policy and applying it to your managed device
- Hands-on Lab 18: Configuring LDAP and the Sourcefire User Agent (SFUA)
- Hands-on Lab 19: Setting up Firepower Recommended Rules
- Hands-on Lab 20: Viewing Connection Events
- Hands-on Lab 21: Viewing the Firepower discovered Network Map
- Hands-on Lab 22: Creating Host Attributes
Module 13: DNS Policies
- What is the DNS filter?
- How to configure and apply the DNS filter
- Configuring and applying a Sink Hole
- Hands-on Lab 23: Configuring a URL Filter
- Hands-on Lab 24: Configuring a DNS Filter
- Hands-on Lab 25: Configuring and verifying a DNS Sink hole
Day 3: 9am CST
Module 14: User Management
- Understanding user management
- Understanding user pre-configured roles
- Configuring a unique role
- Configuring internal users
- Escalating user privileges
- Configuring external users
- Hands-on Lab 26: Configuring a user in the local database
- Hands-on Lab 27: Configuring Permission Escalation
- Hands-on Lab 28: Configuring external user authentication
Module 15: Intrusion Event Analysis
- Context Explorer
- Connection events
- Switch workflows
- IPS events
- Malware Events
- Malware Event trajectory
- Hands-on Lab 29: Intrusion Event Analysis
- Hands-on Lab 30: Firepower Analysis
Module 16: Reporting and Task Management
- What is reporting?
- Understanding Templates
- Creating templates
- Generating reports
- Scheduling reports, backups, URL updates, Firepower recommendations and more!
- Hands-on Lab 31: Creating multiple custom reports and scheduling the reports
Module 17: Snort Preprocessors
- What are preprocessors?
- Configure Microsoft DCE/RPC preprocessors
- Configuring HTTP Layer preprocessors
- Configuring Application layer preprocessors
- Configuring Transport/Network layer preprocessors
- Configuring Port Scanning preprocessors
- Hands-on Lab 32: Modifying the HTTP Configuration Preprocessor
- Hands-on Lab 33: Enabling Inline Normalization and Adaptive Profiles
- Hands-on Lab 34: Demonstrate the Validation of Preprocess Setting on Policy Commit
Module 18: Correlation policies/White Lists/Traffic Profiles
- What is a Correlation policy?
- Why use a Correlation policy?
- Configuring Rules
- Applying rules to the Correlation policy and setting alerts
- Applying rules to the Correlation policy and configuring remediation modules
- What is a White List?
- Configuring White Lists
- Applying White Lists to a rule and correlation policy
- What is a traffic profile?
- Applying Traffic profiles to a rule and correlation policy and setting alerts and remediation modules
- Hands-on Lab 35: Create and implement a Correlation rule, White List and Traffic Profiles
Module 19: Review Lab!
- Hands-on Lab 36: 4 Firepower/FTD review lab
Day 4: 9am CST
Module 20: Advanced Malware Protection (AMP) for endpoints
- Global Threat Intelligence
- File Signatures, AMP threat Grid Sandboxing
- Dynamic Analysis
- Hands-on Lab 37: AMP end points browser based management console
- Hands-on Lab 38: Analyzing using trajectory and file analysis
- Hands-on Lab 39: Pushing out policies to users
Module 21: Integrated Services Engine (ISE)
- Single policy control point for the entire network
- Cisco TrustSec
- Cisco rapid threat containment
Module 20 continued: Integrated Services Engine (ISE)
- Hands-on Lab 40: Firepower and ISE integration
- Hands-on Lab 41: Using ISE with ASA Tacacs+ authentication
- Hands-on Lab 42: Using ISE for Radius FMC authentication
Module 21: Firepower Threat Defense
- What is FTD?
- Migrating an ASA to a FTD device
- Adding an FTD device to an FMC
- Configuring a FTD interface, ACL’s and more
- Lab 43: Bringing your FTD device into the FMC
- Lab 44: Interfaces and inline sets
- Lab 45: Configuring an ACP with FTD
- Lab 46: Configuring Pre-filters
- Lab 47: Configuring Flexconfig
- Lab 48: Configuring NAT
- Lab 49: Configuring Objects
- Lab 50: Configuring Routing
- Lab 51: Configuring Anyconnect
Day 5: 9am CST
Module 21: Firepower Threat Defense (cont)
Hands-on labs continued
Module 22: Captive Portal (Active Identity)
- What is an active idenity? (compared to passive)
- When to you a captive portal?
- Change to active identity policy
- Create certificates and test having guest’s login
- Lab 52: Creating certificates
- Lab 53: Creating a new Identity Policy
- Lab 54: Creating an Active Identity Policy and testing
Module 23: Final LAB!
- Lab 55: Configure an ASA for FirePOWER services
- Lab 56: Configure a FMC
- Lab 57: Add your ASA into the FMC
- Lab 58: Configure your ACP, File, IPS and Security Intelligence
- Lab 59: Configure your Passive and Active Identity Policies
- Lab 60: Configure your Realms
- Lab 61: Configure your Network Analysis Policy (NAP)
- Lab 62: Configure your Correlation Policy
- Lab 63: Configure your DNS Policy and Sinkholes
- Lab 64: Migrate your ASA to FTD
- Lab 65: Perform your FTD Policy labs
- Lab 66: Add ISE and PxGrid to your FMC
- Lab 67: Configure host based AMP
*NEW Cisco 6.2.2 FTD Code!*
This class has it all! Everything you need to be a Cisco FTD administrator!
All Firepower policies included: Objects, File/Malware, IPS (SNORT), Security Intelligence (SI), ACP, Identity, DNS w/Sinkholes, Realms, Network Discovery (Firepower), Advanced Network Analysis, Task Management, User management, Advanced IPS (NAP), Captive Portal and Correlation policies.
Includes all FTD labs such as Objects, Zones, PreFilter, FlexConfig, Routing (static/EIGRP/OSPF), Platform settings, Redundant Interfaces (HA), EtherChannel, VPN, NAT, QoS, migration from ASA to FTD, and a lot more!
Over 60 hands-on Labs!
Includes AMP and ISE w/PxGrid!
3 people are attending Cisco Firepower & Firepower Threat Defense (FTD) Administration Live Online! 10/16/17