- This event has passed.
Firepower 5-day Start-to-Finish Administration Training in Las Vegas!
February 13 - February 17$3795
Firepower 5-day Bootcamp class – Best Value!
Intense hands-on Firepower Advanced 6.2 Administration course.
- No experience necessary!
- Receive your own pod for Six Days!
- No sharing of pods!
- Each pod has an ASA with Firepower, a vASA with Firepower Threat Defense (FTD), Network and end-node AMP labs, and integration with ISE/PxGrid
- This class is Intense!
- No experience necessary! Become a Firepower Advanced administrator in 5-days
- More than 45 Intense Hands-on labs with detailed instruction!
- Learn with high end equipment and the latest 6.2 code
- Firepower Management Center 6.2
- ASA with FirePOWER!
- Experience the new Firepower Threat Defense (FTD)
- Advanced Malware Protection (AMP)
- Integrated Services Engine (ISE)
- Includes Todd Lammle’s Bestselling Firepower Study Guide found on Amazon
Upon completion of this course, you should be able to:
- Understand Sourcefire, Firepower 6.2, FireAMP, and Firepower Threat Defense (FTD)
- Install Firepower on a Cisco ASA
- Install and Configure the Firepower (SFR) Services Modules and the Firepower Management Center (FMC)
- Raise your confidence managing the Firepower Manager and Firepower Threat Defense (FTD)
- Describe the Cisco Firepower systems infrastructure
- Navigate the user interface and administrative features of the Cisco Firepower 6.2 system, including advanced analysis and reporting functionality to properly assess threats
- Describe how to deploy and manage Firepower modules in ASA’s, Meriaki firewalls, ISRG2 routers and Cisco appliances
- Describe the System Configuration and Health policies and implement them
- Describe the role Network Discovery (Firepower) technology plays in the Cisco devices
- Describe, create, and implement objects for use in Access Control policies
- Create DNS and URL policies and configure Sinkholes
- Describe advanced policy configuration and Firepower system configuration options
- Configure Malware Policies to find and stop Malware
- Configure policies to find and stop Ransomware
- Understand how to fine tune IPS policies
- Understand how to fine tune Snort Preprocessor policies
- Configure Correlation events, white rules, traffic profiles and create respective events and remediate them
- Analyze events
- Create reporting templates and schedule them
- Configure backups, rule updates, Firepower Recommendations, URL updates, and more to run every week automatically
- Set up external authentication for users using LDAP, AD and the Sourcefire User Agent (SFUA)
- Configuring system integration, realms, and identity sources
- Understand network and host based AMP
- Configure and analyze host based AMP
- Understand Cisco Identity Services Engine (ISE)
- Configure ISE and integrate with Cisco FMC identity policy
Day 1: 9am CST
Module 1: Introduction: Firepower Overview
- What is Sourcefire/Firepower, Firepower Management Center (FMC) and Firepower Threat Defense (FTD)?
- 5.4/6.0/6.2 code, and Firepower Threat Defense (FTD)
- Cisco 4100 and 9300 appliances
- How to install the FP module on a Cisco ASA and ISR router with Firepower modules
- Firepower policies and how to upgrade or migrate to Firepower 6.2
Module 2: Understanding managed devices and the FMC
- Configure an ASA to be managed by a Firepower Management Center (FMC)
- Configure a class-map and service-policy to send packets to the Firepower module in the ASA
- Configure fail-open, fail-closed or monitor-only modes
- Add your managed devices into the FMC
- Configure the advanced features such as Application bypass, Interfaces, inline mode, Licensing and more.
- Understand all features; configure your System configuration Policy, set the NTP time for your network, configure SNMP management and ACL’s, as well as external authentication, and setup an email relay – finally push to your managed devices, test and verify
- Understand all possible features; configure your Health Policy, Health monitoring, setting up health alerts and sending troubleshooting files to Cisco TAC
- Create a Health Alert to email you if a snort policy takes more than 3 seconds to determine alert, drop or pass on a rule
- Hands-on Lab 1: Lab layout and logging into your equipment
- Hands-on Lab 2: Configuring your managed device to associate to a Firepower Management Center (FMC)
- Hands-on Lab 3: Logging into the FMC
- Hands-on Lab 4: Adding a managed devices to the FMC and configuring Application Bypass
Module 3: Configuring and applying the System Configuration
- Understand what these policies are used for and the parameters
- Configuring and applying the policies to your managed device
- Hands-on Lab 5: Platform Settings. Creating a System policy and applying it to the managed device
Module 4: Configuring and applying Health Polices
- Hands-on Lab 6: Creating a Health policy and applying it to the managed device
- Hands-on Lab 7: Viewing Health information
Module 5: Creating Objects
- Demonstration of what Objects are and how to create them
- When to use Objects in an Access Control Policy
- Configuring your Network objects and groups
- Configuring your Security Intelligence IP feeds
- Configuring your Security Intelligence URL feeds
- Configuring Application risks
- Configuring your Variable Set
- Configuring Country objects
- Hands-on Lab 8: Creating Network Objects
Module 6: Module Malware/File Policy
- How does a managed device and FMC handle malware?
- What happens to packets when Firepower is determining file disposition?
- What is a File Policy?
- Creating a File/Malware Policy
- Understanding the Advanced Tab and how to inspect archives
- Sending hashes to the AMP cloud
- Sending files to Talos for dynamic analysis
- Lab 9: Creating and implementing a Malware/File Policy
Module 7: Identity Policy
- Setting up your FMC to talk to LDAP/AD
- LDAP/AD and SFUA Configuration
- What is active and passive integration?
- Configuring an Integration policy
- Lab 10: Setting up LDAP and the SFUA
- Lab 11: Creating an Identity policy
Day 2: 9am CST
Module 8: Firepower Threat Defense
- What is FTD?
- Adding an FTD device to an FMC
- Configuring FTD interface, ACL’s and more
- Lab 12: Bringing your FTD device into the FMC
- Lab 13: Configuring Interfaces and inline sets
- Lab 14: Configuring ACL’s, routing and more
Module 9: IPS policies
- Understanding layers
- Finding IPS rules and understanding their documentation
- Changing rule states
- Thresholding and Dynamic State
- Tuning IPS rules
- Creating an IPS policy
- Lab 15: Creating an IPS Policy
Module 10: Access control Policies
- What is the purpose of the ACP?
- Choose your managed object targets
- Understand Security Intelligence and configure feeds from your object list
- Add your White List objects
- Understand HTTP Responses and how to customize them
- Understand the Advanced Tab and how to add a Network Access Policy and advanced pre-processor settings
- Understand how to create an allow, block, and interactive block rules
- Set your default action and monitor your ACP
- Add your Malware Policy to your ACP
- Add your IPS policy to your ACP
- Hands-on Lab 16: Creating an Access control policy and adding your File and IPS policies
- Hands-on Lab 17: Testing the rules in the ACP and verifying your URL filter
- Hands-on Lab 18: Introduction to Analyzing your connection events
- Hands-on Lab 19: Introduction to Analyzing Snort events
Module 11: Network Discovery Policy (Firepower)
- Configuring the Network Discovery policy
- Applying Firepower Recommendation in an IPS Rule
- Hands-on Lab 20: Configuring a Discovery Policy and applying it to your managed device
- Hands-on Lab 21: Configuring LDAP and the Sourcefire User Agent (SFUA)
- Hands-on Lab 22: Setting up Firepower Recommended Rules
- Hands-on Lab 23: Viewing Connection Events
- Hands-on Lab 24: Viewing the Firepower discovered Network Map
- Hands-on Lab 25: Creating Host Attributes
Day 3: 9am CST
Module 12: User Management
- Understanding user management
- Understanding user pre-configured roles
- Configuring a unique role
- Configuring internal users
- Escalating user privileges
- Configuring external users
- Hands-on Lab 26: Configuring a user in the local database
- Hands-on Lab 27: Configuring Permission Escalation
- Hands-on Lab 28: Configuring external user authentication
Module 13: Intrusion Event Analysis
- Context Explorer
- Connection events
- IPS events
- Malware Events
- Malware Event trajectory
- Hands-on 29: Intrusion Event Analysis
- Hands-on 30: Firepower Analysis
Module 14: Reporting and Task Management
- What is reporting?
- Understanding Templates
- Creating templates
- Generating reports
- Scheduling reports, backups, URL updates, Firepower recommendations and more!
- Hands-on Lab 31: Creating multiple custom reports and scheduling the reports
End of Introduction course
Day Three: 1pm CST
Module 15: Snort Preprocessors
- What are preprocessors?
- Configure Microsoft DCE/RPC preprocessors
- Configuring HTTP Layer preprocessors
- Configuring Application layer preprocessors
- Configuring Transport/Network layer preprocessors
- Configuring Port Scanning prepocessors
- Hands-on Lab 32: Modifying the HTTP Configuration Preprocessor
- Hands-on Lab 33: Enabling Inline Normalization and Adaptive Profiles
- Hands-on Lab 34: Demonstrate the Validation of Preprocess Setting on Policy Commit
Module 16: Correlation policies/White Lists/Traffic Profiles
- What is a Correlation policy?
- Why use a Correlation policy?
- Configuring Rules
- Applying rules to the Correlation policy and setting alerts
- Applying rules to the Correlation policy and configuring remediation modules
- What is a White List?
- Configuring White Lists
- Applying White Lists to a rule and correlation policy
- What is a traffic profile?
- Applying Traffic profiles to a rule and correlation policy and setting alerts and remediation modules
- Hands-on Lab 35: Create and implement a Correlation rule, White List and Traffic Profiles
Module 17: URL and DNS Policies
- What is the URL filter?
- What is the DNS filter?
- How to configure and apply the URL filter
- How to configure and apply the DNS filter
- Configuring and applying a Sink Hole
- Hands-on Lab 36: Configuring a URL Filter
- Hands-on Lab 37: Configuring a DNS Filter
- Hands-on Lab 38: Configuring a DNS Sink hole
Module 18: Review Lab!
- Hands-on Lab 39: 4 hour Firepower/FTD review lab
Day 4: 9am CST
Module 19: Advanced Malware Protection (AMP) for endpoints
- Global Threat Intelligence
- File Signatures, AMP threat Grid Sandboxing
- Dynamic Analysis
- Hands-on Lab 40: AMP end points browser based management console
- Hands-on Lab 41: Analyzing using trajectory and file analysis
- Hands-on Lab 42: Pushing out policies to users
Module 20: Integrated Services Engine (ISE)
- Single policy control point for the entire network
- Cisco TrustSec
- Cisco rapid threat containment
Day 5: 9am CST
Module 20 continued: Integrated Services Engine (ISE)
- Hands-on Lab 43: Firepower and ISE integration
- Hands-on Lab 44: Using ISE with ASA Tacacs+ authentication
- Hands-on Lab 45: Using ISE for Radius FMC authentication
Module 21: Review Lab!
Hands-on Lab 46: 4 to 6 hour Firepower/FTD/AMP and ISE review lab