+ Reply to Thread
Page 2 of 2 First 12
Results 26 to 34 of 34
  1. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #26
    Just another course I looked up, if someone wanted to see what kind of syllabus are out there:


    Cisco Course 1.0 | ASA Software v8.2 | Prepares you for Cisco Exam 642-617 FIREWALL.

    Part of Cisco's recent announcement for the CCNP Security certification program, includes two new courses, FIREWALL and VPN which replace SNAF and SNAA.
    If you have already completed some of the exams for your CCNP Security, you have a limited time to finish. For complete details, and a suggested training path for your particular situation, visit our CCNP Security page.


    Learn the skills needed to configure, maintain, and operate the firewall features of the Cisco ASA 5500 Series Adaptive Security Appliances (ASAs).
    We have enhanced this course and added depth to the standard labs, using a topology that simulates a typical production network. You'll use ASA 5520 appliances to work through configuring access control to and from your network. You will also examine the PIX firewall and the Firewall Services Module (FWSM).
    A Global Knowledge Exclusive: Bonus Lab Credits

    You'll receive five extra FIREWALL e-Lab credits (good for 30 days) to review a topic after class, refine your skills, or get in extra practice-whatever lab activities complete your training. The credits can also be used towards our one-of-a-kind ASA 8.3 labs.

    This course has extended hours - 8:30am - 6:00pm each day - to give you the most complete training experience possible. There is a lot of in-depth material included on these exams, and we want to make sure you have the proper time to absorb and understand it.





    Cisco Course 1.0 | ASA Software v8.2 | Prepares you for Cisco Exam 642-617 FIREWALL.


    What You'll Learn


    • Technology and features of the Cisco ASA
    • Cisco ASA product family
    • How ASAs and Cisco PIX Security Appliances protect network devices from attacks
    • Bootstrap the security appliance
    • Prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM)
    • Launch and navigate ASDM
    • Perform essential security appliance configuration using ASDM and the CLI
    • Configure dynamic and static address translations
    • Configure access policy based on Access Control Lists (ACLs)
    • Use object groups to simplify ACL complexity and maintenance
    • Use the Modular Policy Framework to provide unique policies to specific data flows
    • Handle advanced protocols with application inspection
    • Deep packet inspection of application layer traffic
    • Troubleshoot with Syslog, Packet Tracer, and packet capture
    • Configure access-control based on authenticated users
    • Configure threat detection to meet security policy requirements
    • Configure the security appliance to run in transparent firewall mode
    • Enable, configure, and manage multiple contexts to meet security policy requirements
    • Select and configure the type of failover that best suits the network topology
    • Monitor and manage an installed security appliance
    • Initialize ASA Security Service Modules including the AIP-SSM and CSC-SSM

    Cisco Course 1.0 | ASA Software v8.2 | Prepares you for Cisco Exam 642-617 FIREWALL.


    Course Outline


    1. Cisco ASA Adaptive Security Appliance

    • Technology and Features
    • ASA Family
    2. Basic Connectivity and Device Management

    • Cisco ASA and Cisco ASDM
    • Interfaces and Static Routing
    • Basic Device Management Features
    • Management Access
    3. Cisco ASA Access Control Features

    • Basic Access Control
    • Modular Policy Framework
    • Basic Stateful Inspection Features
    • Application-Layer Policies
    • Advanced Access Controls
    • Resource Limits and Guarantees
    • User-Based Policies
    4. Cisco ASA Network Integration Features

    • Network Address Translation
    • Transparent Firewall Operations
    5. Cisco ASA Virtualization and High Availability Features

    • Virtualization Features
    • Redundant Interfaces
    • Active/Standby High Availability Failover
    • Active/Active High Availability Failover
    6. Cisco ASA Security Service Modules

    • AIP-SSM and AIP-AIP-SSC Module Integration
    • CSC-SSM Module Integration

    Cisco Course 1.0 | ASA Software v8.2 | Prepares you for Cisco Exam 642-617 FIREWALL.

    Cisco Course 1.0 | ASA Software v8.2 | Prepares you for Cisco Exam 642-617 FIREWALL.

    Labs

    Lab 1: Enhanced - Preparing for Administration

    Lab 2: Enhanced - Fundamental Configuration

    Lab 3: Enhanced - AAA for Administrative Access

    Lab 4: Enhanced - Network Address Translation

    Lab 5: Enhanced - Basic Access Control

    Lab 6: Exclusive - Troubleshooting Tools

    Lab 7: Enhanced - Basic Protocol Inspection

    Lab 8: Enhanced - Advanced Protocol Inspection

    Lab 9: Enhanced - Advanced Access Control

    Lab 10: Enhanced - User Based Policies

    Lab 11: Enhanced - Transparent Firewall and Security Contexts

    Lab 12: Enhanced - Active/Standby Failover

    Lab 13: Enhanced - Active/Active Failover


    Source: Cisco FIREWALL Deploying Cisco ASA Firewall Solutions at Global Knowledge
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #27
    Update:

    Settling back into this one, might start back up the cert tracker on it. Still don't use Cisco IPS, but I can do hands-on at work for everything on the Security blueprint except the IPS.

    Going to try to not be too worried about possible blueprint changes down the line, and just take it day by day. The possible blueprint changes (IPv6, Wireless/Live Attack Simulation) make sense anyway, for any modern network. Right now, the Master's classes are priority, so I won't be updating this one like crazy, LOL. Apologies in advance. Think I might even just use my blog to update on this one, as I can kill two birds in one stone (get my site more popular, due to linking back to itself, over-and-over again as I like to do) and study for the test at the same time. Just realized that I hadn't updated my blog since 2010 ....
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

  4. Senior Member Turgon's Avatar
    Join Date
    Apr 2007
    Location
    Great Britain
    Posts
    6,250

    Certifications
    CCIE counter..993 Lab Hours.... 532 Reading.
    #28
    Quote Originally Posted by instant000 View Post
    Update:

    Settling back into this one, might start back up the cert tracker on it. Still don't use Cisco IPS, but I can do hands-on at work for everything on the Security blueprint except the IPS.

    Going to try to not be too worried about possible blueprint changes down the line, and just take it day by day. The possible blueprint changes (IPv6, Wireless/Live Attack Simulation) make sense anyway, for any modern network. Right now, the Master's classes are priority, so I won't be updating this one like crazy, LOL. Apologies in advance. Think I might even just use my blog to update on this one, as I can kill two birds in one stone (get my site more popular, due to linking back to itself, over-and-over again as I like to do) and study for the test at the same time. Just realized that I hadn't updated my blog since 2010 ....
    Good luck. We have an FWSM -> ASA context migration on. The differences between NAT implementations etc are interesting.
    Reply With Quote Quote  

  5. sporadic member shednik's Avatar
    Join Date
    Feb 2007
    Location
    Pittsburgh, PA
    Posts
    2,005

    Certifications
    CCNP, JNCIP-ENT, JNCIS-SP, JNCIA, JNCDA, CCNA, CCNA:Security, MCP, A+, N+, L+, MST:InfoSec, CNSS 4011-4015
    #29
    Quote Originally Posted by instant000 View Post
    Update:

    Settling back into this one, might start back up the cert tracker on it. Still don't use Cisco IPS, but I can do hands-on at work for everything on the Security blueprint except the IPS.

    Going to try to not be too worried about possible blueprint changes down the line, and just take it day by day. The possible blueprint changes (IPv6, Wireless/Live Attack Simulation) make sense anyway, for any modern network. Right now, the Master's classes are priority, so I won't be updating this one like crazy, LOL. Apologies in advance. Think I might even just use my blog to update on this one, as I can kill two birds in one stone (get my site more popular, due to linking back to itself, over-and-over again as I like to do) and study for the test at the same time. Just realized that I hadn't updated my blog since 2010 ....

    Sounds good I'm trying to get myself off my lazy you know what to get back into the studying....I think last year between the busy travel schedule for work and finishing my masters that I have been unconsciously prioritizing things more fun than my studies. So I definitely know where you are coming from there.

    I would definitely like to follow your blog though since I plan to finish my CCNP and get the CCNP:Security going this year. best of luck and I hear you in the IPS stuff...I have a few of the AIP-SSMs to play with but not the appliances so I'm not sure how different they actually are. Doesn't help that we're probably moving to checkpoint for firewalls and IPS either.
    Reply With Quote Quote  

  6. sporadic member shednik's Avatar
    Join Date
    Feb 2007
    Location
    Pittsburgh, PA
    Posts
    2,005

    Certifications
    CCNP, JNCIP-ENT, JNCIS-SP, JNCIA, JNCDA, CCNA, CCNA:Security, MCP, A+, N+, L+, MST:InfoSec, CNSS 4011-4015
    #30
    Quote Originally Posted by Turgon View Post
    Good luck. We have an FWSM -> ASA context migration on. The differences between NAT implementations etc are interesting.
    Turgon...which version of FWSM are you migrating from and to what ASA version 8.4? The best way to describe cisco's new way of NAT is that it's very close to the way Checkpoint does it, at least looking at it with SmartDashboard vs ASDM.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #31
    Quote Originally Posted by Turgon View Post
    Good luck. We have an FWSM -> ASA context migration on. The differences between NAT implementations etc are interesting.
    Hah, a past gig ran a mix of 8.2, 8.3, and 8.4. Some with and without "nat-control" turned on. It made you very "on your toes" whenever you had to troubleshoot an issue, unnecessarily complicated by "nat-control" and multiple version NAT requirements, as if it's not enough just to make sure the traffic is getting to the right location, you also have to be sure that it is translated correctly.

    A great command to use is the "packet-tracer". I know that I use it daily. (Not the GUI version, but the command line version.) Once you get to using packet-tracer, your people will be very happy to have it at their disposal. (FWSM doesn't have it. From my perspective, packet-tracer was the killer app the ASA had.)

    Also, the ASDM real-time logger is okay to use from time-to-time when you're trying to track down an issue.

    The main thing I have to warn you about with the contexts is that depending on how you set it up, and you choose to go Active/Active with your ASA's, keep in mind that if one of them goes down, the other one will have to be able to support all of the contexts, and the device is supposed to set aside resources to accomodate the contexts running on its partner, anyway ... for this reason, running Active/Standby would be better, unless you need the higher bandwidth that I guess you would momentarily get from running Active/Active.

    The best thing is that with the arrival of 8.3, I was able to find several places in Cisco documentation that were recommending turning off nat-control.

    Anyway, since you probably are dealing with the NAT transitions, when i was trying to understand it, I found this link that gave one of the simplest comparisons I could find:

    Cisco ASA 8.3 / 8.4 NAT Guide (simple yet practical overview) « OSI Matrix
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

  8. Senior Member Turgon's Avatar
    Join Date
    Apr 2007
    Location
    Great Britain
    Posts
    6,250

    Certifications
    CCIE counter..993 Lab Hours.... 532 Reading.
    #32
    Quote Originally Posted by instant000 View Post
    Hah, a past gig ran a mix of 8.2, 8.3, and 8.4. Some with and without "nat-control" turned on. It made you very "on your toes" whenever you had to troubleshoot an issue, unnecessarily complicated by "nat-control" and multiple version NAT requirements, as if it's not enough just to make sure the traffic is getting to the right location, you also have to be sure that it is translated correctly.

    A great command to use is the "packet-tracer". I know that I use it daily. (Not the GUI version, but the command line version.) Once you get to using packet-tracer, your people will be very happy to have it at their disposal. (FWSM doesn't have it. From my perspective, packet-tracer was the killer app the ASA had.)

    Also, the ASDM real-time logger is okay to use from time-to-time when you're trying to track down an issue.

    The main thing I have to warn you about with the contexts is that depending on how you set it up, and you choose to go Active/Active with your ASA's, keep in mind that if one of them goes down, the other one will have to be able to support all of the contexts, and the device is supposed to set aside resources to accomodate the contexts running on its partner, anyway ... for this reason, running Active/Standby would be better, unless you need the higher bandwidth that I guess you would momentarily get from running Active/Active.

    The best thing is that with the arrival of 8.3, I was able to find several places in Cisco documentation that were recommending turning off nat-control.

    Anyway, since you probably are dealing with the NAT transitions, when i was trying to understand it, I found this link that gave one of the simplest comparisons I could find:

    Cisco ASA 8.3 / 8.4 NAT Guide (simple yet practical overview) « OSI Matrix
    Thanks for this. The conversion of code from one to another is a concern.

    Im looking at active/active and the contexts will be the same on both devices. It's 2012 so time to move away from active/standby, although I have resisted for a while
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #33
    Update 6:

    Lewis Lampkin, III: Sixth Update: Certification: 642-617 FIREWALL v1.0 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

    (And yes, I am trying to drive traffic to my blog, LOL.)

    Need to update my signature ...
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #34
    Appears Cisco is updating the security curriculum to ASA 8.4:

    https://learningnetwork.cisco.com/docs/DOC-13734

    I was counting on practicing on ASA at work, but they're all 8.2 or lower, looks like, so it looks like I'll be going here:

    7200emu.hacki.at :: View topic - ASA 8.4(2) on QEMU

    to figure out how to virtualize ASA (lots of posters claim to have issues there, so ... probably not worth bothering with for now).

    In the meantime, I think I'll switch back to the ROUTE student lab manual, I've been through the Bryant ROUTE book twice, and done all his labs at least once, and figure if I go through the official lab book at least twice (according to a prior poster) I should be good to to. Might throw in some OCG if I don't do well on the Boson.

    But, putting this one on hold, probably. My only investment in this has been the FW book for 642-617, and about ten hours of reading, whereas I've already placed about 100 hours into ROUTE .... I just wanted the flexibility to spend a good 2 or 3 months to prep at a pace that allowed me to keep up with my schoolwork and such, and it's practically March already ...

    It looks like you need to be ready for the NEW FW and VPN on May 28 and June 1, respectively. For CCNA Security, you need to be ready for the new exam on October 1. See cisco.com for more details.

    This is no pile on Cisco, I actually got the book last September, (and if I wasn't doing schoolwork) three months would be very comfortable preparation time. But, with schoolwork also, it would not create a great time (i.e., sleep) management situation for me
    Last edited by instant000; 02-29-2012 at 10:45 AM.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 2 First 12

Social Networking & Bookmarks