Implementing Advanced Cisco ASA Security v2.1 - SASAA Course and Training | NetComLearning

Implementing Advanced Cisco ASA Security v2.1 - SASAA

Implementing Advanced Cisco ASA Security v2.1 - SASAA Course Description

Duration: 5.00 days (40 hours)

Cisco Career Guide

Implementing Advanced Cisco ASA Security v2.1 - SASAA course provides updated training on the key features of the Cisco ASA, including the ASA FirePOWER Services Module and ASA Clustering.

SASAA v2.1 course that provides updated training with labs. The labs focus on the key features of the Cisco ASA (covering up to the ASA 9.5.1 release). The goal of the course is to be able to implement the key features of the Cisco ASA, including Cisco ASA Firepower Services (including Firepower v6.0), ASA Cloud Web Security, ASA Identity Firewall, ASA Clustering and the Virtual ASA (ASAv).

Next Class Dates

Nov 27, 2017 – Dec 1, 2017
9:00 AM – 5:00 PM CT
Guaranteed to run class (GTR)
Dec 11, 2017 – Dec 15, 2017
9:00 AM – 5:00 PM PT
Dec 18, 2017 – Dec 22, 2017
9:00 AM – 5:00 PM PT
Jan 22, 2018 – Jan 26, 2018
9:00 AM – 5:00 PM CT

View More Schedules »

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Intended Audience for this Implementing Advanced Cisco ASA Security v2.1 - SASAA Course

  • » The primary audience for this course is Network engineers supporting Cisco ASA 9.x implementations

Back to Top

Course Prerequisites for Implementing Advanced Cisco ASA Security v2.1 - SASAA

Back to Top

Implementing Advanced Cisco ASA Security v2.1 - SASAA Course Objectives

  • » Describe the Cisco ASA 5500-X series Next Generation Firewalls, ASAv, ASA 5506-X, 5508-X, 5516-X, and ASASM and implement new ASA 9.4.1 features.
  • » Implement Cisco ASA Identity Firewall policies.
  • » Install and setup the Cisco Firepower Services Module (SFR)
  • » Implement Cisco ASA Cloud Web Security
  • » Implement Cisco ASA Clustering
  • » Describe Cisco ASA Security Group Firewall and Change of Authorization Support

Back to Top

Implementing Advanced Cisco ASA Security v2.1 - SASAA Course Outline

      1. Module 1: Cisco ASA Product Family
        1. Introducing the Cisco ASA 5500-X Next-Generation Firewalls
          1. Cisco ASA 5500-X Series Next-Generation Firewalls
          2. Cisco ASA 5500-X Series SSDs
          3. Cisco ASA 5585-X Dual Firewall Support
          4. Cisco ASA 5506-X, 5508-X, and 5516-X Overview
          5. Cisco ASA NGE Support
          6. Cisco ASA FirePOWER Services, CWS, NGFW Services, IPS Modules Comparisons
        2. Introducing the Cisco ASAv
          1. ASAv Initial 9.2.1 Release Overview
          2. Deploy the ASAv OVF Template
          3. ASAv 9.3.2+ KVM Hypervisor Support
          4. ASAv Digitally Signed Image
          5. ASAv Management Options
          6. ASAv 9.3.2+ Smart Licensing
          7. Verify the ASAv VM Using the CLI
          8. Verify the ASAv VM Using the ASDM
          9. ASA 9.2.1 BGP IPv4 Support
        3. Implementing ASA 9.3 and 9.4.1 New Features
          1. ASA REST API Basics
          2. ASA ACL Forward Reference and ACL Manual Commit
          3. ASA CLI Config Backup and Restore
          4. ASA Policy Based Routing
          5. ASA Equal Cost Multiple Path Routing
          6. ASA NSF Support
          7. ASA 9.4.1+ VXLAN Support
          8. Other New ASA Features
        4. Introducing the Cisco ASASM
          1. Cisco ASASM Supported Platforms
          2. Cisco ASASM Performance Numbers
          3. Cisco ASASM Architecture
          4. Cisco ASASM Features Parity
          5. Cisco ASASM VLAN Interface
      2. Cisco ASA Identity Firewall
        1. Describing the Cisco ASA Identity Firewall Solution
          1. Cisco ASA Identity Firewall Benefits
          2. Cisco ASA Identity Firewall Flow
          3. Cisco ASA Identity Firewall Policies
        2. Setting Up Cisco CDA
          1. Cisco CDA versus Active Directory Agent
          2. Cisco CDA Hardware Appliance and VM Requirements
          3. Cisco CDA Installation
          4. Cisco CDA Setup
          5. Cisco CDA Application Status Verification
          6. Cisco CDA CLI Operations
          7. Cisco CDA GUI
        3. Configuring Cisco CDA
          1. Active Directory Server Configuration
          2. Cisco ASA Configuration
          3. Syslog Server Configuration
          4. Cisco CDA User-Account Configuration
          5. Cisco CDA GUI Password Policy Configuration
          6. Cisco CDA Session Timeout Configuration
          7. IP-to-Identity Mapping Display
          8. Registered-Device Verification
        4. Configuring Cisco ASA Identity Firewall
          1. Identity-Based Firewall Configuration Tasks
          2. Active Directory Server Configuration
          3. Cisco CDA Configuration
          4. User-Identity Options Configuration Using Cisco ASDM
          5. User-Identity Option Configuration Using the CLI
          6. User-Identity-Based Access Rules
          7. User Object Group Configuration
          8. FQDN Network Object Configuration
          9. Identity Firewall with Cut-Through Proxy Use Case
          10. Identity Firewall with Remote-Access VPN Use Case
        5. Verifying and Troubleshooting Cisco ASA Identity Firewall
          1. Cisco CDA and Active Directory Server Connectivity Test
          2. Verify User-Identity Operations Using the CLI
          3. ASA to CDA Connectivity Verifications
          4. Active Directory Users Verifications
          5. Verify the Active Directory Groups
          6. Memory Usage Verifications
          7. Identity-Based Firewall Cisco ASDM Monitoring Panes
          8. Cisco CDA Management with the CLI
          9. Cisco CDA Live Log Monitoring
          10. Cisco CDA Troubleshooting
      3. Cisco ASA FirePOWER Services
        1. Installing the Cisco ASA FirePOWER Services Module
          1. Cisco ASA FirePOWER Services (SFR) Module Overview
          2. Cisco FireSIGHT Management Center Overview
          3. Cisco ASA FirePOWER Services Software Module Management Interface
          4. Cisco ASA FirePOWER Services Module Package Installation
          5. Cisco ASA FirePOWER Services Module Verification
          6. Redirect Traffic to Cisco ASA FirePOWER Services Module
        2. Managing the Cisco ASA FirePOWER Services Module Using the FireSIGHT Management Center
          1. FireSIGHT Management Center VM Installation and Setup
          2. FirePOWER Services Module and FireSIGHT License Requirements
          3. Add the FirePOWER Services Module into FireSIGHT
          4. FireSIGHT Policy Types Overview
          5. Task Status Monitoring
          6. System Policy Overview
          7. Health Policy Overview
          8. Objects Management Overview
          9. Network Discovery Overview
          10. Security Zones Overview
          11. Active Directory Integration Overview
          12. SourceFire User Agent Overview
          13. Access Control Policy Overview
          14. Intrusion Policy Overview
          15. FireSIGHT Recommended Rules Overview
          16. Intrusion Event Impact Levels Overview
          17. File Policy Overview
          18. Connection Events Monitoring
          19. Events Display Time Range
          20. Switch Workflow
          21. IPS Events Monitoring
          22. File Events Monitoring
          23. Users Monitoring
          24. Indication of Compromise Overview
          25. Context Explorer
          26. Dashboards
          27. System Updates
        3. Describing the Cisco ASA 5506-X, 5508-X, and 5516-X FirePOWER Services
          1. ASDM and FirePOWER On-Box FireSIGHT Manager
          2. ASA FirePOWER Dashboard, Reporting, and Status
          3. ASA FirePOWER Events Viewer
          4. Gather ASA FirePOWER Troubleshooting Information for Cisco TAC
          5. FirePOWER Licensing
        4. Configuring New Features in Cisco ASA Firepower Services 6.0
          1. Firepower 6.0 Platforms
          2. Deployment Dialog
          3. Message Center
          4. System Configurations and Device Platform Settings
          5. Network Analysis Policy
          6. File Policy Enhancements
          7. URL-Based Security Intelligence
          8. DNS Inspection
          9. OpenAppID
          10. Intelligent Application Bypass
          11. PKI, Cipher Suite List, and Distinguished Name Objects
          12. SSL Policy
          13. Realm and Directory Server
          14. Identity Policy
          15. Captive Portal Active Authentication
          16. Cisco ISE pxGrid Integration
          17. Cisco ASDM On-Box Firepower Management
          18. Firepower Multidomain Management
      4. Cisco ASA Cloud Web Security
        1. Introducing Cisco ASA Cisco Cloud Web Security
          1. Cisco ASA with Cisco Cloud Web Security
          2. Cisco Cloud Web Security URL Filtering, AVC, and Reporting Features Overview
          3. Cisco Cloud Web Security Scanning Processes and Day Zero Outbreak Intelligence Overview
          4. Cisco ScanCenter
          5. Cisco ASA Cloud Web Security Licenses
        2. Configuring Cisco ASA with Cisco Cloud Web Security
          1. Cisco ASA and Cloud Web Security Proxy-Server Configuration
          2. ScanCenter Generation of an Authentication Key for Cisco ASA
          3. Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
          4. Cisco ASA and Cloud Web Security Proxy Server User-Identity Configuration
        3. Verifying Cisco ASA Cloud Web Security Operations
          1. Cisco ASA Cloud Web Security Operations Verification Using the CLI
          2. Cisco ASA Cloud Web Security Operations Verification by Using Cisco ASDM
          3. Verification of Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
          4. Cisco ASA Cloud Web Security Syslog Messages
          5. Cisco ASA Cloud Web Security Operations Verification Using Debug
        4. Describing the Web Filtering Policy in Cisco ScanCenter
          1. ScanCenter Web Filtering Policy Overview
          2. ScanCenter Web Filtering Policy Configuration
          3. ScanCenter HTTPS Inspection Configuration Overview
          4. ScanCenter Web Filtering Reporting
        5. Describing Cisco ASA Cloud Web Security AMP and CTA
          1. Cisco ASA CWS Advanced Malware Protection Overview
          2. Cisco Cloud Web Security Cognitive Threat Analytics
          3. Cisco ASA Cloud Web Security ScanCenter Threats Reporting Overview
      5. Cisco ASA Clustering
        1. Describing Cisco ASA Cluster Features
          1. Cluster Performance Figures and Supported Platforms
          2. Cluster Data-Interface Modes
          3. Cluster Data-Interface Connections
          4. CCL Functions
          5. Cluster Master and Slave Unit Election
          6. Centralized, Distributed, and Unsupported Cisco ASA Features
          7. Cluster Dynamic-Routing Operations
          8. Cluster NAT and PAT Operations
        2. Describing Cisco ASA Cluster Terminology and Data Flows
          1. Cluster Terminology
          2. TCP Sequence Number Randomization
          3. TCP Traffic Flows
          4. Asymmetric UDP Traffic Flows
          5. Short-Lived Traffic Flows
          6. Centralized-Feature Traffic Flows
          7. Traffic Flows with Secondary Connections
          8. TCP Flow Rebalancing
          9. Cluster Health-Check Mechanisms
          10. Clustering with Multi-Context
        3. Using the CLI to Configure a Cisco ASA Cluster
          1. Cluster Management
          2. Cluster Configuration with the CLI
          3. Cluster Interface-Mode Configuration on Each Unit
          4. CCL Configuration on Each Unit
          5. Cluster Management Interface Configuration from the Master Unit
          6. Spanned EtherChannel (Layer 2) Interface Configuration from the Master Unit
          7. Individual (Layer 3) Interface Configuration from the Master Unit
          8. Cluster Bootstrap Configuration and Enabling Clustering on Each Unit
          9. Sample Configuration of a Two-Unit Cluster with Spanned EtherChannel Interface
          10. Sample Configuration of a Two-Unit Cluster with Individual Interface
          11. Cluster Configuration Options
        4. Using the ASDM to Configure a Cisco ASA Cluster
          1. Cisco ASDM Cluster Dashboards
          2. Cluster Configuration Using Cisco ASDM
          3. Cisco ASDM High Availability and Scalability Wizard
          4. Cisco ASDM ASA Cluster Pane
        5. Verifying Cisco ASA Cluster Operations
          1. Cluster Licensing
          2. Cluster Interface-Mode Verification
          3. Cluster Member-Status Verification
          4. Cluster Health-Status Verification
          5. Cluster Connections State Table Verification
          6. Cluster EtherChannel Status Verification
          7. Cluster Aggregated ACL Hit-Count Verification
          8. Cluster Memory and CPU Usage Verification
          9. Cluster Traffic-Distribution Verification
          10. TCP Flow-Rebalancing Verification
          11. Cluster Operation Verification Using ASDM
        6. Troubleshooting Cisco ASA Cluster Operations
          1. Cluster Packet Captures
          2. Cluster Syslog Messages
          3. Cluster Debug
          4. Cluster Crashinfo and Coredump
          5. Split-Cluster Scenario
        7. Describing Cisco ASA Version 9.1.4 and Later Clustering Features
          1. More Switches Support for Clustering
          2. ASA 5500-X Clustering Support (v9.1.4+)
          3. 16 Units Cluster with 32 Active Members Port Channel Support (v9.2.1+)
          4. BGP Support with Clustering (v9.3.1+)
          5. Cluster Selective Interface Monitoring Support (v9.4.1+)
          6. Individual Mode Inter-DC Clustering: Routed Firewall Mode Only (v9.1.4+)
          7. Extended Spanned EtherChannel for Inter-DC Clustering: Transparent Firewall Mode Only (v9.2.1+)
          8. Spilt Spanned EtherChannel Inter-DC Clustering: Transparent Firewall Mode Only (v9.2.1+)
          9. Inter-DC Redundancy with a Split Cluster
      6. Cisco ASA Security Group Firewall and CoA
        1. Introducing Cisco Security Group Tagging
          1. IEEE 802.1X Overview
          2. Cisco Secure Access Architecture
        2. Configuring Cisco ASA Security Group Firewall
          1. SG Firewall Configuration
          2. SGACL Operations Monitoring
        3. Describing the Cisco ASA 9.2.1 and Later Releases SGT Features
          1. Cisco ASA 9.2.1 SGT Support for VPN Users
          2. Cisco ASA 9.3.1 VPN Inline SGT Tagging Support
          3. Cisco ASA 9.3.1 Inline SGT Tagging Support
          4. Cisco ASA Inline SGT Tagging Configurations
        4. Describing the Cisco ASA 9.2.1 and Later Releases CoA Support
          1. RADIUS Change of Authorization Overview
          2. ASA CoA Support Overview
          3. ASA CoA CLI Configurations
          4. ASA CoA ASDM Configurations
      7. Lab Outline
        1. Cisco Learning Lab Remote Access
          1. Access the Learning@Cisco Hosted ASA Remote Lab
        2. Cisco ASAv Basic Setup
          1. Setup and Test the ASAv
        3. Cisco ASA 9.3 and 9.4.1 New Features
          1. REST API
          2. ACL Forward Reference
          3. ACL Manual Commit
          4. Policy Based Routing
          5. Equal Cost Multi Path Routing
          6. Reset the Inside PC Network Connectivity Through the ASA 5512-X Instead of the ASAv
        4. Cisco CDA Configuration
          1. Explore the Cisco CDA CLI
          2. Manage the Cisco CDA CLI User Accounts
          3. Explore the Cisco CDA GUI
          4. Configure the Cisco CDA to Communicate with the Active Directory Server, Cisco ASA, and Syslog Server
        5. Cisco ASA Identity-Based Firewall Configuration
          1. Configure the ASA to Communicate with the Active Directory Server
          2. Configure the ASA to Communicate with the CDA
          3. Configure ASA User-Identity Options
          4. Configure ASA Identity-Based Access Rules
        6. Cisco ASA FirePOWER Services Module Installation
          1. Install and Set Up the ASA FirePower (SFR) Services Module
          2. Redirect Traffic to the ASA FirePOWER Services Module
        7. Cisco FireSIGHT Management Center Configuration
          1. Add the ASA FirePOWER Services Module in the Cisco FireSIGHT Management Center
          2. Edit the Default FreSIGHT Network Discovery Rule
          3. Configure the File Policy, Intrusion Policy, and Access Control Policy
          4. Test ASA FirePOWER Basic IPS Operations
          5. Test ASA FirePOWER Basic AMP Operations
          6. Examine the FireSIGHT Network Discovery Results
          7. Integrate FireSIGHT with Microsoft Active Directory
          8. Setup and Test User Based Access Control Policy
          9. Verify the Traffic Redirection to the ASA FirePOWER Services Module
          10. Disable Traffic Redirection to the ASA FirePOWER Services Module
          11. Shut Down and Uninstall the ASA FirePower Services Module
        8. Cisco ASA Cloud Web Security Configuration
          1. Configure the Cisco ASA-to-Cloud Web Security Integration
        9. Cisco ASA Cluster Configuration
          1. Configure Spanned EtherChannel Mode on Each ASA in the Cluster (Pod X ASA and Pod X+1 ASA)
          2. Configure the Cluster Hostname on the Pod X ASA Only
          3. Configure the CCL Using a Local EtherChannel on Each ASA in the Cluster (Pod X ASA and Pod X+1 ASA)
          4. Configure the Management Interface in Individual (Layer 3) Mode on the Pod X ASA Only
          5. Configure the (Inside and Outside) Data Interfaces in Spanned EtherChannel (Layer 2) Mode on the Pod X ASA Only
          6. Configure the Cluster Bootstrap Configurations on Each ASA in the Cluster (Pod X ASA and Pod X+1 ASA)
          7. Enable Clustering on the Pod X ASA Only
          8. Enable Clustering on the Pod X+1 ASA
          9. Verify and Manage the Cluster Operations Using the CLI
          10. Verify the Cluster Operations Using the ASDM
          11. Verify HTTP Connections Through the Cluster and Identify the Owner and Director of a Flow
          12. Enable ICMP Inspection from the Master Unit
          13. Simulate a Master Unit Failure and Observe the Results
          14. Disable the Cluster

Back to Top

Do you have the right background for Implementing Advanced Cisco ASA Security v2.1 - SASAA?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

David M.
- Networking expert with several Cisco certifications, including CCENT, CCNA, CCDA, CCSI, and CCVP. - Has taught over 90 courses at NetCom Learning. - Average rating of 8.75 out of 9 on student evaluation reports.

Bio:

David has been in the Networking field for the past eleven years and holds several Cisco certifications. He has been an instructor since 2005 and has taught over 90 courses at NetCom Learning.

David is an extremely enthusiastic trainer with a raw passion towards teaching and delivering Cisco information and takes great pride in his career as an instructor, which has lead him to develop and deliver the class in his own unique way; very professional and knowledgeable, yet pleasant and enjoyable. His classes have a high passing rate for students taking certification exams, and averages 8.75 out of 9 on evaluation reports.
Michael G.
- Over 22 years of professional experience in the IT field, including more than a decade as a Certified Trainer.
- An expert in Cisco's Routing, Switching, Security, Voice and Wireless areas, as well as select Microsoft, Novell, CompTIA, Sun and CWNP courses.
- High-skilled and acclaimed instructor. Has trained over 900 students at Netcom Learning.

Bio:

Michael has over 22 years of professional experience in the IT field, including more than a decade as a Certified Trainer. An expert in Cisco's Routing, Switching, Security, Voice and Wireless areas, Michael also teaches select Microsoft, Novell, CompTIA, Sun and CWNP courses.

Michael's dedication and passion for teaching is unmatched. He has trained over 900 students at Netcom Learning since 2006 and his evaluation scores average 8.7 out of 9.
William D.
- Bachelors and Masters in Mathematics from University of Pennsylvania, in addition to several IT certifications.
- Over 20 years of experience in the IT industry; background ranges from engineering, administration and escalation support in networks.

Bio:

William is a highly-skilled IT professional with Bachelors and Masters Degree in Mathematics from University of Pennsylvania. He has been working in the IT industry for over 20 years, with experience in engineering, administration and escalation support in networks ranging from small to large scale complex enterprise environments.

As a Cisco and CompTIA Subject Matter Expert, he holds several certifications, including Cisco CCNA, CCNP, and CCIE. William is one of NetCom's top trainers, consistently scoring high marks in student evaluations.

See more...   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

Very knowledgeable instructor. True subject matter expert.

- Dameon R.

Course(s) Taken

» Implementing Cisco Voice Communications and QoS v8.0 - CVOICE

The instructor knows his material very well.

- Hung N.

Course(s) Taken

» Implementing Cisco Voice Communications and QoS v8.0 - CVOICE

Good Training company with whom we have a history.

-Swaminathayer M.
Course(s) Taken

» Deploying Cisco ASA Firewall Solutions v2.0 - FIREWALL

  More testimonials »  

Back to Top