logo
Home

Cisco Securing Networks with Cisco Firepower Next Generation Firewall SSNGFW

  • CMDBID 113732
  • Course Code SSNGFW
  • Duration 5 Days
Scroll

Cisco Secure Course

course overview

Click to View dates & book now

Overview

The Securing Networks with Cisco Firepower Next Generation Firewall (SSNGFW) v1.0 course shows you how to deploy and use Cisco Firepower Threat Defense system.

This hands-on course gives you knowledge and skills to use and configure Cisco Firepower Threat Defense technology, beginning with initial device setup and configuration and including routing, high availability, Cisco Adaptive Security Appliance (ASA) to Cisco Firepower Threat Defense migration, traffic control, and Network Address Translation (NAT). You will learn how to implement advanced Next-Generation Firewall (NGFW) and Next-Generation Intrusion Prevention System (NGIPS) features, including network intelligence, file type detection, network-based malware detection, and deep packet inspection. You will also learn how to configure site-to-site VPN, remote-access VPN, and SSL decryption before moving on to detailed analysis, system administration, and troubleshooting.

This course helps you prepare to take the exam, Securing Networks with Cisco Firepower (300-710 SNCF), which leads to CCNP Security and Cisco Certified Specialist – Network Security Firepower certifications. The 300-710 SNCF exam has a second preparation course as well, Securing Networks with Cisco Firepower Next-Generation Intrusion Prevention System (SSFIPS). You can take these courses in any order.

Audience

  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel
  • Cisco integrators and partners

Skills Gained

After completing this course, you should be able to:

  • Describe key concepts of NGIPS and NGFW technology and the Cisco Firepower Threat Defense system, and identify deployment scenarios
  • Perform initial Cisco Firepower Threat Defense device configuration and setup tasks
  • Describe how to manage traffic and implement Quality of Service (QoS) using Cisco Firepower Threat Defense
  • Describe how to implement NAT by using Cisco Firepower Threat Defense
  • Perform an initial network discovery, using Cisco Firepower to identify hosts, applications, and services
  • Describe the behaviour, usage, and implementation procedure for access control policies
  • Describe the concepts and procedures for implementing security intelligence features
  • Describe Cisco Advanced Malware Protection (AMP) for Networks and the procedures for implementing file control and advanced malware protection
  • Implement and manage intrusion policies
  • Describe the components and configuration of site-to-site VPN
  • Describe and configure a remote-access SSL VPN that uses Cisco AnyConnect
  • Describe SSL decryption capabilities and usage

Prerequisites

To fully benefit from this course, you should have the following knowledge and skills:

  • Knowledge of TCP/IP and basic routing protocols
  • Familiarity with firewall, VPN, and Intrusion Prevention System (IPS) concepts

The supply of this course by DDLS is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Outline

  • Cisco Firepower Threat Defense Overview
  • Cisco Firepower NGFW Device Configuration
  • Cisco Firepower NGFW Traffic Control
  • Cisco Firepower NGFW Address Translation
  • Cisco Firepower Discovery
  • Implementing Access Control Policies
  • Security Intelligence
  • File Control and Advanced Malware Protection
  • Site-to-Site VPN
  • Remote-Access VPN
  • Detailed Analysis Techniques
  • System Administration
  • Cisco Firepower Troubleshooting
  • Examining Firewall and IPS Technology
  • Firepower Threat Defense Features and Components
  • Examining Firepower Platforms
  • Examining Firepower Threat Defense Licensing
  • Cisco Firepower Implementation Use Cases
  • Firepower Threat Defense Device Registration
  • FXOS and Firepower Device Manager
  • Initial Device Setup
  • Managing NGFW Devices
  • Examining Firepower Management Center Policies
  • Examining Objects
  • Examining System Configuration and Health Monitoring
  • Device Management
  • Examining Firepower High Availability
  • Configuring High Availability
  • Cisco ASA to Firepower Migration
  • Migrating from Cisco ASA to Firepower Threat Defense
  • Firepower Threat Defense Packet Processing
  • Implementing QoS
  • Bypassing Traffic
  • NAT Basics
  • Implementing NAT
  • NAT Rule Examples
  • Examining Network Discovery
  • Configuring Network Discovery
  • Examining Access Control Policies
  • Examining Access Control Policy Rules and Default Action
  • Implementing Further Inspection
  • Examining Connection Events
  • Access Control Policy Advanced Settings
  • Access Control Policy Considerations
  • Implementing an Access Control Policy
  • Examining Security Intelligence
  • Examining Security Intelligence Objects
  • Security Intelligence Deployment and Logging
  • Implementing Security Intelligence
  • Examining Malware and File Policy
  • Examining Advanced Malware Protection

Next-Generation Intrusion Prevention Systems

  • Examining Intrusion Prevention and Snort Rules
  • Examining Variables and Variable Sets
  • Examining Intrusion Policies
  • Examining IPsec
  • Site-to-Site VPN Configuration
  • Site-to-Site VPN Troubleshooting
  • Implementing Site-to-Site VPN
  • Examining Remote-Access VPN
  • Examining Public-Key Cryptography and Certificates
  • Examining Certificate Enrollment
  • Remote-Access VPN Configuration
  • Implementing Remote-Access VPN
  • Configuring SSL Policies
  • Examining Event Analysis
  • Examining Event Types
  • Examining Contextual Data
  • Examining Analysis Tools
  • Threat Analysis
  • Managing Updates
  • Examining User Account Management Features
  • Configuring User Accounts
  • Examining Common Misconfigurations
  • Examining Troubleshooting Commands
  • Firepower Troubleshooting

Labs:

  • Migrating from Cisco ASA to Cisco Firepower Threat Defense
  • Implementing Remote Access VPN

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.