Implementing Advanced Cisco ASA Security

Implementing Core Cisco ASA Security (SASAC) or equivalent knowledge of the Cisco ASA.

Module 1: Cisco ASA Product Family

• Introduction to ASA series firewalls
• Introduction to ASAv
• Deploy ASAv
• ASAv Other hypervisors support, digitally signed image and management options
• Verify ASAv VM
• ASA 9.2.1 BGP IPv6 support
• ASA 9.3 features
• ASA 9.4.1 + VXLAN support
• Describe the Cisco ASASM platforms, architecture, and features

Module 2: Cisco ASA Identity Firewall

• ASA Identity Firewall benefits, flow and policies
• Cisco CDA basic network configuration
• Application status verification
• Active directory server configuration
• CDA user-account configuration
• CDA GUI password policy configuration
• Configure identity firewall policies on ASA
  • Using ASDM
  • Using CLI
• FQDN network object configuration
• Verify user-identity operations
• CDA management with CLI, live log monitoring and troubleshooting

Module 3: Cisco ASA Firepower Services

• SFR introduction
• FireSIGHT management
• SFR management interface, package installation and verification
• FireSIGHT VM installation and setup
• License requirement
• Policy types introduction
• Recommended rules introduction
• Monitoring
• ASDM and Firepower on-box FireSIGHT manager
• Firepower dashboard, reporting, status and events viewer
• Licensing
• Firepower 6.0 features
• System configurations and device platform settings
• Firepower multidomain management

Module 4: Cisco ASA Cloud Web Security (CWS)

• ASA with CWS introduction
• CWS scanning processes
• Licenses
• ASA with CWS integration
• CWS operations verification
• Verify traffic redirection
• Syslog messages
• ScanCenter web filtering policy introduction and configuration
• ASA CWS AMP introduction
• CWS cognitive threat analysis
• Threats reporting

Module 5: Cisco ASA Clustering

• Cluster performance figures and supported platforms
• Cluster data-interface modes and connections
• CLL functions
• Cluster dynamic-routing, NAT and PAT operations
• Cluster terminology
• TCP, asymmetric UDP, short-lived and centralized-feature traffic flows
• Cluster management
• Configuration with the CLI
• Each unit configuration
• Master unit configuration
• Sample configuration of a two-unit cluster with spanned etherchannel and individual interface
• Configure ASA cluster using Cisco ASDM
• Cluster licensing
• Verification types
• Troubleshoot ASA cluster operations
• Cluster features of v9.1.4, v9.2.1, v9.3.1 and v9.4.1

Module 6: Cisco ASA Security Group Firewall and Change of Authorization (Optional)

• Cisco secure access architecture
• SG Firewall configuration
• SGACL operations monitoring
• SGT features (post 9.0 releases)
• Change of authorization introduction
• Chang of authorization CLI and ASDM configurations

Labs:

• Access the Remote Cisco Learning Lab Environment
• Set Up and Test the ASAv
• Implement New Features in ASA 9.3 and 9.4
• Configure the Cisco CDA
• Configure ASA IDFW
• Cisco ASA Firepower Services Module Installation
• Cisco Firepower Management Center Configuration
• Configure ASA CWS
• Cisco ASA Cluster Configuration