SENSS 1.0: Threat Controls Deployment on Cisco IOS Software

This course is included in our On-demand training solution.

Overview

Cisco IOS Software Threat Control features provide security controls that can establish flexible network access control policies between security domains (zones), into which enterprise networks are often partitioned. This course provides configuration, verification, troubleshooting, and general deployment guidelines for security controls that are available with Cisco IOS Threat Control features.

Target Audience

Anyone wishing to obtain the Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 certification; one of four designed for the CCNP Security track from Cisco. Knowledge of Cisco Certified Network Associate (CCNA) certification is required and knowledge of Cisco Certified Network Associate (CCNA) Security certification and Knowledge of Microsoft Windows Operating System are helpful. Note: Candidates who have a valid CCNA Routing and Switching certification AND have passed either Securing Cisco Network Devices exams 642-551 or 642-552 can act as a prerequisite valid only through December 31, 2014.

Prerequisites

None

Expected Duration

120 min.

Course Objectives

Course Introduction

Overview of the Cisco IOS Zone-Based Policy Firewall

  • identify features of the Zone-Based Policy Firewall
  • Configuring Zones and Zone Pairs

  • describe how to configure Zone-Based Policy Firewall zones and zone pairs
  • Basic OSI Layer 3 and 4 Interzone Access Policy Part 1

  • identify characteristics of Cisco Common Classification Policy Language (C3PL)
  • Basic OSI Layer 3 and 4 Interzone Access Policy Part 2

  • analyze a basic OSI Layer 3 and 4 interzone access policy class map configuration
  • Basic OSI Layer 3 and 4 Interzone Access Policy Part 3

  • describe C3PL policy map functions
  • Basic OSI Layer 3 and 4 Interzone Access Policy Part 4

  • identify default interface rules a router network interface is subject to in a Zone-Based Policy Firewall configuration
  • Basic OSI Layer 3 and 4 Interzone Access Policy Part 5

  • identify the tasks required to configure the Zone-Based Policy Firewall with a basic (Layer 3 and 4) interzone access control policy
  • Basic OSI Layer 3 and 4 Interzone Access Policy Part 6

  • apply policy maps to zone pairs in a given scenario
  • Verifying Basic OSI Layer 3 and 4 Interzone Policy

  • verify a basic OSI Layer 3 and 4 interzone access policy
  • Basic OSI Layer 3 and 4 Intrazone Access Policy

  • describe features of a basic OSI Layer 3 and 4 intrazone access policy
  • Control Plane and Management Plane Traffic Part 1

  • describe the concept of the self zone within a Zone-Based Policy Firewall inspection of control plane and management plane traffic configuration
  • Control Plane and Management Plane Traffic Part 2

  • configure an inbound policy for the self zone
  • Tuning the Stateful Engine and Connection Part 1

  • identify features of the TCP normalizer
  • Tuning the Stateful Engine and Connection Part 2

  • describe the use of parameter maps
  • Tuning the Stateful Engine and Connection Part 3

  • analyze a Zone-Based Policy Firewall configuration where the stateful engine and connection settings have been tuned
  • Configuring Support for NAT

  • describe how to integrate Zone-Based Policy Firewall with Cisco IOS Software NAT configuration
  • Troubleshooting the Zone-Based Policy Firewall

  • describe how to troubleshoot the operation of basic Zone-Based Policy Firewall functions
  • Overview of Advanced Access Policies

  • describe application layer filtering functions
  • HTTP Inspector Overview

  • describe Cisco IOS Zone-Based Policy Firewall HTTP inspector
  • Configuring HTTP Inspection Part 1

  • identify the tasks required to configure HTTP inspection
  • Configuring HTTP Inspection Part 2

  • create an HTTP inspection class map
  • Configuring HTTP Inspection Part 3

  • verify HTTP inspection on Cisco IOS Zone-Based Policy Firewall
  • Inspection of Peer-to-Peer Protocols

  • describe how Zone-Based Policy Firewall supports inspection for other application layer protocols
  • Cisco IOS Zone-Based Policy Firewall URL Filtering

  • describe URL filtering methods on Cisco IOS Zone-Based Policy Firewall
  • Exercise: Configuring Cisco IOS HTTP Inspection

    SUBSCRIPTION COST



     

    NEED HELP OR NOT SURE?