Cisco FIREWALL 2.0: ASA Advanced Application Inspections and User-Based Policies

This course is included in our On-demand training solution.

Overview

Deploying access control that is based on parameters for Open Systems Interconnection (OSI) Layer 3 and 4 establishes a minimal connectivity policy for network applications. However, this filtering alone cannot provide protection for exposed applications. The Cisco ASA adaptive Security Appliance Application Inspection and Control (AIC) features provide advanced application layer (OSI Layers 5 to 7) filtering to address these scenarios when risk assessment demands them. This course enables you to configure, verify, and troubleshoot these advanced applications inspections and controls of the Cisco ASA Security Appliance.
You can configure the Cisco ASA adaptive Security Appliance for user-based policies (also known as cut-through proxy), where you can implement different network access policies for different users based on their authenticated identity. You implement user-based policies using the authentication, authorization, and accounting (AAA) system on the Cisco ASA Security Appliance. This course describes the Cisco ASA Security Appliance user authentication capabilities, followed by per-user authorization and traffic accounting features that you can integrate with the AAA infrastructure of an organization.

Target Audience

Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA adaptive Security Appliance perimeter security features to reduce risk to IT infrastructure and its applications within their networking environments. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system. Candidates who have completed the Cisco Certified Network Associate (CCNA) Certification and the Cisco Certified Network Associate Security Certification (CCNA Security).

Prerequisites

Expected Duration

150 min.

Course Objectives

ASA Layer 5 to Layer 7 Application Inspection

  • describe how to plan the deployment of application layer inspection on the Cisco ASA
  • describe how application inspection provides additional security services to OSI Layers 5 to 7 traffic flows using regular expressions
  • Configuring ASA Layer 5-7 Application Inspection

  • recognize the tasks to configure OSI Layers 5 to 7 application policies
  • recognize the CLI commands for configuring OSI Layers 5 to 7 policies
  • Configuring ASA HTTP Inspection

  • describe how to configure and verify application inspection of HTTP traffic using the GUI
  • describe how to configure and verify HTTP protection policy using the CLI
  • ASA HTTP Inspection Configuration Example

  • recognize the implementation guidelines for verifying HTTP inspection
  • recognize how to configure an application layer policy between an internal network, reachable over the inside interface of the appliance, to all web servers that are reachable over the outside interface of the appliance
  • Configuring HTTP Inspection on Cisco ASA

    ASA FTP Inspection and Additional Policy Enforcements

  • identify how to evaluate FTP inspection on the Cisco ASA
  • Troubleshooting ASA Application Layer Inspection

  • describe how to troubleshoot application layer inspection on the Cisco ASA
  • AAA and Cut-through Proxy Overview

  • identify the general deployment guidelines for user-based policies on the Cisco ASA
  • Configuring Cut-through Proxy Authentication

  • describe how to configure cut-through authentication on the Cisco ASA Security Appliance
  • Configuring Authentication Prompts and Timeouts

  • recognize how to use authentication timeouts on the Cisco ASA Security Appliance
  • Configuring Cut-Through Proxy Authorization

  • describe how to configure cut-through authorization on the Cisco ASA Security Appliance
  • Troubleshooting Cut-Through Proxy Accounting

  • describe how to troubleshoot cut-through accounting on the Cisco ASA Security Appliance
  • COURSE COST



     

    NEED HELP OR NOT SURE?