Cisco FIREWALL 2.0: The Modular Policy Framework and Traffic Inspection Policies

This course is included in our On-demand training solution.

Overview

The Cisco ASA adaptive security appliance helps enforce security policies within your networks. Different types of traffic traversing the Cisco ASA adaptive security appliance should have different policies. For example, you should analyze traffic coming from the Internet for any sign of malicious software, and you should prioritize VoIP traffic on all appliance interfaces to prevent delays and packet losses. The Cisco Modular Policy Framework (MPF) configuration tool enables you to assign different network policies to different traffic flows in a flexible and granular manner. The Cisco MPF enhances Cisco ASA security appliance interface access control lists (ACLs) by allowing the administrator to specify a multitude of additional access controls on network flows independently of interface ACLs. This course starts with an overview of the Cisco MPF tool, continues with a description of policies for Open Systems Interconnection (OSI) Layers 3 and 4, and concludes with a description of management service policies, which you use to control traffic that is destined for the Cisco ASA security appliance.
The Cisco ASA adaptive security appliance enforces a strict inspection and filtering policy that may sometimes interfere with unusual network designs or the use of network protocols by applications. The policy may also cause legitimate applications to experience connectivity issues over security appliances. The Cisco ASA security appliance supports many features that enable you to create exceptions in its behavior for traffic in such environments. This course describes some of the inspection tuning methods that you can configure on the appliance to integrate with such environments.

Target Audience

Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA adaptive security appliance perimeter security features to reduce risk to IT infrastructure and its applications within their networking environments. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system. Candidates who have completed the Cisco Certified Network Associate (CCNA) Certification and the Cisco Certified Network Associate Security Certification (CCNA Security).

Prerequisites

Expected Duration

150 min.

Course Objectives

Cisco MPF Overview

  • describe the deployment of the Cisco MPF on the Cisco ASA security appliance
  • Configuring and Verifying Layer 3 and Layer 4 Policies

  • describe how to configure and verify OSI Layer 3 and Layer 4 policies on the Cisco ASA security appliance
  • Configuring a Policy for Management Traffic

  • recognize how to configure and verify a Management Traffic policy on the Cisco ASA
  • Tuning Basic Inspection of OSI Layers 3 and 4

  • describe the default inspection policy and its tuning options on the Cisco ASA
  • recognize how to tune inspection on the Cisco ASA for OSI Layers 3 and 4
  • Configuring ICMP and FTP Inspection

    Configuring TCP Normalizer

  • recognize how to configure and verify advanced connection settings using the Cisco MPF on the Cisco ASA
  • Configuring TCP Intercept and Connection Limits

  • identify the steps to configure TCP Intercept on the Cisco ASA
  • Enabling TCP Intercept

    Configuring Support for Dynamic Protocols

  • recognize how to configure and verify support for dynamic protocols using the Cisco MPF on the Cisco ASA
  • Configuring the Botnet Traffic Filter

  • describe how to configure support for the Cisco ASA Botnet Traffic Filter on Cisco ASA security appliances
  • Configuring QoS on the Cisco ASA Adaptive Security Appliance

  • describe how to configure QoS support on the Cisco ASA security appliance
  • Troubleshooting OSI Layer 3 and Layer 4 Inspection

  • describe how to troubleshoot OSI Layer 3 and Layer 4 inspection on the Cisco ASA
  • SUBSCRIPTION COST



     

    NEED HELP OR NOT SURE?