Cisco Secure Firewall Deployment & Operations Workshop

URL Filtering

• Overview
• Manual URL Filtering
• Category based URL filtering

NGIPS          

•  Overview
•  Built-in intrusion policy & how to use it for detection/prevention?
•  Custom intrusion policy
•  How it is different from IDS?

 Advance Malware Protection

•     Overview

SSL decryption

•  Overview
•  SSL policy actions

Security Intelligence

• Overview
• How it is used for threat prevention?

Overview on Managers available for FTD

• FDM
• FMC
• CDO

Introduction to FMC

•  How FMC is used for FTDv device management.
•  Features on FDM vs FMC.

 Management Interfaces

•  Overview on interfaces used for device management.
•   Requirements for adding FTD in FMC. How it is configured for FMC management.
•  How FTD & FMC form tunnel (SF/management tunnel) to receive management & event data.

 FTD shell types

•  Various shell available in NGFW
•  Available features or working of various shell prompts

Multi-Domain Management Overview

•   Tenant Management
•  Creating and managing tenants
•   Understanding domain levels and their purpose
•  Allocating resources and managing access for different tenants

Policy Hierarchy

• Global Policies
•  Parent Domain Policies
•  Child Domain Policies
•  Benefits of the Policy Hierarchy

 Policy Types and Inheritance

•   Access Control Policies
•  Intrusion Policies
•  Malware Policies
•  Identity Policies

 Policy Management

Overview of Cisco Secure Firewall ZTNA Features

•  Benefits of Cisco Secure Firewall ZTNA

 Threat Defense with Zero Trust Access

•  Process workflow

 ZTA Configuration Components

•   Zero Trust Application Policy
•  Application and Application Groups
•  Identity Certificate
•  IdP Certificate
•  Application Certificate

Manage Zero Trust Application Policies

•   Create, Modify and Monitor

 Workbook 3 [Advanced configuration for FTDv using FMCv]

•  Access Control
•  Security IPS and IDS
• Malware
• Application filter
• Site to Site VPN

Secure Firewall Threat Intelligence Director Overview

Pre-requisite

•  Set Up Threat Intelligence Director
•  Steps to enable and configure TID in the Firepower Management Center
•  Overview of supported threat intelligence formats (STIX, TAXII, etc.).
•  Integrating TID with threat intelligence sources.
•  Configuring policies to Support Threat Intelligence Director

Analyze Threat Intelligence Director Incident and Observation Data

•  Modify Threat Intelligence Director Configurations
•  Troubleshoot Threat Intelligence Director

 Logging setup

•   Overview
•  Local/External Syslog server setup
•  Syslog – FMC vs. CLI configuration
•  Syslog – Snort vs. Lina

 Monitoring (via FMC)

• Global summary dashboard
• Health monitoring dashboard

             > Health Policy configuration

             > customization of dashboards

              > generating & downloading troubleshooting files

Alerts

•   Health alerts
•  Alert policy (Email/SNMP/Syslog)

Events

•  Connection events

             > verifying session logs         

             > table view of filtered logs

•  Threat events

           > Intrusion events monitoring

                 –> Packet detailing

                  –> Review mode

            > Malware events monitoring

            > File events monitoring

                  –> Analyzing Captured files

 Audit log

•  System activity logs

•  Downloading global dashboard
•  Report Templates
•  Custom report templates
•  Report generation & downloading

Event Troubleshooting

•  Verifying packet flow using packet tracer
•  Packet capture analysis

 VPN Troubleshooting

•  Site-to-Site monitoring
•  Analysing logs

Planning and performing software upgrades

•  Backing up and restoring configurations
•  Regular maintenance tasks

               -> updating snort package (auto/manual)

                -> updating URL DB

• Working with the Firepower Management Center API
• Working with the Firepower Device Manager APIs
• Automated Security Policy Management
• Secure Firewall Remediation APIs