Description

The Course Name: FIREPOWER200 – Securing Networks with Cisco Firepower Threat Defense

The Duration: 5 Days

The Overview:

Course Content

The purpose of this course is to teach participants how to support and maintain their Cisco Firepower Threat Defense systems including application control, security intelligence, NGFW, NGIPS, and network-based malware and file controls. Also the participants will learn how to take advantage of powerful tools, so you can perform more efficient event analysis, including the detection of file types and network-based malware.

What You Will Learn

  • How to describe the Cisco Firepower Threat Defense system and key concepts of NGIPS and NGFW technology
  • How to describe how to perform the configurations tasks required for implementing a Cisco Firepower Threat Defense device
  • How to describe how to implement quality of service (QoS) and Network Address Translation (NAT) by using Cisco Firepower Threat Defense
  • How to perform an initial network discovery using Cisco Firepower to identify hosts, applications, and services
  • How to identify and create the objects required as prerequisites to implementing access control policies
  • How to describe the behavior, usage, and implementation procedure for access control policies
  • How to describe the concepts and implementation procedure of security intelligence features
  • How to describe Cisco Advanced Malware Protection (AMP) for Networks and the implementation procedure of file control and advanced malware protection
  • How to implement and manage intrusion policies
  • How to explain the use of network analysis policies and the role of preprocessor technology in processing network traffic for NGIPS inspection
  • How to describe and demonstrate the detailed analysis techniques and reporting features provided by the Cisco Firepower Management Center
  • How to describe key Cisco Firepower Management Center system administration and user account management features
  • How to describe the processes that can be used to troubleshoot Cisco Firepower Threat Defense systems

 

The Course Index:

 

Day 1

  • Overview of technology
  • Next Generation Firewall Security
  • Types of Firewalls
  • Routing in FTD
  • Next Generation IPS
  • IDS vs IPS
  • Firepower Components and Features
  • Firepower System
  • Firepower Features
  • Firepower Automation
  • Firepower Components
  • Firepower Management Center
  • Firepower Device
  • Firepower Naming Conventions
  • Firepower Platforms
  • Firepower Stacking
  • Firepower Threat Defense
  • Unified Access Control Policies
  • High-level Feature Comparison
  • Firepower 9300 and 4100 Details
  • Firepower Management Center
  • Firepower Management Center
  • FMC Basics
  • How FMC works
  • FMC Management
  • FMC Limits
  • FMC GUI
  • FMC GUI Menus
  • FMC Analysis Menu
  • FMC Policies Menu
  • FMC Devices Menu
  • FMC Domain Management
  • How to Create FMC Domains
  • Firepower Licensing
  • Smart Licensing
  • Cisco Firepower System Configurations
  • FTD Device Registration
  • FTD Device Configuration
  • FMC Configuration
  • FTD Device Properties
  • FTD Interfaces
  • FTD Modes
  • FMC Policies Basics
  • Firepower Policy Flow
  • Deployment

 

Labs:

Lab 1 – Introduction to Lab Topology

Lab 2 – Navigating Firepower Management Center

Lab 3 – Device Management

Day 2

  • Firepower High Availability
  • Firepower Management Center HA
  • 7000 and 8000 HA
  • Firepower Threat Defense HA
  • NAT Policy Configuration
  • NAT Policy Configuration
  • How NAT Works
  • NAT Types
  • Configuring NAT with FMC
  • NAT Rules
  • NAT Auto NAT Rules
  • NAT PAT pool
  • Advanced NAT
  • NAT Verification
  • NAT Examples
  • QoS Policy Configuration
  • How QoS Works
  • How to Create QoS Policy
  • QoS Policy Rules
  • QoS Examples
  • FlexConfig Policies
  • FlexConfig Policy Overview
  • Template Scripts
  • Customizing Device Configuration
  • Firepower Discovery
  • Network Discovery Components
  • Fingerprinting Hosts
  • How it works
  • Discovery Modes
  • Passive Detection
  • Active Detection for Hosts
  • Host Identity
  • Identity Workflow
  • Conflict Workflow
  • Discovery Policies
  • Network Discovery Policy
  • Network Discovery Rules
  • Rule Actions
  • Host Limits
  • Discovery of Users
  • User Limits
  • Identity Sources
  • Captive Portal
  • User Identity Configuration
  • Identity Policy
  • Objects
  • Object Basics
  • Object Groups
  • Overrides
  • ACP Object Relationship
  • General Objects
  • Advanced Objects
  • Variables

Labs:

Lab 4 – NAT Policy Configuration Lab 5 – QoS Policy Configuration Lab 6 – FlexConfig Policies

Lab 7 – Network Discovery Policy

Lab 8 – Object Management

Day 3

  • Prefilter Policies
  • Introduction to Prefiltering
  • Prefiltering vs Access Control
  • Configuring Prefiltering
  • Access Control Policy
  • ACP Components
  • ACP Rules
  • ACP Default Action
  • Rule Action – Block
  • Rule Action – Monitor
  • Rule Action – Trust
  • Rule Action – Allow
  • ACP Inspection Options
  • Logging Options
  • ACP Advanced Settings
  • ACP Inheritance
  • Security Intelligence
  • Security Intelligence Overview
  • SI Whitelists and Blacklists
  • SI Objects
  • SI Feeds
  • Feed Categories
  • List Objects
  • SI Deployment
  • File and Malware Policy
  • File Identification SHA-256
  • File-Type Detection
  • File Policy Rules
  • File Policy Basics
  • File Types
  • Advanced Options
  • Advanced Malware Protection
  • File Dispositions
  • AMP Cloud
  • AMP Architecture
  • AMP Advanced Options
  • AMP Integration
  • Next Generation Intrusion Prevention
  • Intrusion Prevention Basics
  • Rules
  • Rule Examples
  • Snort
  • Talos
  • Variables
  • Intrusion Policy
  • Network Analysis Policy
  • Traffic Flow for Intrusion Policy
  • Components
  • Policy Layers
  • Shared Policy Layers
  • Creating New Intrusion Policy
  • Intrusion Policy Configuration
  • Intrusion Policy Rules
  • Rule Options
  • Firepower Recommendations

Labs:

Lab 9: Prefilter Policies

Lab 10: Access Control Policy

Lab 11: Security Intelligence

Lab 12: File and Malware Policy

Lab 13: Intrusion Policy

Day 4

  • Network Analysis Policy
  • Preprocessor Technology
  • Preprocessor Flow
  • Preprocessor Rules
  • Network Policy Settings
  • Adaptive Profiles
  • Adaptive Profile Configuration
  • SSL Policy
  • Anatomy of SSL Sessions
  • Firepower SSL Decryption
  • Firepower SSL Architecture
  • Decrypt Resign
  • Decrypt Known Key
  • SSL Policy
  • SSL Policy Settings
  • SSL Policy Rules
  • SSL Policy Default Action
  • Applying SSL Policy
  • VPN Deployments
  • VPN Overview
  • VPN Types
  • VPN Basics
  • Licensing
  • Firepower Threat Defense Site-to-Site VPN
  • Firepower Threat Defense Remote Access
  • VPNs

Labs:

Lab 14: Network Analysis Policy

Lab 15: SSL Policy

Lab 16: Site to Site VPN Lab 17: Remote VPN

Day 5

  • Correlation Policies
  • Responses
  • Remediation
  • Custom Remediation Modules
  • Correlation Policy Rules
  • How to Create Policy Rules
  • Whitelists
  • Traffic Profiles
  • Correlation Policy
  • Analysis
  • Event Basics
  • FMC Analysis
  • FMC Database
  • eStreamer
  • Analysis Search
  • Workflows
  • Security Intelligent Events
  • File and Malware Events
  • Impact Flags
  • Indication of Compromise
  • Analysis Tools
  • Reporting
  • System Administration
  • System Configuration
  • FMC Configuration Settings
  • Health Monitoring
  • Health Policy
  • Firepower Updates
  • User Account Management
  • Multidomain Deployments

Labs:

Lab 18: Correlation Policy

Lab 19: Analysis of events

Lab 20 – System Administration