FirePower for CCIE Security Candidates · FirePower for CCIE Security Candidates Rafael Leiva-Ochoa...
Transcript of FirePower for CCIE Security Candidates · FirePower for CCIE Security Candidates Rafael Leiva-Ochoa...
FirePower for CCIE Security Candidates
Rafael Leiva-Ochoa
BRKCCIE-3200
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to communicate with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#BRKCCIE-3200
• Introduction
• ASA 5500-X and FirePower Platform
• FirePower Technology Overview• FMC (FirePower Management Center)
• Host Discovery
• Traffic Processing Flow
• ACP (Access Control Policy)
• User Identity
• SSL
• Lab Ideas
• FirePower Classes
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Introduction
• Rafael Leiva-Ochoa
• @Cisco since Oct 2000
• Works in the TS Training Group (Part of Learning@Cisco)
• Delivers courses on Security to Global TAC Centers
• CCIE 19322 Security since 2007
5BRKCCIE-3200
CCIE Security Program Overview
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Topics Covered in the CCIE SecurityCCIE Security Overview
BRKCCIE-3200 7
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Perimeter Security and Intrusion Prevention Topics Covered in CCIE SecurityCCIE Security Topics
• 1.1 Describe, implement, and troubleshoot HA features on Cisco ASA and Cisco FirePOWER Threat Defense (FTD)
• 1.2 Describe, implement, and troubleshoot clustering on Cisco ASA and Cisco FTD
• 1.3 Describe, implement, troubleshoot, and secure routing protocols on Cisco ASA and Cisco FTD
• 1.4 Describe, implement, and troubleshoot different deployment modes such as routed, transparent, single, and multicontext on Cisco ASA and Cisco FTD
• 1.5 Describe, implement, and troubleshoot firewall features such as NAT (v4,v6), PAT, application inspection, traffic zones, policy-based routing, traffic redirection to service modules, and identity firewall on Cisco ASA and Cisco FTD
• 1.6 Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF), application layer inspection, NAT (v4,v6), PAT and TCP intercept on Cisco IOS/IOS-XE
• 1.7 Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco FirePOWER and Cisco FTD
• 1.8 Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such as alerting, logging, and reporting
• 1.9 Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC
• 1.10 Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-line, passive, and TAP modes
• 1.11 Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL inspection, user identity, geolocation, and AVC (Firepower appliance)
• 1.12 Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques, spoofing, man-in-the-middle, and botnet
BRKCCIE-3200 8
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9BRKCCIE-3200
Cisco Virtual Machines Used on CCIE Security
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Hardware Gear Used on CCIE Security
BRKCCIE-3200 10
ASA and 5500-X and FirePower Platform
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ASA 5500-X Series Next-Generation Firewalls
• Supports Cisco ASA Software Release 8.6.1 and later images; four times the firewall throughput of Cisco ASA 5500 Series platforms.
12BRKCCIE-3200
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco FirePower NGFW
FirePower VM
ASA 5500x
FirePower 4100
FirePower 8000/7000
FirePower 9300
BRKCCIE-3200 13
FirePower Technology Overview
FirePower Management Center (FMC)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
FirePower Management Center- Overview
FirePower
VM
FMC
Windows 7
Mac Sierra
Internet
APPS
BRKCCIE-3200 16
Configuration
Logging
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17BRKCCIE-3200
FMC - Interface
Host Discovery
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery - Overview
FirePower
VM
FMC
Windows 7
Mac Sierra
Internet
APPS
APPS
BRKCCIE-3200 19
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Passive (Default)
FirePower
VM
Windows 7
Mac Sierra
Internet
APPS
APPS
FMC
BRKCCIE-3200 20
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery - Passive (Setup)
Applications Only
(Default)
All IPv4, and IPv6
(Default)
BRKCCIE-3200 21
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Passive (Setup) (continue)
BRKCCIE-3200 22
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Passive (Setup) (continue)
FMC
FirePower
VM
Deployment
BRKCCIE-3200 23
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Host Profile
Windows 7 =
192.168.2.2
BRKCCIE-3200 24
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Active
FirePower
VM
Windows 7
Mac Sierra
Internet
APPS
APPS
FMC
BRKCCIE-3200 25
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Active (Setup) (continue)
BRKCCIE-3200 26
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Active (Setup) (continue)
BRKCCIE-3200 27
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Active (Setup) (continue)
BRKCCIE-3200 28
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Active (Setup) (continue)
BRKCCIE-3200 29
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Active (Setup) (continue)
BRKCCIE-3200 30
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Active (Setup) (continue)
BRKCCIE-3200 31
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host Discovery – Active (Setup) (continue)
Windows 7 =
192.168.2.2
BRKCCIE-3200 32
Traffic Processing Flow
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
FirePower Appliance, or VM
Security
IntelligenceSSL Policy
Network
Analysis
Policy
Access
Control
Policy
Objects
Malware
and File
Policy
Intrusion
Policy
Traffic
BRKCCIE-3200 34
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
FirePower on ASA
Ingress
Interface
Existing
Conn
ACL
Check
Match
Xlate
Inspect,
and Sec
NAT
Header
Egress
InterfaceLayer 3 Layer 2 TX
RX
Drop Drop Drop
Drop Drop The FirePower does
not do the drop the ASA
does!
Yes
NO
FirePower
BRKCCIE-3200 35
ACP (Access Control Policy)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) - Overview
FirePower
VM
ACP Policy
ACP Rule_______________________Drop
ACP Rule_______________________Allow
ACP Rule_______________________Allow
ACP Rule_______________________Allow
FMC
Top
Bottom
ACP ACP
Policy Deployment
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Structure
Malware
and File
Policy
Intrusion
Policy
Security
IntelligenceSSL Policy
Network
Analysis
Policy
ACP Policy - SSL Policy - Identity Policy –
Security Intelligence – Network Analysis
ACP Rule_______________________ Drop
ACP Rule________Intrustion Malware Allow
ACP Rule________________Malware Allow
ACP Rule________________Malware Allow
Default______________________Intrustion
Identity
Policy
Global to ACP Per Rule
Rule must be set to: Allow, Interactive Block
BRKCCIE-3200 38
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – When Adding New FirePower
FirePower
VM
FMC
BRKCCIE-3200 39
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – After Adding New FirePower
BRKCCIE-3200 40
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Structure
BRKCCIE-3200 41
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Assignments
BRKCCIE-3200 42
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Assignments
BRKCCIE-3200 43
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Assignments
BRKCCIE-3200 44
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Assignments
BRKCCIE-3200 45
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Rule Structure
BRKCCIE-3200 46
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Rule Structure (continue)
47BRKCCIE-3200
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Rule Structure (continue)
BRKCCIE-3200 48
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Rule Structure (continue)
• Allow = Matching traffic is allowed; however, prohibited files, malware, intrusions, and exploits within that traffic are detected and blocked. Remaining non-prohibited, non-malicious traffic is allowed to its destination.
• Trust = Matching traffic is allowed to pass to its destination without further inspection. Traffic that does not match continues to the next rule.
• Monitor = Monitor rules track and log network traffic but do not affect traffic flow. The system continues to match traffic against additional rules to determine whether to permit or deny it.
• Block = Matching traffic is blocked without further inspection
• Block with Reset = Matching traffic is blocked without further inspection. It will also reset the connection.
• Interactive Block = Give users a chance to bypass a website block by clicking through a customizable warning page, called an HTTP response page. If user bypasses, it will acted as a Allow rule.
• Interactive Block with Reset = Give users a chance to bypass a website block by clicking through a customizable warning page, called an HTTP response page. It will also reset the connection. If user bypasses, it will acted as a Allow rule.
BRKCCIE-3200 49
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Rule Structure (continue)
BRKCCIE-3200 50
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Policy Rule Structure (continue)
BRKCCIE-3200 51
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACP (Access Control Policy) – Connection Events
BRKCCIE-3200 52
User Identity
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Overview
FirePower
VM
Windows 7
Mac Sierra
Internet
Users
FMC
Users
AD
LDAP
ISE
BRKCCIE-3200 54
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 55BRKCCIE-3200
User IdentityUser Identify - Passive
FirePower
VM
Windows 7
Mac Sierra
Internet
Users
FMC
Users
AD
LDAP
User Auth
ACP ACP
UAUser Auth Exchange
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – Configuration Process
Realm Identity Policy ACP Policy
• User Agent: Is used to share authentication information from the identity store to the FMC in real time, which then shares it with the FP.
• Realm: Is used to setup the Identity stores that will be used for authentication, and to download the User, and Group information to use on the ACP’s.
• Identity Policy: Is used to setup who is going to require authentication for ACP policies to work.
• ACP Policy: Is used to enable the Identity Policy, and configure ACP’s that have user identity information.
User Agent
(UA)
BRKCCIE-3200 56
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – User Agent
The Active Directory server must be
running Windows Server 2008 or
Windows Server 2012.
You can install an agent on any
Microsoft Windows Vista, Microsoft
Windows 7, Microsoft Windows 8,
Microsoft Windows Server 2008, or
Microsoft Windows Server 2012
computer with TCP/IP access to the
Microsoft Active Directory servers
you want to monitor. You can also
install on an Active Directory server
running one of the supported
operating systems.
BRKCCIE-3200 57
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – User Agent
BRKCCIE-3200 58
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – User Agent
BRKCCIE-3200 59
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – Realm
FMC
BRKCCIE-3200 60
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – Realm (continue)
BRKCCIE-3200 61
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – Identity Policy
BRKCCIE-3200 62
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – Identity Policy
BRKCCIE-3200 63
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – Identity Policy
BRKCCIE-3200 64
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – Identity Policy
BRKCCIE-3200 65
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – Identity Policy
BRKCCIE-3200 66
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Identity - Passive – ACP Rule
BRKCCIE-3200 67
SSL
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL - Overview
FirePower
VM
Windows 7
Mac Sierra
Internet
FMC
AD
LDAP
ACP ACP
Decryption/Re-encryptionBRKCCIE-3200 69
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL - Resign
CA Cert
keyCertSign
FirePower
VMACP ACP
CA Cert
ResignResigned
Root CA Pub
BRKCCIE-3200 70
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL – Resign Example
keyCertSign
Digital Signature, Non-Repudiation, Key Encipherment
BRKCCIE-3200 71
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL – Known Key
FirePower
VMACP ACP
SRV 1- Private Key
Company ServersPublic Key
Private Key
Public Key
Private Key
Public Key
Private Key
SRV1 SRV2 SRV3
SRV1
SRV2
SRV3
SRV1
Root CA Pub
BRKCCIE-3200 72
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign - Configuration Process
SSL Policy ACP Policy
• SSL Certificate Creation: Is used to resign the server certificate that the user is accessing via SSL
• SSL Policy: Is used to configure which traffic is going to be decrypted, and how.
• ACP Policy: Is used to enable the SSL Policy, and configure ACP’s that have user identity information.
SSL CA
Certificate
Creation
BRKCCIE-3200 73
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL CA Certificate Creation
BRKCCIE-3200 74
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL CA Certificate Creation
BRKCCIE-3200 75
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL CA Certificate Creation
BRKCCIE-3200 76
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL CA Certificate Creation
BRKCCIE-3200 77
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL CA Certificate Creation
BRKCCIE-3200 78
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL CA Certificate Creation
BRKCCIE-3200 79
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL CA Certificate Creation (continue)
• Technically, you can use the same CA Certificate on all the FP’s, but it is not recommended, since you will need to assign a CN that is typically the FP FQDN.
• Also revocation becomes an issue with all FP’s have the same CA Certificate
BRKCCIE-3200 80
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL Policy
BRKCCIE-3200 81
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL Policy (continue)
BRKCCIE-3200 82
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL Policy (continue)
BRKCCIE-3200 83
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL Resign - SSL Policy (continue)
• Decrypt – Resign = Use a resign certificate to do a man-in-the-middle and resign the server certificate that is being sent from the server that the client is trying to connect.
• Decrypt – Known Key = Use a know private key to decrypt the communication with the server the client is trying to connect.
• Do not Decrypt = inspect the encrypted traffic with access control policy
• Block = block the SSL session without further inspection
• Block with Reset = block the SSL session without further inspection and reset the TCP connection
• Monitor = Monitor rules track and log network traffic but do not affect traffic flow. The system continues to match traffic against additional rules to determine whether to decrypt, do not decrypt, or block it.
BRKCCIE-3200 84
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL Policy (continue)
BRKCCIE-3200 85
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL Policy (continue)
BRKCCIE-3200 86
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL Policy (continue)
BRKCCIE-3200 87
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL Policy (continue)
BRKCCIE-3200 88
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL Policy (continue)
BRKCCIE-3200 89
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL Policy (continue)
BRKCCIE-3200 90
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – SSL Policy (continue)
BRKCCIE-3200 91
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – ACP Policy
BRKCCIE-3200 92
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – ACP Policy
BRKCCIE-3200 93
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Resign – ACP Policy
BRKCCIE-3200 94
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 95BRKCCIE-3200
Challenges with SSL Resign
• RFC 7469 Public Key Pinning Extension for HTTP: Is a security mechanism administered on the HTTP header that allows a HTTPS website from being taken over by attackers using mis-issued, or otherwise fraudulent certificates.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Known Key - Configuration Process
SSL Policy ACP Policy
• SSL Public, and Private Key: Is used for the FMC to share the Private key with the FP that will be used to decrypt SSL traffic from the server that is protecting the information using the public key.
• SSL Policy: Is used to configure which traffic is going to be decrypted, and how.
• ACP Policy: Is used to enable the SSL Policy, and configure ACP’s that have user identity information.c
SSL
Public, and
Private
Key
BRKCCIE-3200 96
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Known Key – SSL Public, and Private Key
Company Servers
SRV1 SRV2 SRV3
PEM Format
BRKCCIE-3200 97
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Known Key – SSL Public, and Private Key
Public PEM
Private PEM
BRKCCIE-3200 98
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Known Key – SSL Public, and Private Key
BRKCCIE-3200 99
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Known Key – SSL Public, and Private Key
BRKCCIE-3200 100
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSL- Known Key – SSL Public, and Private Key
BRKCCIE-3200 101
Lab Ideas
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Lab Gear Needed
Cisco C Series Server
700 GB HD
128 GB RAM
4 Port Gigbit Ethernet
Cisco C3560X 24 port
Internet
Internet Connection
Free Version of vSphere
Hypervisor 6.x
BRKCCIE-3200 103
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 104BRKCCIE-3200
FirePower TopologyInternet
FPDNS
DHCP
AD
LDAP
Cert Server
Mac
PC
VMvSphere
Hypervisor 6.x
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Overall TopologyInternet
FPDNS
DHCP
AD
LDAP
Cert Server
Mac
PC
ISE WSA ESAACS vWLC
BRKCCIE-3200 105
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Lab Gear Needed for Budget Topology
Raspberry PI 3
Internet
Internet Connection
Cisco 2960C 10 port
Intel Compute Stick
Free Version of vSphere
Hypervisor 6.x
Spare PC
BRKCCIE-3200 106
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Alternative Topology
Windows 10
Linux
DNS DHCP
Internet
FP
LDAP/
CA Server
Linux
BRKCCIE-3200
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Raspberry PI Setup at Home
Cisco 2960C 10 port
Sabrent 60 Watt
GeauxRobot
BRKCCIE-3200 108
FirePower Classes
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
SSFIPS - Securing Networks with Cisco FirePower Next-Generation IPS
• This lab-intensive course introduces you to the basic next-generation intrusion prevention system (NGIPS) and firewall security concepts. The course then leads you through the Cisco Firepower system. Among other powerful features, you will become familiar with:
• In-depth event analysis
• NGIPS tuning and configuration
• Snort® rules language
• 4 Day ILT
• 5 Day Virtual Training
BRKCCIE-3200 110
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
FIREPOWER200 – Securing Networks with Cisco FirePowerThreat Defense NGFW
• This lab-intensive course introduces you to the basic next-generation intrusion prevention system (NGIPS) and next-generation firewall (NGFW) security concepts. The course then leads you through the Cisco Firepower system. Among other powerful features, you become familiar with:
• Firepower Threat Defense configuration
• In-depth event analysis
• NGIPS tuning and configuration
• 5 Day ILT
• 5 Day Virtual Training
BRKCCIE-3200 111
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
DSACI – Deploying Security in Cisco ACI
• You learn a brief overview of Cisco ACI architecture, including an examination of the Cisco Nexus 9000 Series Switches for data centers. Also, you have the opportunity to discover how to implement security mechanisms in the operational infrastructure with the Cisco ACI environment. You also explore the process for provisioning security services in Cisco ACI, including external Cisco Adaptive Security Appliance (ASA), Adaptive Security Virtual Appliance (ASAv) instances, and Cisco Firepower capabilities.
• This course combines lecture materials and hands-on labs throughout to make sure you are able to successfully deploy, configure, and maintain Cisco ACI security.
• 5 Day ILT
BRKCCIE-3200 112
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to communicate with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#BRKCCIE-3200
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Please complete your Online Session Evaluations after each session
• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt
• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.
Complete Your Online Session Evaluation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
115BRKCCIE-3200
Thank you