CSF - Cisco Secure Firewall Advanced Features, Operations & Management (CSFA)

In this 3-day, lab intense course students will learn about many of the advanced features, day-2 operations and management of Cisco Secure Firewall / Firepower Threat Defense. Through intense lab exercises students will develop the skills to configure, manage and troubleshoot problems with Cisco FTD devices. After a short review of CSF, we will cover advanced features like security intelligence, file control, advanced malware protection, redundancy, external threat intelligence, domain management, SNORT3, and advanced packet flow analysis. We will also have a look at what’s new in version 7.x. You will gain leading-edge skills for high-demand security focused responsibilities.

Student Testimonials

Instructor did a great job, from experience this subject can be a bit dry to teach but he was able to keep it very engaging and made it much easier to focus. Student
Excellent presentation skills, subject matter knowledge, and command of the environment. Student
Instructor was outstanding. Knowledgeable, presented well, and class timing was perfect. Student

Click here to print this page »


Before taking this course, it would be good to have a basic understanding of Cisco Secure Firewall and some hands-on experience working on the device (Cisco Secure Firewall). If you don’t have the pre-requisites described above, then a good way to prepare for this course is to attend our course ’Introduction to Cisco Secure Firewall’.

Detailed Class Syllabus

Overview of Cisco Secure Firewall (CSF)

Device Configuration
Traffic Control
NAT Overview
Network Discovery
Overview of Policies

Next-Generation Features of Cisco Secure Firewall (CSF)

Security Intelligence (SI)
File Control and Advanced Malware Protection
Malware and File Policy
Overview of Intrusion Prevention and Snort Rules
Firepower Recommendations

Cisco Secure Firewall Redundancy

Overview of High Availability (HA)
Discuss active / standby HA

External Threat Intelligence

Overview of external feeds
Describe incidents
Explain Cisco Threat Intelligence Director (CTID)
Understanding subscription of CTID to external feeds

Domain Management

Introduction to multi-tenancy using domains
Managing domains
Creating new domains
Moving devices between domains


Site-to-Site VPN


Introduction to Snort3
Explain Elephant Flow
Discuss Snort3 recommendations
Explain rule actions

Advance Packet Flow Analysis

Using the ’Packet-Tracer’ feature
Using the ’Capture with Trace’ feature

What’s New in 7.x

VPN Load Balancing for FMC-managed devices
Explain FQDN NAT
Understand network wildcard mask object
Discuss direct Internet access
Describe AnyConnect with SAML external browser
Explain encrypted visibility engine
Discuss enhancement in TLS (focus on TLS 1.3)

Lab Exercises

Configuring CTID
Configure FQDN NAT
Using Wildcard Mask
Configure Direct Internet Access (DIA) with Policy Based Routing (PBR)
Configure Site-to-Site VPN
Configuring AnyConnect VPN
Configuring and detecting Elephant Flow using Snort3
Configuring Snort3 Firepower recommendations
Configuring additional rule actions for Snort3
Configuring and validating enhanced Captive Portal
Setting up an Encrypted Visibility Engine for reports, events, and telemetry
TLS 1.3 ESNI extension (overview/ no hands-on)
Advance Packet Flow Analysis
Configure High Availability (Active / Standby)
Remote deployments, selective deployment, and rollbacks (overview/ no hands-on