ICSF - Introduction to Cisco Secure Firewall (ICSF)

In this 3-day course students will learn to deploy, configure, and manage Cisco Secure Firewall/Firepower Threat Defense. This hands-on course will help develop the skills to use and configure Cisco FTD, starting with the initial device setup and configuration. Students will learn to implement Next-Generation Firewall (NGFW) and Next-Generation Intrusion Prevention System (NGIPS) features. Students will also learn to analyze events, system administration, and basic troubleshooting.

Student Testimonials

Instructor did a great job, from experience this subject can be a bit dry to teach but he was able to keep it very engaging and made it much easier to focus. Student
Excellent presentation skills, subject matter knowledge, and command of the environment. Student
Instructor was outstanding. Knowledgeable, presented well, and class timing was perfect. Student

Click here to print this page »


Before taking this course, it would be good to have some understanding of Network Security fundamentals.
Exposure to working with any Network firewall will be an advantage.

Detailed Class Syllabus

Overview of Cisco Secure Firewall (CSF)

Basic firewall and IPS terminologies
Understand CSF features
Examine different platforms
Examine licensing
General implementation use cases

Device Configuration

Device Registration
Differentiate between FXOS and FTD image
Differentiate between management options FDM and FMC
Initial device activation and configuration
Examining different policies
Define objects
Explore system configuration
Configure Health Monitoring
Discuss device/ platform management options
Overview of High Availability

Cisco Secure Firewall Traffic Control

Describe packet processing
Explain traffic bypassing
Discuss pre-filter policy

Network Address Translation (NAT) Configurations

Overview of NAT
Different NAT rule types
Implementing and configuring NAT

Network Discovery

Explain Network Discovery
Configure Network Discovery

Access Control Policies

Overview of Access Control Policies (ACP)
Describe Access Control Policy rules and default action
Define further inspection feature in a rule
Overview of logging options for a rule
Advanced Settings in an ACP
Deploying the change in an ACP

Security Intelligence

Overview of Security Intelligence (SI)
Configure Security Intelligence objects
Deploy SI

File Control and Advanced Malware Protection

Overview of malware and file policy
Discuss Advanced Malware Protection

Next-Generation Intrusion Prevention Systems

Overview of Intrusion Prevention and Snort rules
Explain variables and variable sets
Configure intrusion policies
Describe firepower recommendations

Analyzing Different Events

Discuss different types of events
Explore analysis tools
Analyze threats

General System Administration

Manage device updates
Explore user account management features
Configuring different user accounts

Basic Troubleshooting

Identify common misconfigurations
Basic troubleshooting commands
Using packet trace

Lab Exercises

Initial Device Setup
FTD initial boot up and n/w configuration (walkthrough/ no hands-on)
FMC initial boot up and n/w configuration (walkthrough/ no hands-on)
FTD onboarding to FMC
Basic Configuration and Verification
Verify/ create different objects
Verify/ create interface and routing configuration
Configure Security Intelligence
Configure Security Intelligence objects
Modify/ customize Security Intelligence
Configure Intrusion Policy
Reuse base IPS policy (SNORT2/ SNORT3)
Create a new IPS policy (SNORT2/ SNORT3)
Configure/ Modify the Access Control Policy
Allow internal/ DMZ access (inbound)
Allow Internet access (outbound)
[Use a SNORT2/ SNORT3 Intrusion Policy configured in exercise 4]
Configure NAT Policies
Dynamic NAT
Static NAT
Configure/ Modify Network Discovery Policy
Understand/ differentiate hosts, users, and applications
Configure/ tune the network discovery policy based on your environment
Deploy Changes
Review the changes that will apply to the NGFW
Deploy all the configuration changes to the NGFW
Test/ Analyze the NGFW Traffic
IPS functionality
Malware blocking capabilities
System Administration Overview
Health Monitoring
Device Backup and Restore
Reporting Overview
Scheduling Tasks
Change Reconciliation