Cisco Certified Network Professional (CCNP) Security 642-617 FIREWALL

Course Title: Deploying Cisco ASA Firewall Features

Course Code: FIREWALL 642-617
Duration: 5 Days

Course Overview

The Deploying Cisco ASA Firewall Feature (FIREWALL) training course aims to provide network security engineers with the knowledge and skills required to implement and maintain Cisco ASA adaptive security appliance-based perimeter solutions. Candidates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA adaptive security appliance features, and provide detailed operations support for the Cisco ASA adaptive security appliance.

Target Audience

Candidates who should consider attending the FIREWALL 642-617 Cisco training course are those who implement and maintain Cisco ASA firewalls, Network security specialists and technicians, and those seeking Cisco Certified Network Professional (CCNP) Security certification.

Please note that the Cisco Certified Network Professional (CCNP) Security certification replaces the CCSP certification and is tuned specifically to the role of the Cisco Network Security Engineer. This course is recommended for those undertaking the 642-617 FIREWALL exam.

Course Objectives

On successfully completing the FIREWALL 642-617 course you will be able to:

• Evaluate the basic technology, features, and hardware models of the Cisco ASA adaptive security appliance product line.
• Implement and maintain basic Cisco ASA adaptive security appliance connectivity and device management plane features.
• Implement and maintain data plane access control features of the Cisco ASA adaptive security appliance product family.
• Implement and maintain Cisco ASA adaptive security appliance features that integrate itwith the local and global routing and switching infrastructure.
• Implement and maintain Cisco ASA adaptive security appliance virtualization and highavailability features.
• Evaluate Cisco ASA adaptive security appliance SSM modules, their major features, and integrate them with the Cisco ASA adaptive security appliance.

Course Prerequisites

Candidates attending the FIREWALL 642-617 Cisco training course should hold a valid CCNA Certification (this can be ICND1 plus ICND2 or CCNA 640-802)
A valid IINS Certifcation is also required and a working knowledge of Microsoft Windows OS would be an advantage.

Testing and Certification

The FIREWALL Cisco training course is the recommended preparation for the 642-647 FIREWALL - Deploying Cisco ASA Firewall Solutions exam. Please note that FIREWALL 642-617 is only one of four courses required for the Cisco Certified Network Professional for Security Career Certification and the SECURE, VPN and IPS courses are recommended for further study.

Professional Level Courses

The following is a list of other Professional level courses that we offer:

• Cisco CCNP Routing and Switching Certification
• Cisco CCNP Wireless Certification
• Cisco CCDP Certification
• Cisco CCNP Service Provider Operations Certification
• Cisco CCNP Voice Certification
• Cisco CCIP Certification

Course Content

Introduction to the Cisco ASA Adaptive Security Appliance:

• Introducing Cisco ASA Adaptive Security Appliance Technology and Features.
• Introducing the Cisco ASA Adaptive Security Appliance Family.

Implementation of Basic Connectivity and Device Management:

• Getting Started with the Cisco ASA Adaptive line Security Appliance and Cisco ASDM
• Configuring Interfaces and Static Routing
• Configuring Basic Device Management Features
• Configuring Management Access

Deployment of Cisco ASA Adaptive Security Appliance Access Control Features:

• Configuring Basic Access Control
• Using Cisco ASA Adaptive Security Appliance Modular Policy Framework
• Tuning Basic Stateful Inspection Features
• Configuring Application-Layer Policies
• Configuring Advanced Access Controls
• Configuring Resource Limits and Guarantees
• Configuring User-Based Policies (Cut-Through Proxy)

Deployment of Cisco ASA Adaptive Security Appliance Network Integration Features:

• Deploying Network Address Translation
• Configuring Cisco ASA Adaptive Security Appliance Transparent Operations

Deployment of Cisco ASA Adaptive Security Appliance Virtualization and High Availability Features:

• Deploying Cisco ASA Adaptive Security Appliance Virtualization Features
• Deploying Cisco ASA Adaptive Security Appliance Redundant Interfaces
• Deploying Active/Standby High Availability Failover
• Deploying Active/Active High Availability Failover

Integration of Cisco ASA Adaptive Security:

• Introducing the Cisco ASA Adaptive Security Appliance Security Service Modules
• Integrating the Cisco ASA Adaptive Security Appliance AIP-SSM and AIP-SSC Modules
• Integrating the Cisco ASA Adaptive Security Appliance CSC-SSM Module

Labs

• Lab 2-1: Configuring Basic Connectivity
• Lab 2-2: Configuring Management Features
• Lab 3-1: Configuring Basic Access Control
• Lab 3-2: Tuning Basic Cisco ASA Adaptive Security Appliance Stateful Inspection Features
• Lab 3-3: Configuring Application-Layer Policies
• Lab 3-4: Configuring Advanced Access Controls
• Lab 3-5: Configuring User-Based Policies (Cut-Through Proxy)
• Lab 4-1: Configuring Cisco ASA Adaptive Security Appliance NAT
• Lab 4-2: Configuring Transparent Firewall Mode
• Lab 5-1: Deploying a Cisco ASA Adaptive Security Appliance Active/Standby Failover
• Lab 5-2: Deploying a Cisco ASA Adaptive Security Appliance Active/Active Failover

Appendixes

• Appendix A: Configuring Routing on the Cisco ASA Adaptive Security Appliance
• Appendix B: Lab (Optional): Configuring Dynamic Routing

Recertification

Cisco professional level certifications (CCNP, CCNP SP Operations, CCNP Wireless, CCDP, CCNP Security, CCNP Voice, and CCIP) are valid for three years. To recertify, pass any 642 exam that is part of the professional level curriculum or pass any CCIE/CCDE written exam before the certification expiration date.

Please note that by achieving or recertifying in any of above the certifications automatically extends your active Associate and Professional level certification(s) up to the point of expiration of the last certification achieved. For more information, access the Cisco About Recertification page.

*PLEASE NOTE: Every effort has been made to ensure the accuracy of all information contained herein. IT Help and Support Centre Ltd makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. IT Help and Support Centre Ltd or its suppliers shall not be liable for incidental, consequential or special damages arising from, or as a result of, any electronic transmission or the accuracy of the information contained herin, even if IT Help and Support Centre Ltd has been advised of the possibility of such damages. Product and manufacturer names are used only for the purpose of identification.

This Website is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and Networking Academy are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this web site are the property of their respective owners.