ASA Threat Control for CCNP Security (300-206) SENSS

This course focuses on the threat control capabilities of the ASA tested on the CCNP Security (300-206) SENSS exam. The course covers object-groups and ACLs, Modular Policy Framework configurations for L3 - L7, Botnet traffic control and Identity Based Firewalls.
Course info
Rating
(15)
Level
Intermediate
Updated
Jul 15, 2015
Duration
3h 30m
Table of contents
Description
Course info
Rating
(15)
Level
Intermediate
Updated
Jul 15, 2015
Duration
3h 30m
Description

With networks under attack these days, its important to think ahead with firewall policy and implement control in such a way that your attack surface is limited. This course will walk you through how to deploy various forms of threat control on the Cisco ASA. In doing so, you will also cover important material that is required as part of the Cisco CCNP Security, 300-206, SENSS exam. This exam must be scheduled and taken at a Pearson VUE test center.

About the author
About the author

Brandon is a CCIE (Security, #23837), Cisco Press author, and has over 13 years experience as a Cisco Instructor.

More from the author
VPN Fundamentals for CCNP® Security
Intermediate
1h 52m
12 Feb 2018
ISE BYOD for CCNP Security (300-208) SISAS
Intermediate
2h 8m
8 Nov 2017
More courses by Brandon Carroll
Section Introduction Transcripts
Section Introduction Transcripts

ASA Object Groups
Well, hi there everyone, and welcome to ASA Object Groups. We're going to dive right into this first real module on labs and content and actually configuring something on the ASAs. We're going to have a lot of fun in this course, but it's going to start with object groups so that we can use these things later on. So let's do an overview of what we're going to see in this particular module. First off, because we're talking about object groups, it's important that we define what an object group is. Then we're going to talk about how we configure object groups in the lab. We're going to jump into ASDM inside of our lab environment. It's a viral-based lab environment. We're going to jump into that lab, and we're going to configure some object groups. We'll discuss how that's done while we're in the device. We're also going to talk about how we will use those objects later on. So that's it for our overview of what's to come. A relatively short module in terms of what we're going to be configuring here, because these are just building blocks. So let's start by defining what an object group is, then once we have that understanding of what an object group is, we can get into the code of ASA and start building it, or we can get into the GUI and start configuring it.

Cisco ASA access-lists
And here we are in our Cisco ASA access-lists module. We've just configured object groups in the previous module. We're going to jump right into configuring access-lists and using those object groups here, so let's start out with an overview of what we're going to see in this module and what we're going to discuss. You are going to find in this module, we're not going to spend a lot of time in the slides, we're going to spend more time in the ASDM interface and on the command line actually getting work done and we'll explain things as we go, right there in the lab environment, but first off, we're going to define what Access Control Lists are. Really, at the CCNP security level, you should probably already be familiar with what an access list is, but we're just going to cover it for good measure. We're also going to make sure that you understand how access lists filter traffic and we'll see that when we're in the lab. And we're going to talk about how to configure those ACLs in detail while we are in the ASDM interface and we'll go ahead and show that to you and be able to verify it and we'll also apply those object groups as we do that. So that's it for our intro, let's talk about the demo and then let's not waste any time getting into the lab so that we can maximize the amount of time we're in that gear and seeing how things work.

Cisco ASA L3-4 Modular Policy Framework
Well, welcome, everyone to our next module here, Cisco ASA L3-4 Modular Policy Framework. What's that mean? We're gonna get right into that. Let's go ahead and start out with an overview of this module. So we're gonna start out in this module defining what MPF is, getting into the specifics of L3-4, which is Layer 3, Layer 4 MPF that we're gonna work with in this particular module. We're gonna talk about how the pieces fit together in a policy on our ASA, and some of the actions that you can take when you're trying to apply policy to traffic that is transiting the ASA. We're also gonna see how to configure the Modular Policy Framework, or MPF, for Layer 3 and Layer 4 policy. We'll get into the labs, we'll do some demonstrations here, and we'll actually see some access to a website and how we can control what we see in that ASA, how we can control how it's handling that traffic and what the end users are able to access, and things along those lines. So, we got quite a bit to talk about in this module. So we're gonna jump right into it, like I said, and start by defining what the Modular Policy Framework is.