Networks & Firewall

Securing Network using Cisco Routers and Switches 

COURSE CONTENTS:

  • Access Control List and Types 

  • NAT and Types 

  • Configuring NTP

  • Configuring Anti-Spoofing ACL and uRPF

  • Configuring a DHCP Server and DHCP Relay 

  • Configuring Router to send Logs to a Syslog 

  • Configuring Port Security on Switch

  • Configuring DHCP Snooping

  • Configuring Dynamic ARP Inspection

  • IP Source Guard 

  • Configuring VLAN ACLs

  • Control Plane Security and CoPP

  • Zone Based Firewall 

  • Network Attack Vectors and Attack Types 

  • Summary 

Virtual Private Networks (VPN)

COURSE CONTENT:

  • VPN Technology Overview and Types 

  • GRE Based VPN 

  • IPSec LAN To LAN VPN using Crypto Maps 

  • GRE Over IPSec - Tunnel Mode and Transport Mode

  • S-VTI - Tunnel Interface Based IPSec 

  • M-GRE

  • DMVPN - Phase I,Phase II, Phase III

  • GET-VPN 

  • VRF Aware VPNs

  • IKEV2 

  • Flex VPN Site to Site using D-VTI and S-VTI

  • Flex VPN Spoke to Spoke Using NHRP

  • LAN to LAN VPN Using Router as CA Server 

  • Summary 

Big IP F5 Load Balancer (LTM) - Local Traffic Manager

COURSE CONTENT:

  • Big IP F5 LTM Product Overview

  • Load Balancing Fundamentals

  • Installation and initial access

  • Licensing and Setup utility

  • Provisioning

  • Virtual Servers and pools

  • Load Balancing Modes

  • Monitor Concepts

  • Monitor Configurations

  • Profiles

  • Profiles Types and Dependencies

  • Protocol profile Types and settings

  • Concept of Persistence

  • Source Address persistence

  • Cookie Persistence

  • SSL termination / Initiation

  • SSL profile Configuration

  • NATs

  • SNATs

  • iRules Concept

  • iRules Events

  • High Availability

  • Failover detection

  • Stateful failover

  • Additional Tools and Resources

  • Documentation for F5 Supports

Big IP F5 Load Balancer (GTM/DNS)

COURSE CONTENT:

  • F5 Product Suite Overview

  • Installation and Initial Access

  • DNS Overview

  • Accelerated DNS Resolutions

  • Intelligent DNS Resolutions

  • LDNS Probes and Metrics

  • Load Balancing - Static, Dynamic, Ratio Based, Persistence etc 

  • Monitor concepts and configurations

  • Logs and Event Notifications 

  • DNS Sec, Limits and Threshold

  • Synchronization Groups

  • Big IP iHealth

Fortinet - Fortigate Firewall NSE 4

COURSE CONTENT:

  • Basic Security Terminology

  • Introduction to Firewall Technology 

  • About Fortinet and Product series

  • Install Fortigate - Vmware, GNS3, EVE-NG

  • Initial Working Lab and Forigate Dashboard

  • Fortigate Interface Concepts 

  • VLANS and Zone

  • One Armed Sniffer

  • Redundant Interface ans Aggregate Interfaces

  • Virtual Wire Pair 

  • Administrative Access and DNS Server 

  • Static Policy Route 

  • Static and Default Route 

  • Policy Routing 

  • Dynamic Routing - RIP, OSPF, BGP and Redistribution 

  • Policies , Policy - MAC , Policy - Local User 

  • DHCP Server and DHCP Relay 

  • Secuirity Profile 

  • AV Security , AV Filter and DNS Filter , Application control 

  • Intrusion Prevention System , Inspection mode, File Filter Profile , DoS Mode

  • NGFW Modes 

  • NAT - Policy Based NAT, SNAT, DNAT 

  • Object - Address Object and Service Object 

  • High Availability - Active/Passive, Active/Active 

  • VDOMs

  • IPSec VPN Concept and Site to Site VPN 

  • Site to Site Policy Baed VPN

  • Remote Access VPN 

  • Syslog Server and Traffic Shaper 

  • Command Line Interface 

  • Packet Sniffing and Capture 

  • TroubleShooting Fortigate 

  • Summary 

Palo Alto Firewall (PCNSE)

COURSE CONTENT:

  • Palo Alto Introduction

  • Platforms and Architecture 

  • Single Pass Architecture 

  • Flow Logic 

  • Initial Configuration 

  • Initial Access to the System 

  • Configuration Management 

  • Licensing and Software Updates 

  • Account Administration 

  • Interface Configuration 

  • Security Zones 

  • Layer 2, Layer 3, Virtual Wire, and Tap 

  • Sub-interfaces 

  • DHCP Virtual Routers 

  • Security and NAT Policies 

  • Security Policy Configuration 

  • Policy Administration 

  • NAT (source and destination), U-Turn NAT

  • App-ID Overview 

  • Application Groups and Filters 

  • App-ID: Antivirus • Anti-spyware • Vulnerability • URL Filtering 

  • File Blocking: Wildfire • Security Profiles File Blocking • Wildfire 

  • Decryption • Certificate Management • Outbound SSL Decryption • Inbound SSL Decryption 

  • User-ID

  • Active/Passive High Availability 

  • Configuring Active/Passive HA 

  • Management & Reporting 

  • Panorama Introduction and Overview.

  • Troubleshooting

CISCO ASA Firewall 9.x

COURSE CONTENT:

  • Cisco ASA Firewall Introduction

  • Basic Configuration

  • Interface configuration

  • Security Levels

  • Management [Telnet / SSH]

  • Routing [RIPv2, EIGRP, OSPF, BGP]

  • NAT [Dynamic/Static NAT, Dynamic/Static PAT, Manual NAT]

  • Access Policies

  • Transparent firewall

  • Initialization

  • Access policies

  • Ethertype ACLs

  • Redundancy

  • Redundant Interfaces

  • Port-channels

  • Security Contexts

  • Failover [Active/Standby & Active/Active]

  • Clustering

  • Deep-Packet Inspection using MPF

  • Tuning the global policy

  • Configuring custom L7 policy

  • ASA VPNs

  • Site – To – Site IPSec

  • Site – To – Site – NAT – T

  • Remote access

  • Web VPN

  • AnyConnect

  • Summary 

Checkpoint Firewall (CCSA R80.x)

COURSE CONTENT:

  • Overview (Fundamentals and Our Design).

  • Initial Access and Setup.

  • Interfaces (LAN, WAN).

  • Web UI Overview and General Settings.

  • Licensing.

  • Software Upgrade.

  • General Routing.

  • Security Policy Components.

  • Network Objects and Resources.

  • Outgoing NAT using Interface.

  • Static NAT and Firewall Policy.

  • NAT Port Forwarding.

  • Firewall Policy.

  • Applications and URL Filtering.

  • Anti-Virus and Anti-Bot.

  • Intrusion Prevention (IPS).

  • Site-to-Site VPN.

  • User Awareness (Active, Passive).

  • Remote Access.

  • Packet Capture

  • Traffic Monitoring.

  • Guest Services (DHCP, Hotspot).

  • Backup.

  • Dynamic routing.

  • Troubleshooting.