Networks & Firewall
Securing Network using Cisco Routers and Switches
COURSE CONTENTS:
-
Access Control List and Types
-
NAT and Types
-
Configuring NTP
-
Configuring Anti-Spoofing ACL and uRPF
-
Configuring a DHCP Server and DHCP Relay
-
Configuring Router to send Logs to a Syslog
-
Configuring Port Security on Switch
-
Configuring DHCP Snooping
-
Configuring Dynamic ARP Inspection
-
IP Source Guard
-
Configuring VLAN ACLs
-
Control Plane Security and CoPP
-
Zone Based Firewall
-
Network Attack Vectors and Attack Types
-
Summary
Virtual Private Networks (VPN)
COURSE CONTENT:
-
VPN Technology Overview and Types
-
GRE Based VPN
-
IPSec LAN To LAN VPN using Crypto Maps
-
GRE Over IPSec - Tunnel Mode and Transport Mode
-
S-VTI - Tunnel Interface Based IPSec
-
M-GRE
-
DMVPN - Phase I,Phase II, Phase III
-
GET-VPN
-
VRF Aware VPNs
-
IKEV2
-
Flex VPN Site to Site using D-VTI and S-VTI
-
Flex VPN Spoke to Spoke Using NHRP
-
LAN to LAN VPN Using Router as CA Server
-
Summary
Big IP F5 Load Balancer (LTM) - Local Traffic Manager
COURSE CONTENT:
-
Big IP F5 LTM Product Overview
-
Load Balancing Fundamentals
-
Installation and initial access
-
Licensing and Setup utility
-
Provisioning
-
Virtual Servers and pools
-
Load Balancing Modes
-
Monitor Concepts
-
Monitor Configurations
-
Profiles
-
Profiles Types and Dependencies
-
Protocol profile Types and settings
-
Concept of Persistence
-
Source Address persistence
-
Cookie Persistence
-
SSL termination / Initiation
-
SSL profile Configuration
-
NATs
-
SNATs
-
iRules Concept
-
iRules Events
-
High Availability
-
Failover detection
-
Stateful failover
-
Additional Tools and Resources
-
Documentation for F5 Supports
Big IP F5 Load Balancer (GTM/DNS)
COURSE CONTENT:
-
F5 Product Suite Overview
-
Installation and Initial Access
-
DNS Overview
-
Accelerated DNS Resolutions
-
Intelligent DNS Resolutions
-
LDNS Probes and Metrics
-
Load Balancing - Static, Dynamic, Ratio Based, Persistence etc
-
Monitor concepts and configurations
-
Logs and Event Notifications
-
DNS Sec, Limits and Threshold
-
Synchronization Groups
-
Big IP iHealth
Fortinet - Fortigate Firewall NSE 4
COURSE CONTENT:
-
Basic Security Terminology
-
Introduction to Firewall Technology
-
About Fortinet and Product series
-
Install Fortigate - Vmware, GNS3, EVE-NG
-
Initial Working Lab and Forigate Dashboard
-
Fortigate Interface Concepts
-
VLANS and Zone
-
One Armed Sniffer
-
Redundant Interface ans Aggregate Interfaces
-
Virtual Wire Pair
-
Administrative Access and DNS Server
-
Static Policy Route
-
Static and Default Route
-
Policy Routing
-
Dynamic Routing - RIP, OSPF, BGP and Redistribution
-
Policies , Policy - MAC , Policy - Local User
-
DHCP Server and DHCP Relay
-
Secuirity Profile
-
AV Security , AV Filter and DNS Filter , Application control
-
Intrusion Prevention System , Inspection mode, File Filter Profile , DoS Mode
-
NGFW Modes
-
NAT - Policy Based NAT, SNAT, DNAT
-
Object - Address Object and Service Object
-
High Availability - Active/Passive, Active/Active
-
VDOMs
-
IPSec VPN Concept and Site to Site VPN
-
Site to Site Policy Baed VPN
-
Remote Access VPN
-
Syslog Server and Traffic Shaper
-
Command Line Interface
-
Packet Sniffing and Capture
-
TroubleShooting Fortigate
-
Summary
Palo Alto Firewall (PCNSE)
COURSE CONTENT:
-
Palo Alto Introduction
-
Platforms and Architecture
-
Single Pass Architecture
-
Flow Logic
-
Initial Configuration
-
Initial Access to the System
-
Configuration Management
-
Licensing and Software Updates
-
Account Administration
-
Interface Configuration
-
Security Zones
-
Layer 2, Layer 3, Virtual Wire, and Tap
-
Sub-interfaces
-
DHCP Virtual Routers
-
Security and NAT Policies
-
Security Policy Configuration
-
Policy Administration
-
NAT (source and destination), U-Turn NAT
-
App-ID Overview
-
Application Groups and Filters
-
App-ID: Antivirus • Anti-spyware • Vulnerability • URL Filtering
-
File Blocking: Wildfire • Security Profiles File Blocking • Wildfire
-
Decryption • Certificate Management • Outbound SSL Decryption • Inbound SSL Decryption
-
User-ID
-
Active/Passive High Availability
-
Configuring Active/Passive HA
-
Management & Reporting
-
Panorama Introduction and Overview.
-
Troubleshooting
CISCO ASA Firewall 9.x
COURSE CONTENT:
-
Cisco ASA Firewall Introduction
-
Basic Configuration
-
Interface configuration
-
Security Levels
-
Management [Telnet / SSH]
-
Routing [RIPv2, EIGRP, OSPF, BGP]
-
NAT [Dynamic/Static NAT, Dynamic/Static PAT, Manual NAT]
-
Access Policies
-
Transparent firewall
-
Initialization
-
Access policies
-
Ethertype ACLs
-
Redundancy
-
Redundant Interfaces
-
Port-channels
-
Security Contexts
-
Failover [Active/Standby & Active/Active]
-
Clustering
-
Deep-Packet Inspection using MPF
-
Tuning the global policy
-
Configuring custom L7 policy
-
ASA VPNs
-
Site – To – Site IPSec
-
Site – To – Site – NAT – T
-
Remote access
-
Web VPN
-
AnyConnect
-
Summary
Checkpoint Firewall (CCSA R80.x)
COURSE CONTENT:
-
Overview (Fundamentals and Our Design).
-
Initial Access and Setup.
-
Interfaces (LAN, WAN).
-
Web UI Overview and General Settings.
-
Licensing.
-
Software Upgrade.
-
General Routing.
-
Security Policy Components.
-
Network Objects and Resources.
-
Outgoing NAT using Interface.
-
Static NAT and Firewall Policy.
-
NAT Port Forwarding.
-
Firewall Policy.
-
Applications and URL Filtering.
-
Anti-Virus and Anti-Bot.
-
Intrusion Prevention (IPS).
-
Site-to-Site VPN.
-
User Awareness (Active, Passive).
-
Remote Access.
-
Packet Capture
-
Traffic Monitoring.
-
Guest Services (DHCP, Hotspot).
-
Backup.
-
Dynamic routing.
-
Troubleshooting.