Cisco Firepower with Firepower Threat Defense

Session Detail:    Virtual 5 Day

Intense hands-on Firepower Advanced 6.3 Administration course.

About this Course

5-day Firepower Advanced Administration Class Includes:

  • ASA with Firepower 6.3
  • Firepower Threat Defense (FTD)
  • Advanced Malware Protection (AMP)
  • Identify Services Engine (ISE) with PxGrid

Intense hands-on Firepower Advanced 6.3 Administration course.

  • This class is intense; no experience necessary!
  • Receive your own pod with no sharing!
  • Each pod has an ASA with Firepower, FTD, network and end-node AMP labs, integration with ISE/PxGrid, and more!
  • More than 65 Intense Hands-on labs with detailed instruction!
  • Learn with high-end equipment and the latest 6.3 code
  • Firepower Management Center (FMC) 6.3
  • ASA with FirePOWER! Migrate to FTD Device!
  • Experience the new Firepower Threat Defense (FTD)
  • Advanced Malware Protection (AMP)
  • Integrated Services Engine (ISE)

At Course Completion

Upon completion of this course, you should be able to:

  • Understand Sourcefire, Firepower 6.3, FireAMP, and Firepower Threat Defense (FTD)
  • Install Firepower on a Cisco ASA
  • Install and Configure the Firepower (SFR) Services Modules and the Firepower Management Center (FMC)
  • Raise your confidence managing the Firepower Manager and Firepower Threat Defense (FTD)
  • Describe the Cisco Firepower systems infrastructure
  • Navigate the user interface and administrative features of the Cisco Firepower 6.3 system, including advanced analysis and reporting functionality to properly assess threats
  • Describe how to deploy and manage Firepower modules in ASA’s, Meriaki firewalls, ISRG2 routers and Cisco appliances
  • Describe the System Configuration and Health policies and implement them
  • Describe the role Network Discovery (Firepower) technology plays in the Cisco devices
  • Describe, create, and implement objects for use in Access Control policies
  • Create DNS and URL policies and configure Sinkholes
  • Describe advanced policy configuration and Firepower system configuration options
  • Configure Malware Policies to find and stop Malware
  • Understand Security Intelligence, and how to configure SI to stop attacks NOW!
  • Configure policies to find and stop Ransomware
  • Understand how to fine tune IPS polices
  • Understand how to fine tune Snort Preprocessor polices (NAP)
  • Configure Correlation events, white rules, traffic profiles and create respective events and remediate them
  • Analyze events
  • Create reporting templates and schedule them
  • Configure backups, rule updates, Firepower Recommendations, URL updates, and more to run every week automatically
  • Set up external authentication for users using LDAP, AD and the Sourcefire User Agent (SFUA)
  • Configuring system integration, realms, and identity sources
  • Understand network and host based AMP
  • Configure and analyze host based AMP
  • Understand Cisco Identity Services Engine (ISE)
  • Configure ISE and integrate with Cisco FMC identity policy
  • Migrate your ASA to an FTD box! No other class provides these labs!

Session Outline

Class Outline

Module 1: Introduction: Firepower Overview

  • What is Sourcefire/Firepower, Firepower Management Center (FMC) and Firepower Threat Defense (FTD)?
  • 5.4/6.0/6.2/6.3 code, and Firepower Threat Defense (FTD)
  • Cisco 2100/4100 and 9300 appliances
  • Sourcefire Appliances, ASA’s, ISR routers and Meraki systems with Firepower modules.
  • How to install the FP module on a Cisco ASA
  • Firepower policies and how to upgrade or migrate to Firepower 6.3

Module 2: Understanding managed devices and the FMC

  • Configure an ASA to be managed by a Firepower Management Center (FMC)
  • Configure a class-map and service-policy to send packets to the Firepower module
  • Configure fail-open, fail-closed or monitor-only modes
  • Add your managed devices into the FMC and configure the advanced features such as Application bypass, Interfaces, inline mode, Licensing and more.
  • Understand all features; configure your System Configuration Policy, set the NTP time for your network, configure SNMP management and ACL’s, as well as external authentication, and setup an email relay. Deploy and verify.
  • Understand all possible features; configure your Health Policy, Health monitoring, setting up health email alerts and send troubleshooting files to Cisco TAC
  • Create an Application Bypass policy using a Health Alert to email you if a snort policy takes more than 3 seconds to determine alert, drop or pass on a rule
  • Hands-on Lab 1: Lab layout and logging into your equipment
  • Hands-on Lab 2: Configuring your managed device to associate to a Firepower Management Center (FMC)
  • Hands-on Lab 3: Logging into the FMC
  • Hands-on Lab 4: Adding a managed device to the FMC and configuring licensing and Application Bypass

Module 3: Configuring and applying the System Configuration

  • Understand what these policies are used for and the parameters
  • Configuring and applying the policies to your managed device
  • Hands-on Lab 5: Platform Settings. Creating a System policy and applying it to the managed device

Module 4: Configuring and applying Health Polices

  • Hands-on Lab 6: Creating a Health policy and applying it to the managed device
  • Hands-on Lab 7: Viewing Health information

Module 5: Creating Objects

  • Demonstration of what Objects are and how to create them
  • When to use Objects in an Access Control Policy
  • Configuring your Network objects and groups
  • Configuring your Security Intelligence IP feeds
  • Configuring your Security Intelligence URL feeds
  • Configuring Application risks
  • Configuring your Variable Set
  • Configuring Country objects
  • DNS Sinkholes
  • Hands-on Lab 8: Creating FTD Objects

Module 6: Module Malware/File Policy

  • How does a managed device and FMC handle malware?
  • What happens to packets when Firepower is determining file disposition?
  • What is a File Policy?
  • Creating a File/Malware Policy
  • Understanding the Advanced Tab and how to inspect archives
  • Sending hashes to the AMP cloud
  • Sending files to Talos for dynamic analysis
  • Hands-on Lab 9: Creating and implementing a Malware/File Policy

Module 7: IPS policies

  • Understanding layers
  • Finding IPS rules and understanding their documentation
  • Changing rule states
  • Thresholding and Dynamic State
  • Tuning IPS rules
  • Creating an IPS policy
  • Hands-on Lab 10: Creating an IPS Policy

Module 8: Access control Policies

  • What is the purpose of the ACP?
  • Choose your managed object targets
  • Understand Security Intelligence and configure feeds from your object list for both IP and URL
  • Add your White List objects
  • Understand HTTP Responses and how to customize them
  • Understand the Advanced Tab and how to add a Passive Identity, Network Access Policy, and advanced pre-processor settings
  • Understand how to create an allow, block, and interactive block rules
  • Set your default action and monitor your ACP
  • Add your Malware Policy to your AC
  • Add your IPS policy to your ACP
  • Hands-on Lab 11: Creating an Access control policy and adding your File and IPS policies
  • Hands-on Lab 12: Testing the rules in the ACP and verifying your URL filter, AMP and IPS policy
  • Hands-on Lab 13: Introduction to Analyzing your connection events
  • Hands-on Lab 14: Introduction to Analyzing Snort events

Module 9: Identity Policy

  • What is active and passive integration?
  • Setting up your FMC to talk to LDAP/AD
  • LDAP/AD and SFUA Configuration
  • Configuring an Integration policy
  • Hands-on Lab 15: Setting up LDAP and the SFUA
  • Hands-on Lab 16: Creating a Passive Identity policy

Module 10: Network Discovery Policy (Firepower)

  • Configuring the Network Discovery policy
  • Applying Firepower Recommendation in an IPS Rule
  • Hands-on Lab 17: Configuring a Discovery Policy and applying it to your managed device
  • Hands-on Lab 18: Configuring LDAP and the Sourcefire User Agent (SFUA)
  • Hands-on Lab 19: Setting up Firepower Recommended Rules
  • Hands-on Lab 20: Viewing Connection Events
  • Hands-on Lab 21: Viewing the Firepower discovered Network Map
  • Hands-on Lab 22: Creating Host Attributes

Module 11: DNS Policies

  • What is the DNS filter?
  • How to configure and apply the DNS filter
  • Configuring and applying a Sink Hole
  • Hands-on Lab 23: Configuring a URL Filter
  • Hands-on Lab 24: Configuring a DNS Filter
  • Hands-on Lab 25: Configuring and verifying a DNS Sink hole

Module 12: User Management

  • Understanding user management
  • Understanding user pre-configured roles
  • Configuring a unique role
  • Configuring internal users
  • Escalating user privileges
  • Configuring external users
  • Hands-on Lab 26: Configuring a user in the local database
  • Hands-on Lab 27: Configuring Permission Escalation
  • Hands-on Lab 28: Configuring external user authentication

Module 13: Intrusion Event Analysis

  • Context Explorer
  • Dashboard
  • Connection events
  • Switch workflows
  • IPS events
  • Malware Events
  • Malware Event trajectory
  • Hands-on Lab 29: Intrusion Event Analysis
  • Hands-on Lab 30: Firepower Analysis

Module 14: Reporting and Task Management

  • What is reporting?
  • Understanding Templates
  • Creating templates
  • Generating reports
  • Scheduling reports, backups, URL updates, Firepower recommendations and more!
  • Hands-on Lab 31: Creating multiple custom reports and scheduling the reports

Module 15: Snort Preprocessors

  • What are preprocessors?
  • Configure Microsoft DCE/RPC preprocessors
  • Configuring HTTP Layer preprocessors
  • Configuring Application layer preprocessors
  • Configuring Transport/Network layer preprocessors
  • Configuring Port Scanning prepocessors
  • Hands-on Lab 32: Modifying the HTTP Configuration Preprocessor
  • Hands-on Lab 33: Enabling Inline Normalization and Adaptive Profiles
  • Hands-on Lab 34: Demonstrate the Validation of Preprocess Setting on Policy Commit

Module 16: Correlation policies/White Lists/Traffic Profiles

  • What is a Correlation policy?
  • Why use a Correlation policy?
  • Configuring Rules
  • Applying rules to the Correlation policy and setting alerts
  • Applying rules to the Correlation policy and configuring remediation modules
  • What is a White List?
  • Configuring White Lists
  • Applying White Lists to a rule and correlation policy
  • What is a traffic profile?
  • Applying Traffic profiles to a rule and correlation policy and setting alerts and remediation modules
  • Hands-on Lab 35: Create and implement a Correlation rule, White List and Traffic Profiles

Module 17: Review Lab!

  • Hands-on Lab 36: 4 Firepower/FTD review lab

Module 18: Advanced Malware Protection (AMP) for endpoints

  • Global Threat Intelligence
  • File Signatures, AMP threat Grid Sandboxing
  • Dynamic Analysis
  • Hands-on Lab 37: AMP end points browser based management console
  • Hands-on Lab 38: Analyzing using trajectory and file analysis
  • Hands-on Lab 39: Pushing out policies to users

Module 19: Integrated Services Engine (ISE)

  • Single policy control point for the entire network
  • Cisco TrustSec
  • PxGrid
  • Cisco rapid threat containment
  • Hands-on Lab 40: Firepower and ISE integration
  • Hands-on Lab 41: Using ISE with ASA Tacacs+ authentication
  • Hands-on Lab 42: Using ISE for Radius FMC authentication

Module 20: Firepower Threat Defense

  • What is FTD?
  • Migrating an ASA to a FTD device
  • Adding an FTD device to an FMC
  • Configuring a FTD interface, ACL’s and more
  • Lab 43: Bringing your FTD device into the FMC
  • Lab 44: Interfaces and inline sets
  • Lab 45: Configuring an ACP with FTD
  • Lab 46: Configuring Pre-filters
  • Lab 47: Configuring Flexconfig
  • Lab 48: Configuring NAT
  • Lab 49: Configuring Objects
  • Lab 50: Configuring Routing
  • Lab 51: Configuring Anyconnect

Module 21: Captive Portal (Active Identity)

  • What is an active idenity? (compared to passive)
  • When to you a captive portal?
  • Change to active identity policy
  • Create certificates and test having guest’s login
  • Lab 52: Creating certificates
  • Lab 53: Creating a new Identity Policy
  • Lab 54: Creating an Active Identity Policy and testing

Module 22: Final LAB!

  • Lab 55: Configure an ASA for FirePOWER services
  • Lab 56: Configure a FMC
  • Lab 57: Add your ASA into the FMC
  • Lab 58: Configure your ACP, File, IPS and Security Intelligence
  • Lab 59: Configure your Passive and Active Identity Policies
  • Lab 60: Configure your Realms
  • Lab 61: Configure your Network Analysis Policy (NAP)
  • Lab 62: Configure your Correlation Policy
  • Lab 63: Configure your DNS Policy and Sinkholes
  • Lab 64: Migrate your ASA to FTD
  • Lab 65: Perform your FTD Policy labs
  • Lab 66: Add ISE and PxGrid to your FMC
  • Lab 67: Configure host based AMP

Need to train your team?

All of our sessions can be customized to meet your team’s specific need. Build the perfect program by picking and choosing topics from any of the courses in our catalog. A personalized private session gives you the ultimate flexibility and helps maximize your team’s valuable time!

Requesting Team Training
DateTimeTypePriceAdd To Cart

Cisco Firepower with Firepower Threat Defense

5 Day


Chat with a Coach

Chat with a Coach

Have a more immediate need? Why spend the next hour searching online for answers when you can spend just 15 minutes with one of our experts and get accurate and personalized answers to all of your questions. 

$9.99 | 15 Minutes

Book Now