Deploying Cisco ASA Firewall Features (FIREWALL)

Learning@Cisco Datasheet

The Deploying Cisco ASA Firewall Features (FIREWALL) v1.0 curriculum includes an instructor-led course presented by Cisco Authorized Learning Partners. This five-day course aims to provide network security engineers with the knowledge and skills needed to implement and maintain Cisco ASA adaptive security appliance-based perimeter solutions using Cisco ASA Software Version 8.2. Students will learn the skills they need to reduce risk to the IT infrastructure and applications using Cisco ASA adaptive security appliance features and to provide detailed operations support for the Cisco ASA adaptive security appliance. This curriculum is part of the official Cisco CCNP Security curriculum and covers the skills that are required for the CCNP Security certification, Cisco ASA specialist certification, and Cisco Firewall Security specialist certification.

Intended Targeted Audiences

The primary audiences for this curriculum are network security engineers within the following: Cisco channel partner organizations Cisco customer organizations Cisco service and support organizations

Curriculum Objectives
Upon completing this curriculum, the learner will be able to meet these overall objectives:

Evaluate the basic technology, features, and hardware models of the Cisco ASA adaptive security appliance product line Implement and maintain the basic Cisco ASA adaptive security appliance connectivity and device management plane features Implement and maintain the data plane access control features of the Cisco ASA adaptive security appliance product family Implement and maintain the Cisco ASA adaptive security appliance features that integrate it with the local and global routing and switching infrastructure Implement and maintain the Cisco ASA adaptive security appliance virtualization and high-availability features Evaluate the Cisco ASA adaptive security appliance Security Services Modules (SSMs) and their major features and then integrate them with the Cisco ASA adaptive security appliance

2011 Cisco and/or its affiliates. All rights reserved.

Deploying Cisco ASA Firewall Features (FIREWALL)

Technical Skills Covered
Students will learn these technical skills:

Learning@Cisco Datasheet

Recommended Prerequisites
Completion of the CCNA Security certification requires the prerequisite exams and recommended courses shown in Table 1. Table 1 Required Exams and Recommended Courses
Required Exams 640-802 or 640-822 & 640-816 Exam Name and Recommended Training

Configuring the Cisco ASA adaptive security appliance using both the Cisco Adaptive Security Device Manager and command-line interface (CLI) Configuring the Cisco ASA adaptive security appliance management features Configuring basic Cisco ASA adaptive security appliance access control Configuring interfaces and static routing on the Cisco ASA adaptive security appliance Tuning basic Cisco ASA adaptive security appliance stateful inspection Configuring Cisco ASA adaptive security appliance advanced application inspections and controls Configuring advanced access controls on the Cisco ASA adaptive security appliance Configuring resource limits and quality of service (QoS) features on the Cisco ASA adaptive security appliance Configuring the Cisco ASA adaptive security appliance user-based policies (cut-through proxy) Configuring the Cisco ASA adaptive security appliance to perform network address translation (NAT) operations Configuring the Cisco ASA adaptive security appliance transparent firewall mode Configuring the Cisco ASA adaptive security appliance active-standby failover Configuring security contexts on the Cisco ASA adaptive security appliance Configuring the Cisco ASA adaptive security appliance active-active failover Integrating the Cisco ASA adaptive security appliance SSMs

CCNA Composite or Interconnecting Cisco Network Devices 1 (ICND1) Interconnecting Cisco Network Devices 2 (ICND2)

640-553

Implementing Cisco IOS Network Security (IINS)

Cisco Firewall Security Specialist

Cisco firewalls are ubiquitous in the world of network security today. Professionals with the skills to design, implement and maintain Cisco firewall solutions using the Cisco ASA adaptive security appliance and zone-based firewall solutions in Cisco routers and switches are in high demand. The Cisco firewall security specialist is a focused certification that validates skills and knowledge in implementing perimeter security solutions using Cisco security appliances. These certified specialists are actively involved in developing secure business solutions and designing and delivering multiple levels of secure access to the network (see Table 2). Table 2 Cisco Firewall Security Specialist Exams
Required Exams 642-617 Exam Name and Recommended Training

Cisco Network Security Engineer Curriculum

This curriculum is part of the recommended preparation for the CCNP Security certification, Cisco ASA Specialist certification, and Cisco Firewall Security Specialist certification.

Deploying Cisco ASA Firewall Solutions (FIREWALL) Securing Networks with Cisco Routers and Switches (SECURE)

642-637

2011 Cisco and/or its affiliates. All rights reserved.

Deploying Cisco ASA Firewall Features (FIREWALL)

Cisco ASA Specialist Certification
The Cisco ASA Specialist certification recognizes security professionals who have attained specialized in-depth expertise and proven knowledge of the recommended best practices in designing, implementing, maintaining, and troubleshooting network security solutions using the Cisco ASA adaptive security appliance technologies. The Cisco ASA adaptive security appliance is a best-of-class security appliance, widely deployed, and in use at leading enterprises and service providers worldwide. The Cisco ASA Security Specialist certification is recognized as the benchmark security product certification for engineers, consultants, and architects who configure advanced Cisco firewalls and virtual private network (VPN) solutions, including advanced access control, advanced application inspections and controls, IP Security (IPsec) remote access VPN, clientless Secure Sockets Layer (SSL) remote access VPN, Cisco AnyConnect full-tunnel SSL remote-access VPN, IPsec site-to-site VPNs, high availability, and failover features (see Table 3). Table 3 Cisco ASA Specialist Exams
Required Exam 642-617 Exam Name and Recommended Training

Learning@Cisco Datasheet

Table 4 CCNP Security Exams

Required Exams 642-637 Exam Name and Recommended Training

Securing Networks with Cisco Routers and Switches (SECURE) Implementing Cisco Intrusion Prevention System (IPS) Deploying Cisco ASA Firewall Solutions (FIREWALL) Deploying Cisco ASA VPN Solutions (VPN)

642-627

642-617

642-647

Course Specifications
Table 5 shows the details of the Deploying Cisco ASA Firewall Features (FIREWALL) v1.0 course. Table 5 Deploying Cisco ASA Firewall Features (FIREWALL) v1.0 Course Details
Course name Short identifier Associated certifications Deploying Cisco ASA Firewall Features FIREWALL CCNP Security, Cisco ASA Security Specialist certifications, Cisco Firewall Security Specialist certifications 642-617 Deploying Cisco ASA Firewall Features (FIREWALL), 120 minutes; available at all worldwide Pearson VUE testing centers 5 days (classroom or virtual classroom) Cisco Authorized Learning Partners worldwide 10 individual labs

Deploying Cisco ASA Firewall Solutions (FIREWALL) Deploying Cisco ASA VPN Solutions (VPN)

642-647

CCNP Security Certification

The CCNP Security Program is a three-year certification program intended to recognize the Cisco network security engineers who have the necessary skills to test, deploy, configure, maintain, and troubleshoot Cisco network security appliances and Cisco IOS Software devices that establish the security posture of the network. Prior to attempting the CCNP Security certification or any of its associated specialist certifications, it is required that an individual has met the requirements for the Cisco CCNA Security certification and has at least one to three years of experience in the field of network security (see Table 4).

Associated exam

Duration Delivered by

Lab exercises

2011 Cisco and/or its affiliates. All rights reserved.

Features and Benefits of Cisco Authored Professional Curriculum

Subject matter experts around the world develop authored Cisco training from Cisco employee, partner, and customer organizations to align to the specific job tasks of professional-level network engineers who use current Cisco products and solutions. Cisco Authorized Learning Partners deliver authored Cisco curriculum utilizing certified instructors with a blend of lectures, labs, selfpaced lessons, and assessments (see Table 6). Table 6 Cisco Authored Professional Curriculum
Primary Features Customer-centered design Primary Benefits Input from Cisco employees, customers, and partners confirms relevancy Curriculum aligns to specific tasks of network engineers Mix of classroom and self-paced lessons offers flexibility Hands-on practice strengthens skills

you will gain the knowledge and expertise that you need to be successful in todays competitive IT business environment. Cisco Learning Partners offer a comprehensive set of training resources, from instructor-led courses to remote-access labs and e-learning solutions to improve your technology expertise. Other benefits include the following:

Learning skills on the latest Cisco products and software: Authorized learning partners expose students to the latest revisions and newest products to help accelerate their skills for years to come. Consistent expertise: Certified Cisco instructors assure students and businesses the same level of expertise, quality, and service from one class to the next. Updated training: Cisco Authorized Learning Partners are aware of the latest product and technology updates, exam changes, and teaching methods. High student satisfaction: Cisco Authorized Learning Partners are required to maintain a high level of satisfaction ratings.

Job role focus

Blended learning curriculum Extensive lab exercises End-of-module assessments Worldwide availability Cisco Authorized Learning Partners Aligned to certification

Review reinforces learning objectives Consistent curriculum in all regions

Certified instructors deliver Cisco approved content Establishes structured professional development and industry recognition of skills and knowledge Assurance of latest technologies, knowledge, skills, and best practices of Cisco solutions and architectures

Additionally, Cisco Learning Partners accept Cisco learning credits to cover fees for the Cisco security training curriculum. For more information and to check if these credits are available in your country, visit www.cisco.com/go/learningcredits.

Learn More
For more information or to register for this program, visit http://www.ciscolearningnetwork.com

Current Cisco solutions and architectures

Accept Only the Best

Only Cisco Authorized Learning Partners deliver the official Cisco security curriculum. Authorized training ensures that