© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Cisco Secure PIX Firewall Advanced 3.1
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 1 Course Introduction
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Course Objectives Upon completion of this course, you will be able to perform the following tasks: Identify PIX Firewall features, models, components, and benefits. Configure the PIX Firewall to statically and dynamically translate IP addresses. Configure the PIX Firewall to control inbound and outbound traffic. Configure object groups to simplify ACL configuration. Configure the PIX Firewall to send messages to a Syslog server. Explain the routing functionality of the PIX Firewall. Configure content filtering on the PIX Firewall.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Course Objectives (cont.) Configure the PIX Firewall as a DHCP client. Configure special protocol handling on the PIX Firewall. Configure AAA on the PIX Firewall. Configure failover on the PIX Firewall. Configure the PIX Firewalls IDS feature set. Configure a site-to-site VPN using the PIX Firewall. Configure a VPN Client-to-PIX Firewall VPN. Perform password recovery on the PIX Firewall. Upgrade PIX Firewall software images. Explain how to perform a PIX Firewall activation key upgrade.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Course Objectives (cont.) Configure command authorization. Configure the PIX Firewall to send traps to an SNMP Network Management Station. Configure the PIX Firewall to permit SNMP traffic. Configure a secure connection to the PIX Firewall using SSH. Install the PIX Device Manager and use it to configure the PIX Firewall. Use the PIX Device Manager to monitor the PIX Firewall.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Course Objectives (cont.) Install the PIX Management Center and use it to configure the PIX Firewall. Install the Auto Update Server and use it to update the PIX Firewall image and configuration. Explain the similarities and differences between the PIX Firewall and the Catalyst 6500 Firewall Services Module. Configure the Firewall Services Module to control inbound and outbound traffic.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Course Agenda Day 1 Chapter 1Course Introduction Chapter 2Network Security and Cisco Chapter 3Cisco PIX Firewall Technology and Features Chapter 4The Cisco PIX Firewall Family Lunch Chapter 5Getting Started with the Cisco PIX Firewall Chapter 6Translations and Connections Day 2 Chapter 7Access Control Lists and Content Filtering Chapter 8Object Grouping Lunch Chapter 9Routing
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Course Agenda (cont.) Day 3 Chapter 10Advanced Protocol Handling Chapter 11 Attack Guards, Intrusion Detection, and Shunning Lunch Chapter 12Authentication, Authorization, and Accounting Chapter 13Failover Day 4 Chapter 14Virtual Private Networks Lunch Chapter 15System Maintenance Chapter 16Cisco PIX Device Manager
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Course Agenda (cont.) Day 5 Chapter 17Enterprise PIX Firewall Management Chapter 18Enterprise PIX Firewall Maintenance Lunch Chapter 19Firewall Services Module
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Participant Responsibilities Student responsibilities Complete prerequisites Participate in lab exercises Ask questions Provide feedback
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA General Administration Class-related Sign-in sheet Length and times Break and lunch room locations Attire Facilities-related Participant materials Site emergency procedures Restrooms Telephones/faxes
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Graphic Symbols Ethernet link Router Cisco PIX Firewall PC Server Internet
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Participant Introductions Your name Your company Pre-req skills Brief history Objective
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Cisco Security Career Certifications Expand Your Professional Options and Advance Your Career Cisco Certified Security Professional (CCSP) Certification Expert Professional CCIE CCSP CCNA Associate Professional-level recognition in designing and implementing Cisco security solutions Recommended Training through Cisco Learning Partners Required Exam 9E0-571 or 9E0-111 Cisco Secure PIX Firewall Advanced 2.1 Cisco Secure PIX Firewall Advanced 3.0 9E0-570 or 9E0-121 Cisco Secure Virtual Private Networks 2.0 Cisco Secure Virtual Private Networks or Managing Cisco Network Security 2.0 Managing Cisco Network Security 3.0 9E0-572 or 9E0-100 Cisco Secure Intrusion Detection System 2.1 Cisco Secure Intrusion Detection System 3.0 9E0-131 Cisco SAFE Implementation 1.0 Network Security
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Cisco Security Career Certifications Enhance Your Cisco Certifications and Validate Your Areas of Expertise Cisco Firewall, VPN, and IDS Specialists Recommended Training through Cisco Learning Partners Required Exam Managing Cisco Network Security 3.0 9E0-111 Cisco Secure PIX Firewall Advanced 3.0 Recommended Training through Cisco Learning Partners Required Exam Managing Cisco Network Security 3.0 9E0-121 Cisco Secure Virtual Private Networks 3.0 Recommended Training through Cisco Learning Partners Required Exam Managing Cisco Network Security 3.0 9E0-100 Cisco Secure Intrusion Detection System 3.0 Cisco Firewall Specialist Cisco VPN Specialist Cisco IDS Specialist Pre-requisite: Valid CCNA certification
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Lab Topology Overview
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Q P.0 CSPFA Lab Visual Objective.2.1 Student PC PIX Firewall Remote: 10.1.P.11 Local: 10.0.P.11 Remote: 10.1.Q.11 Local: 10.0.Q P Q.0 RTS.100 RTS.100 Pods 1–5 Pods 6– Web and FTP RBB PIX Firewall Student PC Web, FTP, and Cisco Secure ACS Web and Cisco Secure ACS bastionhost: Web and FTP Q P Web and Cisco Secure ACS Web, FTP, and Cisco Secure ACS bastionhost: Web and FTP
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Q Q P P Q.0 CSPFA Failover Lab Visual Objective P Failover cable Primary PIX Firewall.1 Secondary PIX Firewall 10.0.P Q.0 RTS.100 RTS.100 Pods 1–5 Pods 6– RBB Web and FTP Web and Cisco Secure ACS Failover cable Web FTP Web FTP Secondary PIX Firewall Student PC Primary PIX Firewall Remote: 10.1.Q.11 Local: 10.0.Q.11 Remote: 10.1.P.11 Local: 10.0.P.11 Web and Cisco Secure ACS Web, FTP, and Cisco Secure ACS
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA CSPFA Client-to-LAN Lab Visual Objective P.0 Student PC VPN Client.1 Remote: P Local: P 10.0.P.0 RTS.2.1 PIX Firewall.150 Web and Cisco Secure ACS RBB