© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Cisco Secure PIX Firewall Advanced 3.2
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 1 Course Introduction
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Course Objectives Upon completion of this course, you will be able to perform the following tasks: Describe PIX Firewall technology and features. Describe PIX Firewall models, option cards, and licenses. Configure the PIX Firewall to statically and dynamically translate IP addresses. Configure the PIX Firewall to control inbound and outbound traffic. Configure object groups to simplify ACL configuration.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Course Objectives (Cont.) Configure the PIX Firewall to send messages to a Syslog server. Explain the routing functionality of the PIX Firewall. Configure content filtering on the PIX Firewall. Configure the PIX Firewall as a DHCP client. Configure advanced protocol handling on the PIX Firewall. Configure AAA on the PIX Firewall. Configure stateful failover on the PIX Firewall. Configure the PIX Firewalls IDS feature set. Configure a site-to-site VPN using the PIX Firewall.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Course Objectives (Cont.) Configure a VPN Client-to-PIX Firewall VPN. Configure PIX Firewall Easy VPN Remote. Perform password recovery on the PIX Firewall. Upgrade PIX Firewall software images. Perform a PIX Firewall activation key upgrade. Configure command authorization. Configure the PIX Firewall to send traps to a SNMP Network Management Station. Configure the PIX Firewall to permit SNMP traffic.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Course Objectives (Cont.) Configure a secure connection to the PIX Firewall using SSH. Install the PIX Device Manager and use it to configure the PIX Firewall. Use the PIX Device Manager to monitor the PIX Firewall. Install the Firewall Management Center and use it to configure the PIX Firewall.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Course Agenda Day 1 Lesson 1Course Introduction Lesson 2Security Fundamentals Lesson 3Cisco PIX Firewall Technology and Features Lunch Lesson 4The Cisco PIX Firewall Family Lesson 5Getting Started with the Cisco PIX Firewall Day 2 Lesson 6InsideTranslations and Connections Lesson 7Access Control Lists and Content Filtering Lunch Lesson 8Object Grouping Lesson 9Advanced Protocol Handling
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Course Agenda (Cont.) Day 3 Lesson 10Attack Guards, Intrusion Detection, and Shunning Lesson 11Authentication, Authorization, and Accounting Lunch Lesson 12Failover Lesson 13Switching and Routing Day 4 Lesson 14Virtual Private Networks Lesson 15Configuring PIX Firewall Remote Access Using Cisco Easy VPN Lunch Lesson 16Easy VPN RemoteSmall Office/Home Office Lesson 17System Maintenance
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Course Agenda (Cont.) Day 5 Lesson 18Cisco PIX Device Manager Lesson 19Enterprise PIX Firewall Management Center Lunch Lesson 20Enterprise PIX Firewall Auto Update Server Lesson 21Firewall Services Module
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Participant Responsibilities Student responsibilities Complete prerequisites Participate in lab exercises Ask questions Provide feedback
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA General Administration Class-related Sign-in sheet Length and times Break and lunch room locations Attire Facilities-related Participant materials Site emergency procedures Restrooms Telephones/faxes
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Graphic Symbols IOS Router PIX Firewall VPN 3000IDS SensorCatalyst 6500 w/ IDS Module IOS Firewall Network Access Server Policy Manager CA Server PCLaptopServer Web, FTP, etc. Modem Ethernet Link VPN Tunnel Hub Network Cloud
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Participant Introductions Your name Your company Prerequisite skills Brief history Objective
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Cisco Security Career Certifications Expand Your Professional Options and Advance Your Career Cisco Certified Security Professional (CCSP) Certification Expert Professional CCIE CCSP CCNA Associate Professional-level recognition in designing and implementing Cisco security solutions Recommended Training through Cisco Learning Partners Required Exam Cisco SAFE Implementation Network Security Securing Cisco IOS Networks Cisco Secure Virtual Private Networks Cisco Secure Intrusion Detection System Cisco Secure PIX Firewall Advanced
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Cisco Security Career Certifications Enhance Your Cisco Certifications and Validate Your Areas of Expertise Cisco Firewall, VPN, and IDS Specialists Recommended Training through Cisco Learning Partners Required Exam Securing Cisco IOS Networks Cisco Secure PIX Firewall Advanced Recommended Training through Cisco Learning Partners Required Exam Securing Cisco IOS Networks Cisco Secure Virtual Private Networks Recommended Training through Cisco Learning Partners Required Exam Securing Cisco IOS Networks Cisco Secure Intrusion Detection System Cisco Firewall Specialist Cisco VPN Specialist Cisco IDS Specialist Pre-requisite: Valid CCNA certification
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lab Topology Overview
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Q P.0 CSPFA Lab Visual Objective.2.1 Student PC PIX Firewall Local: 10.0.P.11 Local: 10.0.Q P Q.0 RTS.100 RTS.100 Pods 1–5 Pods 6– Web and FTP RBB PIX Firewall Student PC Web, FTP, and Cisco Secure ACS Web and Cisco Secure ACS bastionhost: Web and FTP Q P Web and Cisco Secure ACS Web, FTP, and Cisco Secure ACS bastionhost: Web and FTP
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Q Q P P Q.0 CSPFA Failover Lab Visual Objective P Failover Primary PIX Firewall.1 Secondary PIX Firewall 10.0.P Q.0 RTS.100 RTS.100 Pods 1–5 Pods 6– RBB Web and FTP Web and Cisco Secure ACS Failover Web FTP Web FTP Secondary PIX Firewall Student PC Primary PIX Firewall Local: 10.0.Q.11Local: 10.0.P.11 Web and Cisco Secure ACS Web, FTP, and Cisco Secure ACS
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA CSPFA Client-to-LAN Lab Visual Objective P.0 Student PC VPN Client.1 Local: P 10.0.P.0 RTS.2.1 PIX Firewall.150 Web and Cisco Secure ACS RBB