Course Details

Previous Page

SENSS 1.0: Firewall Threat Controls and Basic Cisco ASA Policy Configuration

Target Audience
Expected Duration
Lesson Objectives
Course Number

Firewall systems are the mainstream threat defense method based on network zoning and zone interface points filtering. Firewall systems can provide a set of effective methods to reduce risk to exposed services and business processes by using different traffic filtering approaches and technologies. This course describes firewall systems, and common filtering approaches and technologies that are found inside a firewall system. The Cisco Adaptive Security Appliance5500-X Series Next-Generation Firewalls provides the administrator with a set of access control methods that can tightly control access between security zones in networks. The Cisco ASA is an application-aware, stateful packet filtering firewall, which tracks connections in a connection table. To control which session can enter the connection table, administrators use the most fundamental of Cisco ASA access controls; interface and global access control lists. This course describes the Cisco ASA connection table, and describes how to configure and verify interface and global ACLs. The course also describes how to configure object groups, which can significantly reduce ACL complexity. The course concludes with instructions on troubleshooting ACLs on the Cisco ASA.

Target Audience
Anyone wishing to obtain the Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 certification; one of four designed for the CCNP Security track from Cisco. Knowledge of Cisco Certified Network Associate (CCNA) certification is required and knowledge of Cisco Certified Network Associate (CCNA) Security certification and Knowledge of Microsoft Windows Operating System are helpful. Note: Candidates who have a valid CCNA Routing and Switching certification AND have passed either Securing Cisco Network Devices exams 642-551 or 642-552 can act as a prerequisite valid only through December 31, 2014.


Expected Duration (hours)

Lesson Objectives

SENSS 1.0: Firewall Threat Controls and Basic Cisco ASA Policy Configuration

  • start the course
  • describe firewall threat controls
  • place firewall threat controls into the Cisco modular network architecture design architecture
  • list the firewall filtering technologies available
  • describe stateful packet filtering
  • describe reputation-based filtering and network IPS
  • describe application layer gateways
  • describe how to combine firewall filtering technologies
  • identify the functions of the Cisco ASA connection table
  • examine and administer the connection table
  • examine and administer the local host table
  • describe connection table logging
  • describe the function of Cisco ASA interface access rules
  • identify characteristics of the Cisco ASA default access policy
  • describe how interface access rules can be applied
  • describe characteristics of the Cisco ASDM access rules table
  • identify configuration tasks involved when adding an access rule that allows an internal client to access an external server
  • analyze the Cisco ASDM Access Rules table
  • apply a time-based rule into an existing ruleset
  • identify access control guidelines when implementing interface ACLs
  • describe the characteristics of Cisco ASA global ACLs
  • describe how to configure global access rules
  • verify a global access rule configuration
  • describe the function of Cisco ASA object groups
  • sequence the tasks involved in configuring Cisco ASA object groups
  • list the service groups support by the Cisco ASA
  • use an object group to develop interface access rules
  • verify object groups on the Cisco ASA
  • identify the commands used in troubleshooting an ACL on the Cisco ASA
  • troubleshoot an ACL in a given scenario
  • configure interface and global ACLs on the Cisco ASA
  • Course Number: