Deploying Cisco ASA Firewall Solutions (FIREWALL 642-617)

Introduction:

CCNP Security Firewall 642-617 Official Cert Guide is a comprehensive self-study tool for preparing for the Firewall exam. This book teaches you how to implement and maintain Cisco ASA-based perimeter solutions. Successful candidates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA features, and provide detailed operations support for the Cisco ASA. Complete coverage of all exam topics as posted on the exam topic blueprint ensures you will arrive at a thorough understanding of what you need to master to succeed on the exam. The book follows a logical...

Chapter 1 : Cisco ASA Adaptive Security Appliance Overview

This chapter covers the following topics:

• Firewall Overview -- This section provides an overview of protecting networks by establishing security domains and positioning firewalls to protect them

• Firewall Techniques -- In this section, various firewall and network security methods are described.
• Cisco ASA Features -- This section covers the long list of security features that a Cisco ASA can provide.
• Selecting a Cisco ASA Model -- This section presents an overview and specifications of each ASA model so that the appropriate device can be selected.
• Selecting ASA Licenses -- Once an ASA model is selected to secure a network, it must be licensed to perform everything that is required. This section explains ASA licenses and how to select them.

Chapter 2: Working with a Cisco ASA
This chapter covers the following topics:
• Using the CLI -- This section describes the ASA command line interface and how you
can use it to configure and display information about an ASA device.
• Understanding the Factory Default Configuration -- Every ASA comes with a factory
default or preinstalled initial configuration. This section explains the initial configuration
and how it bootstraps an ASA so you can connect and make configuration changes.
• Working with Configuration Files -- This section describes the startup and running configurations that an ASA uses as it boots up and runs.
• Working with the ASA File System -- This section covers the non-volatile Flash file
system that an ASA uses to store configuration, image, and other types of files.
• Reloading an ASA -- This section describes the ASA bootup sequence, how you can make
an ASA reload, and how you can upgrade the operating system image during a reload.

Chapter 3: Configuring ASA Interfaces
This chapter covers the following topics:
Configuring Physical Interfaces
Configuring VLAN Interfaces
Configuring Interface Security Parameters
Configuring Interface MTU
Verifying Interface Operation
• Firewall Overview-- This section provides an overview of protecting networks by establishing security domains and positioning firewalls to protect them

Chapter 4: Configuring IP Connectivity
This chapter covers the following topics:
• Deploying DHCP Services -- This section covers how an ASA can operate as a DHCP
server and a DHCP relay. These functions support dynamic addressing for protected hosts,
either by the ASA or by an external dedicated DHCP server.
• Using Routing Information -- This section presents an overview of the various sources
of routing information and how an ASA can use them.
• Configuring Static Routing -- This section covers manual configuration of static routes,
as well as static route tracking, which can make static routes respond to changing conditions.
• Routing with RIPv2 -- This section covers the Routing Information Protocol (RIP) version 2 dynamic routing protocol.
• Routing with EIGRP -- This section covers the Enhanced Interior Gateway Routing Protocol (EIGRP) and how it can provide an ASA with dynamic routing information.
• Routing with OSPF -- This section covers the Open Shortest Path First (OSPF) dynamic
routing protocol and how an ASA can interact with other OSPF routers.
• Verifying the Routing Table -- This section provides an overview of some tools you can
use to verify the information in an ASA’s routing table and the relationship with neighboring routers.

Chapter 5: Managing a Cisco ASA
This chapter covers the following subjects:
• Basic Device Settings: This section describes configuration of basic device settings, such
as hostname, domain, enable password, and Telnet password.
• Name-to-Address Mappings: This section describes configuration of local name-to-address mappings, as well as configuring a DNS server group.
• File System Management: This section describes how to manage the file system in flash
memory on an ASA, including where the ASA keeps its configuration, system software,
and auxiliary files.
• Managing Software and Feature Activation: This section describes how to manage the
activation of features within the operating system of the ASA, and also changing the activation key of the security appliance.
• Remote Device Management: This section describes how to configure the ASA for remote management, using Telnet, Secure Shell (SSH), dedicated out-of-band interface, or
HTTPS using ASDM.
• Controlling Management Access with AAA: This section describes how to configure the
ASA to perform Authentication, Authorization, and Accounting, using the local database.

Chapter 6: Recording ASA Activity

Chapter 7: Using Address Translation

Chapter 8: Controlling Access through the ASA.

Chapter 9: Inspecting Traffic with the ASA.

Chapter 10: Using Proxy Services to Control Access.

Chapter 11: Handling Traffic

Chapter 12: Creating Virtual Firewalls with the ASA.

Chapter 13: Deploying High Availability Features

Chapter 14: Integrating ASA Service Modules

642-617 Deploying Cisco ASA Firewall Solutions Exam Topics (Blueprint)

Exam Description

The 642-617 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0) exam is associated with the CCSP, CCNP Security and Cisco Firewall Specialist certifications. This exam tests a candidate's knowledge and skills needed to implement and maintain Cisco ASA-based perimeter solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA features, and provide detailed operations support for the Cisco ASA. Candidates can prepare for this exam by taking the Deploying Cisco ASA Firewall Solutions course.

Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Pre-Production Design

• Choose ASA Perimeter Security technologies/features to implement HLD based on given security requirements
• Choose the correct ASA model to implement HLD based on given performance requirements
  
• Create and test initial ASA appliance configurations using CLI
  
• Determine which ASA licenses will be required based on given requirements
  

Complex Operations Support

• Optimize ASA Perimeter Security features performance, functions, and configurations

• Create complex ASA security perimeter policies such as ACLs, NAT/PAT, L3/L4/L7 stateful inspections, QoS policies, cut-thru proxy, threat detection, botnet detection/filter using CLI and/or ASDM

• Perform initial setup on the AIP-SSM and CSC-SSM using CLI and/or ASDM

• Configure, verify and troubleshoot High Availability ASAs (A/S and A/A FO) operations using CLI and/or ASDM

• Configure, verify and troubleshoot static routing and dynamic routing protocols on the ASA using CLI and/or ASDM

• Configure, verify and troubleshoot ASA transparent firewall operations using CLI

• Configure, verify and troubleshoot management access/protocols on the ASA using CLI and/or ASDM

Describe Advanced Troubleshooting

• Advanced ASA security perimeter configuraiton/software/hardware troubleshooting using CLI and/or ASD fault finding and repairing