-
-
This workshop serves as preparation for the CCIE Security Lab exam. It provides the participants with an understanding of the topics listed below at the level of a CCIE. The course consists of numerous practical exercises and can extend into the evening.
-
Course Contents
-
Firewalls - ASA
- Basic Configuration
- Transparent firewall
- Redundancy
Firewalls - Zone-Based - Basic Configuration
Firewalls – Firepower Threat Defense (FTD) - Basic Configuration
- Transparent firewall
- Redundancy
- Advanced Features
Virtual Private Networks (VPN) - Basic VPNs
- Advanced VPNs
- IKEv2 VPns
- FLEX VPN
- ASA VPNs
Content Filtering using WSA & ESA - WSA
- ESA
Router / Switch Security - Router Security
- Switch security
Basic Wireless LAN Configuration - Configuring the base network
- WLC configuration
Identity Management using ISE - Wired ISE
- Wireless ISE
- Device administration
- Router/Switch Authentication
- Router/Switch Exec & Command authorization
- Router/Switch Accounting
Basic Python scripts - Basic Python Scripting
- Data Encoding Formats
-
Target Group
-
This course is designed for those who want to prepare intensively for the practical CCIE® Security exam at Cisco.
-
Knowledge Prerequisites
-
Participants should have the knowledge of a CCNP Security and have successfully completed the exam for the course SCOR - Implementing and Operating Cisco Security Core Technologies (in planning). CCIE candidates should have five to seven years of experience in implementing security solutions before the exam.
-
| Firewalls - ASA |
| • Basic Configuration |
| • Interface configuration |
| • Security Levels |
| • Management [Telnet / SSH] |
| • Routing [RIPv2, EIGRP, OSPF, BGP] |
| • NAT [Dynamic/Static NAT, Dynamic/Static PAT, Manual NAT] |
| • Access Policies |
| • Transparent firewall |
| • Initialization |
| • Access policies |
| • Ethertype ACLs |
| • Redundancy |
| • Redundant Interfaces |
| • Port-channels |
| • Security Contexts |
| • Failover [Active/Standby & Active/Active] |
| • Clustering [Spanned mode / Individual Interface mode] |
| Firewalls - Zone-Based |
| • Basic Configuration |
| • Configuring Zones |
| • Assigning Zones to Interfaces |
| • Configuring Zone-pair Policies |
| • Configuring Port-maps |
| Firewalls – Firepower Threat Defense [FTD] |
| • Basic Configuration |
| • FMC & FTD Integration |
| • Interface configuration |
| • Zones |
| • Routing [RIPv2, EIGRP, OSPF, BGP] |
| • NAT [Dynamic/Static NAT, Dynamic/Static PAT, Manual NAT] |
| • Access Policies |
| • Transparent firewall |
| • Initialization |
| • Access policies |
| • Ethertype ACLs |
| • Redundancy |
| • Multi-Instance |
| • High Availability |
| • Advanced Features |
| • Geolocation Filtering |
| • URL Filtering |
| • AVC |
| • Intrusion Policies |
| • Logging and Alerting |
| • Network AMP |
| Virutal Private Networks [VPN] |
| • Basic VPNs |
| • LAN-to-LAN IPSec VPNS [with NAT-T & without NAT-T] |
| • GRE, GRE/IPSEC |
| • Static-Virtual Tunnel interface [S-VTI] |
| • Advanced VPNs |
| • DMVPN |
| • GET VPN |
| • RRF-Aware VPNs |
| • VPNs using Certificates with Router as a CA Server |
| • IKEv2 VPns |
| • Using legacy method |
| • Using S-VTI |
| • FLEX VPN |
| • D-VTI /S-VTI based Site-To-Site VPN |
| • D-VTI /S-VTI based Spoke-to-Spoke using NHRP |
| • ASA VPNs |
| • Site-to-Site IPSec – NAT-T |
| • Remote access |
| • Web VPN |
| • AnyConnect |
| Content Filtering using WSA & ESA |
| • WSA |
| • Initialization |
| • Integration with Routers/Switches/Firewall using WCCP |
| • Configuring traffic policies |
| • Configuring custom categories |
| • ESA |
| • Initialization |
| • Integration with E-mail servers and DNS |
| • Configuring Mail flow policies |
| • Configuring incoming mail filters |
| Router / Switch Security |
| • Router Security |
| • NTP |
| • uRPF |
| • DHCP server / DHCP Relay Agent |
| • Syslog |
| • Switch security |
| • Port-security |
| • DHCP snooping |
| • ARP Inspection |
| • Source guard |
| • VLAN ACL |
| Basic Wireless LAN Configuration |
| • Configuring the base network |
| • Configure the switches for the base network |
| • Configure DHCP server |
| • WLC configuration |
| • Initialization of the WLC |
| • Configuring VLAN interfaces |
| • Configuring WLANs |
| Identity Management using ISE |
| • Wired ISE |
| • Configuring the relationship between Switch & ISE |
| • Configuring Identity groups and users |
| • Configuring Dot1x authentication with VLAN assignment and DACL |
| • Configuring MAB for IP Phone with PC behind doing Dot1x authentication |
| • Wireless ISE |
| • Configuring the relationship between WLC & ISE |
| • Configuring Dot1x authentication with VLAN assignment |
| • Device administration |
| • Router/Switch Authentication |
| • Router/Switch Exec & Command authorization |
| • Router/Switch Accounting |
| Basic Python scripts |
| • Basic Python Scripting |
| • Data Encoding Formats |
| • JSON |
| • XML |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
-
This workshop serves as preparation for the CCIE Security Lab exam. It provides the participants with an understanding of the topics listed below at the level of a CCIE. The course consists of numerous practical exercises and can extend into the evening.
-
Course Contents
-
Firewalls - ASA
- Basic Configuration
- Transparent firewall
- Redundancy
Firewalls - Zone-Based - Basic Configuration
Firewalls – Firepower Threat Defense (FTD) - Basic Configuration
- Transparent firewall
- Redundancy
- Advanced Features
Virtual Private Networks (VPN) - Basic VPNs
- Advanced VPNs
- IKEv2 VPns
- FLEX VPN
- ASA VPNs
Content Filtering using WSA & ESA - WSA
- ESA
Router / Switch Security - Router Security
- Switch security
Basic Wireless LAN Configuration - Configuring the base network
- WLC configuration
Identity Management using ISE - Wired ISE
- Wireless ISE
- Device administration
- Router/Switch Authentication
- Router/Switch Exec & Command authorization
- Router/Switch Accounting
Basic Python scripts - Basic Python Scripting
- Data Encoding Formats
-
Target Group
-
This course is designed for those who want to prepare intensively for the practical CCIE® Security exam at Cisco.
-
Knowledge Prerequisites
-
Participants should have the knowledge of a CCNP Security and have successfully completed the exam for the course SCOR - Implementing and Operating Cisco Security Core Technologies (in planning). CCIE candidates should have five to seven years of experience in implementing security solutions before the exam.
-
| Firewalls - ASA |
| • Basic Configuration |
| • Interface configuration |
| • Security Levels |
| • Management [Telnet / SSH] |
| • Routing [RIPv2, EIGRP, OSPF, BGP] |
| • NAT [Dynamic/Static NAT, Dynamic/Static PAT, Manual NAT] |
| • Access Policies |
| • Transparent firewall |
| • Initialization |
| • Access policies |
| • Ethertype ACLs |
| • Redundancy |
| • Redundant Interfaces |
| • Port-channels |
| • Security Contexts |
| • Failover [Active/Standby & Active/Active] |
| • Clustering [Spanned mode / Individual Interface mode] |
| Firewalls - Zone-Based |
| • Basic Configuration |
| • Configuring Zones |
| • Assigning Zones to Interfaces |
| • Configuring Zone-pair Policies |
| • Configuring Port-maps |
| Firewalls – Firepower Threat Defense [FTD] |
| • Basic Configuration |
| • FMC & FTD Integration |
| • Interface configuration |
| • Zones |
| • Routing [RIPv2, EIGRP, OSPF, BGP] |
| • NAT [Dynamic/Static NAT, Dynamic/Static PAT, Manual NAT] |
| • Access Policies |
| • Transparent firewall |
| • Initialization |
| • Access policies |
| • Ethertype ACLs |
| • Redundancy |
| • Multi-Instance |
| • High Availability |
| • Advanced Features |
| • Geolocation Filtering |
| • URL Filtering |
| • AVC |
| • Intrusion Policies |
| • Logging and Alerting |
| • Network AMP |
| Virutal Private Networks [VPN] |
| • Basic VPNs |
| • LAN-to-LAN IPSec VPNS [with NAT-T & without NAT-T] |
| • GRE, GRE/IPSEC |
| • Static-Virtual Tunnel interface [S-VTI] |
| • Advanced VPNs |
| • DMVPN |
| • GET VPN |
| • RRF-Aware VPNs |
| • VPNs using Certificates with Router as a CA Server |
| • IKEv2 VPns |
| • Using legacy method |
| • Using S-VTI |
| • FLEX VPN |
| • D-VTI /S-VTI based Site-To-Site VPN |
| • D-VTI /S-VTI based Spoke-to-Spoke using NHRP |
| • ASA VPNs |
| • Site-to-Site IPSec – NAT-T |
| • Remote access |
| • Web VPN |
| • AnyConnect |
| Content Filtering using WSA & ESA |
| • WSA |
| • Initialization |
| • Integration with Routers/Switches/Firewall using WCCP |
| • Configuring traffic policies |
| • Configuring custom categories |
| • ESA |
| • Initialization |
| • Integration with E-mail servers and DNS |
| • Configuring Mail flow policies |
| • Configuring incoming mail filters |
| Router / Switch Security |
| • Router Security |
| • NTP |
| • uRPF |
| • DHCP server / DHCP Relay Agent |
| • Syslog |
| • Switch security |
| • Port-security |
| • DHCP snooping |
| • ARP Inspection |
| • Source guard |
| • VLAN ACL |
| Basic Wireless LAN Configuration |
| • Configuring the base network |
| • Configure the switches for the base network |
| • Configure DHCP server |
| • WLC configuration |
| • Initialization of the WLC |
| • Configuring VLAN interfaces |
| • Configuring WLANs |
| Identity Management using ISE |
| • Wired ISE |
| • Configuring the relationship between Switch & ISE |
| • Configuring Identity groups and users |
| • Configuring Dot1x authentication with VLAN assignment and DACL |
| • Configuring MAB for IP Phone with PC behind doing Dot1x authentication |
| • Wireless ISE |
| • Configuring the relationship between WLC & ISE |
| • Configuring Dot1x authentication with VLAN assignment |
| • Device administration |
| • Router/Switch Authentication |
| • Router/Switch Exec & Command authorization |
| • Router/Switch Accounting |
| Basic Python scripts |
| • Basic Python Scripting |
| • Data Encoding Formats |
| • JSON |
| • XML |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Hybrid Training
Trainer language English