Cisco Next Generation Firewall

Secure Networks with Firepower

With the Firepower appliances and the Cisco Secure Firewall, Cisco offers a next-generation firewall that, in addition to standardized configuration via a policy model, continues to focus very strongly on protection against threats in the network environment.

In addition to the classic firewall functionalities, the various Firepower systems also offer Application Control, Threat Prevention and Advanced Malware Protection and IPS. This course provides solid knowledge of the deployment and configuration options of the Cisco NGFW. You will be able to understand and competently use all relevant NGFW firewall functions. This Firepower course focuses on management with the Firepower Management Center.

Course Contents

Concepts of the Cisco Firepower Thread Defense (FTD) appliance
Functions of the NGFW
Initial configuration and management of the Firepower Appliance
Firepower Management Center
Network Discovery
Routing with FTD
NAT and PAT with FTD
Access Control Policy
Application and URL filter
High availability (active/standby failover)
FlexConfig
SSL proxy
Quality of Service
Licensing, upgrade and backup

The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.

Premium Course Documents

In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.

High-quality color prints of the ExperTeach documentation
Exclusive folder in an elegant design
Document pouch in backpack shape
Elegant LAMY ballpoint pen
Practical notepad

The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).

Target Group

The course is aimed at people in security and network administration who will be commissioning and managing a Firepower Thread Defense appliance. The focus is on the functionality of the next-generation firewall. If you are planning to replace the Cisco ASA in your network with FTD, this is also the right course for you.

Knowledge Prerequisites

You should bring basic knowledge of the TCP/IP protocol and its security risks as well as the basics of switching and routing to this course. They should also already be familiar with how packet filters and firewalls work.

Alternatives

Book this course together with Cisco Firepower Next Generation IPS – Advanced Threat and Malware Protection as PowerPackage Cisco Firepower for the discounted price of € 3.395,-.

1	Die Grundkonfiguration von FTD
1.1	Next Generation Firewall
1.2	Hardware: Die Modellreihen
1.2.1	Firewall Performance Estimator
1.3	Software: FXOS und FTD
1.4	Lizenzen
1.5	Initiale Konfiguration und Management
1.5.1	Die ersten Schritte im CLI
1.5.2	Die ASA-Console
1.5.3	Firewall Device Manager
1.6	Das Firewall Management Center
1.6.1	Die Menüstruktur
1.6.2	FMC: Benutzerverwaltung
1.6.3	Das Management-Netz
1.6.4	Konfiguration des Managers auf FTD-Geräten
1.6.5	Object Management
1.6.6	Deploy
1.6.7	Smart Licensing
1.6.8	License Reservation
1.6.9	Interface-Konfiguration
1.6.10	Interface-Zonen und -Gruppen
1.7	Die Systemzeit
1.7.1	Systemzeit der FTD-Geräte
1.8	DNS-Gruppen
1.9	Die Health Policy
1.9.1	Health Monitor
1.10	Die Network Discovery Policy
1.10.1	Die Network Map
1.11	Logging und Debugging
1.11.1	Logging der FTD-Geräte
1.11.2	Debugging
1.12	SNMP
1.12.1	SNMP im FTD (außer 4100, 9300)

2	Routing mit FTD
2.1	Die Routing-Tabelle
2.1.1	Routing und Management-Interfaces
2.2	Virtual Routers (VRF-Lite)
2.3	Statische Routen
2.4	OSPF
2.4.1	OSPF: Konfiguration
2.4.2	Interface-Eigenschaften
2.4.3	OSPF: Kontrolle
2.5	OSPFv3
2.6	BGP
2.6.1	BGP: Kontrolle
2.7	Routing-Entscheidungen
2.8	Equal-Cost Multi-Path (ECMP)
2.9	Policy Based Routing
2.9.1	PBR: Konfiguration

3	FTD als Firewall
3.1	NAT
3.1.1	Auto NAT vs. Manual NAT
3.1.2	Abarbeitung der NAT-Regeln
3.1.3	Dynamisches Auto NAT
3.1.4	Statisches Auto NAT
3.1.5	Statisches Manual NAT
3.1.6	Statisches Manual NAT: Twice NAT
3.1.7	Dynamisches Manual NAT
3.2	Troubleshooting: Packet Tracer und Capture
3.2.1	Packet Capture
3.2.2	capture-traffic
3.3	Access Control Policy
3.3.1	Access Control Policy: Actions
3.3.2	Access Control Policy: Regeln
3.3.3	Access Control Policy: Networks
3.3.4	Access Control Policy: Ports
3.3.5	Access Control Policy: Applications
3.3.6	Access Control Policy: URL Filter
3.3.7	Access Control Policy: Weitere Parameter
3.3.8	Access Control Policy: Users
3.3.9	Logging in der Access Control Policy
3.3.10	Access Control Policy: Organisation
3.3.11	Access Control Policy: Vererbung
3.3.12	Access Control Policy: Lock Policy
3.3.13	Access Control Policy: Connections Events
3.3.14	Security Intelligence
3.3.15	DNS Policy
3.4	Prefilter Policy
3.5	Encrypted Visibility Engine
3.6	Paketverarbeitung im FTD
3.7	Performance
3.7.1	Performance: LINA Engine
3.7.2	Snort Engine: FMC
3.7.3	Snort Engine: CLI
3.7.4	Elephant Flows
3.7.5	FMC Performance
3.7.6	Access Control Policy
3.8	Die Connection Table
3.8.1	Timeouts
3.9	Service Policy Rules

4	Weitere Funktionen
4.1	FlexConfig
4.1.1	FlexConfig Objekte
4.1.2	FlexConfig Policy: Protocol Inspection
4.1.3	FlexConfig: Netflow
4.2	Domain Management
4.2.1	Domain-Verwaltung
4.3	Quality of Service
4.4	Redundanz
4.4.1	Active/Standby Failover
4.4.2	Etherchannel
4.4.3	Redundant Interfaces
4.4.4	Cluster
4.4.5	Redundanz des FMC
4.5	FTD als SSL-Proxy
4.5.1	CA einrichten
4.5.2	Decryption Policy
4.5.3	Decryption Policy: Best Practice
4.6	Snort 3
4.6.1	Snort 3: Neue Funktionen

5	Maintenance
5.1	Updates
5.2	Update des FMC
5.3	FXOS Upgrade
5.4	FTD-Update
5.4.1	Content Updates
5.5	Password Recovery
5.6	Backup & Restore
5.6.1	Backup Profiles
5.6.2	Backup von FTD-Geräten
5.6.3	Restore des Management Centers
5.6.4	Restore der FTD-Geräte
5.7	Wiederkehrende Aufgaben
5.7.1	Beispiel: Backups
5.7.2	Beispiel: Deployment und Updates
5.8	Migration von ASA zu FTD

A	Übungen
A.1	Netzwerktopologie
A.2	Anlegen eines neuen Benutzers (optional)
A.3	Einbinden in das FMC
A.4	Kontrolle der Grundkonfiguration
A.5	Interfacekonfiguration
A.6	Zeitsynchronisation
A.7	Health und Discovery Policy
A.8	Logging auf dem Management Center
A.9	Logging auf dem FTD-Gerät
A.10	Statisches Routing
A.11	NAT
A.12	Access Control Policy
A.13	Active/Standby Failover
A.14	SSL-Proxy (optional)
A.15	Lösungsvorschläge
A.15.1	Benutzer anlegen
A.15.2	Einbinden in das FMC
A.15.3	Kontrolle der Grundkonfiguration
A.15.4	Interfacekonfiguration
A.15.5	Zeitsynchronisation
A.15.6	Health- und Discovery Policies
A.15.7	Logging auf dem FMC
A.15.8	Logging auf dem FTD-Gerät
A.15.9	Statisches Routing
A.15.10	NAT
A.15.11	Access Control Policy
A.15.12	URL-/Application Filter
A.15.13	Service Policy

Classroom training: Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
Hybrid training: Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
Online training: You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
Tailor-made courses: You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.

You can find the complete description of this course with dates and prices ready for download at as PDF.

Course Contents

Concepts of the Cisco Firepower Thread Defense (FTD) appliance
Functions of the NGFW
Initial configuration and management of the Firepower Appliance
Firepower Management Center
Network Discovery
Routing with FTD
NAT and PAT with FTD
Access Control Policy
Application and URL filter
High availability (active/standby failover)
FlexConfig
SSL proxy
Quality of Service
Licensing, upgrade and backup

The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.

Premium Course Documents

In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.

High-quality color prints of the ExperTeach documentation
Exclusive folder in an elegant design
Document pouch in backpack shape
Elegant LAMY ballpoint pen
Practical notepad

The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).

Target Group

Knowledge Prerequisites

Alternatives

Book this course together with Cisco Firepower Next Generation IPS – Advanced Threat and Malware Protection as PowerPackage Cisco Firepower for the discounted price of € 3.395,-.

1	Die Grundkonfiguration von FTD
1.1	Next Generation Firewall
1.2	Hardware: Die Modellreihen
1.2.1	Firewall Performance Estimator
1.3	Software: FXOS und FTD
1.4	Lizenzen
1.5	Initiale Konfiguration und Management
1.5.1	Die ersten Schritte im CLI
1.5.2	Die ASA-Console
1.5.3	Firewall Device Manager
1.6	Das Firewall Management Center
1.6.1	Die Menüstruktur
1.6.2	FMC: Benutzerverwaltung
1.6.3	Das Management-Netz
1.6.4	Konfiguration des Managers auf FTD-Geräten
1.6.5	Object Management
1.6.6	Deploy
1.6.7	Smart Licensing
1.6.8	License Reservation
1.6.9	Interface-Konfiguration
1.6.10	Interface-Zonen und -Gruppen
1.7	Die Systemzeit
1.7.1	Systemzeit der FTD-Geräte
1.8	DNS-Gruppen
1.9	Die Health Policy
1.9.1	Health Monitor
1.10	Die Network Discovery Policy
1.10.1	Die Network Map
1.11	Logging und Debugging
1.11.1	Logging der FTD-Geräte
1.11.2	Debugging
1.12	SNMP
1.12.1	SNMP im FTD (außer 4100, 9300)

2	Routing mit FTD
2.1	Die Routing-Tabelle
2.1.1	Routing und Management-Interfaces
2.2	Virtual Routers (VRF-Lite)
2.3	Statische Routen
2.4	OSPF
2.4.1	OSPF: Konfiguration
2.4.2	Interface-Eigenschaften
2.4.3	OSPF: Kontrolle
2.5	OSPFv3
2.6	BGP
2.6.1	BGP: Kontrolle
2.7	Routing-Entscheidungen
2.8	Equal-Cost Multi-Path (ECMP)
2.9	Policy Based Routing
2.9.1	PBR: Konfiguration

3	FTD als Firewall
3.1	NAT
3.1.1	Auto NAT vs. Manual NAT
3.1.2	Abarbeitung der NAT-Regeln
3.1.3	Dynamisches Auto NAT
3.1.4	Statisches Auto NAT
3.1.5	Statisches Manual NAT
3.1.6	Statisches Manual NAT: Twice NAT
3.1.7	Dynamisches Manual NAT
3.2	Troubleshooting: Packet Tracer und Capture
3.2.1	Packet Capture
3.2.2	capture-traffic
3.3	Access Control Policy
3.3.1	Access Control Policy: Actions
3.3.2	Access Control Policy: Regeln
3.3.3	Access Control Policy: Networks
3.3.4	Access Control Policy: Ports
3.3.5	Access Control Policy: Applications
3.3.6	Access Control Policy: URL Filter
3.3.7	Access Control Policy: Weitere Parameter
3.3.8	Access Control Policy: Users
3.3.9	Logging in der Access Control Policy
3.3.10	Access Control Policy: Organisation
3.3.11	Access Control Policy: Vererbung
3.3.12	Access Control Policy: Lock Policy
3.3.13	Access Control Policy: Connections Events
3.3.14	Security Intelligence
3.3.15	DNS Policy
3.4	Prefilter Policy
3.5	Encrypted Visibility Engine
3.6	Paketverarbeitung im FTD
3.7	Performance
3.7.1	Performance: LINA Engine
3.7.2	Snort Engine: FMC
3.7.3	Snort Engine: CLI
3.7.4	Elephant Flows
3.7.5	FMC Performance
3.7.6	Access Control Policy
3.8	Die Connection Table
3.8.1	Timeouts
3.9	Service Policy Rules

4	Weitere Funktionen
4.1	FlexConfig
4.1.1	FlexConfig Objekte
4.1.2	FlexConfig Policy: Protocol Inspection
4.1.3	FlexConfig: Netflow
4.2	Domain Management
4.2.1	Domain-Verwaltung
4.3	Quality of Service
4.4	Redundanz
4.4.1	Active/Standby Failover
4.4.2	Etherchannel
4.4.3	Redundant Interfaces
4.4.4	Cluster
4.4.5	Redundanz des FMC
4.5	FTD als SSL-Proxy
4.5.1	CA einrichten
4.5.2	Decryption Policy
4.5.3	Decryption Policy: Best Practice
4.6	Snort 3
4.6.1	Snort 3: Neue Funktionen

5	Maintenance
5.1	Updates
5.2	Update des FMC
5.3	FXOS Upgrade
5.4	FTD-Update
5.4.1	Content Updates
5.5	Password Recovery
5.6	Backup & Restore
5.6.1	Backup Profiles
5.6.2	Backup von FTD-Geräten
5.6.3	Restore des Management Centers
5.6.4	Restore der FTD-Geräte
5.7	Wiederkehrende Aufgaben
5.7.1	Beispiel: Backups
5.7.2	Beispiel: Deployment und Updates
5.8	Migration von ASA zu FTD

A	Übungen
A.1	Netzwerktopologie
A.2	Anlegen eines neuen Benutzers (optional)
A.3	Einbinden in das FMC
A.4	Kontrolle der Grundkonfiguration
A.5	Interfacekonfiguration
A.6	Zeitsynchronisation
A.7	Health und Discovery Policy
A.8	Logging auf dem Management Center
A.9	Logging auf dem FTD-Gerät
A.10	Statisches Routing
A.11	NAT
A.12	Access Control Policy
A.13	Active/Standby Failover
A.14	SSL-Proxy (optional)
A.15	Lösungsvorschläge
A.15.1	Benutzer anlegen
A.15.2	Einbinden in das FMC
A.15.3	Kontrolle der Grundkonfiguration
A.15.4	Interfacekonfiguration
A.15.5	Zeitsynchronisation
A.15.6	Health- und Discovery Policies
A.15.7	Logging auf dem FMC
A.15.8	Logging auf dem FTD-Gerät
A.15.9	Statisches Routing
A.15.10	NAT
A.15.11	Access Control Policy
A.15.12	URL-/Application Filter
A.15.13	Service Policy

Classroom training: Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
Hybrid training: Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
Online training: You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
Tailor-made courses: You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.

You can find the complete description of this course with dates and prices ready for download at as PDF.

ExperTeach Identifier: CFPF

Duration & Prices

Prices excl. V.A.T.

Classes in Germany

3 days

€ 2,395

Classes in Austria

3 days

€ 2,395

Classes in Switzerland

3 days

€ 3,190

Online training

3 days

€ 2,395

+ Premium Print Package (Optional)

€ 150

			Date	City
20250728	0	3	07/28/-07/30/25	Düsseldorf
20250728	0	3	07/28/-07/30/25	Live Online
20250901	2	3	09/01/-09/03/25	Frankfurt
20250901	2	3	09/01/-09/03/25	Live Online
20250901	2	1	09/01/-09/03/25	Zürich
20251013	2	3	10/13/-10/15/25	Live Online
20251013	2	3	10/13/-10/15/25	Wien
20251110	2	3	11/10/-11/12/25	Hamburg
20251110	2	3	11/10/-11/12/25	Live Online
20251215	2	3	12/15/-12/17/25	Düsseldorf
20251215	2	3	12/15/-12/17/25	Live Online
20260126	2	3	01/26/-01/28/26	Hamburg
20260126	2	3	01/26/-01/28/26	Live Online
20260302	2	3	03/02/-03/04/26	Frankfurt
20260302	2	3	03/02/-03/04/26	Live Online
20260302	2	1	03/02/-03/04/26	Zürich
20260413	2	3	04/13/-04/15/26	Düsseldorf
20260413	2	3	04/13/-04/15/26	Live Online
20260518	2	3	05/18/-05/20/26	Live Online
20260518	2	3	05/18/-05/20/26	Wien
20260622	2	3	06/22/-06/24/26	Hamburg
20260622	2	3	06/22/-06/24/26	Live Online