-
With the Firepower appliances and the Cisco Secure Firewall, Cisco offers a next-generation firewall that, in addition to standardized configuration via a policy model, continues to focus very strongly on protection against threats in the network environment.
In addition to the classic firewall functionalities, the various Firepower systems also offer Application Control, Threat Prevention and Advanced Malware Protection and IPS. This course provides solid knowledge of the deployment and configuration options of the Cisco NGFW. You will be able to understand and competently use all relevant NGFW firewall functions. This Firepower course focuses on management with the Firepower Management Center.
-
Course Contents
-
- Concepts of the Cisco Firepower Thread Defense (FTD) appliance
- Functions of the NGFW
- Initial configuration and management of the Firepower Appliance
- Firepower Management Center
- Network Discovery
- Routing with FTD
- NAT and PAT with FTD
- Access Control Policy
- Application and URL filter
- High availability (active/standby failover)
- FlexConfig
- SSL proxy
- Quality of Service
- Licensing, upgrade and backup
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation). -
Target Group
-
The course is aimed at people in security and network administration who will be commissioning and managing a Firepower Thread Defense appliance. The focus is on the functionality of the next-generation firewall. If you are planning to replace the Cisco ASA in your network with FTD, this is also the right course for you.
-
Knowledge Prerequisites
-
You should bring basic knowledge of the TCP/IP protocol and its security risks as well as the basics of switching and routing to this course. They should also already be familiar with how packet filters and firewalls work.
-
Alternatives
-
Book this course together with Cisco Firepower Next Generation IPS – Advanced Threat and Malware Protection as PowerPackage Cisco Firepower for the discounted price of € 3.395,-.
1 | Die Grundkonfiguration von FTD |
1.1 | Next Generation Firewall |
1.2 | Hardware: Die Modellreihen |
1.2.1 | Firewall Performance Estimator |
1.3 | Software: FXOS und FTD |
1.4 | Lizenzen |
1.5 | Initiale Konfiguration und Management |
1.5.1 | Die ersten Schritte im CLI |
1.5.2 | Die ASA-Console |
1.5.3 | Firewall Device Manager |
1.6 | Das Firewall Management Center |
1.6.1 | Die Menüstruktur |
1.6.2 | FMC: Benutzerverwaltung |
1.6.3 | Das Management-Netz |
1.6.4 | Konfiguration des Managers auf FTD-Geräten |
1.6.5 | Object Management |
1.6.6 | Deploy |
1.6.7 | Smart Licensing |
1.6.8 | License Reservation |
1.6.9 | Interface-Konfiguration |
1.6.10 | Interface-Zonen und -Gruppen |
1.7 | Die Systemzeit |
1.7.1 | Systemzeit der FTD-Geräte |
1.8 | DNS-Gruppen |
1.9 | Die Health Policy |
1.9.1 | Health Monitor |
1.10 | Die Network Discovery Policy |
1.10.1 | Die Network Map |
1.11 | Logging und Debugging |
1.11.1 | Logging der FTD-Geräte |
1.11.2 | Debugging |
1.12 | SNMP |
1.12.1 | SNMP im FTD (außer 4100, 9300) |
2 | Routing mit FTD |
2.1 | Die Routing-Tabelle |
2.1.1 | Routing und Management-Interfaces |
2.2 | Virtual Routers (VRF-Lite) |
2.3 | Statische Routen |
2.4 | OSPF |
2.4.1 | OSPF: Konfiguration |
2.4.2 | Interface-Eigenschaften |
2.4.3 | OSPF: Kontrolle |
2.5 | OSPFv3 |
2.6 | BGP |
2.6.1 | BGP: Kontrolle |
2.7 | Routing-Entscheidungen |
2.8 | Equal-Cost Multi-Path (ECMP) |
2.9 | Policy Based Routing |
2.9.1 | PBR: Konfiguration |
3 | FTD als Firewall |
3.1 | NAT |
3.1.1 | Auto NAT vs. Manual NAT |
3.1.2 | Abarbeitung der NAT-Regeln |
3.1.3 | Dynamisches Auto NAT |
3.1.4 | Statisches Auto NAT |
3.1.5 | Statisches Manual NAT |
3.1.6 | Statisches Manual NAT: Twice NAT |
3.1.7 | Dynamisches Manual NAT |
3.2 | Troubleshooting: Packet Tracer und Capture |
3.2.1 | Packet Capture |
3.2.2 | capture-traffic |
3.3 | Access Control Policy |
3.3.1 | Access Control Policy: Actions |
3.3.2 | Access Control Policy: Regeln |
3.3.3 | Access Control Policy: Networks |
3.3.4 | Access Control Policy: Ports |
3.3.5 | Access Control Policy: Applications |
3.3.6 | Access Control Policy: URL Filter |
3.3.7 | Access Control Policy: Weitere Parameter |
3.3.8 | Access Control Policy: Users |
3.3.9 | Logging in der Access Control Policy |
3.3.10 | Access Control Policy: Organisation |
3.3.11 | Access Control Policy: Vererbung |
3.3.12 | Access Control Policy: Lock Policy |
3.3.13 | Access Control Policy: Connections Events |
3.3.14 | Security Intelligence |
3.3.15 | DNS Policy |
3.4 | Prefilter Policy |
3.5 | Encrypted Visibility Engine |
3.6 | Paketverarbeitung im FTD |
3.7 | Performance |
3.7.1 | Performance: LINA Engine |
3.7.2 | Snort Engine: FMC |
3.7.3 | Snort Engine: CLI |
3.7.4 | Elephant Flows |
3.7.5 | FMC Performance |
3.7.6 | Access Control Policy |
3.8 | Die Connection Table |
3.8.1 | Timeouts |
3.9 | Service Policy Rules |
4 | Weitere Funktionen |
4.1 | FlexConfig |
4.1.1 | FlexConfig Objekte |
4.1.2 | FlexConfig Policy: Protocol Inspection |
4.1.3 | FlexConfig: Netflow |
4.2 | Domain Management |
4.2.1 | Domain-Verwaltung |
4.3 | Quality of Service |
4.4 | Redundanz |
4.4.1 | Active/Standby Failover |
4.4.2 | Etherchannel |
4.4.3 | Redundant Interfaces |
4.4.4 | Cluster |
4.4.5 | Redundanz des FMC |
4.5 | FTD als SSL-Proxy |
4.5.1 | CA einrichten |
4.5.2 | Decryption Policy |
4.5.3 | Decryption Policy: Best Practice |
4.6 | Snort 3 |
4.6.1 | Snort 3: Neue Funktionen |
5 | Maintenance |
5.1 | Updates |
5.2 | Update des FMC |
5.3 | FXOS Upgrade |
5.4 | FTD-Update |
5.4.1 | Content Updates |
5.5 | Password Recovery |
5.6 | Backup & Restore |
5.6.1 | Backup Profiles |
5.6.2 | Backup von FTD-Geräten |
5.6.3 | Restore des Management Centers |
5.6.4 | Restore der FTD-Geräte |
5.7 | Wiederkehrende Aufgaben |
5.7.1 | Beispiel: Backups |
5.7.2 | Beispiel: Deployment und Updates |
5.8 | Migration von ASA zu FTD |
A | Übungen |
A.1 | Netzwerktopologie |
A.2 | Anlegen eines neuen Benutzers (optional) |
A.3 | Einbinden in das FMC |
A.4 | Kontrolle der Grundkonfiguration |
A.5 | Interfacekonfiguration |
A.6 | Zeitsynchronisation |
A.7 | Health und Discovery Policy |
A.8 | Logging auf dem Management Center |
A.9 | Logging auf dem FTD-Gerät |
A.10 | Statisches Routing |
A.11 | NAT |
A.12 | Access Control Policy |
A.13 | Active/Standby Failover |
A.14 | SSL-Proxy (optional) |
A.15 | Lösungsvorschläge |
A.15.1 | Benutzer anlegen |
A.15.2 | Einbinden in das FMC |
A.15.3 | Kontrolle der Grundkonfiguration |
A.15.4 | Interfacekonfiguration |
A.15.5 | Zeitsynchronisation |
A.15.6 | Health- und Discovery Policies |
A.15.7 | Logging auf dem FMC |
A.15.8 | Logging auf dem FTD-Gerät |
A.15.9 | Statisches Routing |
A.15.10 | NAT |
A.15.11 | Access Control Policy |
A.15.12 | URL-/Application Filter |
A.15.13 | Service Policy |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.

-
With the Firepower appliances and the Cisco Secure Firewall, Cisco offers a next-generation firewall that, in addition to standardized configuration via a policy model, continues to focus very strongly on protection against threats in the network environment.
In addition to the classic firewall functionalities, the various Firepower systems also offer Application Control, Threat Prevention and Advanced Malware Protection and IPS. This course provides solid knowledge of the deployment and configuration options of the Cisco NGFW. You will be able to understand and competently use all relevant NGFW firewall functions. This Firepower course focuses on management with the Firepower Management Center.
-
Course Contents
-
- Concepts of the Cisco Firepower Thread Defense (FTD) appliance
- Functions of the NGFW
- Initial configuration and management of the Firepower Appliance
- Firepower Management Center
- Network Discovery
- Routing with FTD
- NAT and PAT with FTD
- Access Control Policy
- Application and URL filter
- High availability (active/standby failover)
- FlexConfig
- SSL proxy
- Quality of Service
- Licensing, upgrade and backup
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation). -
Target Group
-
The course is aimed at people in security and network administration who will be commissioning and managing a Firepower Thread Defense appliance. The focus is on the functionality of the next-generation firewall. If you are planning to replace the Cisco ASA in your network with FTD, this is also the right course for you.
-
Knowledge Prerequisites
-
You should bring basic knowledge of the TCP/IP protocol and its security risks as well as the basics of switching and routing to this course. They should also already be familiar with how packet filters and firewalls work.
-
Alternatives
-
Book this course together with Cisco Firepower Next Generation IPS – Advanced Threat and Malware Protection as PowerPackage Cisco Firepower for the discounted price of € 3.395,-.
1 | Die Grundkonfiguration von FTD |
1.1 | Next Generation Firewall |
1.2 | Hardware: Die Modellreihen |
1.2.1 | Firewall Performance Estimator |
1.3 | Software: FXOS und FTD |
1.4 | Lizenzen |
1.5 | Initiale Konfiguration und Management |
1.5.1 | Die ersten Schritte im CLI |
1.5.2 | Die ASA-Console |
1.5.3 | Firewall Device Manager |
1.6 | Das Firewall Management Center |
1.6.1 | Die Menüstruktur |
1.6.2 | FMC: Benutzerverwaltung |
1.6.3 | Das Management-Netz |
1.6.4 | Konfiguration des Managers auf FTD-Geräten |
1.6.5 | Object Management |
1.6.6 | Deploy |
1.6.7 | Smart Licensing |
1.6.8 | License Reservation |
1.6.9 | Interface-Konfiguration |
1.6.10 | Interface-Zonen und -Gruppen |
1.7 | Die Systemzeit |
1.7.1 | Systemzeit der FTD-Geräte |
1.8 | DNS-Gruppen |
1.9 | Die Health Policy |
1.9.1 | Health Monitor |
1.10 | Die Network Discovery Policy |
1.10.1 | Die Network Map |
1.11 | Logging und Debugging |
1.11.1 | Logging der FTD-Geräte |
1.11.2 | Debugging |
1.12 | SNMP |
1.12.1 | SNMP im FTD (außer 4100, 9300) |
2 | Routing mit FTD |
2.1 | Die Routing-Tabelle |
2.1.1 | Routing und Management-Interfaces |
2.2 | Virtual Routers (VRF-Lite) |
2.3 | Statische Routen |
2.4 | OSPF |
2.4.1 | OSPF: Konfiguration |
2.4.2 | Interface-Eigenschaften |
2.4.3 | OSPF: Kontrolle |
2.5 | OSPFv3 |
2.6 | BGP |
2.6.1 | BGP: Kontrolle |
2.7 | Routing-Entscheidungen |
2.8 | Equal-Cost Multi-Path (ECMP) |
2.9 | Policy Based Routing |
2.9.1 | PBR: Konfiguration |
3 | FTD als Firewall |
3.1 | NAT |
3.1.1 | Auto NAT vs. Manual NAT |
3.1.2 | Abarbeitung der NAT-Regeln |
3.1.3 | Dynamisches Auto NAT |
3.1.4 | Statisches Auto NAT |
3.1.5 | Statisches Manual NAT |
3.1.6 | Statisches Manual NAT: Twice NAT |
3.1.7 | Dynamisches Manual NAT |
3.2 | Troubleshooting: Packet Tracer und Capture |
3.2.1 | Packet Capture |
3.2.2 | capture-traffic |
3.3 | Access Control Policy |
3.3.1 | Access Control Policy: Actions |
3.3.2 | Access Control Policy: Regeln |
3.3.3 | Access Control Policy: Networks |
3.3.4 | Access Control Policy: Ports |
3.3.5 | Access Control Policy: Applications |
3.3.6 | Access Control Policy: URL Filter |
3.3.7 | Access Control Policy: Weitere Parameter |
3.3.8 | Access Control Policy: Users |
3.3.9 | Logging in der Access Control Policy |
3.3.10 | Access Control Policy: Organisation |
3.3.11 | Access Control Policy: Vererbung |
3.3.12 | Access Control Policy: Lock Policy |
3.3.13 | Access Control Policy: Connections Events |
3.3.14 | Security Intelligence |
3.3.15 | DNS Policy |
3.4 | Prefilter Policy |
3.5 | Encrypted Visibility Engine |
3.6 | Paketverarbeitung im FTD |
3.7 | Performance |
3.7.1 | Performance: LINA Engine |
3.7.2 | Snort Engine: FMC |
3.7.3 | Snort Engine: CLI |
3.7.4 | Elephant Flows |
3.7.5 | FMC Performance |
3.7.6 | Access Control Policy |
3.8 | Die Connection Table |
3.8.1 | Timeouts |
3.9 | Service Policy Rules |
4 | Weitere Funktionen |
4.1 | FlexConfig |
4.1.1 | FlexConfig Objekte |
4.1.2 | FlexConfig Policy: Protocol Inspection |
4.1.3 | FlexConfig: Netflow |
4.2 | Domain Management |
4.2.1 | Domain-Verwaltung |
4.3 | Quality of Service |
4.4 | Redundanz |
4.4.1 | Active/Standby Failover |
4.4.2 | Etherchannel |
4.4.3 | Redundant Interfaces |
4.4.4 | Cluster |
4.4.5 | Redundanz des FMC |
4.5 | FTD als SSL-Proxy |
4.5.1 | CA einrichten |
4.5.2 | Decryption Policy |
4.5.3 | Decryption Policy: Best Practice |
4.6 | Snort 3 |
4.6.1 | Snort 3: Neue Funktionen |
5 | Maintenance |
5.1 | Updates |
5.2 | Update des FMC |
5.3 | FXOS Upgrade |
5.4 | FTD-Update |
5.4.1 | Content Updates |
5.5 | Password Recovery |
5.6 | Backup & Restore |
5.6.1 | Backup Profiles |
5.6.2 | Backup von FTD-Geräten |
5.6.3 | Restore des Management Centers |
5.6.4 | Restore der FTD-Geräte |
5.7 | Wiederkehrende Aufgaben |
5.7.1 | Beispiel: Backups |
5.7.2 | Beispiel: Deployment und Updates |
5.8 | Migration von ASA zu FTD |
A | Übungen |
A.1 | Netzwerktopologie |
A.2 | Anlegen eines neuen Benutzers (optional) |
A.3 | Einbinden in das FMC |
A.4 | Kontrolle der Grundkonfiguration |
A.5 | Interfacekonfiguration |
A.6 | Zeitsynchronisation |
A.7 | Health und Discovery Policy |
A.8 | Logging auf dem Management Center |
A.9 | Logging auf dem FTD-Gerät |
A.10 | Statisches Routing |
A.11 | NAT |
A.12 | Access Control Policy |
A.13 | Active/Standby Failover |
A.14 | SSL-Proxy (optional) |
A.15 | Lösungsvorschläge |
A.15.1 | Benutzer anlegen |
A.15.2 | Einbinden in das FMC |
A.15.3 | Kontrolle der Grundkonfiguration |
A.15.4 | Interfacekonfiguration |
A.15.5 | Zeitsynchronisation |
A.15.6 | Health- und Discovery Policies |
A.15.7 | Logging auf dem FMC |
A.15.8 | Logging auf dem FTD-Gerät |
A.15.9 | Statisches Routing |
A.15.10 | NAT |
A.15.11 | Access Control Policy |
A.15.12 | URL-/Application Filter |
A.15.13 | Service Policy |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
