Cisco FIREWALL 2.0: The Modular Policy Framework and Traffic Inspection Policies


Overview/Description
Target Audience
Expected Duration
Lesson Objectives
Course Number



Overview/Description
The Cisco ASA adaptive security appliance helps enforce security policies within your networks. Different types of traffic traversing the Cisco ASA adaptive security appliance should have different policies. For example, you should analyze traffic coming from the Internet for any sign of malicious software, and you should prioritize VoIP traffic on all appliance interfaces to prevent delays and packet losses. The Cisco Modular Policy Framework (MPF) configuration tool enables you to assign different network policies to different traffic flows in a flexible and granular manner. The Cisco MPF enhances Cisco ASA security appliance interface access control lists (ACLs) by allowing the administrator to specify a multitude of additional access controls on network flows independently of interface ACLs. This course starts with an overview of the Cisco MPF tool, continues with a description of policies for Open Systems Interconnection (OSI) Layers 3 and 4, and concludes with a description of management service policies, which you use to control traffic that is destined for the Cisco ASA security appliance. The Cisco ASA adaptive security appliance enforces a strict inspection and filtering policy that may sometimes interfere with unusual network designs or the use of network protocols by applications. The policy may also cause legitimate applications to experience connectivity issues over security appliances. The Cisco ASA security appliance supports many features that enable you to create exceptions in its behavior for traffic in such environments. This course describes some of the inspection tuning methods that you can configure on the appliance to integrate with such environments.

Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA adaptive security appliance perimeter security features to reduce risk to IT infrastructure and its applications within their networking environments. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system. Candidates who have completed the Cisco Certified Network Associate (CCNA) Certification and the Cisco Certified Network Associate Security Certification (CCNA Security).

Expected Duration (hours)
2.5

Lesson Objectives

Cisco FIREWALL 2.0: The Modular Policy Framework and Traffic Inspection Policies

  • describe the deployment of the Cisco MPF on the Cisco ASA security appliance
  • describe how to configure and verify OSI Layer 3 and Layer 4 policies on the Cisco ASA security appliance
  • recognize how to configure and verify a Management Traffic policy on the Cisco ASA
  • describe the default inspection policy and its tuning options on the Cisco ASA
  • recognize how to tune inspection on the Cisco ASA for OSI Layers 3 and 4
  • configure ICMP and FTP Inspection on the Cisco ASA
  • recognize how to configure and verify advanced connection settings using the Cisco MPF on the Cisco ASA
  • identify the steps to configure TCP Intercept on the Cisco ASA
  • enable the TCP Intercept feature of the Cisco ASA security appliance to prevent SYN flooding attacks
  • recognize how to configure and verify support for dynamic protocols using the Cisco MPF on the Cisco ASA
  • describe how to configure support for the Cisco ASA Botnet Traffic Filter on Cisco ASA security appliances
  • describe how to configure QoS support on the Cisco ASA security appliance
  • describe how to troubleshoot OSI Layer 3 and Layer 4 inspection on the Cisco ASA
  • Course Number:
    cc_fire_a08_it_enus