Cisco FIREWALL 2.0: ASA Advanced Application Inspections and User-Based Policies


Overview/Description
Target Audience
Expected Duration
Lesson Objectives
Course Number



Overview/Description
Deploying access control that is based on parameters for Open Systems Interconnection (OSI) Layer 3 and 4 establishes a minimal connectivity policy for network applications. However, this filtering alone cannot provide protection for exposed applications. The Cisco ASA adaptive Security Appliance Application Inspection and Control (AIC) features provide advanced application layer (OSI Layers 5 to 7) filtering to address these scenarios when risk assessment demands them. This course enables you to configure, verify, and troubleshoot these advanced applications inspections and controls of the Cisco ASA Security Appliance. You can configure the Cisco ASA adaptive Security Appliance for user-based policies (also known as cut-through proxy), where you can implement different network access policies for different users based on their authenticated identity. You implement user-based policies using the authentication, authorization, and accounting (AAA) system on the Cisco ASA Security Appliance. This course describes the Cisco ASA Security Appliance user authentication capabilities, followed by per-user authorization and traffic accounting features that you can integrate with the AAA infrastructure of an organization.

Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA adaptive Security Appliance perimeter security features to reduce risk to IT infrastructure and its applications within their networking environments. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system. Candidates who have completed the Cisco Certified Network Associate (CCNA) Certification and the Cisco Certified Network Associate Security Certification (CCNA Security).

Expected Duration (hours)
2.5

Lesson Objectives

Cisco FIREWALL 2.0: ASA Advanced Application Inspections and User-Based Policies

  • describe how to plan the deployment of application layer inspection on the Cisco ASA
  • describe how application inspection provides additional security services to OSI Layers 5 to 7 traffic flows using regular expressions
  • recognize the tasks to configure OSI Layers 5 to 7 application policies
  • recognize the CLI commands for configuring OSI Layers 5 to 7 policies
  • describe how to configure and verify application inspection of HTTP traffic using the GUI
  • describe how to configure and verify HTTP protection policy using the CLI
  • recognize the implementation guidelines for verifying HTTP inspection
  • recognize how to configure an application layer policy between an internal network, reachable over the inside interface of the appliance, to all web servers that are reachable over the outside interface of the appliance
  • configure HTTP inspection on a Cisco ASA
  • identify how to evaluate FTP inspection on the Cisco ASA
  • describe how to troubleshoot application layer inspection on the Cisco ASA
  • identify the general deployment guidelines for user-based policies on the Cisco ASA
  • describe how to configure cut-through authentication on the Cisco ASA Security Appliance
  • recognize how to use authentication timeouts on the Cisco ASA Security Appliance
  • describe how to configure cut-through authorization on the Cisco ASA Security Appliance
  • describe how to troubleshoot cut-through accounting on the Cisco ASA Security Appliance
  • Course Number:
    cc_fire_a09_it_enus