SlideShare a Scribd company logo
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 1
FIREWALL V2.0
642-618 FIREWALL v2.0 Exam
• 90-minute exam
• Register with Pearson Vue
• www.vue.com/.cisco
• Exam cost is $200.00 US
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 2
Preparing for the FIREWALL v2.0 Exam
• Recommended reading
–CCNP Security Firewall 642-618 Quick Reference
–CCNP Security FIREWALL 642-618 Official Cert Guide
• Cisco learning network
• www.cisco.com/go/learnnetspace
• Practical experience
Test Taking Tips
• It’s not possible to cover everything!
• We want you to get a feel for the technical level of the
exam, not every topic possible
• Give you suggestions, resources, some examples
• Will focus on key topics
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 3
Testing Implementation Skills
• Question formats
• Declarative—a declarative exam item tests simple recall of pertinent
facts
• Procedural—a procedural exam item tests the ability to apply
knowledge to solve a given issue
• Complex procedural—A complex procedural exam item tests the ability
to apply multiple knowledge points to solve a given issue
• Types of questions
• Drag and drop
• Multiple choice
• Simulation and simlet
Firewall V 2.0 High-Level Topics
1. Cisco Firewall and ASA Technology
2. Cisco ASA Adaptive Security Appliance Basic
Configurations
3. ASA Routing Features
4. ASA Inspection Policy
5. ASA Advanced Network Protections
6. ASA High Availability
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 4
What Is a Firewall?
• A firewall is a system or group of systems that
manages access between two or more networks.
Outside
Network
DMZ
Network
Inside
Network
Internet
• A firewall is a security device which is configured to permit,
deny or proxy data connections set by the organization's
security policy. Firewalls can either be hardware or software
based
• A firewall's basic task is to control traffic between computer
networks with different zones of trust
• Today’s firewalls combine multilayer stateful packet
inspection and multiprotocol application inspection
• Modern firewalls have evolved by providing additional
services such as VPN, IDS/IPS, and URL filtering
• Despite these enhancements, the primary role of the firewall
is to enforce security policy
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 5
Cisco Firewall – What is It?
• Adaptive Security Appliance (ASA) – firewall appliance,
• proprietary OS has one expansion slot for service modules.
Ethernet and fiber ports on box.
does not run IOS but has a similar look and feel
• FireWall Services Module (FWSM) – line card in Catalyst
6500 that provides firewall services. No physical interfaces,
uses VLANs as “virtual interfaces”
• IOS Device running a firewall feature set in software (IOS-
FW).
• Cisco’s firewall has been around over 15 years, PIX the
legacy platform
1. Cisco Firewall and ASATechnology
• Many types of firewalls are in use today and are based
various technologies, such as the following:
• Static packet filtering
• Proxy server
• Stateful packet filtering
• Stateful packet filtering with application inspection and control
• Network intrusion protection system (IPS)
• Network behavior analysis
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 6
• The ASA product line offers cost-effective, easy-to-deploy
solutions. The product line ranges from compact plug-
and-play desktop firewalls such as the ASA 5505 for small
offices to carrier-class gigabit firewalls such as the ASA
5580 for the most demanding enterprise and service-
provider environments.
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 7
• Cisco ASA features include the following:
• State-of-the-art stateful packet inspection firewall
• User-based authentication of inbound and outbound connections
• Integrated protocol and application inspection engines that
examine packet streams at Layers 4 through 7
• Highly flexible and extensible modular security policy framework
• Robust virtual private network (VPN) services for secure site-to-site
and remote-access connections
• Clientless and client-based Secure Sockets Layer (SSL) VPN
• Full-featured intrusion prevention system (IPS) services for Day 0
protection against threats, including application and operating
system vulnerabilities, directed attacks, worms, and other forms of
malware
• Denial-of-service (DoS) prevention through mechanisms such as
protocol verification to rate limiting connections and traffic flow
• Content security services, including URL filtering, antiphishing,
antispam, antivirus, antispyware, and content filtering using Trend
Micro technologies
• Multiple security contexts (virtual firewalls) within a single appliance
• Stateful active/active or active/standby failover capabilities that
ensure resilient network protection
• Transparent deployment of security appliances into existing
network environments without requiring re-addressing of the
network
• Intuitive single-device management and monitoring services with
the Cisco Adaptive Security Device Manager (ASDM) and
enterprise-class multidevice management services through Cisco
Security Manager
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 8
• Service Modules:
Three SSMs are available for the ASA:
• Advanced Inspection and Prevention Security Services Module
(AIP SSM)
• Content Security and Control Security Services Module (CSC
SSM)
• Four-port Gigabit Ethernet SSM
2. Cisco ASAAdaptive SecurityAppliance Basic
Configurations
• Implementing ASA Licensing:
• Base License
• Security Plus License
• ASA 5505 Adaptive Security Appliance Licensing
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 9
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs: 3, DMZ Restricted
Inside Hosts: Unlimited
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Disabled
VPN Peers: 10
WebVPN Peers: 2
Dual ISPs: Disabled
VLAN Trunk Ports: 0
3 possible VLANs and 1 restricted DMZ (Base License)
3 VLANs + Unrestricted DMZ (Security Plus License)
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs: 20, DMZ Unrestricted
Inside Hosts: Unlimited
Failover: Active/Standby
VPN-DES: Enabled
VPN-3DES-AES: Enabled
VPN Peers: 25
WebVPN Peers: 25
Dual ISPs: Enabled
VLAN Trunk Ports: 8
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 10
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 11
Manage the ASA boot process:
Implement ASA management features
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 12
SSH Configuration:
Steps required to enable SSH follows:
Step 1. Configure the hostname.
Step 2. Configure the domain name.
Step 3. Generate the RSA keys.
Step 4. Configure the local authentication.
Step 5. Configure SSH on the specific interface.
Implement ASA User Roles
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 13
Implement ASA interface settings
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 14
Configure VLANs:
• Physical interfaces are separated into sub-interfaces (logical interfaces)
• 802.1Q trunking
Logical and Physical Interfaces
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 15
Configuring an EtherChannel Interface:
Note: The device to which you connect the ASA EtherChannel must also support
802.3ad EtherChannels
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 16
Configure Redundant Interfaces Using ASDM :
• A logical redundant interface pairs an active and a standby physical interface.
• When the active interface fails, the standby interface becomes active and starts
passing traffic.
• Used to increase the adaptive security appliance reliability.
• You can monitor redundant interfaces for failover using the monitor-interface
command
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 17
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 18
Security Appliance ACL Configuration:
1. Security appliance configuration philosophy is interface based *
2. Interface ACL permits or denies the initial packet incoming or outgoing on that
interface
3. Return traffic does not need to be specified if inspected
4. ACLs can be simplified by defining object groups for IP addresses and services
5. The implicit access rules applied to the inside interface are as follows:
• Permit traffic from anywhere destined to a lower-security interface.
• Deny any traffic from anywhere to anywhere.
6. The implicit access rule applied to the outside interface is as follows:
• Deny any traffic from anywhere to anywhere.
* 8.3 Introduces the concept of the Global ACL (access-group <name> global)
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 19
ASA 8.3 Global Policies:
• Until recently, ACLs were applied to firewall interfaces for inbound and outbound
traffic
• Release 8.3 adds the ability to configure Global Access Policies which are not
tied to a specific interface
• Interface ACLs take priority over Global Access Policies
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 20
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 21
NAT Overview:
• Network Address Translation (NAT) and Port Address Translation (PAT)
• Used to translate IP addresses and ports
• Not required by default (NAT control is disabled)
• Concepts
• Static NAT and static policy NAT
• Dynamic NAT and dynamic policy NAT
• Identity NAT
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 22
NAT Post ASA Version 8.3:
NAT is redesigned in 8.3 and above to simplify operations:
• A single rule to translate the source and destination IP address.
• You can also manually establish the order in which NAT rules are processed.
• Introduction of NAT to “any” interface
Two Nat modes available in 8.3 and above
• Network Object NAT: translation rule that defines a network object.
• Well suited for source-only NAT
• Sometimes referred to as "Auto-NAT“
• Manual NAT:
• Policy based NAT when the source and destination address or port need to be
considered
• Sometimes referred to as Twice NAT
NAT Control
One significant change in NAT with software Versions 8.3 and later is that NAT control
is no longer a supported option. If a connection finds no translation rules, it passes
through the ASA without translation, as long as the connection is allowed by
configured access rules and policies (including default behaviors).
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 23
Dynamic NAT Using Network Object NAT :
The following example configures dynamic NAT that maps (dynamically hides) the
10.1.1.0 network to the outside interface address:
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 24
Network Object NAT On The ASDM
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 25
Static Object NAT :
The following example configures a translation to a Web Server in the DMZ. The
external address in DNS is 96.33.100.5 and the internal address is 192.168.1.23:
Static PAT (Object NAT):
• Used to create translation between a outside interface and local IP address/port.
–96.33.100.2/HTTP redirected to 192.168.1.100/HTTP
–96.33.100.2/FTP redirected to 192.168.1.101/FTP
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 26
Manual Twice NAT :
NAT rule that translates both the source and destination addresses in a packet, NAT
can be performed twice, once on the source IP, and once on the destination IP.
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 27
Identity NAT Example (Manual NAT) :
A real address is statically translated to itself, essentially bypassing NAT.
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 28
Implement ASA quality of service (QoS) settings:
Implement ASA transparent firewall:
Differences Between L2 and L3 Operating Modes
• The security appliance can run in two mode settings:
– Routed—based on IP address (default mode)
– Transparent—based on MAC address
• One of the main advantages of using an ASA in transparent mode is that you can
place the ASA in the network without re-addressing.
• The following features are not supported in transparent mode:
• NAT
• Dynamic routing protocols
• IPv6
• DHCP relay
• Quality of service
• Multicast
• VPN termination for through traffic
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 29
Configure Security Appliance for Transparent Mode (L2) :
• Layer 3 traffic must be explicitly permitted
• Each directly connected network must be on the same subnet
• The management IP address must be on the same subnet as the connected
network
• Do not specify the firewall appliance management IP address as the default
gateway for connected devices
• Devices need to specify the router on the other side of the firewall appliance as the
default gateway
• Each interface must be a different VLAN interface
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 30
3. ASARouting Features :
ASA Routing Capabilities:
• Static routing
• Dynamic routing
• RIP
• OSPF
• EIGRP
• Multicast Stub or Bi-directional PIM (can’t be configured concurrently)
Configuring Static Routes :
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 31
Configuring Dynamic Routing (EIGRP) :
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 32
4. ASAInspection Policy:
Advanced Protocol Inspection:
Advanced protocol inspection gives you options such as the following for defending
against application layer attacks:
• Blocking *.exe attachments
• Prohibiting use of Kazaa or other peer-to-peer file-sharing programs
• Setting limits on URL lengths
• Prohibiting file transfer or whiteboard as part of IM sessions
• Protecting your web services by ensuring that XML schema is valid
• Resetting a TCP session if it contains a string you know is malicious
• Dropping sessions with packets that are out of order
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 33
Modular Policy Framework:
The Modular Policy Framework (MPF) is an advanced feature of the ASA that
provides the security administrator with greater granularity and more flexibility when
configuring network policies. The security administrator can do the following:
■ Define flows of traffic.
■ Associate security policies to traffic flows.
■ Enable a set of security policies on an interface or globally.
Modular policies consist of the following components:
■ Class maps
■ Policy maps
■ Service policies
Configuring Layer 3/4 Inspection:
Differentiated Services Code Point (DSCP) is a field in an IP packet that enables
different levels of service to be assigned to network traffic. This is achieved by marking
each packet on the network with a DSCP code and appropriating to it the
corresponding level of service.
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 34
Configuring Layer 7 Inspection:
Layer 3/4 Class Maps vs. Layer 7 Class Maps:
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 35
Filtering FTP Commands: Layer 7 Policy Map 20
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 36
Filtering FTP Commands: Layer 7 Policy Map (Cont.)
Filtering FTP Commands: Service Policy Rule
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 37
Filtering FTP Commands: Service Policy Rule (Cont.)
Regular expression:
• The regular expression ".*.([Dd][Oo][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt])" will block
any website address ending with ".doc," ".xls" or ".ppt" and block the
download or opening of these files from a web browser.
• The regular expression ".youtube.com" will block any YouTube website
address
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 38
5. ASAAdvanced Network Protection:
ASA Botnet Traffic Filter:
The Cisco ASA 5500 Series Botnet Traffic Filter is a new feature available with the
Cisco ASA 8.2 Software Release for botnet traffic detection. The Botnet Traffic Filter
monitors network ports across all ports and protocols for rogue activity, and detects
infected internal endpoints or bots sending command and control traffic back to a host
on the Internet. The command and control hosts receiving the information are
accurately identified using the Botnet Traffic Filter database.
Botnet Traffic Filter Address Categories
Addresses monitored by the Botnet Traffic Filter include:
•Known malware addresses—These addresses are on the blacklist identified by the
dynamic database and the static blacklist.
•Known allowed addresses—These addresses are on the whitelist. The whitelist is
useful when an address is blacklisted by the dynamic database and also identified by
the static whitelist.
•Ambiguous addresses—These addresses are associated with multiple domain
names, but not all of these domain names are on the blacklist. These addresses are
on the greylist.
•Unlisted addresses—These addresses are unknown, and not included on any list.
To configure the Botnet Traffic Filter, perform the following steps:
1. Enable use of the dynamic database.
2. (Optional) Add static entries to the database.
3. Enable DNS snooping.
4. Enable traffic classification and actions for the Botnet Traffic Filter.
5. (Optional) Block traffic manually based on syslog message information.
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 39
Configure Threat Detection:
• Basic threat detection
- Blocks attackers by monitoring rate of dropped packets and security events per
second
- When event thresholds are exceeded, attackers are blocked
- Enabled by default
• Scanning threat detection
- Blocks attackers performing port scans
- Disabled by default
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 40
6. ASAHigh Availability:
Configuring Virtual Firewalls :
• Enables a physical firewall to be partitioned into multiple standalone firewalls
• Each standalone firewall acts and behaves as an independent entity with it’s own
–Configuration
–Interfaces
–Security Policy
–Routing Table
• Examples scenarios to use Virtual Firewalls
–Education network that wants to segregate student networks from teacher
networks
–Service provider that wants to protect several customers without a physical
firewall for each.
–Large enterprise with various departments
• Context = a virtual firewall
• All virtualized firewalls must define a System context and an Admin
context at a minimum
• There is no policy inheritance between contexts
• The system space uses the admin context for network connectivity; system
space creates other contexts
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 41
Enabling and Disabling Multiple Context Mode:
Selects the context mode as follows:
multiple: Sets multiple context mode (mode with security contexts)
single: Sets single context mode (mode without security contexts)
noconfirm: Sets the mode without prompting you for confirmation
mode {single | multiple} [noconfirm]
ciscoasa(config)#
asa1(config)# mode multiple
Before you convert from multiple mode to single mode,
copy the backup version of the original running
configuration to the current startup configuration.
Unsupported Features with Virtualization:
• Dynamic routing protocols (EIGRP, OSPF, RIP) are not supported
• Multicast routing is not supported (multicast bridging is supported)
• MAC addresses for virtual interfaces are automatically set to physical interface MAC
• Admin context can be used, but grants root privileges to other contexts, use with
caution
• VPN services are not supported
asa1(config)# context CONTEXT1
Creating context ‘CONTEXT1'... Done. (4)
asa1(config-ctx)#
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 42
ciscoasa#
changeto {system | context name}
asa1# changeto context CONTEXT1
asa1/CONTEXT1#
Changes the environment to the system execution space or to the context
specified
asa1/CONTEXT1# changeto system
asa1#
Changes the environment to Context 1
Changes the environment to the system execution space
Changing Between Contexts:
Types of supported failover by ASA:
• Hardware failover
–Connections are dropped
–Client applications must reconnect
–Provided by serial or LAN-based failover link
–Active/Standby—only one unit can be actively processing traffic while other is
hot standby
–Active/Active—both units can actively process traffic and serve as backup units
• Stateful failover
–TCP connections remain active
–No client applications need to reconnect
–Provides redundancy and stateful connection
–Provided by stateful link
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 43
Modes of operation for failover:
■ Active/standby failover
■ Active/active failover
Failover Links:
■ LAN-based failover links: the failover messages are transferred over Ethernet
connections. LAN-based failover links provide message encryption and
authentication using a manual preshared key for added security. LAN-based
failover links require an additional Ethernet interface on each ASA to be used
exclusively for passing failover communications between two security appliance
units.
■ Stateful failover links: passes per-connection stateful information to the standby
ASA unit. Stateful failover requires an additional Ethernet interface on each security
appliance with a minimum speed of 100 Mbps to be used exclusively for passing
state information between the two ASAs. The LAN-based failover interface can also
be used as the stateful failover interface.
• The primary and secondary security appliances must be identical in the
following requirements:
– Same model number and hardware configurations
– Similar software versions
– Same Hardware
– Proper licensing (8.3 and above)
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 44
How Failover Works:
• Failover link passes Hellos between active and standby units every 15 seconds
(tunable from 3-15 seconds)
• After three missed hellos, primary unit sends hellos over all interfaces to check
health of its peer
• Whether a failover occurs depends on the responses received
• Interfaces can be prioritized by specifically monitoring them for responses
• If the failed interface threshold is reached then a failover occurs
What does Stateful Failover Mean?
Active/Active Failover Configuration:
1.Cable the interfaces on both ASAs
2.Ensure that both ASAs are in multiple context mode
3.Configure contexts and allocate interfaces to contexts
4.Enable and assign IP addresses to each interface that is allocated to a context
5.Prepare both security appliances for configuration via ASDM
6.Use the ASDM high availability and scalability Wizard to configure the ASA for
failover
7.Verify that ASDM configured the secondary ASA with the LAN-based failover
command set
8.Save the configuration to the secondary ASA to flash
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 45
Active/Standby Failover Configuration:
• One ASA acts as the active or primary and the other acts as a secondary or
standby firewall
• Primary and secondary communicate over a configured interfaces over the LAN-
based interface
• The primary is active and passes traffic, in the event of a failure the secondary
takes over
Steps:
1. Cable the interfaces on both ASAs
2. Prepare both security appliances for configuration via ASDM
3. Use the ASDM high availability and scalability Wizard to configure the primary
ASA for failover
4. Verify that ASDM configured the secondary ASA with the LAN-based failover
command set
5. Save the configuration to the secondary ASA to flash
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 46
Configure Active/Standby Using ASDM:
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 47
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 48
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 49
Overview: Logging with Syslog
• Defined in RFC 3164, syslog is a protocol that allows a host to send event
information to a syslog server
• Messages are commonly sent via UDP port 514 and are <1024 bytes
• By default, syslog provides no concept of authentication or encryption
• Events can be sent to a syslog server on any port between 1025 – 65535) via
either UDP (default 514) or TCP (default 1470)
ASDM Syslog Viewer:
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 50
Packet tracer:
Packet Capturing:
• Capturing packets is useful when you troubleshoot connectivity problems or
monitor suspicious activity.
• use the capture command in privileged EXEC mode.
• In order to see the details and hexadecimal dump, you need to transfer the buffer
in PCAP format and read it with TCPDUMP or Ethereal.
• This feature is not supported in ASDM
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 51
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 52
In the new window provide the parameters to capture the INGRESS traffic. Choose
the Ingress interface as Inside and provide the source and the destination IP address
of the packets to be captured with their subnetmask in the respective space provided.
Also, choose the packet type to be captured by ASA.
Choose the Egress interface as Outside and provide the source and the destination
IP address with their subnetmask
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 53
Provide the Packet size and the Capture buffer size in the respective space provided
as these data are required for the capture to take place. Also, remember to check
the Use circular buffer check box if you want to use the circular buffer option.
This window shows the Access-lists to be configured on the ASA for the the ASA to
capture the desired packets and shows the type of packet (IP packets are captured in
this example). Click Next.
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 54
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 55
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 56

More Related Content

What's hot

Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
What is firewall
What is firewallWhat is firewall
What is firewall
Harshana Jayarathna
 
Vlan
Vlan Vlan
Vlan
sanss40
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
Fredrick Hall
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPT
AIRTEL
 
Firewalls
FirewallsFirewalls
Firewalls
Ram Dutt Shukla
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy concepts
Mostafa El Lathy
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
AIRTEL
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
Basaveswar Kureti
 
Firewall
FirewallFirewall
Firewall
Apo
 
Ccna cheat sheet
Ccna cheat sheetCcna cheat sheet
Ccna cheat sheet
aromal4frnz
 
Firewall
FirewallFirewall
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
Anwesh Dixit
 
VLAN
VLANVLAN
Firewall &amp; packet filter new
Firewall &amp; packet filter newFirewall &amp; packet filter new
Firewall &amp; packet filter new
Karnav Rana
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewall
Subrata Kumer Paul
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 

What's hot (20)

Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
What is firewall
What is firewallWhat is firewall
What is firewall
 
Vlan
Vlan Vlan
Vlan
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Wireshark
WiresharkWireshark
Wireshark
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPT
 
Firewalls
FirewallsFirewalls
Firewalls
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy concepts
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
 
Firewall
FirewallFirewall
Firewall
 
Ccna cheat sheet
Ccna cheat sheetCcna cheat sheet
Ccna cheat sheet
 
Firewall
FirewallFirewall
Firewall
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
 
VLAN
VLANVLAN
VLAN
 
Firewall &amp; packet filter new
Firewall &amp; packet filter newFirewall &amp; packet filter new
Firewall &amp; packet filter new
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewall
 
Firewall
FirewallFirewall
Firewall
 

Similar to CCNP Security-Firewall

VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld
 
Chapter08
Chapter08Chapter08
Chapter08
Muhammad Ahad
 
Chapter 6 overview
Chapter 6 overviewChapter 6 overview
Chapter 6 overview
ali raza
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
Inductive Automation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
Inductive Automation
 
CCNP Security-Secure
CCNP Security-SecureCCNP Security-Secure
CCNP Security-Secure
mohannadalhanahnah
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Cisco Russia
 
Vp ns
Vp nsVp ns
VPN
VPNVPN
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
Cisco Russia
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
Cisco Canada
 
Seguridad de las redes informaticas wireless
Seguridad de las redes informaticas wirelessSeguridad de las redes informaticas wireless
Seguridad de las redes informaticas wireless
pkalckbh
 
Chapter 5 overview
Chapter 5 overviewChapter 5 overview
Chapter 5 overview
ali raza
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process Overview
VMware
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
Amazon Web Services
 
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
EC-Council
 
Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...
wosborne03
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Inductive Automation
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Inductive Automation
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности
Cisco Russia
 

Similar to CCNP Security-Firewall (20)

VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
Chapter08
Chapter08Chapter08
Chapter08
 
Chapter 6 overview
Chapter 6 overviewChapter 6 overview
Chapter 6 overview
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
CCNP Security-Secure
CCNP Security-SecureCCNP Security-Secure
CCNP Security-Secure
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
 
Vp ns
Vp nsVp ns
Vp ns
 
VPN
VPNVPN
VPN
 
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Seguridad de las redes informaticas wireless
Seguridad de las redes informaticas wirelessSeguridad de las redes informaticas wireless
Seguridad de las redes informaticas wireless
 
Chapter 5 overview
Chapter 5 overviewChapter 5 overview
Chapter 5 overview
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process Overview
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
 
Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности
 

Recently uploaded

Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 

Recently uploaded (20)

Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 

CCNP Security-Firewall

  • 1. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 1 FIREWALL V2.0 642-618 FIREWALL v2.0 Exam • 90-minute exam • Register with Pearson Vue • www.vue.com/.cisco • Exam cost is $200.00 US
  • 2. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 2 Preparing for the FIREWALL v2.0 Exam • Recommended reading –CCNP Security Firewall 642-618 Quick Reference –CCNP Security FIREWALL 642-618 Official Cert Guide • Cisco learning network • www.cisco.com/go/learnnetspace • Practical experience Test Taking Tips • It’s not possible to cover everything! • We want you to get a feel for the technical level of the exam, not every topic possible • Give you suggestions, resources, some examples • Will focus on key topics
  • 3. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 3 Testing Implementation Skills • Question formats • Declarative—a declarative exam item tests simple recall of pertinent facts • Procedural—a procedural exam item tests the ability to apply knowledge to solve a given issue • Complex procedural—A complex procedural exam item tests the ability to apply multiple knowledge points to solve a given issue • Types of questions • Drag and drop • Multiple choice • Simulation and simlet Firewall V 2.0 High-Level Topics 1. Cisco Firewall and ASA Technology 2. Cisco ASA Adaptive Security Appliance Basic Configurations 3. ASA Routing Features 4. ASA Inspection Policy 5. ASA Advanced Network Protections 6. ASA High Availability
  • 4. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 4 What Is a Firewall? • A firewall is a system or group of systems that manages access between two or more networks. Outside Network DMZ Network Inside Network Internet • A firewall is a security device which is configured to permit, deny or proxy data connections set by the organization's security policy. Firewalls can either be hardware or software based • A firewall's basic task is to control traffic between computer networks with different zones of trust • Today’s firewalls combine multilayer stateful packet inspection and multiprotocol application inspection • Modern firewalls have evolved by providing additional services such as VPN, IDS/IPS, and URL filtering • Despite these enhancements, the primary role of the firewall is to enforce security policy
  • 5. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 5 Cisco Firewall – What is It? • Adaptive Security Appliance (ASA) – firewall appliance, • proprietary OS has one expansion slot for service modules. Ethernet and fiber ports on box. does not run IOS but has a similar look and feel • FireWall Services Module (FWSM) – line card in Catalyst 6500 that provides firewall services. No physical interfaces, uses VLANs as “virtual interfaces” • IOS Device running a firewall feature set in software (IOS- FW). • Cisco’s firewall has been around over 15 years, PIX the legacy platform 1. Cisco Firewall and ASATechnology • Many types of firewalls are in use today and are based various technologies, such as the following: • Static packet filtering • Proxy server • Stateful packet filtering • Stateful packet filtering with application inspection and control • Network intrusion protection system (IPS) • Network behavior analysis
  • 6. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 6 • The ASA product line offers cost-effective, easy-to-deploy solutions. The product line ranges from compact plug- and-play desktop firewalls such as the ASA 5505 for small offices to carrier-class gigabit firewalls such as the ASA 5580 for the most demanding enterprise and service- provider environments.
  • 7. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 7 • Cisco ASA features include the following: • State-of-the-art stateful packet inspection firewall • User-based authentication of inbound and outbound connections • Integrated protocol and application inspection engines that examine packet streams at Layers 4 through 7 • Highly flexible and extensible modular security policy framework • Robust virtual private network (VPN) services for secure site-to-site and remote-access connections • Clientless and client-based Secure Sockets Layer (SSL) VPN • Full-featured intrusion prevention system (IPS) services for Day 0 protection against threats, including application and operating system vulnerabilities, directed attacks, worms, and other forms of malware • Denial-of-service (DoS) prevention through mechanisms such as protocol verification to rate limiting connections and traffic flow • Content security services, including URL filtering, antiphishing, antispam, antivirus, antispyware, and content filtering using Trend Micro technologies • Multiple security contexts (virtual firewalls) within a single appliance • Stateful active/active or active/standby failover capabilities that ensure resilient network protection • Transparent deployment of security appliances into existing network environments without requiring re-addressing of the network • Intuitive single-device management and monitoring services with the Cisco Adaptive Security Device Manager (ASDM) and enterprise-class multidevice management services through Cisco Security Manager
  • 8. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 8 • Service Modules: Three SSMs are available for the ASA: • Advanced Inspection and Prevention Security Services Module (AIP SSM) • Content Security and Control Security Services Module (CSC SSM) • Four-port Gigabit Ethernet SSM 2. Cisco ASAAdaptive SecurityAppliance Basic Configurations • Implementing ASA Licensing: • Base License • Security Plus License • ASA 5505 Adaptive Security Appliance Licensing
  • 9. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 9 Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs: 3, DMZ Restricted Inside Hosts: Unlimited Failover: Disabled VPN-DES: Enabled VPN-3DES-AES: Disabled VPN Peers: 10 WebVPN Peers: 2 Dual ISPs: Disabled VLAN Trunk Ports: 0 3 possible VLANs and 1 restricted DMZ (Base License) 3 VLANs + Unrestricted DMZ (Security Plus License) Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs: 20, DMZ Unrestricted Inside Hosts: Unlimited Failover: Active/Standby VPN-DES: Enabled VPN-3DES-AES: Enabled VPN Peers: 25 WebVPN Peers: 25 Dual ISPs: Enabled VLAN Trunk Ports: 8
  • 10. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 10
  • 11. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 11 Manage the ASA boot process: Implement ASA management features
  • 12. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 12 SSH Configuration: Steps required to enable SSH follows: Step 1. Configure the hostname. Step 2. Configure the domain name. Step 3. Generate the RSA keys. Step 4. Configure the local authentication. Step 5. Configure SSH on the specific interface. Implement ASA User Roles
  • 13. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 13 Implement ASA interface settings
  • 14. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 14 Configure VLANs: • Physical interfaces are separated into sub-interfaces (logical interfaces) • 802.1Q trunking Logical and Physical Interfaces
  • 15. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 15 Configuring an EtherChannel Interface: Note: The device to which you connect the ASA EtherChannel must also support 802.3ad EtherChannels
  • 16. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 16 Configure Redundant Interfaces Using ASDM : • A logical redundant interface pairs an active and a standby physical interface. • When the active interface fails, the standby interface becomes active and starts passing traffic. • Used to increase the adaptive security appliance reliability. • You can monitor redundant interfaces for failover using the monitor-interface command
  • 17. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 17
  • 18. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 18 Security Appliance ACL Configuration: 1. Security appliance configuration philosophy is interface based * 2. Interface ACL permits or denies the initial packet incoming or outgoing on that interface 3. Return traffic does not need to be specified if inspected 4. ACLs can be simplified by defining object groups for IP addresses and services 5. The implicit access rules applied to the inside interface are as follows: • Permit traffic from anywhere destined to a lower-security interface. • Deny any traffic from anywhere to anywhere. 6. The implicit access rule applied to the outside interface is as follows: • Deny any traffic from anywhere to anywhere. * 8.3 Introduces the concept of the Global ACL (access-group <name> global)
  • 19. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 19 ASA 8.3 Global Policies: • Until recently, ACLs were applied to firewall interfaces for inbound and outbound traffic • Release 8.3 adds the ability to configure Global Access Policies which are not tied to a specific interface • Interface ACLs take priority over Global Access Policies
  • 20. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 20
  • 21. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 21 NAT Overview: • Network Address Translation (NAT) and Port Address Translation (PAT) • Used to translate IP addresses and ports • Not required by default (NAT control is disabled) • Concepts • Static NAT and static policy NAT • Dynamic NAT and dynamic policy NAT • Identity NAT
  • 22. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 22 NAT Post ASA Version 8.3: NAT is redesigned in 8.3 and above to simplify operations: • A single rule to translate the source and destination IP address. • You can also manually establish the order in which NAT rules are processed. • Introduction of NAT to “any” interface Two Nat modes available in 8.3 and above • Network Object NAT: translation rule that defines a network object. • Well suited for source-only NAT • Sometimes referred to as "Auto-NAT“ • Manual NAT: • Policy based NAT when the source and destination address or port need to be considered • Sometimes referred to as Twice NAT NAT Control One significant change in NAT with software Versions 8.3 and later is that NAT control is no longer a supported option. If a connection finds no translation rules, it passes through the ASA without translation, as long as the connection is allowed by configured access rules and policies (including default behaviors).
  • 23. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 23 Dynamic NAT Using Network Object NAT : The following example configures dynamic NAT that maps (dynamically hides) the 10.1.1.0 network to the outside interface address:
  • 24. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 24 Network Object NAT On The ASDM
  • 25. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 25 Static Object NAT : The following example configures a translation to a Web Server in the DMZ. The external address in DNS is 96.33.100.5 and the internal address is 192.168.1.23: Static PAT (Object NAT): • Used to create translation between a outside interface and local IP address/port. –96.33.100.2/HTTP redirected to 192.168.1.100/HTTP –96.33.100.2/FTP redirected to 192.168.1.101/FTP
  • 26. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 26 Manual Twice NAT : NAT rule that translates both the source and destination addresses in a packet, NAT can be performed twice, once on the source IP, and once on the destination IP.
  • 27. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 27 Identity NAT Example (Manual NAT) : A real address is statically translated to itself, essentially bypassing NAT.
  • 28. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 28 Implement ASA quality of service (QoS) settings: Implement ASA transparent firewall: Differences Between L2 and L3 Operating Modes • The security appliance can run in two mode settings: – Routed—based on IP address (default mode) – Transparent—based on MAC address • One of the main advantages of using an ASA in transparent mode is that you can place the ASA in the network without re-addressing. • The following features are not supported in transparent mode: • NAT • Dynamic routing protocols • IPv6 • DHCP relay • Quality of service • Multicast • VPN termination for through traffic
  • 29. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 29 Configure Security Appliance for Transparent Mode (L2) : • Layer 3 traffic must be explicitly permitted • Each directly connected network must be on the same subnet • The management IP address must be on the same subnet as the connected network • Do not specify the firewall appliance management IP address as the default gateway for connected devices • Devices need to specify the router on the other side of the firewall appliance as the default gateway • Each interface must be a different VLAN interface
  • 30. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 30 3. ASARouting Features : ASA Routing Capabilities: • Static routing • Dynamic routing • RIP • OSPF • EIGRP • Multicast Stub or Bi-directional PIM (can’t be configured concurrently) Configuring Static Routes :
  • 31. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 31 Configuring Dynamic Routing (EIGRP) :
  • 32. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 32 4. ASAInspection Policy: Advanced Protocol Inspection: Advanced protocol inspection gives you options such as the following for defending against application layer attacks: • Blocking *.exe attachments • Prohibiting use of Kazaa or other peer-to-peer file-sharing programs • Setting limits on URL lengths • Prohibiting file transfer or whiteboard as part of IM sessions • Protecting your web services by ensuring that XML schema is valid • Resetting a TCP session if it contains a string you know is malicious • Dropping sessions with packets that are out of order
  • 33. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 33 Modular Policy Framework: The Modular Policy Framework (MPF) is an advanced feature of the ASA that provides the security administrator with greater granularity and more flexibility when configuring network policies. The security administrator can do the following: ■ Define flows of traffic. ■ Associate security policies to traffic flows. ■ Enable a set of security policies on an interface or globally. Modular policies consist of the following components: ■ Class maps ■ Policy maps ■ Service policies Configuring Layer 3/4 Inspection: Differentiated Services Code Point (DSCP) is a field in an IP packet that enables different levels of service to be assigned to network traffic. This is achieved by marking each packet on the network with a DSCP code and appropriating to it the corresponding level of service.
  • 34. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 34 Configuring Layer 7 Inspection: Layer 3/4 Class Maps vs. Layer 7 Class Maps:
  • 35. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 35 Filtering FTP Commands: Layer 7 Policy Map 20
  • 36. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 36 Filtering FTP Commands: Layer 7 Policy Map (Cont.) Filtering FTP Commands: Service Policy Rule
  • 37. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 37 Filtering FTP Commands: Service Policy Rule (Cont.) Regular expression: • The regular expression ".*.([Dd][Oo][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt])" will block any website address ending with ".doc," ".xls" or ".ppt" and block the download or opening of these files from a web browser. • The regular expression ".youtube.com" will block any YouTube website address
  • 38. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 38 5. ASAAdvanced Network Protection: ASA Botnet Traffic Filter: The Cisco ASA 5500 Series Botnet Traffic Filter is a new feature available with the Cisco ASA 8.2 Software Release for botnet traffic detection. The Botnet Traffic Filter monitors network ports across all ports and protocols for rogue activity, and detects infected internal endpoints or bots sending command and control traffic back to a host on the Internet. The command and control hosts receiving the information are accurately identified using the Botnet Traffic Filter database. Botnet Traffic Filter Address Categories Addresses monitored by the Botnet Traffic Filter include: •Known malware addresses—These addresses are on the blacklist identified by the dynamic database and the static blacklist. •Known allowed addresses—These addresses are on the whitelist. The whitelist is useful when an address is blacklisted by the dynamic database and also identified by the static whitelist. •Ambiguous addresses—These addresses are associated with multiple domain names, but not all of these domain names are on the blacklist. These addresses are on the greylist. •Unlisted addresses—These addresses are unknown, and not included on any list. To configure the Botnet Traffic Filter, perform the following steps: 1. Enable use of the dynamic database. 2. (Optional) Add static entries to the database. 3. Enable DNS snooping. 4. Enable traffic classification and actions for the Botnet Traffic Filter. 5. (Optional) Block traffic manually based on syslog message information.
  • 39. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 39 Configure Threat Detection: • Basic threat detection - Blocks attackers by monitoring rate of dropped packets and security events per second - When event thresholds are exceeded, attackers are blocked - Enabled by default • Scanning threat detection - Blocks attackers performing port scans - Disabled by default
  • 40. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 40 6. ASAHigh Availability: Configuring Virtual Firewalls : • Enables a physical firewall to be partitioned into multiple standalone firewalls • Each standalone firewall acts and behaves as an independent entity with it’s own –Configuration –Interfaces –Security Policy –Routing Table • Examples scenarios to use Virtual Firewalls –Education network that wants to segregate student networks from teacher networks –Service provider that wants to protect several customers without a physical firewall for each. –Large enterprise with various departments • Context = a virtual firewall • All virtualized firewalls must define a System context and an Admin context at a minimum • There is no policy inheritance between contexts • The system space uses the admin context for network connectivity; system space creates other contexts
  • 41. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 41 Enabling and Disabling Multiple Context Mode: Selects the context mode as follows: multiple: Sets multiple context mode (mode with security contexts) single: Sets single context mode (mode without security contexts) noconfirm: Sets the mode without prompting you for confirmation mode {single | multiple} [noconfirm] ciscoasa(config)# asa1(config)# mode multiple Before you convert from multiple mode to single mode, copy the backup version of the original running configuration to the current startup configuration. Unsupported Features with Virtualization: • Dynamic routing protocols (EIGRP, OSPF, RIP) are not supported • Multicast routing is not supported (multicast bridging is supported) • MAC addresses for virtual interfaces are automatically set to physical interface MAC • Admin context can be used, but grants root privileges to other contexts, use with caution • VPN services are not supported asa1(config)# context CONTEXT1 Creating context ‘CONTEXT1'... Done. (4) asa1(config-ctx)#
  • 42. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 42 ciscoasa# changeto {system | context name} asa1# changeto context CONTEXT1 asa1/CONTEXT1# Changes the environment to the system execution space or to the context specified asa1/CONTEXT1# changeto system asa1# Changes the environment to Context 1 Changes the environment to the system execution space Changing Between Contexts: Types of supported failover by ASA: • Hardware failover –Connections are dropped –Client applications must reconnect –Provided by serial or LAN-based failover link –Active/Standby—only one unit can be actively processing traffic while other is hot standby –Active/Active—both units can actively process traffic and serve as backup units • Stateful failover –TCP connections remain active –No client applications need to reconnect –Provides redundancy and stateful connection –Provided by stateful link
  • 43. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 43 Modes of operation for failover: ■ Active/standby failover ■ Active/active failover Failover Links: ■ LAN-based failover links: the failover messages are transferred over Ethernet connections. LAN-based failover links provide message encryption and authentication using a manual preshared key for added security. LAN-based failover links require an additional Ethernet interface on each ASA to be used exclusively for passing failover communications between two security appliance units. ■ Stateful failover links: passes per-connection stateful information to the standby ASA unit. Stateful failover requires an additional Ethernet interface on each security appliance with a minimum speed of 100 Mbps to be used exclusively for passing state information between the two ASAs. The LAN-based failover interface can also be used as the stateful failover interface. • The primary and secondary security appliances must be identical in the following requirements: – Same model number and hardware configurations – Similar software versions – Same Hardware – Proper licensing (8.3 and above)
  • 44. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 44 How Failover Works: • Failover link passes Hellos between active and standby units every 15 seconds (tunable from 3-15 seconds) • After three missed hellos, primary unit sends hellos over all interfaces to check health of its peer • Whether a failover occurs depends on the responses received • Interfaces can be prioritized by specifically monitoring them for responses • If the failed interface threshold is reached then a failover occurs What does Stateful Failover Mean? Active/Active Failover Configuration: 1.Cable the interfaces on both ASAs 2.Ensure that both ASAs are in multiple context mode 3.Configure contexts and allocate interfaces to contexts 4.Enable and assign IP addresses to each interface that is allocated to a context 5.Prepare both security appliances for configuration via ASDM 6.Use the ASDM high availability and scalability Wizard to configure the ASA for failover 7.Verify that ASDM configured the secondary ASA with the LAN-based failover command set 8.Save the configuration to the secondary ASA to flash
  • 45. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 45 Active/Standby Failover Configuration: • One ASA acts as the active or primary and the other acts as a secondary or standby firewall • Primary and secondary communicate over a configured interfaces over the LAN- based interface • The primary is active and passes traffic, in the event of a failure the secondary takes over Steps: 1. Cable the interfaces on both ASAs 2. Prepare both security appliances for configuration via ASDM 3. Use the ASDM high availability and scalability Wizard to configure the primary ASA for failover 4. Verify that ASDM configured the secondary ASA with the LAN-based failover command set 5. Save the configuration to the secondary ASA to flash
  • 46. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 46 Configure Active/Standby Using ASDM:
  • 47. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 47
  • 48. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 48
  • 49. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 49 Overview: Logging with Syslog • Defined in RFC 3164, syslog is a protocol that allows a host to send event information to a syslog server • Messages are commonly sent via UDP port 514 and are <1024 bytes • By default, syslog provides no concept of authentication or encryption • Events can be sent to a syslog server on any port between 1025 – 65535) via either UDP (default 514) or TCP (default 1470) ASDM Syslog Viewer:
  • 50. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 50 Packet tracer: Packet Capturing: • Capturing packets is useful when you troubleshoot connectivity problems or monitor suspicious activity. • use the capture command in privileged EXEC mode. • In order to see the details and hexadecimal dump, you need to transfer the buffer in PCAP format and read it with TCPDUMP or Ethereal. • This feature is not supported in ASDM
  • 51. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 51
  • 52. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 52 In the new window provide the parameters to capture the INGRESS traffic. Choose the Ingress interface as Inside and provide the source and the destination IP address of the packets to be captured with their subnetmask in the respective space provided. Also, choose the packet type to be captured by ASA. Choose the Egress interface as Outside and provide the source and the destination IP address with their subnetmask
  • 53. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 53 Provide the Packet size and the Capture buffer size in the respective space provided as these data are required for the capture to take place. Also, remember to check the Use circular buffer check box if you want to use the circular buffer option. This window shows the Access-lists to be configured on the ASA for the the ASA to capture the desired packets and shows the type of packet (IP packets are captured in this example). Click Next.
  • 54. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 54
  • 55. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 55
  • 56. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 56