Nazmul Rajib
CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide
Nazmul Rajib
CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide
- Broschiertes Buch
Andere Kunden interessierten sich auch für
- Joseph MunizCCNP Security Virtual Private Networks Svpn 300-730 Official Cert Guide75,99 €
- Anthony BrunoCCNP Enterprise Design Ensld 300-420 Official Cert Guide67,99 €
- Cisco Networking AcademyCCNP Enterprise80,99 €
- Cisco Networking AcademyCCNP Enterprise84,99 €
- Omar SantosComptia Pentest+ Pt0-001 Cert Guide47,99 €
- John DavisVcp6-DCV Official Cert Guide (Exam #2v0-621)51,99 €
- Patrick Gargano31 Days Before Your CCNP and CCIE Enterprise Core Exam42,99 €
-
-
-
Produktdetails
- Verlag: Pearson Education
- Seitenzahl: 656
- Erscheinungstermin: 25. Juni 2022
- Englisch
- Abmessung: 237mm x 195mm x 45mm
- Gewicht: 1272g
- ISBN-13: 9780136589709
- ISBN-10: 0136589707
- Artikelnr.: 58305375
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Nazmul Rajib is a senior product marketing manager of Cisco Systems, Inc. He leads Cisco's global initiatives on cybersecurity enablement, focusing on the firewall and intrusion prevention technologies. As a senior member of the Security Business Group (SBG), Nazmul regularly advises Cisco on security product roadmaps, content strategies, and technical communications. He develops training programs for the Global Security Sales Organization (GSSO) and worldwide channel partners. Nazmul also worked as a technical marketing engineer in the product management organization, where he was responsible for validating security designs, researching best practices, publishing white papers, and presenting new security capabilities. Prior to joining Cisco's core business group, Nazmul served as a senior information security consultant in the Cisco advanced services organization. With more than a decade of experience, Nazmul assisted many Fortune 500 companies, government agencies, and international organizations. He frequently met Cisco customers to address their critical security concerns and to run workshops. Previously, Nazmul was a technical lead in the Cisco Customer Experiences (CX) organization, where he consistently assisted the security engineers, and spearheaded the engineering efforts to solve business-critical escalations. He developed several training programs and taught many Cisco engineers worldwide. Nazmul published numerous articles on the Cisco website. In addition to this book, he has authored the best-selling security book Cisco Firepower Threat Defense (ISBN: 9781587144806). Nazmul is a veteran of Sourcefire, Inc., which developed the world's greatest open-source intrusion prevention system. At Sourcefire, Nazmul created and managed the customer knowledge base, new hire onboarding process, and partner certification program. He routinely trained Sourcefire's security engineers and managed security service providers (MSSP) in the United States. Nazmul has a master of science degree in Internetworking. He also holds many certifications in the areas of cybersecurity, information technology, technical communication, and product marketing. He is a Sourcefire Certified Expert and Sourcefire Certified Security Engineer.
Introduction xxv
Part I General Deployment
Chapter 1 Introduction to Cisco Secure Firewall and IPS 2
Do I Know This Already? Quiz 3
Foundation Topics 4
Evolution of Next-Generation Firewall 4
Cisco Secure Firewall Solutions 8
Product Evolution and Lifecycle 11
Software and Hardware Architecture 14
Scalability and Resiliency 18
Clustering 18
Multi-Instance 19
High Availability 20
Resiliency in Connectivity 21
Summary 22
Exam Preparation Tasks 22
Chapter 2 Deployment of Secure Firewall Virtual 24
Do I Know This Already? Quiz 24
Foundation Topics 26
Cisco Secure Firewall on a Virtual Platform 26
Hosting Environment Settings 27
Virtual Resource Allocation 28
Software Package Selection 28
Best Practices 30
Configuration 31
Virtual Network for Management Traffic 32
Virtual Network for Data Traffic 33
Virtual Machine Creation for Secure Firewall 35
System Initialization and Validation 41
Summary 45
Exam Preparation Tasks 46
Chapter 3 Licensing and Registration 48
Do I Know This Already? 48
Foundation Topics 50
Cisco Licensing Architecture 50
Direct Cloud Access 52
On-Premises Server 52
Offline Access 53
Cisco Secure Firewall Licenses 54
Feature License 54
Export-Controlled License 55
Evaluation License 56
Validation of Licensing 59
Device Registration 61
Best Practices for Registration 61
Configurations on Threat Defense 62
Configurations on Management Center 63
Management Communication over the Internet 65
Validation of Registration 67
Summary 68
Exam Preparation Tasks 69
Chapter 4 Firewall Deployment in Routed Mode 70
Do I Know This Already? Quiz 70
Foundation Topics 72
Routed Mode Essentials 72
Best Practices for Routed Mode Configuration 73
Fulfilling Prerequisites 73
Enabling the Routed Firewall Mode 75
Configuration of the Routed Interface 75
Configuring Interfaces with Static IP Addresses 76
Configuring Interfaces with Automatic IP Addresses 80
Validation of Interface Configuration 82
Summary 88
Exam Preparation Tasks 89
Chapter 5 Firewall Deployment in Transparent Mode 90
Do I Know This Already? Quiz 90
Foundation Topics 92
Transparent Mode Essentials 92
Best Practices for Transparent Mode Configuration 93
Fulfilling Prerequisites 94
Enabling the Transparent Firewall Mode 95
Configuring Transparent Mode in a Layer 2 Network 96
Configuring the Physical and Virtual Interfaces 96
Verifying the Interface Status 103
Verifying Basic Connectivity and Operations 104
Deploying a Threat Defense Between Layer 3 Networks 108
Selecting a Default Action 108
Adding an Access Control Rule for a Routing Protocol 111
Creating an Access Control Rule for the SSH Protocol 113
Verifying Access Control Lists 115
Integrated Routing and Bridging (IRB) 118
Summary 118
Exam Preparation Tasks 118
Chapter 6 IPS-Only Deployment in Inline Mode 120
Do I Know This Already? Quiz 120
Foundation Topics 122
Inline Mode Essentials
Inline Mode Versus Passive Mode 123
Inline Mode Versus Transparent Mode 125
Best Practices for Inline Mode 125
Inline Mode Configuration 126
Fulfilling Prerequisites 126
Interface Setup 127
Inline Set Configuration 129
Verification 132
Event Analysis in IPS-Only Mode 135
Summary 136
Exam Preparation Tasks 136
Chapter 7 Deployment in Detection-Only Mode 138
Do I Know This Already? Quiz 139
Foundation Topics 141
Detection-Only Mode Essentials 141
Passive Monitoring Technology 141
Interface Modes: Inline, Inline Tap, and Passive 142
Best Practices for Detection-Only Deployment 143
Inline Tap Mode 145
Configuration of Inline Tap Mode 145
Verification of Inline Tap Configuration 147
Passive Interface Mode 149
Configuration of Passive Interface Mode 149
Configuring Passive Interface Mode on a Threat Defense 150
Configuring a SPAN Port on a Switch 151
Verification of Passive Interface Configuration 152
Event Analysis in Detection-Only Mode 153
Summary 154
Exam Preparation Tasks 154
Part II Basic Security Operations
Chapter 8 Capturing Traffic for Advanced Analysis 156
Do I Know This Already? Quiz 157
Foundation Topics 158
Packet Capture Essentials 158
Best Practices for Capturing Traffic 160
Capturing of Packets Using Secure Firewall 162
Configuration 162
Verification 165
Packet Capture versus Packet Tracer 169
Summary 170
Exam Preparation Tasks 170
Chapter 9 Network Discovery Policy 172
Do I Know This Already? Quiz 172
Foundation Topics 174
Network Discovery Essentials 174
Application Detectors 175
Network Discovery Operations 176
Best Practices for Network Discovery 178
Fulfilling Prerequisites 179
Configurations 180
Reusable Objects 181
Network Discovery Policy 183
Verification 186
Analyzing Application Discovery 186
Analyzing Host Discovery 186
Undiscovered New Hosts 188
Summary 191
Exam Preparation Tasks 191
Chapter 10 Access Control Policy 194
Do I Know This Already? Quiz 194
Foundation Topics 196
Access Control Policy Essentials 196
Policy Editor 196
Rule Editor 198
Best Practices for Access Control Policy 199
Access Control Policy Configuration 200
Fulfilling Prerequisites 201
Creating Rules 202
Verification 208
Summary 222
Exam Preparation Tasks 222
Chapter 11 Prefilter Policy 224
Do I Know This Already? Quiz 224
Foundation Topics 226
Prefilter Policy Essentials 226
Prefilter Policy: Rules and Actions 226
Bypassing Deep Packet Inspection 227
Best Practices for a Prefilter Policy 230
Enabling Bypass Through a Prefilter Policy 230
Fulfilling Prerequisites 230
Configuring a Rule in a Prefilter Policy 230
Invoking a Prefilter Policy into an Access Control Policy 235
Establishing Trust Through an Access Control Policy 237
Verification 240
Managing Encapsulated Traffic Inspection 242
Summary 245
Exam Preparation Tasks 245
Chapter 12 Security Intelligence 248
Do I Know This Already? Quiz 249
Foundation Topics 251
Security Intelligence Essentials 251
Best Practices for Security Intelligence 256
Fulfilling Prerequisites 257
Automatic Blocking Using Cisco Intelligence Feed 259
Verifying the Action of Cisco Intelligence Feed 262
Overriding the Cisco Intelligence Feed Outcome 265
Instant Blocking Using Context Menu 267
Adding an Address to the Block List 267
Deleting an Address from the Block List 268
Manual Blocking Using Custom List 269
Enabling Security Intelligence in Monitor-Only Mode 272
Threat Intelligence Director 274
Enabling Threat Intelligence Director 276
Adding Sources and Importing Indicators 277
Summary 280
Exam Preparation Tasks 281
Chapter 13 Domain Name System (DNS) Policy 282
Do I Know This Already? Quiz 282
Foundation Topics 284
DNS Policy Essentials 284
Domain Name System (DNS) 284
Blocking of a DNS Query Using a Secure Firewall 285
DNS Rule Actions 287
Actions That Can Interrupt DNS Queries 288
Actions That Allow DNS Queries 292
Sources of Intelligence 293
Best Practices for Blocking DNS Queries 295
Fulfilling Prerequisites 296
Configuring DNS Policy 297
Add a New Rule to a DNS Policy 298
Invoke the DNS Policy 301
Verification 302
Summary 307
Exam Preparation Tasks 307
Chapter 14 URL Filtering 310
Do I Know This Already? Quiz 310
Foundation Topics 312
URL Filtering Essentials 312
Category and Reputation 312
URL Database 314
Fulfilling Prerequisites 315
Best Practices for URL Filtering Configuration 317
Enabling URL Filtering 322
Blocking URLs of a Certain Category 323
Verifying the Operation of a URL Filtering Rule 325
Allowing a Specific URL 329
Analyzing the Default Category Override 331
Handling Uncategorized URLs 335
Investigating the Uncategorized URLs 338
Summary 340
Exam Preparation Tasks 341
Part III Advanced Configurations
Chapter 15 Network Analysis and Intrusion Policies 342
Do I Know This Already? Quiz 343
Foundation Topics 345
Intrusion Prevention System Essentials 345
Network Analysis Policy 346
Intrusion Policy 346
System-Provided Variable Sets 352
System-Provided Base Policies 353
Best Practices for Intrusion Policy Deployment 356
Configuring a Network Analysis Policy 359
Configuring an Intrusion Policy 364
Creating a Policy with a Default Ruleset 364
Incorporating Intrusion Rule Recommendations 365
Enabling or Disabling an Intrusion Rule 368
Setting Up a Variable Set 369
Policy Deployment 371
Verification 373
Summary 379
Exam Preparation Tasks 379
Chapter 16 Malware and File Policy 380
Do I Know This Already? Quiz 380
Foundation Topics 382
File Policy Essentials 382
File Type Detection 382
Malware Analysis 382
Best Practices for File Policy Configuration 386
Fulfilling Prerequisites 387
Configuring a File Policy 390
Creating a File Policy 390
Deploying a File Policy 396
Verification 398
Analyzing File Events 399
Analyzing Malware Events 404
The Management Center Is Unable to Communicate with the Cloud 404
The Management Center Performs a Cloud Lookup 408
The Threat Defense Blocks Malware 409
Overriding a Malware Disposition 412
Network Trajectory 413
Summary 414
Exam Preparation Tasks 414
Chapter 17 Network Address Translation (NAT) 416
Do I Know This Already? Quiz 417
Foundation Topics 418
NAT Essentials 418
NAT Techniques 420
NAT Rule Types 422
Best Practices for NAT Deployment 423
Fulfilling Prerequisites 425
Configuring NAT 427
Masquerading a Source Address (Source NAT for Outbound Connection) 427
Configuring a Dynamic NAT Rule 427
Verifying the Configuration 433
Verifying the Operation: Inside to Outside 434
Verifying the Operation: Outside to Inside 441
Connecting to a Masqueraded Destination (Destination NAT for Inbound
Connection) 446
Configuring a Static NAT Rule 446
Verifying the Operation: Outside to DMZ 449
Summary 457
Exam Preparation Tasks 457
Chapter 18 Traffic Decryption Policy 460
Do I Know This Already? Quiz 460
Foundation Topics 462
Traffic Decryption Essentials 462
Overview of SSL and TLS Protocols 462
Decryption Techniques on Secure Firewall 466
Best Practices for Traffic Decryption 467
Configuring a Decryption Policy 468
PKI Objects 468
Internal CAs Object 469
Internal Certs Object 469
SSL Policy 470
File Policy 474
Access Control Policy 474
Verification 476
Summary 480
Exam Preparation Tasks 480
Chapter 19 Virtual Private Network (VPN) 482
Do I Know This Already? Quiz 483
Foundation Topics 484
VPN Essentials 484
Site-to-Site VPN 485
Remote-Access VPN 488
IPsec Essentials 489
Mode of Operation 490
Security Association and Key Exchange 492
IKEv1 492
IKEv2 494
Authentication 495
Site-to-Site VPN Deployment 496
Prerequisites 496
Configurations 499
Access Control Policy 503
NAT Policy 504
Verification 507
Remote-Access VPN Deployment 513
Prerequisites 513
Configuration 516
AnyConnect File 517
RADIUS Server Group 518
Certificate Enrollment 518
Network and IP Address Pool 521
Remote-Access VPN Policy 522
Verification 527
Summary 534
Exam Preparation Tasks 535
Chapter 20 Quality of Service (QoS) 536
Do I Know This Already? Quiz 536
Foundation Topics 538
Quality of Service Essentials 538
Best Practices for Enabling QoS 541
Fulfilling Prerequisites 541
Configuring QoS Policy 542
Verification 546
Analyzing QoS Events and Statistics 550
Summary 554
Exam Preparation Tasks 554
Chapter 21 System Logging (Syslog) 556
Do I Know This Already? Quiz 557
Foundation Topics 558
Secure Firewall Logging Essentials 558
Best Practices for Logging 560
Prerequisites 560
Sending Syslog from Threat Defense 564
Add a Syslog Server on Platform Settings 564
Enable Logging on Access Control Policy 568
Verification 568
Sending Syslog from Management Center 569
Create Syslog Alerts 569
Verification 572
Correlate Events to Send Syslog Alerts 574
Troubleshooting Logs 578
Summary 581
Exam Preparation Tasks 581
Part IV Conclusion
Chapter 22 Final Preparation 582
Getting Ready for the Exam 582
Tools for Final Review 582
Exam Day 583
Practice Tests 583
Pearson Cert Practice Test Engine and Questions on the Website 583
Accessing the Pearson Test Prep Software Online 584
Accessing the Pearson Test Prep Software Offline 584
Customizing Your Exams 585
Updating Your Exams 585
Premium Edition 586
Chapter-Ending Review Tools 586
Summary 586
Part V Appendixes
Appendix A Answers to the Do I Know This Already? Questions 588
Appendix B CCNP Security Cisco Secure Firewall and Intrusion Prevention
System Official Cert Guide Updates 598
Glossary 601
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary
9780136589709 TOC 4/21/2022
Part I General Deployment
Chapter 1 Introduction to Cisco Secure Firewall and IPS 2
Do I Know This Already? Quiz 3
Foundation Topics 4
Evolution of Next-Generation Firewall 4
Cisco Secure Firewall Solutions 8
Product Evolution and Lifecycle 11
Software and Hardware Architecture 14
Scalability and Resiliency 18
Clustering 18
Multi-Instance 19
High Availability 20
Resiliency in Connectivity 21
Summary 22
Exam Preparation Tasks 22
Chapter 2 Deployment of Secure Firewall Virtual 24
Do I Know This Already? Quiz 24
Foundation Topics 26
Cisco Secure Firewall on a Virtual Platform 26
Hosting Environment Settings 27
Virtual Resource Allocation 28
Software Package Selection 28
Best Practices 30
Configuration 31
Virtual Network for Management Traffic 32
Virtual Network for Data Traffic 33
Virtual Machine Creation for Secure Firewall 35
System Initialization and Validation 41
Summary 45
Exam Preparation Tasks 46
Chapter 3 Licensing and Registration 48
Do I Know This Already? 48
Foundation Topics 50
Cisco Licensing Architecture 50
Direct Cloud Access 52
On-Premises Server 52
Offline Access 53
Cisco Secure Firewall Licenses 54
Feature License 54
Export-Controlled License 55
Evaluation License 56
Validation of Licensing 59
Device Registration 61
Best Practices for Registration 61
Configurations on Threat Defense 62
Configurations on Management Center 63
Management Communication over the Internet 65
Validation of Registration 67
Summary 68
Exam Preparation Tasks 69
Chapter 4 Firewall Deployment in Routed Mode 70
Do I Know This Already? Quiz 70
Foundation Topics 72
Routed Mode Essentials 72
Best Practices for Routed Mode Configuration 73
Fulfilling Prerequisites 73
Enabling the Routed Firewall Mode 75
Configuration of the Routed Interface 75
Configuring Interfaces with Static IP Addresses 76
Configuring Interfaces with Automatic IP Addresses 80
Validation of Interface Configuration 82
Summary 88
Exam Preparation Tasks 89
Chapter 5 Firewall Deployment in Transparent Mode 90
Do I Know This Already? Quiz 90
Foundation Topics 92
Transparent Mode Essentials 92
Best Practices for Transparent Mode Configuration 93
Fulfilling Prerequisites 94
Enabling the Transparent Firewall Mode 95
Configuring Transparent Mode in a Layer 2 Network 96
Configuring the Physical and Virtual Interfaces 96
Verifying the Interface Status 103
Verifying Basic Connectivity and Operations 104
Deploying a Threat Defense Between Layer 3 Networks 108
Selecting a Default Action 108
Adding an Access Control Rule for a Routing Protocol 111
Creating an Access Control Rule for the SSH Protocol 113
Verifying Access Control Lists 115
Integrated Routing and Bridging (IRB) 118
Summary 118
Exam Preparation Tasks 118
Chapter 6 IPS-Only Deployment in Inline Mode 120
Do I Know This Already? Quiz 120
Foundation Topics 122
Inline Mode Essentials
Inline Mode Versus Passive Mode 123
Inline Mode Versus Transparent Mode 125
Best Practices for Inline Mode 125
Inline Mode Configuration 126
Fulfilling Prerequisites 126
Interface Setup 127
Inline Set Configuration 129
Verification 132
Event Analysis in IPS-Only Mode 135
Summary 136
Exam Preparation Tasks 136
Chapter 7 Deployment in Detection-Only Mode 138
Do I Know This Already? Quiz 139
Foundation Topics 141
Detection-Only Mode Essentials 141
Passive Monitoring Technology 141
Interface Modes: Inline, Inline Tap, and Passive 142
Best Practices for Detection-Only Deployment 143
Inline Tap Mode 145
Configuration of Inline Tap Mode 145
Verification of Inline Tap Configuration 147
Passive Interface Mode 149
Configuration of Passive Interface Mode 149
Configuring Passive Interface Mode on a Threat Defense 150
Configuring a SPAN Port on a Switch 151
Verification of Passive Interface Configuration 152
Event Analysis in Detection-Only Mode 153
Summary 154
Exam Preparation Tasks 154
Part II Basic Security Operations
Chapter 8 Capturing Traffic for Advanced Analysis 156
Do I Know This Already? Quiz 157
Foundation Topics 158
Packet Capture Essentials 158
Best Practices for Capturing Traffic 160
Capturing of Packets Using Secure Firewall 162
Configuration 162
Verification 165
Packet Capture versus Packet Tracer 169
Summary 170
Exam Preparation Tasks 170
Chapter 9 Network Discovery Policy 172
Do I Know This Already? Quiz 172
Foundation Topics 174
Network Discovery Essentials 174
Application Detectors 175
Network Discovery Operations 176
Best Practices for Network Discovery 178
Fulfilling Prerequisites 179
Configurations 180
Reusable Objects 181
Network Discovery Policy 183
Verification 186
Analyzing Application Discovery 186
Analyzing Host Discovery 186
Undiscovered New Hosts 188
Summary 191
Exam Preparation Tasks 191
Chapter 10 Access Control Policy 194
Do I Know This Already? Quiz 194
Foundation Topics 196
Access Control Policy Essentials 196
Policy Editor 196
Rule Editor 198
Best Practices for Access Control Policy 199
Access Control Policy Configuration 200
Fulfilling Prerequisites 201
Creating Rules 202
Verification 208
Summary 222
Exam Preparation Tasks 222
Chapter 11 Prefilter Policy 224
Do I Know This Already? Quiz 224
Foundation Topics 226
Prefilter Policy Essentials 226
Prefilter Policy: Rules and Actions 226
Bypassing Deep Packet Inspection 227
Best Practices for a Prefilter Policy 230
Enabling Bypass Through a Prefilter Policy 230
Fulfilling Prerequisites 230
Configuring a Rule in a Prefilter Policy 230
Invoking a Prefilter Policy into an Access Control Policy 235
Establishing Trust Through an Access Control Policy 237
Verification 240
Managing Encapsulated Traffic Inspection 242
Summary 245
Exam Preparation Tasks 245
Chapter 12 Security Intelligence 248
Do I Know This Already? Quiz 249
Foundation Topics 251
Security Intelligence Essentials 251
Best Practices for Security Intelligence 256
Fulfilling Prerequisites 257
Automatic Blocking Using Cisco Intelligence Feed 259
Verifying the Action of Cisco Intelligence Feed 262
Overriding the Cisco Intelligence Feed Outcome 265
Instant Blocking Using Context Menu 267
Adding an Address to the Block List 267
Deleting an Address from the Block List 268
Manual Blocking Using Custom List 269
Enabling Security Intelligence in Monitor-Only Mode 272
Threat Intelligence Director 274
Enabling Threat Intelligence Director 276
Adding Sources and Importing Indicators 277
Summary 280
Exam Preparation Tasks 281
Chapter 13 Domain Name System (DNS) Policy 282
Do I Know This Already? Quiz 282
Foundation Topics 284
DNS Policy Essentials 284
Domain Name System (DNS) 284
Blocking of a DNS Query Using a Secure Firewall 285
DNS Rule Actions 287
Actions That Can Interrupt DNS Queries 288
Actions That Allow DNS Queries 292
Sources of Intelligence 293
Best Practices for Blocking DNS Queries 295
Fulfilling Prerequisites 296
Configuring DNS Policy 297
Add a New Rule to a DNS Policy 298
Invoke the DNS Policy 301
Verification 302
Summary 307
Exam Preparation Tasks 307
Chapter 14 URL Filtering 310
Do I Know This Already? Quiz 310
Foundation Topics 312
URL Filtering Essentials 312
Category and Reputation 312
URL Database 314
Fulfilling Prerequisites 315
Best Practices for URL Filtering Configuration 317
Enabling URL Filtering 322
Blocking URLs of a Certain Category 323
Verifying the Operation of a URL Filtering Rule 325
Allowing a Specific URL 329
Analyzing the Default Category Override 331
Handling Uncategorized URLs 335
Investigating the Uncategorized URLs 338
Summary 340
Exam Preparation Tasks 341
Part III Advanced Configurations
Chapter 15 Network Analysis and Intrusion Policies 342
Do I Know This Already? Quiz 343
Foundation Topics 345
Intrusion Prevention System Essentials 345
Network Analysis Policy 346
Intrusion Policy 346
System-Provided Variable Sets 352
System-Provided Base Policies 353
Best Practices for Intrusion Policy Deployment 356
Configuring a Network Analysis Policy 359
Configuring an Intrusion Policy 364
Creating a Policy with a Default Ruleset 364
Incorporating Intrusion Rule Recommendations 365
Enabling or Disabling an Intrusion Rule 368
Setting Up a Variable Set 369
Policy Deployment 371
Verification 373
Summary 379
Exam Preparation Tasks 379
Chapter 16 Malware and File Policy 380
Do I Know This Already? Quiz 380
Foundation Topics 382
File Policy Essentials 382
File Type Detection 382
Malware Analysis 382
Best Practices for File Policy Configuration 386
Fulfilling Prerequisites 387
Configuring a File Policy 390
Creating a File Policy 390
Deploying a File Policy 396
Verification 398
Analyzing File Events 399
Analyzing Malware Events 404
The Management Center Is Unable to Communicate with the Cloud 404
The Management Center Performs a Cloud Lookup 408
The Threat Defense Blocks Malware 409
Overriding a Malware Disposition 412
Network Trajectory 413
Summary 414
Exam Preparation Tasks 414
Chapter 17 Network Address Translation (NAT) 416
Do I Know This Already? Quiz 417
Foundation Topics 418
NAT Essentials 418
NAT Techniques 420
NAT Rule Types 422
Best Practices for NAT Deployment 423
Fulfilling Prerequisites 425
Configuring NAT 427
Masquerading a Source Address (Source NAT for Outbound Connection) 427
Configuring a Dynamic NAT Rule 427
Verifying the Configuration 433
Verifying the Operation: Inside to Outside 434
Verifying the Operation: Outside to Inside 441
Connecting to a Masqueraded Destination (Destination NAT for Inbound
Connection) 446
Configuring a Static NAT Rule 446
Verifying the Operation: Outside to DMZ 449
Summary 457
Exam Preparation Tasks 457
Chapter 18 Traffic Decryption Policy 460
Do I Know This Already? Quiz 460
Foundation Topics 462
Traffic Decryption Essentials 462
Overview of SSL and TLS Protocols 462
Decryption Techniques on Secure Firewall 466
Best Practices for Traffic Decryption 467
Configuring a Decryption Policy 468
PKI Objects 468
Internal CAs Object 469
Internal Certs Object 469
SSL Policy 470
File Policy 474
Access Control Policy 474
Verification 476
Summary 480
Exam Preparation Tasks 480
Chapter 19 Virtual Private Network (VPN) 482
Do I Know This Already? Quiz 483
Foundation Topics 484
VPN Essentials 484
Site-to-Site VPN 485
Remote-Access VPN 488
IPsec Essentials 489
Mode of Operation 490
Security Association and Key Exchange 492
IKEv1 492
IKEv2 494
Authentication 495
Site-to-Site VPN Deployment 496
Prerequisites 496
Configurations 499
Access Control Policy 503
NAT Policy 504
Verification 507
Remote-Access VPN Deployment 513
Prerequisites 513
Configuration 516
AnyConnect File 517
RADIUS Server Group 518
Certificate Enrollment 518
Network and IP Address Pool 521
Remote-Access VPN Policy 522
Verification 527
Summary 534
Exam Preparation Tasks 535
Chapter 20 Quality of Service (QoS) 536
Do I Know This Already? Quiz 536
Foundation Topics 538
Quality of Service Essentials 538
Best Practices for Enabling QoS 541
Fulfilling Prerequisites 541
Configuring QoS Policy 542
Verification 546
Analyzing QoS Events and Statistics 550
Summary 554
Exam Preparation Tasks 554
Chapter 21 System Logging (Syslog) 556
Do I Know This Already? Quiz 557
Foundation Topics 558
Secure Firewall Logging Essentials 558
Best Practices for Logging 560
Prerequisites 560
Sending Syslog from Threat Defense 564
Add a Syslog Server on Platform Settings 564
Enable Logging on Access Control Policy 568
Verification 568
Sending Syslog from Management Center 569
Create Syslog Alerts 569
Verification 572
Correlate Events to Send Syslog Alerts 574
Troubleshooting Logs 578
Summary 581
Exam Preparation Tasks 581
Part IV Conclusion
Chapter 22 Final Preparation 582
Getting Ready for the Exam 582
Tools for Final Review 582
Exam Day 583
Practice Tests 583
Pearson Cert Practice Test Engine and Questions on the Website 583
Accessing the Pearson Test Prep Software Online 584
Accessing the Pearson Test Prep Software Offline 584
Customizing Your Exams 585
Updating Your Exams 585
Premium Edition 586
Chapter-Ending Review Tools 586
Summary 586
Part V Appendixes
Appendix A Answers to the Do I Know This Already? Questions 588
Appendix B CCNP Security Cisco Secure Firewall and Intrusion Prevention
System Official Cert Guide Updates 598
Glossary 601
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary
9780136589709 TOC 4/21/2022
Introduction xxv
Part I General Deployment
Chapter 1 Introduction to Cisco Secure Firewall and IPS 2
Do I Know This Already? Quiz 3
Foundation Topics 4
Evolution of Next-Generation Firewall 4
Cisco Secure Firewall Solutions 8
Product Evolution and Lifecycle 11
Software and Hardware Architecture 14
Scalability and Resiliency 18
Clustering 18
Multi-Instance 19
High Availability 20
Resiliency in Connectivity 21
Summary 22
Exam Preparation Tasks 22
Chapter 2 Deployment of Secure Firewall Virtual 24
Do I Know This Already? Quiz 24
Foundation Topics 26
Cisco Secure Firewall on a Virtual Platform 26
Hosting Environment Settings 27
Virtual Resource Allocation 28
Software Package Selection 28
Best Practices 30
Configuration 31
Virtual Network for Management Traffic 32
Virtual Network for Data Traffic 33
Virtual Machine Creation for Secure Firewall 35
System Initialization and Validation 41
Summary 45
Exam Preparation Tasks 46
Chapter 3 Licensing and Registration 48
Do I Know This Already? 48
Foundation Topics 50
Cisco Licensing Architecture 50
Direct Cloud Access 52
On-Premises Server 52
Offline Access 53
Cisco Secure Firewall Licenses 54
Feature License 54
Export-Controlled License 55
Evaluation License 56
Validation of Licensing 59
Device Registration 61
Best Practices for Registration 61
Configurations on Threat Defense 62
Configurations on Management Center 63
Management Communication over the Internet 65
Validation of Registration 67
Summary 68
Exam Preparation Tasks 69
Chapter 4 Firewall Deployment in Routed Mode 70
Do I Know This Already? Quiz 70
Foundation Topics 72
Routed Mode Essentials 72
Best Practices for Routed Mode Configuration 73
Fulfilling Prerequisites 73
Enabling the Routed Firewall Mode 75
Configuration of the Routed Interface 75
Configuring Interfaces with Static IP Addresses 76
Configuring Interfaces with Automatic IP Addresses 80
Validation of Interface Configuration 82
Summary 88
Exam Preparation Tasks 89
Chapter 5 Firewall Deployment in Transparent Mode 90
Do I Know This Already? Quiz 90
Foundation Topics 92
Transparent Mode Essentials 92
Best Practices for Transparent Mode Configuration 93
Fulfilling Prerequisites 94
Enabling the Transparent Firewall Mode 95
Configuring Transparent Mode in a Layer 2 Network 96
Configuring the Physical and Virtual Interfaces 96
Verifying the Interface Status 103
Verifying Basic Connectivity and Operations 104
Deploying a Threat Defense Between Layer 3 Networks 108
Selecting a Default Action 108
Adding an Access Control Rule for a Routing Protocol 111
Creating an Access Control Rule for the SSH Protocol 113
Verifying Access Control Lists 115
Integrated Routing and Bridging (IRB) 118
Summary 118
Exam Preparation Tasks 118
Chapter 6 IPS-Only Deployment in Inline Mode 120
Do I Know This Already? Quiz 120
Foundation Topics 122
Inline Mode Essentials
Inline Mode Versus Passive Mode 123
Inline Mode Versus Transparent Mode 125
Best Practices for Inline Mode 125
Inline Mode Configuration 126
Fulfilling Prerequisites 126
Interface Setup 127
Inline Set Configuration 129
Verification 132
Event Analysis in IPS-Only Mode 135
Summary 136
Exam Preparation Tasks 136
Chapter 7 Deployment in Detection-Only Mode 138
Do I Know This Already? Quiz 139
Foundation Topics 141
Detection-Only Mode Essentials 141
Passive Monitoring Technology 141
Interface Modes: Inline, Inline Tap, and Passive 142
Best Practices for Detection-Only Deployment 143
Inline Tap Mode 145
Configuration of Inline Tap Mode 145
Verification of Inline Tap Configuration 147
Passive Interface Mode 149
Configuration of Passive Interface Mode 149
Configuring Passive Interface Mode on a Threat Defense 150
Configuring a SPAN Port on a Switch 151
Verification of Passive Interface Configuration 152
Event Analysis in Detection-Only Mode 153
Summary 154
Exam Preparation Tasks 154
Part II Basic Security Operations
Chapter 8 Capturing Traffic for Advanced Analysis 156
Do I Know This Already? Quiz 157
Foundation Topics 158
Packet Capture Essentials 158
Best Practices for Capturing Traffic 160
Capturing of Packets Using Secure Firewall 162
Configuration 162
Verification 165
Packet Capture versus Packet Tracer 169
Summary 170
Exam Preparation Tasks 170
Chapter 9 Network Discovery Policy 172
Do I Know This Already? Quiz 172
Foundation Topics 174
Network Discovery Essentials 174
Application Detectors 175
Network Discovery Operations 176
Best Practices for Network Discovery 178
Fulfilling Prerequisites 179
Configurations 180
Reusable Objects 181
Network Discovery Policy 183
Verification 186
Analyzing Application Discovery 186
Analyzing Host Discovery 186
Undiscovered New Hosts 188
Summary 191
Exam Preparation Tasks 191
Chapter 10 Access Control Policy 194
Do I Know This Already? Quiz 194
Foundation Topics 196
Access Control Policy Essentials 196
Policy Editor 196
Rule Editor 198
Best Practices for Access Control Policy 199
Access Control Policy Configuration 200
Fulfilling Prerequisites 201
Creating Rules 202
Verification 208
Summary 222
Exam Preparation Tasks 222
Chapter 11 Prefilter Policy 224
Do I Know This Already? Quiz 224
Foundation Topics 226
Prefilter Policy Essentials 226
Prefilter Policy: Rules and Actions 226
Bypassing Deep Packet Inspection 227
Best Practices for a Prefilter Policy 230
Enabling Bypass Through a Prefilter Policy 230
Fulfilling Prerequisites 230
Configuring a Rule in a Prefilter Policy 230
Invoking a Prefilter Policy into an Access Control Policy 235
Establishing Trust Through an Access Control Policy 237
Verification 240
Managing Encapsulated Traffic Inspection 242
Summary 245
Exam Preparation Tasks 245
Chapter 12 Security Intelligence 248
Do I Know This Already? Quiz 249
Foundation Topics 251
Security Intelligence Essentials 251
Best Practices for Security Intelligence 256
Fulfilling Prerequisites 257
Automatic Blocking Using Cisco Intelligence Feed 259
Verifying the Action of Cisco Intelligence Feed 262
Overriding the Cisco Intelligence Feed Outcome 265
Instant Blocking Using Context Menu 267
Adding an Address to the Block List 267
Deleting an Address from the Block List 268
Manual Blocking Using Custom List 269
Enabling Security Intelligence in Monitor-Only Mode 272
Threat Intelligence Director 274
Enabling Threat Intelligence Director 276
Adding Sources and Importing Indicators 277
Summary 280
Exam Preparation Tasks 281
Chapter 13 Domain Name System (DNS) Policy 282
Do I Know This Already? Quiz 282
Foundation Topics 284
DNS Policy Essentials 284
Domain Name System (DNS) 284
Blocking of a DNS Query Using a Secure Firewall 285
DNS Rule Actions 287
Actions That Can Interrupt DNS Queries 288
Actions That Allow DNS Queries 292
Sources of Intelligence 293
Best Practices for Blocking DNS Queries 295
Fulfilling Prerequisites 296
Configuring DNS Policy 297
Add a New Rule to a DNS Policy 298
Invoke the DNS Policy 301
Verification 302
Summary 307
Exam Preparation Tasks 307
Chapter 14 URL Filtering 310
Do I Know This Already? Quiz 310
Foundation Topics 312
URL Filtering Essentials 312
Category and Reputation 312
URL Database 314
Fulfilling Prerequisites 315
Best Practices for URL Filtering Configuration 317
Enabling URL Filtering 322
Blocking URLs of a Certain Category 323
Verifying the Operation of a URL Filtering Rule 325
Allowing a Specific URL 329
Analyzing the Default Category Override 331
Handling Uncategorized URLs 335
Investigating the Uncategorized URLs 338
Summary 340
Exam Preparation Tasks 341
Part III Advanced Configurations
Chapter 15 Network Analysis and Intrusion Policies 342
Do I Know This Already? Quiz 343
Foundation Topics 345
Intrusion Prevention System Essentials 345
Network Analysis Policy 346
Intrusion Policy 346
System-Provided Variable Sets 352
System-Provided Base Policies 353
Best Practices for Intrusion Policy Deployment 356
Configuring a Network Analysis Policy 359
Configuring an Intrusion Policy 364
Creating a Policy with a Default Ruleset 364
Incorporating Intrusion Rule Recommendations 365
Enabling or Disabling an Intrusion Rule 368
Setting Up a Variable Set 369
Policy Deployment 371
Verification 373
Summary 379
Exam Preparation Tasks 379
Chapter 16 Malware and File Policy 380
Do I Know This Already? Quiz 380
Foundation Topics 382
File Policy Essentials 382
File Type Detection 382
Malware Analysis 382
Best Practices for File Policy Configuration 386
Fulfilling Prerequisites 387
Configuring a File Policy 390
Creating a File Policy 390
Deploying a File Policy 396
Verification 398
Analyzing File Events 399
Analyzing Malware Events 404
The Management Center Is Unable to Communicate with the Cloud 404
The Management Center Performs a Cloud Lookup 408
The Threat Defense Blocks Malware 409
Overriding a Malware Disposition 412
Network Trajectory 413
Summary 414
Exam Preparation Tasks 414
Chapter 17 Network Address Translation (NAT) 416
Do I Know This Already? Quiz 417
Foundation Topics 418
NAT Essentials 418
NAT Techniques 420
NAT Rule Types 422
Best Practices for NAT Deployment 423
Fulfilling Prerequisites 425
Configuring NAT 427
Masquerading a Source Address (Source NAT for Outbound Connection) 427
Configuring a Dynamic NAT Rule 427
Verifying the Configuration 433
Verifying the Operation: Inside to Outside 434
Verifying the Operation: Outside to Inside 441
Connecting to a Masqueraded Destination (Destination NAT for Inbound
Connection) 446
Configuring a Static NAT Rule 446
Verifying the Operation: Outside to DMZ 449
Summary 457
Exam Preparation Tasks 457
Chapter 18 Traffic Decryption Policy 460
Do I Know This Already? Quiz 460
Foundation Topics 462
Traffic Decryption Essentials 462
Overview of SSL and TLS Protocols 462
Decryption Techniques on Secure Firewall 466
Best Practices for Traffic Decryption 467
Configuring a Decryption Policy 468
PKI Objects 468
Internal CAs Object 469
Internal Certs Object 469
SSL Policy 470
File Policy 474
Access Control Policy 474
Verification 476
Summary 480
Exam Preparation Tasks 480
Chapter 19 Virtual Private Network (VPN) 482
Do I Know This Already? Quiz 483
Foundation Topics 484
VPN Essentials 484
Site-to-Site VPN 485
Remote-Access VPN 488
IPsec Essentials 489
Mode of Operation 490
Security Association and Key Exchange 492
IKEv1 492
IKEv2 494
Authentication 495
Site-to-Site VPN Deployment 496
Prerequisites 496
Configurations 499
Access Control Policy 503
NAT Policy 504
Verification 507
Remote-Access VPN Deployment 513
Prerequisites 513
Configuration 516
AnyConnect File 517
RADIUS Server Group 518
Certificate Enrollment 518
Network and IP Address Pool 521
Remote-Access VPN Policy 522
Verification 527
Summary 534
Exam Preparation Tasks 535
Chapter 20 Quality of Service (QoS) 536
Do I Know This Already? Quiz 536
Foundation Topics 538
Quality of Service Essentials 538
Best Practices for Enabling QoS 541
Fulfilling Prerequisites 541
Configuring QoS Policy 542
Verification 546
Analyzing QoS Events and Statistics 550
Summary 554
Exam Preparation Tasks 554
Chapter 21 System Logging (Syslog) 556
Do I Know This Already? Quiz 557
Foundation Topics 558
Secure Firewall Logging Essentials 558
Best Practices for Logging 560
Prerequisites 560
Sending Syslog from Threat Defense 564
Add a Syslog Server on Platform Settings 564
Enable Logging on Access Control Policy 568
Verification 568
Sending Syslog from Management Center 569
Create Syslog Alerts 569
Verification 572
Correlate Events to Send Syslog Alerts 574
Troubleshooting Logs 578
Summary 581
Exam Preparation Tasks 581
Part IV Conclusion
Chapter 22 Final Preparation 582
Getting Ready for the Exam 582
Tools for Final Review 582
Exam Day 583
Practice Tests 583
Pearson Cert Practice Test Engine and Questions on the Website 583
Accessing the Pearson Test Prep Software Online 584
Accessing the Pearson Test Prep Software Offline 584
Customizing Your Exams 585
Updating Your Exams 585
Premium Edition 586
Chapter-Ending Review Tools 586
Summary 586
Part V Appendixes
Appendix A Answers to the Do I Know This Already? Questions 588
Appendix B CCNP Security Cisco Secure Firewall and Intrusion Prevention
System Official Cert Guide Updates 598
Glossary 601
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary
9780136589709 TOC 4/21/2022
Part I General Deployment
Chapter 1 Introduction to Cisco Secure Firewall and IPS 2
Do I Know This Already? Quiz 3
Foundation Topics 4
Evolution of Next-Generation Firewall 4
Cisco Secure Firewall Solutions 8
Product Evolution and Lifecycle 11
Software and Hardware Architecture 14
Scalability and Resiliency 18
Clustering 18
Multi-Instance 19
High Availability 20
Resiliency in Connectivity 21
Summary 22
Exam Preparation Tasks 22
Chapter 2 Deployment of Secure Firewall Virtual 24
Do I Know This Already? Quiz 24
Foundation Topics 26
Cisco Secure Firewall on a Virtual Platform 26
Hosting Environment Settings 27
Virtual Resource Allocation 28
Software Package Selection 28
Best Practices 30
Configuration 31
Virtual Network for Management Traffic 32
Virtual Network for Data Traffic 33
Virtual Machine Creation for Secure Firewall 35
System Initialization and Validation 41
Summary 45
Exam Preparation Tasks 46
Chapter 3 Licensing and Registration 48
Do I Know This Already? 48
Foundation Topics 50
Cisco Licensing Architecture 50
Direct Cloud Access 52
On-Premises Server 52
Offline Access 53
Cisco Secure Firewall Licenses 54
Feature License 54
Export-Controlled License 55
Evaluation License 56
Validation of Licensing 59
Device Registration 61
Best Practices for Registration 61
Configurations on Threat Defense 62
Configurations on Management Center 63
Management Communication over the Internet 65
Validation of Registration 67
Summary 68
Exam Preparation Tasks 69
Chapter 4 Firewall Deployment in Routed Mode 70
Do I Know This Already? Quiz 70
Foundation Topics 72
Routed Mode Essentials 72
Best Practices for Routed Mode Configuration 73
Fulfilling Prerequisites 73
Enabling the Routed Firewall Mode 75
Configuration of the Routed Interface 75
Configuring Interfaces with Static IP Addresses 76
Configuring Interfaces with Automatic IP Addresses 80
Validation of Interface Configuration 82
Summary 88
Exam Preparation Tasks 89
Chapter 5 Firewall Deployment in Transparent Mode 90
Do I Know This Already? Quiz 90
Foundation Topics 92
Transparent Mode Essentials 92
Best Practices for Transparent Mode Configuration 93
Fulfilling Prerequisites 94
Enabling the Transparent Firewall Mode 95
Configuring Transparent Mode in a Layer 2 Network 96
Configuring the Physical and Virtual Interfaces 96
Verifying the Interface Status 103
Verifying Basic Connectivity and Operations 104
Deploying a Threat Defense Between Layer 3 Networks 108
Selecting a Default Action 108
Adding an Access Control Rule for a Routing Protocol 111
Creating an Access Control Rule for the SSH Protocol 113
Verifying Access Control Lists 115
Integrated Routing and Bridging (IRB) 118
Summary 118
Exam Preparation Tasks 118
Chapter 6 IPS-Only Deployment in Inline Mode 120
Do I Know This Already? Quiz 120
Foundation Topics 122
Inline Mode Essentials
Inline Mode Versus Passive Mode 123
Inline Mode Versus Transparent Mode 125
Best Practices for Inline Mode 125
Inline Mode Configuration 126
Fulfilling Prerequisites 126
Interface Setup 127
Inline Set Configuration 129
Verification 132
Event Analysis in IPS-Only Mode 135
Summary 136
Exam Preparation Tasks 136
Chapter 7 Deployment in Detection-Only Mode 138
Do I Know This Already? Quiz 139
Foundation Topics 141
Detection-Only Mode Essentials 141
Passive Monitoring Technology 141
Interface Modes: Inline, Inline Tap, and Passive 142
Best Practices for Detection-Only Deployment 143
Inline Tap Mode 145
Configuration of Inline Tap Mode 145
Verification of Inline Tap Configuration 147
Passive Interface Mode 149
Configuration of Passive Interface Mode 149
Configuring Passive Interface Mode on a Threat Defense 150
Configuring a SPAN Port on a Switch 151
Verification of Passive Interface Configuration 152
Event Analysis in Detection-Only Mode 153
Summary 154
Exam Preparation Tasks 154
Part II Basic Security Operations
Chapter 8 Capturing Traffic for Advanced Analysis 156
Do I Know This Already? Quiz 157
Foundation Topics 158
Packet Capture Essentials 158
Best Practices for Capturing Traffic 160
Capturing of Packets Using Secure Firewall 162
Configuration 162
Verification 165
Packet Capture versus Packet Tracer 169
Summary 170
Exam Preparation Tasks 170
Chapter 9 Network Discovery Policy 172
Do I Know This Already? Quiz 172
Foundation Topics 174
Network Discovery Essentials 174
Application Detectors 175
Network Discovery Operations 176
Best Practices for Network Discovery 178
Fulfilling Prerequisites 179
Configurations 180
Reusable Objects 181
Network Discovery Policy 183
Verification 186
Analyzing Application Discovery 186
Analyzing Host Discovery 186
Undiscovered New Hosts 188
Summary 191
Exam Preparation Tasks 191
Chapter 10 Access Control Policy 194
Do I Know This Already? Quiz 194
Foundation Topics 196
Access Control Policy Essentials 196
Policy Editor 196
Rule Editor 198
Best Practices for Access Control Policy 199
Access Control Policy Configuration 200
Fulfilling Prerequisites 201
Creating Rules 202
Verification 208
Summary 222
Exam Preparation Tasks 222
Chapter 11 Prefilter Policy 224
Do I Know This Already? Quiz 224
Foundation Topics 226
Prefilter Policy Essentials 226
Prefilter Policy: Rules and Actions 226
Bypassing Deep Packet Inspection 227
Best Practices for a Prefilter Policy 230
Enabling Bypass Through a Prefilter Policy 230
Fulfilling Prerequisites 230
Configuring a Rule in a Prefilter Policy 230
Invoking a Prefilter Policy into an Access Control Policy 235
Establishing Trust Through an Access Control Policy 237
Verification 240
Managing Encapsulated Traffic Inspection 242
Summary 245
Exam Preparation Tasks 245
Chapter 12 Security Intelligence 248
Do I Know This Already? Quiz 249
Foundation Topics 251
Security Intelligence Essentials 251
Best Practices for Security Intelligence 256
Fulfilling Prerequisites 257
Automatic Blocking Using Cisco Intelligence Feed 259
Verifying the Action of Cisco Intelligence Feed 262
Overriding the Cisco Intelligence Feed Outcome 265
Instant Blocking Using Context Menu 267
Adding an Address to the Block List 267
Deleting an Address from the Block List 268
Manual Blocking Using Custom List 269
Enabling Security Intelligence in Monitor-Only Mode 272
Threat Intelligence Director 274
Enabling Threat Intelligence Director 276
Adding Sources and Importing Indicators 277
Summary 280
Exam Preparation Tasks 281
Chapter 13 Domain Name System (DNS) Policy 282
Do I Know This Already? Quiz 282
Foundation Topics 284
DNS Policy Essentials 284
Domain Name System (DNS) 284
Blocking of a DNS Query Using a Secure Firewall 285
DNS Rule Actions 287
Actions That Can Interrupt DNS Queries 288
Actions That Allow DNS Queries 292
Sources of Intelligence 293
Best Practices for Blocking DNS Queries 295
Fulfilling Prerequisites 296
Configuring DNS Policy 297
Add a New Rule to a DNS Policy 298
Invoke the DNS Policy 301
Verification 302
Summary 307
Exam Preparation Tasks 307
Chapter 14 URL Filtering 310
Do I Know This Already? Quiz 310
Foundation Topics 312
URL Filtering Essentials 312
Category and Reputation 312
URL Database 314
Fulfilling Prerequisites 315
Best Practices for URL Filtering Configuration 317
Enabling URL Filtering 322
Blocking URLs of a Certain Category 323
Verifying the Operation of a URL Filtering Rule 325
Allowing a Specific URL 329
Analyzing the Default Category Override 331
Handling Uncategorized URLs 335
Investigating the Uncategorized URLs 338
Summary 340
Exam Preparation Tasks 341
Part III Advanced Configurations
Chapter 15 Network Analysis and Intrusion Policies 342
Do I Know This Already? Quiz 343
Foundation Topics 345
Intrusion Prevention System Essentials 345
Network Analysis Policy 346
Intrusion Policy 346
System-Provided Variable Sets 352
System-Provided Base Policies 353
Best Practices for Intrusion Policy Deployment 356
Configuring a Network Analysis Policy 359
Configuring an Intrusion Policy 364
Creating a Policy with a Default Ruleset 364
Incorporating Intrusion Rule Recommendations 365
Enabling or Disabling an Intrusion Rule 368
Setting Up a Variable Set 369
Policy Deployment 371
Verification 373
Summary 379
Exam Preparation Tasks 379
Chapter 16 Malware and File Policy 380
Do I Know This Already? Quiz 380
Foundation Topics 382
File Policy Essentials 382
File Type Detection 382
Malware Analysis 382
Best Practices for File Policy Configuration 386
Fulfilling Prerequisites 387
Configuring a File Policy 390
Creating a File Policy 390
Deploying a File Policy 396
Verification 398
Analyzing File Events 399
Analyzing Malware Events 404
The Management Center Is Unable to Communicate with the Cloud 404
The Management Center Performs a Cloud Lookup 408
The Threat Defense Blocks Malware 409
Overriding a Malware Disposition 412
Network Trajectory 413
Summary 414
Exam Preparation Tasks 414
Chapter 17 Network Address Translation (NAT) 416
Do I Know This Already? Quiz 417
Foundation Topics 418
NAT Essentials 418
NAT Techniques 420
NAT Rule Types 422
Best Practices for NAT Deployment 423
Fulfilling Prerequisites 425
Configuring NAT 427
Masquerading a Source Address (Source NAT for Outbound Connection) 427
Configuring a Dynamic NAT Rule 427
Verifying the Configuration 433
Verifying the Operation: Inside to Outside 434
Verifying the Operation: Outside to Inside 441
Connecting to a Masqueraded Destination (Destination NAT for Inbound
Connection) 446
Configuring a Static NAT Rule 446
Verifying the Operation: Outside to DMZ 449
Summary 457
Exam Preparation Tasks 457
Chapter 18 Traffic Decryption Policy 460
Do I Know This Already? Quiz 460
Foundation Topics 462
Traffic Decryption Essentials 462
Overview of SSL and TLS Protocols 462
Decryption Techniques on Secure Firewall 466
Best Practices for Traffic Decryption 467
Configuring a Decryption Policy 468
PKI Objects 468
Internal CAs Object 469
Internal Certs Object 469
SSL Policy 470
File Policy 474
Access Control Policy 474
Verification 476
Summary 480
Exam Preparation Tasks 480
Chapter 19 Virtual Private Network (VPN) 482
Do I Know This Already? Quiz 483
Foundation Topics 484
VPN Essentials 484
Site-to-Site VPN 485
Remote-Access VPN 488
IPsec Essentials 489
Mode of Operation 490
Security Association and Key Exchange 492
IKEv1 492
IKEv2 494
Authentication 495
Site-to-Site VPN Deployment 496
Prerequisites 496
Configurations 499
Access Control Policy 503
NAT Policy 504
Verification 507
Remote-Access VPN Deployment 513
Prerequisites 513
Configuration 516
AnyConnect File 517
RADIUS Server Group 518
Certificate Enrollment 518
Network and IP Address Pool 521
Remote-Access VPN Policy 522
Verification 527
Summary 534
Exam Preparation Tasks 535
Chapter 20 Quality of Service (QoS) 536
Do I Know This Already? Quiz 536
Foundation Topics 538
Quality of Service Essentials 538
Best Practices for Enabling QoS 541
Fulfilling Prerequisites 541
Configuring QoS Policy 542
Verification 546
Analyzing QoS Events and Statistics 550
Summary 554
Exam Preparation Tasks 554
Chapter 21 System Logging (Syslog) 556
Do I Know This Already? Quiz 557
Foundation Topics 558
Secure Firewall Logging Essentials 558
Best Practices for Logging 560
Prerequisites 560
Sending Syslog from Threat Defense 564
Add a Syslog Server on Platform Settings 564
Enable Logging on Access Control Policy 568
Verification 568
Sending Syslog from Management Center 569
Create Syslog Alerts 569
Verification 572
Correlate Events to Send Syslog Alerts 574
Troubleshooting Logs 578
Summary 581
Exam Preparation Tasks 581
Part IV Conclusion
Chapter 22 Final Preparation 582
Getting Ready for the Exam 582
Tools for Final Review 582
Exam Day 583
Practice Tests 583
Pearson Cert Practice Test Engine and Questions on the Website 583
Accessing the Pearson Test Prep Software Online 584
Accessing the Pearson Test Prep Software Offline 584
Customizing Your Exams 585
Updating Your Exams 585
Premium Edition 586
Chapter-Ending Review Tools 586
Summary 586
Part V Appendixes
Appendix A Answers to the Do I Know This Already? Questions 588
Appendix B CCNP Security Cisco Secure Firewall and Intrusion Prevention
System Official Cert Guide Updates 598
Glossary 601
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary
9780136589709 TOC 4/21/2022