CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide: Official Cert Guide

Nazmul has a master of science degree in Internetworking. He also holds many certifications in the areas of cybersecurity, information technology, technical communication, and product marketing. He is a Sourcefire Certified Expert and Sourcefire Certified Security Engineer.

Introduction xxv Part I General Deployment Chapter 1 Introduction to Cisco Secure Firewall and IPS 2 Do I Know This Already? Quiz 3 Foundation Topics 4 Evolution of Next-Generation Firewall 4 Cisco Secure Firewall Solutions 8 Product Evolution and Lifecycle 11 Software and Hardware Architecture 14 Scalability and Resiliency 18 Clustering 18 Multi-Instance 19 High Availability 20 Resiliency in Connectivity 21 Summary 22 Exam Preparation Tasks 22 Chapter 2 Deployment of Secure Firewall Virtual 24 Do I Know This Already? Quiz 24 Foundation Topics 26 Cisco Secure Firewall on a Virtual Platform 26 Hosting Environment Settings 27 Virtual Resource Allocation 28 Software Package Selection 28 Best Practices 30 Configuration 31 Virtual Network for Management Traffic 32 Virtual Network for Data Traffic 33 Virtual Machine Creation for Secure Firewall 35 System Initialization and Validation 41 Summary 45 Exam Preparation Tasks 46 Chapter 3 Licensing and Registration 48 Do I Know This Already? 48 Foundation Topics 50 Cisco Licensing Architecture 50 Direct Cloud Access 52 On-Premises Server 52 Offline Access 53 Cisco Secure Firewall Licenses 54 Feature License 54 Export-Controlled License 55 Evaluation License 56 Validation of Licensing 59 Device Registration 61 Best Practices for Registration 61 Configurations on Threat Defense 62 Configurations on Management Center 63 Management Communication over the Internet 65 Validation of Registration 67 Summary 68 Exam Preparation Tasks 69 Chapter 4 Firewall Deployment in Routed Mode 70 Do I Know This Already? Quiz 70 Foundation Topics 72 Routed Mode Essentials 72 Best Practices for Routed Mode Configuration 73 Fulfilling Prerequisites 73 Enabling the Routed Firewall Mode 75 Configuration of the Routed Interface 75 Configuring Interfaces with Static IP Addresses 76 Configuring Interfaces with Automatic IP Addresses 80 Validation of Interface Configuration 82 Summary 88 Exam Preparation Tasks 89 Chapter 5 Firewall Deployment in Transparent Mode 90 Do I Know This Already? Quiz 90 Foundation Topics 92 Transparent Mode Essentials 92 Best Practices for Transparent Mode Configuration 93 Fulfilling Prerequisites 94 Enabling the Transparent Firewall Mode 95 Configuring Transparent Mode in a Layer 2 Network 96 Configuring the Physical and Virtual Interfaces 96 Verifying the Interface Status 103 Verifying Basic Connectivity and Operations 104 Deploying a Threat Defense Between Layer 3 Networks 108 Selecting a Default Action 108 Adding an Access Control Rule for a Routing Protocol 111 Creating an Access Control Rule for the SSH Protocol 113 Verifying Access Control Lists 115 Integrated Routing and Bridging (IRB) 118 Summary 118 Exam Preparation Tasks 118 Chapter 6 IPS-Only Deployment in Inline Mode 120 Do I Know This Already? Quiz 120 Foundation Topics 122 Inline Mode Essentials Inline Mode Versus Passive Mode 123 Inline Mode Versus Transparent Mode 125 Best Practices for Inline Mode 125 Inline Mode Configuration 126 Fulfilling Prerequisites 126 Interface Setup 127 Inline Set Configuration 129 Verification 132 Event Analysis in IPS-Only Mode 135 Summary 136 Exam Preparation Tasks 136 Chapter 7 Deployment in Detection-Only Mode 138 Do I Know This Already? Quiz 139 Foundation Topics 141 Detection-Only Mode Essentials 141 Passive Monitoring Technology 141 Interface Modes: Inline, Inline Tap, and Passive 142 Best Practices for Detection-Only Deployment 143 Inline Tap Mode 145 Configuration of Inline Tap Mode 145 Verification of Inline Tap Configuration 147 Passive Interface Mode 149 Configuration of Passive Interface Mode 149 Configuring Passive Interface Mode on a Threat Defense 150 Configuring a SPAN Port on a Switch 151 Verification of Passive Interface Configuration 152 Event Analysis in Detection-Only Mode 153 Summary 154 Exam Preparation Tasks 154 Part II Basic Security Operations Chapter 8 Capturing Traffic for Advanced Analysis 156 Do I Know This Already? Quiz 157 Foundation Topics 158 Packet Capture Essentials 158 Best Practices for Capturing Traffic 160 Capturing of Packets Using Secure Firewall 162 Configuration 162 Verification 165 Packet Capture versus Packet Tracer 169 Summary 170 Exam Preparation Tasks 170 Chapter 9 Network Discovery Policy 172 Do I Know This Already? Quiz 172 Foundation Topics 174 Network Discovery Essentials 174 Application Detectors 175 Network Discovery Operations 176 Best Practices for Network Discovery 178 Fulfilling Prerequisites 179 Configurations 180 Reusable Objects 181 Network Discovery Policy 183 Verification 186 Analyzing Application Discovery 186 Analyzing Host Discovery 186 Undiscovered New Hosts 188 Summary 191 Exam Preparation Tasks 191 Chapter 10 Access Control Policy 194 Do I Know This Already? Quiz 194 Foundation Topics 196 Access Control Policy Essentials 196 Policy Editor 196 Rule Editor 198 Best Practices for Access Control Policy 199 Access Control Policy Configuration 200 Fulfilling Prerequisites 201 Creating Rules 202 Verification 208 Summary 222 Exam Preparation Tasks 222 Chapter 11 Prefilter Policy 224 Do I Know This Already? Quiz 224 Foundation Topics 226 Prefilter Policy Essentials 226 Prefilter Policy: Rules and Actions 226 Bypassing Deep Packet Inspection 227 Best Practices for a Prefilter Policy 230 Enabling Bypass Through a Prefilter Policy 230 Fulfilling Prerequisites 230 Configuring a Rule in a Prefilter Policy 230 Invoking a Prefilter Policy into an Access Control Policy 235 Establishing Trust Through an Access Control Policy 237 Verification 240 Managing Encapsulated Traffic Inspection 242 Summary 245 Exam Preparation Tasks 245 Chapter 12 Security Intelligence 248 Do I Know This Already? Quiz 249 Foundation Topics 251 Security Intelligence Essentials 251 Best Practices for Security Intelligence 256 Fulfilling Prerequisites 257 Automatic Blocking Using Cisco Intelligence Feed 259 Verifying the Action of Cisco Intelligence Feed 262 Overriding the Cisco Intelligence Feed Outcome 265 Instant Blocking Using Context Menu 267 Adding an Address to the Block List 267 Deleting an Address from the Block List 268 Manual Blocking Using Custom List 269 Enabling Security Intelligence in Monitor-Only Mode 272 Threat Intelligence Director 274 Enabling Threat Intelligence Director 276 Adding Sources and Importing Indicators 277 Summary 280 Exam Preparation Tasks 281 Chapter 13 Domain Name System (DNS) Policy 282 Do I Know This Already? Quiz 282 Foundation Topics 284 DNS Policy Essentials 284 Domain Name System (DNS) 284 Blocking of a DNS Query Using a Secure Firewall 285 DNS Rule Actions 287 Actions That Can Interrupt DNS Queries 288 Actions That Allow DNS Queries 292 Sources of Intelligence 293 Best Practices for Blocking DNS Queries 295 Fulfilling Prerequisites 296 Configuring DNS Policy 297 Add a New Rule to a DNS Policy 298 Invoke the DNS Policy 301 Verification 302 Summary 307 Exam Preparation Tasks 307 Chapter 14 URL Filtering 310 Do I Know This Already? Quiz 310 Foundation Topics 312 URL Filtering Essentials 312 Category and Reputation 312 URL Database 314 Fulfilling Prerequisites 315 Best Practices for URL Filtering Configuration 317 Enabling URL Filtering 322 Blocking URLs of a Certain Category 323 Verifying the Operation of a URL Filtering Rule 325 Allowing a Specific URL 329 Analyzing the Default Category Override 331 Handling Uncategorized URLs 335 Investigating the Uncategorized URLs 338 Summary 340 Exam Preparation Tasks 341 Part III Advanced Configurations Chapter 15 Network Analysis and Intrusion Policies 342 Do I Know This Already? Quiz 343 Foundation Topics 345 Intrusion Prevention System Essentials 345 Network Analysis Policy 346 Intrusion Policy 346 System-Provided Variable Sets 352 System-Provided Base Policies 353 Best Practices for Intrusion Policy Deployment 356 Configuring a Network Analysis Policy 359 Configuring an Intrusion Policy 364 Creating a Policy with a Default Ruleset 364 Incorporating Intrusion Rule Recommendations 365 Enabling or Disabling an Intrusion Rule 368 Setting Up a Variable Set 369 Policy Deployment 371 Verification 373 Summary 379 Exam Preparation Tasks 379 Chapter 16 Malware and File Policy 380 Do I Know This Already? Quiz 380 Foundation Topics 382 File Policy Essentials 382 File Type Detection 382 Malware Analysis 382 Best Practices for File Policy Configuration 386 Fulfilling Prerequisites 387 Configuring a File Policy 390 Creating a File Policy 390 Deploying a File Policy 396 Verification 398 Analyzing File Events 399 Analyzing Malware Events 404 The Management Center Is Unable to Communicate with the Cloud 404 The Management Center Performs a Cloud Lookup 408 The Threat Defense Blocks Malware 409 Overriding a Malware Disposition 412 Network Trajectory 413 Summary 414 Exam Preparation Tasks 414 Chapter 17 Network Address Translation (NAT) 416 Do I Know This Already? Quiz 417 Foundation Topics 418 NAT Essentials 418 NAT Techniques 420 NAT Rule Types 422 Best Practices for NAT Deployment 423 Fulfilling Prerequisites 425 Configuring NAT 427 Masquerading a Source Address (Source NAT for Outbound Connection) 427 Configuring a Dynamic NAT Rule 427 Verifying the Configuration 433 Verifying the Operation: Inside to Outside 434 Verifying the Operation: Outside to Inside 441 Connecting to a Masqueraded Destination (Destination NAT for Inbound Connection) 446 Configuring a Static NAT Rule 446 Verifying the Operation: Outside to DMZ 449 Summary 457 Exam Preparation Tasks 457 Chapter 18 Traffic Decryption Policy 460 Do I Know This Already? Quiz 460 Foundation Topics 462 Traffic Decryption Essentials 462 Overview of SSL and TLS Protocols 462 Decryption Techniques on Secure Firewall 466 Best Practices for Traffic Decryption 467 Configuring a Decryption Policy 468 PKI Objects 468 Internal CAs Object 469 Internal Certs Object 469 SSL Policy 470 File Policy 474 Access Control Policy 474 Verification 476 Summary 480 Exam Preparation Tasks 480 Chapter 19 Virtual Private Network (VPN) 482 Do I Know This Already? Quiz 483 Foundation Topics 484 VPN Essentials 484 Site-to-Site VPN 485 Remote-Access VPN 488 IPsec Essentials 489 Mode of Operation 490 Security Association and Key Exchange 492 IKEv1 492 IKEv2 494 Authentication 495 Site-to-Site VPN Deployment 496 Prerequisites 496 Configurations 499 Access Control Policy 503 NAT Policy 504 Verification 507 Remote-Access VPN Deployment 513 Prerequisites 513 Configuration 516 AnyConnect File 517 RADIUS Server Group 518 Certificate Enrollment 518 Network and IP Address Pool 521 Remote-Access VPN Policy 522 Verification 527 Summary 534 Exam Preparation Tasks 535 Chapter 20 Quality of Service (QoS) 536 Do I Know This Already? Quiz 536 Foundation Topics 538 Quality of Service Essentials 538 Best Practices for Enabling QoS 541 Fulfilling Prerequisites 541 Configuring QoS Policy 542 Verification 546 Analyzing QoS Events and Statistics 550 Summary 554 Exam Preparation Tasks 554 Chapter 21 System Logging (Syslog) 556 Do I Know This Already? Quiz 557 Foundation Topics 558 Secure Firewall Logging Essentials 558 Best Practices for Logging 560 Prerequisites 560 Sending Syslog from Threat Defense 564 Add a Syslog Server on Platform Settings 564 Enable Logging on Access Control Policy 568 Verification 568 Sending Syslog from Management Center 569 Create Syslog Alerts 569 Verification 572 Correlate Events to Send Syslog Alerts 574 Troubleshooting Logs 578 Summary 581 Exam Preparation Tasks 581 Part IV Conclusion Chapter 22 Final Preparation 582 Getting Ready for the Exam 582 Tools for Final Review 582 Exam Day 583 Practice Tests 583 Pearson Cert Practice Test Engine and Questions on the Website 583 Accessing the Pearson Test Prep Software Online 584 Accessing the Pearson Test Prep Software Offline 584 Customizing Your Exams 585 Updating Your Exams 585 Premium Edition 586 Chapter-Ending Review Tools 586 Summary 586 Part V Appendixes Appendix A Answers to the Do I Know This Already? Questions 588 Appendix B CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide Updates 598 Glossary 601 Online Elements Appendix C Memory Tables Appendix D Memory Tables Answer Key Appendix E Study Planner Glossary 9780136589709 TOC 4/21/2022