of 33 /33
http://www.firewalllearning.com/ Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected] Certified Network & Firewall Specialist – CNFS Training The Certified Network & Firewall Specialist CNFS Course consists of multiple training and certification tracks that map to industry job roles. This course provides the latest technologies and job skills that make you an innovator in Security technologies..This course provides Specialized knowledge about Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention systems, Firewall clusters & Load balancers, gateway-based anti-virus, anti-spam, SSL VPN and web content filtering, along with application control and flexible configuration options of major vendors in industry such as cisco, Juniper, Checkpoint, Fortinet, paloalto , F5, Bluecaot,Riverbed, wireshark & also it will be extensively going through with different hacking techniques & hacker methodologies and approach of security administrators to defend networks against cyber threats. This course is designed by industry experts by identifying the skills required by current job market. Multiple vendor course are added in this course why because many companies infrastructures are hybrids of multiple vendors Duration: 6 months Module-1: Networking Introduction to Networking Local Area networks Understanding the OSI Model Understanding TCP/IP Understanding Network Services Understanding Wires & wireless Networks Internet Protocol v4 Wide Area Networks Understanding Ip header Understanding TCP Flags

Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

Embed Size (px)

Text of Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing...

Page 1: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Certified Network & Firewall Specialist – CNFS Training

The Certified Network & Firewall Specialist – CNFS Course consists of multiple

training and certification tracks that map to industry job roles. This course

provides the latest technologies and job skills that make you an innovator in

Security technologies..This course provides Specialized knowledge about

Deploying, configuring, Managing & Troubleshooting enterprise firewalls,

Intrusion Detection systems, Intrusion prevention systems, Firewall clusters &

Load balancers, gateway-based anti-virus, anti-spam, SSL VPN and web content

filtering, along with application control and flexible configuration options of

major vendors in industry such as cisco, Juniper, Checkpoint, Fortinet, paloalto , F5, Bluecaot,Riverbed,

wireshark & also it will be extensively going through with different hacking techniques & hacker

methodologies and approach of security administrators to defend networks against cyber threats.

This course is designed by industry experts by identifying the skills required by current job market.

Multiple vendor course are added in this course why because many companies infrastructures are hybrids

of multiple vendors

Duration:

6 months

Module-1: Networking

Introduction to Networking

Local Area networks

Understanding the OSI Model

Understanding TCP/IP

Understanding Network Services

Understanding Wires & wireless Networks

Internet Protocol v4

Wide Area Networks

Understanding Ip header

Understanding TCP Flags

Page 2: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Module-2: Microsoft Basics

AD Overview

Configuring AD

Understanding AD Forest, Tree, Domain, OU

Understanding GPO

Deploying GPO

Understanding DHCP Process

Configuring DHCP

Understanding DNS Architecture

Configuring DNS

Configuring RADIUS

Creating Network policy servers to integrate with Firewalls & Routers

Module-3: Linux Basics

Linux Architecture

Linux installation

Understanding Linux File System Hierarchy

File permissions

System Logging in Linux

Configuring Syslog server

Log monitoring in Syslog

Reset Root Password

Module-4: CCNA ( Routing & Switching )

IPADDRESSING

TCP/IP Protocol Suite

IPv4 Address Classes

Addressing Fundamentals

IPV4 SERVICES

Domain Name System

Internet Control Message Protocol (ICMP)

Transmission Control Protocol (TCP)

Page 3: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

User Datagram Protocol (UDP)

Differences between TCP & UDP

SUBNETTING

Classful vs. Classless Addressing

Subnet Calculation Process

VLSM

CIDR

Summarization

ROUTER

Introduction to Router

Configuring a Router

Managing Cisco IOS Software

IOS backup & Recovery

Password Recovery of router

ROUTING BASICS

Introduction to Routing Protocols

Static Routing

Default Routing

Dynamic Routing

IP ROUTING PRINCIPLES

IP Routing Fundamentals

Link State Protocol

Administrative Distance

ROUTING PROTOCOLS

IGRP

Differences between RIPv1 & RIPv2

Configuring RIP

Page 4: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

OSPF

OSPF Fundamentals

Configuring OSPF

OSPF Route Selection

OSPF Route Preferences

EIGRP

EIGRP Fundamentals

Configuring EIGRP

EIGRP Route Selection

EIGRP Troubleshooting

Access Control Lists (ACLs)

Access-List Fundamentals

Configuring ACL

Access-List Processing

Wildcard Masks

Standard IP Access-Lists

Extended IP Access-Lists

Troubleshooting Access-Lists

NETWORK ADDRESS TRANSLATION (NAT)

Introduction to NAT

NAT Fundamentals

Configuring static NAT

Configuring Dynamic NAT

NAT Troubleshooting

Port Address Translation

Introduction to PAT

Configuring PAT

FRAME RELAY

Page 5: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Frame-Relay Fundamentals

Implementing Frame-Relay

Frame-Relay with ARP

Frame-Relay Serial Interface

SWITCHING

Introduction to Switching

Switch Architecture

Configuring Cisco switches

Running debug commands

VLANS

Introduction to VLAN Technology

VLAN Principles

Creating VLANs

VLAN Trunking

Configuring Inter-VLAN Routing

Spanning-Tree protocol

Spanning-Tree Basics

Configuring Spanning-tree

Spanning-Tree Convergence

Spanning-Tree Enhancements

Spanning-Tree Troubleshooting

Introduction to IPV6

IPv6 Fundamentals

IPv6 Routing

Configuring EIGRP for IPv6

Completing IPv6 Configuration

WLAN Technology

Wireless Fundamentals

Wireless LAN Components

Page 6: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Wireless LAN Types

Wireless LAN Operation

Wireless LAN Security

Configuring wireless router

Security Device Manager (SDM)

Introduction to SDM

Prerequisites of SDM

Configuring SDM

Troubleshooting SDM

Module-5: CCNA ( Security )

Fundamentals of Security

Introduction to CIA

Goals of Security

Profiles of Attackers

Types of Attackers

Typical Threats/Attacks

Cisco Device Security

Configuring SSH server

Configuring Syslog Server

Configuring NTP server

Role based access

AAA ( Authentication, Authorization & Accounting)

Understanding AAA Framework

Implement AAA on Cisco routers using

Understanding TACACS+

Configuring TACACS+

Configuring Cisco Secure ACS

CISCO Router Based Firewalls

Page 7: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Classic IOS Firewall

Drawbacks of CBAC

CBAC Configuration

Configuring Zone Based Firewalls

Implement the Cisco IOS firewall feature set using SDM

Access control Lists

Access-List Basics

Exploring Access-Lists

Applying standard Access /lists

Extended ACL configuration

Intrusion Detection & Prevention

IDS/IPS Fundamentals

Threat Detection Techniques

Configuring IOS based IPS

Virtual Private Network

Introduction to VPN

Types of VPNs

Internet Key Exchange

IPSEC Fundamentals

Configuring Router based Remote Access VPN

Configuring Site-to-site VPN

Hardening Router

Running Vulnerability assessment of a router

Auditing cisco router using SDM

Configuring one step Lockdown

Implement secure network management and reporting

Switch Security

VLAN Attack and Defense

Page 8: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Spoofing Attacks

MAC Flooding/CAM Overflow

STP Attack and Defense

Configuring BPDU Guard

Configuring Root Guard

Overview of Storm control

Configuring Storm control

Module-6: ASA Firewall administration

Securing Networks with Cisco Routers and Switches

Deploying Cisco IOS Software Network Foundation Protection Lesson

Deploying Network Foundation Protection Controls

Deploying Advanced Switched Data Plane Security Controls

Implementing Cisco Identity-Based Network Services

Deploying Basic 802.1X Features

Deploying Advanced Routed Data Plane Security Controls

Deploying Advanced Control Plane Security Controls

Deploying Advanced Management Plane Security Controls

Deploying Cisco IOS Software Threat Control and Containment

Deploying Cisco IOS Software Network Address Translation

Deploying Basic Zone-Based Policy Firewalls

Deploying Advanced Zone-Based Policy Firewalls

Deploying Cisco IOS Software IPS

Deploying Cisco IOS Software Site-to-Site Transmission Security

Site-to-Site VPN Architectures and Technologies

Deploying VTI-Based Site-to-Site IPsec VPNs

Deploying Scalable Authentication in Site-to-Site IPsec VPNs

Deploying DMVPNs

Deploying High Availability in Tunnel-Based IPsec VPNs

Deploying GET VPN

Deploying Secure Remote Access with Cisco IOS Software

Remote Access VPN Architectures and Technologies

Page 9: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Deploying Remote Access Solutions Using SSL VPN

Deploying Remote Access Solutions Using Cisco Easy VPN

Deploying Cisco ASA Firewall Solutions

Introduction to the Cisco ASA Adaptive Security Appliance

Implementation of Basic Connectivity and Device Management

Deployment of Cisco ASA Adaptive Security Appliance Access Control Features

Deployment of Cisco ASA Adaptive Security Appliance Network Integration Features

Deployment of Cisco ASA Adaptive Security Appliance Virtualization and High-

Availability Features

Integration of Cisco ASA Adaptive Security Appliance Security Service Modules

Configuring Routing on the Cisco ASA Adaptive Security Appliance

Configuring Dynamic Routing

Deploying Cisco ASA VPN Solutions

Evaluate the Cisco ASA adaptive security appliance VPN subsystem

Deploy Cisco ASA adaptive security appliance IPsec VPN solutions

Deploy Cisco ASA adaptive security appliance Cisco AnyConnect remote access VPN

solutions

Deploy Cisco ASA adaptive security appliance clientless remote access VPN solutions

Deploy advanced Cisco ASA adaptive security appliance VPN

Implementing Cisco Intrusion Prevention System

Introduction to Intrusion Prevention and Detection,

Cisco IPS Software,and Supporting Devices

Installing and Maintaining Cisco IPS Sensors

Applying Cisco IPS Security Policies

Adapting Traffic Analysis and Response to the Environment

Managing and Analyzing Events

Configuring and Maintaining Specific Cisco IPS Hardware

Page 10: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Module-6: Checkpoint Administration

Introduction to Checkpoint Technologies

What’s new in checkpoint R77.30

Checkpoint’s Architecture

Implementing 3 tier Architecture of checkpoint

Deployment Platforms

Checkpoint supported platforms

Installing Checkpoint on Windows o/s

Installing Checkpoint on GAiA

Configuring checkpoint in standard setup

Configuring checkpoint in distributed setup

Introduction to Security policy

Understanding Checkpoint Licensing

VerifySIC establishment between the Security Management Server and the Gateway using Smart

Dashboard

Creating a basic Rulebase

Implicit rules vs Explicit rules

Configuring hide NAT

Configuring Static NAT

Configuring PAT & Port Redirection

User management & Authentication

Configure user & group accounts in checkpoint

Configure policies for authentication

Local Authentication Methods

Configuring user authentication

Configuring Session authentication

Configuring Client Authentication

Page 11: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

External Authentication

Creating LDAP & TACACS+ objects

Integrating active directory server with checkpoint gateway

Configuring Tacacs+ server

Integrating Tacacs+ server with checkpoint gateway

Integrating Radius Server

Identity Awareness

Introduction to Identity Awareness

Configuring Identity Awareness

Using Identity awareness to provide access to network resource

Checkpoint VPN Introduction

Understanding VPN terminology

Understanding IKEv2

Understanding Phase-1& Phase-2

Implementing site-to-site vpn with head office & Branch office

Monitoring

Using smartview tracker for Analyzing logs

Using smartview Monitor for monitoring traffic

Using queries in smartview tracker

Filtering logs in smartview tracker

SMART UPDATE

Monitor remote Gateways using SmartUpdate

Patch Management

Page 12: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Manage New installations

license modifications

Upgrading Checkpoint Gw’s & Management server using Smart update

Module-7: Checkpoint Expert

Advance Firewall

Debugging firewall Modules

Upgrade & troubleshoot Management server

Performing Backup of Management server

Backup using snapshot

Backup using cpbackup

Backup using upgrade tools

Command Line Administration

Understanding standard mode & Expert mode shells

Running Checkpoint commands

Accessing Firewall Directory

Advance VPN

Troubleshoot a site-to-site or certificatebased VPN Using ikeview

Optimize VPN Performance

Implementing an SSL Web based VPN

Implementing Tunnel based SSL VPN

Troubleshooting SSL VPN

UTM Features

Configuring Antivirus blade in checkpoint gateway

Page 13: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Verifying Antivirus modules

Implementing content filtering

Configuring cvp & ufp policies

Configuring URL filtering

Testing URL filtering

Advance UTM Features

Java & ActiveX based attacks

Implementing Java & activeX blocking

Configuring Application control

Using smart event intro for analyzing application traffic

IDS/IPS

Configuring IPS blade

Updating IPS signatures

Configuring IPS policies

Customizing IPS profiles

Implementing location based restrictions

Verifying IPS

QOS

Understanding Checkpoint QOS architecture

Enabling QOS blade

Bandwidth Monitoring using QOS

Segregate Bandwidth to different networks

Writing QOS policies in rulebase

CLUSTERING

Building clusterXL for loadbalancing

Adding gateways into cluster

Page 14: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Verify Load balancing

Bulding clusterXL for High Availabilty

Deploying HA on an Enterprise network

Verifying HA using smartview monitor

Management sever Clustering

Management server recovery

Reporting

Create Events using SmartEvent

Generate reports using SmartReporter

Analyzing Industry Complaince Information

Module-8: Fortigate Administration

Introduction to fortinet

Understanding Features of Fortigate

Understanding Fortigaurd Queries & Packages

Initial Configuration

Upgrading Firmware

Backup & Restore

Configuring DHCP

Firewall Policies

Implicit vs Explicit Policies

Understanding Firewall Components

Understanding NAT

Configuring Source NAT

Configuring DNAT using Virtual Server

Authentication

Understanding Authentication Protocols

Integrating Active Directory Server

Integrating Radius Server

Create Authentication Policies

Configure Captive Portal

Monitor firewall Users

Page 15: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

SSL VPN

Understanding SSL Architecture

Operation Modes of SSL

Configuring SSL VPN WebMode

Configuring Bookmark

Configure firewall policies for SSL VPN

Monitor SSL Users

Basic IPSEC VPN

Understanding Architecture of IPSEC

Understanding IKE Phase 1 & 2

Understanding SAD,SPD

Configure IPSEC between two networks

Monitor VPN Traffic

Antivirus

Types of Virus & Malware

Proxy based vs flow based scans

Forti Sandbox

Submit virus sample to fortiguard

Configure Antivirus scanning

Identify order of Evaluation

Explicit Proxy

Implicit vs Explicit Proxy

Configuring Explicit Proxy

PAC vs WPAD

Configuring Web cache

Monitor Proxy Users

Webfilter

Understanding Fortigate Webfiltering Mechanism

Configuring Content Filtering

Configuring URL Filtering

Configuring Web filter overrides

Page 16: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Monitor Webfilter logs

Application Control

Updating Application Control Database

Configuring Application control profile

Traffic Shaping

Logging Application control events

Logging & Monitoring

Understanding Log severity levels

Understanding Logs & Sublog types

Understanding Log structures

Configuring log settings

Configuring Forticloud

Redirect logs to Syslog & SNMP

Module-9: Fortigate Expert

Routing

Interpret Routing Tables

Configuring Wan Link load balance

Configuring RPF

Overriding Static route using Policy base routing

Diagnose Routing Issues

Virtual Domains

Understanding VDOM’s

VDOM resource vs Global resource

Configuring Independent VDOM

Configuring Management through VDOM

Configuring Intervdom Links

Monitoring VDOM Traffic

Transparent Mode

Changing Operation Mode

Page 17: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Configuring Forward Domains

Configuring Port pairing

Implementing Security Profiles

Monitor Mac Table

High Availability

Understanding Active-Active, Active-Passive modes

Implementing HA Solution

Configuring Session Synchronization

Configuring FGSP

Upgrading Firmware on a cluster

Monitor HA Statistics

Advance IPSEC VPN

Differentiate Main Mode & Aggressive Mode

Deploy a remote access vpn using Forticlient

Configure redundant VPN

Diagnose VPN Tunnels

Intrusion Prevention system

Choose IPS Signatures

Configure Anomaly based Detection

Configure signature based detection

Configure DOS Sensor

Monitor & Recognize Attacks using IPS

FSSO

Understanding FSSO

DC Agent Vs Polling mode

Configure DC agent

Monitor FSSO logins

Certificate Operations

Generating a CSR

Importing CRL into Fortigate

Configuring SSL/SSH inspection

Page 18: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Generating Self signed Certificate

Enable SSL Inspection in fortigate

Data Leakage Prevention

Understanding Function of DLP

Filter files & Messages

Fingerprinting

Watermark Based inspection

Diagnostics

Identifying Normal Behavior

Understanding Traffic flow

Connectivity Troubleshooting

Diagnose Resource Issues

Testing Firmware Without Installing

Hardware Acceleration

Understanding ASIC

Understanding NP, SP, CP, SOC

Offloading Sessions to NP

Configure Content Inspection using CP

Configure Antivirus Inspection using SP

Module-10: Juniper JNCIA

Chapter 1: Course Introduction

Chapter 2: Junos Operating System Fundamentals

The Junos OS

Traffic Processing

Platforms Running the Junos OS

Chapter 3: User Interface Options

User Interface Options

The Junos CLI: CLI Basics

Page 19: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

The Junos CLI: Operational Mode

The Junos CLI: Configuration Mode

Lab 1: The Junos CLI

Chapter 4: Initial Configuration

Factory-Default Configuration

Initial Configuration

Interface Configuration

Lab 2: Initial System Configuration

Chapter 5: Secondary System Configuration

User Configuration and Authentication

System Logging and Tracing

Network Time Protocol

Archiving Configurations

SNMP

Lab 3: Secondary System Configuration

Chapter 6: Operational Monitoring and Maintenance

Monitoring Platform and Interface Operation

Network Utilities

Maintaining the Junos OS

Password Recovery

Chapter 7: Routing Fundamentals

Routing Concepts: Overview of Routing

Routing Concepts: The Routing Table

Routing Concepts: Routing Instances

Static Routing

Dynamic Routing

Lab 1: Routing Fundamentals

Page 20: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Chapter 8: Routing Policy

Routing Policy Overview

Case Study: Routing Policy

Lab 2: Routing Policy

Chapter 9: Firewall Filters

Firewall Filters Overview

Case Study: Firewall Filters

Unicast Reverse-Path-Forwarding Checks

Lab 3: Firewall Filters

Module-11: Juniper JNCIS

Chapter 1: Course Introduction

Chapter 2: Introduction to Junos Security

Traditional Routing

Traditional Security

The Junos OS Architecture

Chapter 3: Zones

The Definition of Zones

Zone Configuration

Monitoring Security Zones

Lab 1: Configuring and Monitoring Zones

Chapter 4: Security Policies

Security Policy Overview

Junos ALGs

Policy Components

Verifying Policy Operation

Policy Scheduling and Rematching

Policy Case Study

Lab 2: Security Policies

Page 21: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Day 2

Chapter 5: Firewall User Authentication

Firewall User Authentication Overview

Pass-Through Authentication

Web Authentication

Client Groups

Using External Authentication Servers

Verifying Firewall User Authentication

Lab 3: Configuring Firewall Authentication

Chapter 6: Screen Options

Multilayer Network Protection

Stages and Types of Attacks

Using Junos Screen Options—Reconnaissance Attack Handling

Using Junos Screen Options—Denial of Service Attack Handling

Using Junos Screen Options—Suspicious Packets Attack Handling

Applying and Monitoring Screen Options

Lab 4: Implementing Screen Options

Chapter 7: Network Address Translation

NAT Overview

Source NAT Operation and Configuration

Destination NAT Operation and Configuration

Static NAT Operation and Configuration

Proxy ARP

Monitoring and Verifying NAT Operation

Lab 5: Network Address Translation

Day 3

Chapter 8: IPsec VPNs

VPN Types

Secure VPN Requirements

IPsec Details

Configuration of IPsec VPNs

IPsec VPN Monitoring

Page 22: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Lab 6: Implementing IPsec VPNs

Chapter 9: Introduction to Intrusion Detection and Prevention

Introduction to Junos IDP

IDP Policy Components and Configuration

Signature Database

Case Study: Applying the Recommended IDP Policy

Monitoring IDP Operation

Lab 7: Implementing IDP

Chapter 10: High Availability Clustering Theory

High Availability Overview

Chassis Cluster Components

Advanced Chassis Cluster Topics

Chapter 11: High Availability Clustering Implementation

Chassis Cluster Operation

Chassis Cluster Configuration

Chassis Cluster Monitoring

Lab 8: Implementing High Availability Techniques

Chapter 12: UTM Overview

Branch Office Challenges

UTM Feature Overview

Design Basics

Hardware Support

Licensing of Features

Lab 1: Connecting to the Lab Equipment and Testing Connectivity

Chapter 13: Antispam

Antispam Terminology

Overview of Antispam Process

UTM Policy Overview

Configuration Steps

Monitoring Antispam

Page 23: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Lab 2: Configuring an Antispam Policy

Chapter 14: Full File-Based and Express Antivirus

Antivirus Terminology

Overview of Antivirus Process

AV Operation

Full File-based AV Configuration

Express AV Configuration

Monitoring AV

Lab 3: Antivirus Configuration and Testing

Chapter 15: Content and Web Filtering

Overview and Terminology

Configuration

Verification and Monitoring

Lab 4: Configuring Content and Web Filtering

Module-12: Paloalto Network Essentials

Platforms and Architecture

Single Pass Architecture

Flow Logic

Initial Configuration

Initial Access to the System

Configuration Management

Licensing and Software Updates

Account Administration

Interface Configuration

Security Zones

Layer 2, Layer 3, Virtual Wire, and Tap

Sub-interfaces

DHCP

Page 24: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Virtual Routers

Security and NAT Policies

Security Policy Configuration

Policy Administration

NAT (source and destination)

App-ID

App-ID Overview

Application Groups and Filters

Content-ID

Antivirus

Anti-spyware

Vulnerability

URL Filtering

File Blocking: WildFire

Security Profiles File Blocking

WildFire

Decryption

Certificate Management

Outbound SSL Decryption

Inbound SSL Decyrption

User-ID

Enumerating Users

Mapping Users to IP addresses

User-ID Agent

Page 25: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Site-to-Site VPN

IPsec Tunnels

Management & Reporting

Dashboard

Basic Logging

Basic Reports

Panorama

Active/Passive High Availability

Configuring Active/Passive HA

Module-13: Paloalto Advance Administration

Advanced Interface Config

Advanced NAT

Policy Based Forwarding

Routing Protocols (OSPF)

App-ID: Custom Apps

Defining new Application Signatures

Application Override

Advanced Content-ID™

Custom Threat Signatures

Data Filtering

DoS Protection

Botnet Report

Advanced User-ID™

Terminal Server Agent

Captive Portal

Page 26: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

XML API

QoS

Configuring Quality of Service

Monitoring and Reporting

Log Forwarding

SNMP

Reporting

GlobalProtect

Implementation of GlobalProtect

Install and Configure Portal, Gateway, and Agents

MSM

GP-100 Overview

Deployment Policies

Managing Mobile Devices

Module-14: F5 LTM Administration

Chapter 1: Setting Up the BIG-IP System

Introducing the BIG-IP System

Initially Setting Up the BIG-IP System

Archiving the BIG-IP Configuration

Leveraging F5 Support Resources and Tools

Chapter 2: Traffic Processing Building Blocks

Identifying BIG-IP Traffic Processing Objects

Network Packet Flow

Configuring Virtual Servers and Pools

Load Balancing Traffic

Viewing Module Statistics and Logs

Using the Traffic Management Shell (TMSH)

Page 27: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Understanding the TMSH Hierarchical Structure

Navigating the TMSH Hierarchy

Managing BIG-IP Configuration State and Files

BIG-IP System Configuration State

Loading and Saving the System Configuration

Shutting Down and Restarting the BIG-IP System

Saving and Replicating Configuration Data (UCS and SCF)

Viewing the BIG-IP Connection Table

Chapter 3: Using NATs and SNATs

Address Translation on the BIG-IP System

Mapping IP Addresses with NAT

Solving Routing Issues with SNATs

Configuring SNAT Auto Map on a Virtual Server

Monitoring for and Mitigating Port Exhaustion

Chapter 4: Monitoring Application Health

Introducing Monitors

Types of Monitors

Monitor Interval and Timeout Settings

Configuring Monitors

Assigning Monitors to Resources

Managing Pool, Pool Member, and Node Status

Using the Network Map

Chapter 5: Modifying Traffic Behavior with Profiles

Introducing Profiles

Understanding Profile Types and Dependencies

Configuring and Assigning Profiles

Chapter 6: Modifying Traffic Behavior with Persistence

Understanding the Need for Persistence

Introducing Source Address Affinity Persistence

Introducing Cookie Persistence

Introducing SSL Offload and SSL Re-Encryption

Managing Object State

Introducing Action on Service Down

Page 28: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Chapter 7: Troubleshooting the BIG-IP System

Configuring Logging

Introducing BIG-IP System Logging

Legacy Remote Logging

Introducing High Speed Logging (HSL)

High-Speed Logging Filters

HSL Configuration Objects

Configuring High Speed Logging

Using tcpdump on the BIG-IP System

Chapter 8: Administering the BIG-IP System

Leveraging Always-On Management (AOM)

Expanding Availability with Device Service Clustering (DSC)

Viewing BIG-IP System Statistics

Defining User Roles and Administrative Partitions

Leveraging vCMP

Chapter 9: Customizing Application Delivery with iRules

Identifying iRules Components

Triggering iRules with Events

Leveraging the iRules Ecosystem on DevCentral

Chapter 10: Reviewing Local Traffic Configuration

Reviewing Nodes, Pools, and Virtual Servers

Reviewing Address Translation

Reviewing Routing Assumptions

Reviewing Application Health Monitoring

Reviewing Traffic Behavior Modification with Profiles

Reviewing the TMOS Shell (TMSH)

Reviewing Managing BIG-IP Configuration Data

Chapter 11: Load Balancing Traffic with LTM

Exploring Load Balancing Options

Using Priority Group Activation and Fallback Host

Comparing Member and Node Load Balancing

Page 29: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Chapter 12: Modifying Traffic Behavior with Persistence

Reviewing Persistence

Introducing SSL Persistence

Introducing SIP Persistence

Introducing Universal Persistence

Introducing Destination Address Affinity Persistence

Using Match Across Options for Persistence

Chapter 13: Monitoring Application Health

Differentiating Monitor Types

Customizing the HTTP Monitor

Monitoring an Alias Address and Port

Monitoring a Path vs. Monitoring a Device

Managing Multiple Monitors

Using Application Check Monitors

Using Manual Resume and Advanced Monitor Timer Settings

Chapter 14: Processing Traffic with Virtual Servers

Virtual Servers Concepts

Path Load Balancing

Introducing Auto Last Hop

Chapter 15: Processing Traffic with SNATs

Overview of SNATs

SNAT Auto Map

Using SNAT Pools

SNATs as Listeners

SNAT Specificity

VIP Bounceback

Additional SNAT Options

Network Packet Processing

Chapter 16: Configuring High Availability

Sync-Failover Group Concepts

Synchronization, State and Failover

Page 30: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Traffic Group Concepts

N+1 Concepts

Chapter 17: Configuring High Availability Part 2

Failover Triggers and Detection

Stateful Failover

Device Group Communication

Sync-Only Device Groups

Chapter 18: Modifying Traffic Behavior with Profiles

Profiles Overview

Common Protocol Profile Types and Settings

TCP Express Optimization

Performance Improvements

Configuring and Using Profiles

HTTP Profile Options

OneConnect

Offloading HTTP Compression to BIG-IP

HTTP Caching

Stream Profiles

F5 Acceleration Technologies

Analytics

Chapter 19: Deploying Application Services with iApps

Simplifying Application Deployment with iApps

Using iApps Templates

Deploying an Application Service

Reconfiguring an Application Service

Leveraging the iApps Ecosystem on DevCentral

Chapter 20: Customizing Application Delivery with iRules and Local Traffic Policies

Getting Started with iRules

Triggering an iRule

Introducing iRule Constructs

Leveraging the DevCentral Ecosystem

Deploying and Testing iRules

Getting Started with Local Traffic Policies

Page 31: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

What Can You Do with a Local Traffic Policy?

How Does a Local Traffic Policy Work?

Understanding Local Traffic Policy Workflow

Introducing the Elements of a Local Traffic Policy

Specifying the Matching Strategy

What Are Rules?

Understanding Requires and Controls

Configuring and Managing Policy Rules

Configuring a New Rule

Including Tcl in Certain Rule Settings

Module-15: Bluecoat Administration

Introduction to ProxySG

ProxySG Security Deployments

ProxySG Initial Security Configuration

ProxySG Management Console

ProxySG Security Licensing

Proxy Services

Hypertext Transfer Protocol

Introduction to Visual Policy Manager

Content Filtering and WebPulse

Managing Downloads

Authenticating users on the ProxySG

Authentication Realms

Authentication with Transparent Proxy

Exceptions and Notifications

Access Logging

Managing SSL Traffic

Page 32: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Module-16: Riverbed Wan 200 Essentials

Steelhead Appliance

Intro to RiOS® Optimization

In-Path Deployment

Out-of-Path Deployment

Logical In-Path w/ WCCPv2

Satellite w/ High-Speed TCP

Introduction to Interceptor®

Scaling Your Deployment

Sizing Your Deployment

Deployment Troubleshooting

Central Management Console

Managing Your Deployment

CMC Policies

Appliance Grouping

Deploying the CMC

Steelhead Mobile

Mobilizing Your Workforce

Acceleration Policies

Integrating Steelhead Mobile

Virtual Services Platform

VSP & ESXi Architecture

Deploying VM Packages

Granite

Storage & iSCSI Basics

Granite Solution Overview

LUN Configuration

Granite Core & EX Edge Install

Mapping LUNs (VSP/Non-VSP)

Page 33: Certified Network & Firewall Specialist – CNFS Training · Deploying, configuring, Managing & Troubleshooting enterprise firewalls, Intrusion Detection systems, Intrusion prevention

http://www.firewalllearning.com/

Hyderabad: #304,305 Ashoka Capital building, Road Number 2 , BanjaraHills, Hyderabad, Telangana, India – 500034. Ph: 8686348800, 9100058419 | [email protected]

Module-17: wireshark Packet Analysis

Introduction to Wireshark

Navigating in the GUI

Arranging Wireshark Your Way

Dissectors

Profiles

Latency

Controlling the Capture

Capture Filters

Display Filters

Adv. Display Filters

Upgrading Wireshark

Sorting out a Troubled Network

Regular Expressions

Exporting

Input/Output graphs

Expert Infos in Wireshark

Seeing What the User Downloaded

VoIP

IPv6 Packet Monitoring