Duration 2 Days 12 CPD hours This course is intended for Security architects System designers Network administrators Operations engineers Network managers, network or security technicians, and security engineers and managers responsible for web security Cisco integrators and partners Overview After taking this course, you should be able to: Describe Cisco WSA Deploy proxy services Utilize authentication Describe decryption policies to control HTTPS traffic Understand differentiated traffic access policies and identification profiles Enforce acceptable use control settings Defend against malware Describe data security and data loss prevention Perform administration and troubleshooting This course shows you how to implement, use, and maintain Cisco© Web Security Appliance (WSA), powered by Cisco Talos, to provide advanced protection for business email and control against web security threats. Through a combination of expert instruction and hands-on practice, you?ll learn how to deploy proxy services, use authentication, implement policies to control HTTPS traffic and access, implement use control settings and policies, use the solution?s anti-malware features, implement data security and data loss prevention, perform administration of Cisco WSA solution, and more.This course helps you prepare to take the exam, Securing the Web with Cisco Web Security Appliance (300-725 SWSA). Describing Cisco WSA Technology Use Case Cisco WSA Solution Cisco WSA Features Cisco WSA Architecture Proxy Service Integrated Layer 4 Traffic Monitor Data Loss Prevention Cisco Cognitive Intelligence Management Tools Cisco Advanced Web Security Reporting (AWSR) and Third-Party Integration Cisco Content Security Management Appliance (SMA) Deploying Proxy Services Explicit Forward Mode vs. Transparent Mode Transparent Mode Traffic Redirection Web Cache Control Protocol Web Cache Communication Protocol (WCCP) Upstream and Downstream Flow Proxy Bypass Proxy Caching Proxy Auto-Config (PAC) Files FTP Proxy Socket Secure (SOCKS) Proxy Proxy Access Log and HTTP Headers Customizing Error Notifications with End User Notification (EUN) Pages Utilizing Authentication Authentication Protocols Authentication Realms Tracking User Credentials Explicit (Forward) and Transparent Proxy Mode Bypassing Authentication with Problematic Agents Reporting and Authentication Re-Authentication FTP Proxy Authentication Troubleshooting Joining Domains and Test Authentication Integration with Cisco Identity Services Engine (ISE) Creating Decryption Policies to Control HTTPS Traffic Transport Layer Security (TLS)/Secure Sockets Layer (SSL) Inspection Overview Certificate Overview Overview of HTTPS Decryption Policies Activating HTTPS Proxy Function Access Control List (ACL) Tags for HTTPS Inspection Access Log Examples Understanding Differentiated Traffic Access Policies and Identification Profiles Overview of Access Policies Access Policy Groups Overview of Identification Profiles Identification Profiles and Authentication Access Policy and Identification Profiles Processing Order Other Policy Types Access Log Examples ACL Decision Tags and Policy Groups Enforcing Time-Based and Traffic Volume Acceptable Use Policies, and End User Notifications Defending Against Malware Web Reputation Filters Anti-Malware Scanning Scanning Outbound Traffic Anti-Malware and Reputation in Policies File Reputation Filtering and File Analysis Cisco Advanced Malware Protection File Reputation and Analysis Features Integration with Cisco Cognitive Intelligence Enforcing Acceptable Use Control Settings Controlling Web Usage URL Filtering URL Category Solutions Dynamic Content Analysis Engine Web Application Visibility and Control Enforcing Media Bandwidth Limits Software as a Service (SaaS) Access Control Filtering Adult Content Data Security and Data Loss Prevention Data Security Cisco Data Security Solution Data Security Policy Definitions Data Security Logs Performing Administration and Troubleshooting Monitor the Cisco Web Security Appliance Cisco WSA Reports Monitoring System Activity Through Logs System Administration Tasks Troubleshooting Command Line Interface
Duration 2 Days 12 CPD hours This course is intended for Cloud Architects, Security Experts, and Network Administrators requiring in depth knowledge on CloudGuard Network Security products. Overview Discuss AWS Platform Components and their relationship to Check Point CloudGuard Network Security. Explain how to maintain a secure, efficient, and stable cloud environment. Describe the components and constraints of a hub and spoke security environment. Describe the function of the Cloud Management Extension. Explain the purpose of identity and access controls and constraints in different cloud platforms. Explain the steps required to configure Identity and Access controls in AWS. Describe the purpose and function of the CloudGuard Controller, its processes, and how it is tied to the Identity Awareness feature. Explain how to design and configure Cloud Adaptive Policies. Discuss the purpose and function of Data Center Objects. Describe the function and advantages of Cloud Service Provider (CSP) automation templates for instance and resource deployments. Explain how CSP templates can be used for maintenance tasks in the cloud environment. Discuss Third-Party Automation tools, how they can simplify deployment and maintenance tasks, and the constraints associated with them. Discuss Scaling Solutions and Options for Cloud Environments. Explain the Scaling Options in AWS. Describe the workflow for configuring scaling solutions in AWS. Discuss how ClusterXL operates and what elements work together to permit traffic failover. Explain how ClusterXL functions differently in a Cloud Environment. Describe how clusters are created and function in AWS. Discuss the elements involved in Hybrid Data Center deployments, the advantages of them, and the constraints involved. Explain the nature of a 'Greenfield' deployment, the advantages of it, and the constraints involved. Describe the components and constraint involved in deploying a Disaster Recovery Site in the cloud. Discuss the steps required for troubleshooting automation in AWS. Explain the steps required for troubleshooting Scaling Solution issues in AWS. Describe the steps required for troubleshooting clusters in AWS. Learn advanced concepts and develop skills needed to design and administer CloudGuard Network Security Environments. Course Outline Create an SSH Key Pair. Create a VPC. Deploy an SMS. Connect to SmartConsole. Review the IAM Role. Configure the Cloud Management Extension. Configure the Access Control Policy. Create the AWS Data Center Object. Create Access Control Policy with a Data Center Object. Create the AWS VPC Spokes. Deploy the Web Servers into the Spoke VPCs. Create the AWS Auto Scale Deployment. Create the External and Internal Load Balancers. Create the VPC for the Auto Scale Deployment. Create the VPC Peers. Deploy the CloudGuard Cluster Template. Create the AWS VPN Gateway. Configure the Tunnel Interfaces. Configure the Static Routes. Configure the Network Objects. Configure the VPN Community. Configure the Security Policy. Test the Traffic. Troubleshoot the CloudGuard Controller. Debug the CloudGuard Controller. Debug the Cloud Management Extension Additional course details: Nexus Humans CNSE-AWS Check Point Network Security Expert for AWS training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the CNSE-AWS Check Point Network Security Expert for AWS course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.
Duration 3 Days 18 CPD hours This course is intended for This class is intended for the following participants: Cloud architects, administrators, and SysOps/DevOps personnel Individuals using Google Cloud Platform to create new solutions or to integrate existing systems, application environments, and infrastructure with the Google Cloud Platform. Overview This course teaches participants the following skills: Understand how software containers work Understand the architecture of Kubernetes Understand the architecture of Google Cloud Platform Understand how pod networking works in Kubernetes Engine Create and manage Kubernetes Engine clusters using the GCP Console and gcloud/ kubectl commands Launch, roll back and expose jobs in Kubernetes Manage access control using Kubernetes RBAC and Google Cloud IAM Managing pod security policies and network policies Using Secrets and ConfigMaps to isolate security credentials and configuration artifacts Understand GCP choices for managed storage services Monitor applications running in Kubernetes Engine This class introduces participants to deploying and managing containerized applications on Google Kubernetes Engine (GKE) and the other services provided by Google Cloud Platform. Through a combination of presentations, demos, and hands-on labs, participants explore and deploy solution elements, including infrastructure components such as pods, containers, deployments, and services; as well as networks and application services. This course also covers deploying practical solutions including security and access management, resource management, and resource monitoring. Introduction to Google Cloud Platform Use the Google Cloud Platform Console Use Cloud Shell Define cloud computing Identify GCPs compute services Understand regions and zones Understand the cloud resource hierarchy Administer your GCP resources Containers and Kubernetes in GCP Create a container using Cloud Build Store a container in Container Registry Understand the relationship between Kubernetes and Google Kubernetes Engine (GKE) Understand how to choose among GCP compute platforms Kubernetes Architecture Understand the architecture of Kubernetes: pods, namespaces Understand the control-plane components of Kubernetes Create container images using Google Cloud Build Store container images in Google Container Registry Create a Kubernetes Engine cluster Kubernetes Operations Work with the kubectl command Inspect the cluster and Pods View a Pods console output Sign in to a Pod interactively Deployments, Jobs, and Scaling Create and use Deployments Create and run Jobs and CronJobs Scale clusters manually and automatically Configure Node and Pod affinity Get software into your cluster with Helm charts and Kubernetes Marketplace GKE Networking Create Services to expose applications that are running within Pods Use load balancers to expose Services to external clients Create Ingress resources for HTTP(S) load balancing Leverage container-native load balancing to improve Pod load balancing Define Kubernetes network policies to allow and block traffic to pods Persistent Data and Storage Use Secrets to isolate security credentials Use ConfigMaps to isolate configuration artifacts Push out and roll back updates to Secrets and ConfigMaps Configure Persistent Storage Volumes for Kubernetes Pods Use StatefulSets to ensure that claims on persistent storage volumes persist across restarts Access Control and Security in Kubernetes and Kubernetes Engine Understand Kubernetes authentication and authorization Define Kubernetes RBAC roles and role bindings for accessing resources in namespaces Define Kubernetes RBAC cluster roles and cluster role bindings for accessing cluster-scoped resources Define Kubernetes pod security policies Understand the structure of GCP IAM Define IAM roles and policies for Kubernetes Engine cluster administration Logging and Monitoring Use Stackdriver to monitor and manage availability and performance Locate and inspect Kubernetes logs Create probes for wellness checks on live applications Using GCP Managed Storage Services from Kubernetes Applications Understand pros and cons for using a managed storage service versus self-managed containerized storage Enable applications running in GKE to access GCP storage services Understand use cases for Cloud Storage, Cloud SQL, Cloud Spanner, Cloud Bigtable, Cloud Firestore, and Bigquery from within a Kubernetes application
Duration 3 Days 18 CPD hours This course is intended for This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager. This three-day course gives network administrators, network operators, and network engineers a functional understanding of BIG-IP Access Policy Manager as it is commonly deployed in both application delivery network and remote access settings. The course introduces students to BIG-IP Access Policy Manager, its configuration objects, how it commonly deployed, and how typical administrative and operational activities are performed. The course includes lecture, hands-on labs, interactive demonstrations, and discussions. Module 1: Setting Up the BIG-IP System Introducing the BIG-IP System Initially Setting Up the BIG-IP System Archiving the BIG-IP Configuration Leveraging F5 Support Resources and Tools Module 2: Configuring Web Application Access Review of BIG-IP LTM Introduction to the Access Policy Web Access Application Configuration Overview Web Application Access Configuration in Detail Module 3: Exploring the Access Policy Navigating the Access Policy Module 4: Managing BIG-IP APM BIG-IP APM Sessions and Access Licenses Session Variables and sessiondump Session Cookies Access Policy General Purpose Agents List Module 5: Using Authentication Introduction to Access Policy Authentication Active Directory AAA Server RADIUS One-Time Password Local User Database Module 6: Understanding Assignment Agents List of Assignment Agents Module 7: Configuring Portal Access Introduction to Portal Access Portal Access Configuration Overview Portal Access Configuration Portal Access in Action Module 8: Configuring Network Access Concurrent User Licensing VPN Concepts Network Access Configuration Overview Network Access Configuration Network Access in Action Module 9: Deploying Macros Access Policy Macros Configuring Macros An Access Policy is a Flowchart Access Policy Logon Agents Configuring Logon Agents Module 10: Exploring Client-Side Checks Client-Side Endpoint Security Module 11: Exploring Server-Side Checks Server-Side Endpoint Security Agents List Server-Side and Client-Side Checks Differences Module 12: Using Authorization Active Directory Query Active Directory Nested Groups Configuration in Detail Module 13: Configuring App Tunnels Application Access Remote Desktop Network Access Optimized Tunnels Landing Page Bookmarks Module 14: Deploying Access Control Lists Introduction to Access Control Lists Configuration Overview Dynamic ACLs Portal Access ACLs Module 15: Signing On with SSO Remote Desktop Single Sign-On Portal Access Single Sign-On Module 16: Using iRules iRules Introduction Basic TCL Syntax iRules and Advanced Access Policy Rules Module 17: Customizing BIG-IP APM Customization Overview BIG-IP Edge Client Advanced Edit Mode Customization Landing Page Sections Module 18: Deploying SAML SAML Conceptual Overview SAML Configuration Overview Module 19: Exploring Webtops and Wizards Webtops Wizards Module 20: Using BIG-IP Edge Client BIG-IP Edge Client for Windows Installation BIG-IP Edge Client in Action Module 21: Configuration Project Configuration Project Additional course details: Nexus Humans F5 Networks Configuring BIG-IP APM : Access Policy Manager training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the F5 Networks Configuring BIG-IP APM : Access Policy Manager course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.
Duration 5 Days 30 CPD hours This course is intended for Network security engineers ISE administrators Wireless network security engineers Cisco integrators and partners Overview After taking this course, you should be able to: Describe Cisco ISE deployments, including core deployment components and how they interact to create a cohesive security architecture. Describe the advantages of such a deployment and how each Cisco ISE capability contributes to these advantages. Describe concepts and configure components related to 802.1X and MAC Authentication Bypass (MAB) authentication, identity management, and certificate services. Describe how Cisco ISE policy sets are used to implement authentication and authorization, and how to leverage this capability to meet the needs of your organization. Describe third-party Network Access Devices (NADs), Cisco TrustSec, and Easy Connect. Describe and configure web authentication, processes, operation, and guest services, including guest access components and various guest access scenarios. Describe and configure Cisco ISE profiling services, and understand how to monitor these services to enhance your situational awareness about network-connected endpoints. Describe best practices for deploying this profiler service in your specific environment. Describe BYOD challenges, solutions, processes, and portals. Configure a BYOD solution, and describe the relationship between BYOD processes and their related configuration components. Describe and configure various certificates related to a BYOD solution. Describe the value of the My Devices portal and how to configure this portal. Describe endpoint compliance, compliance components, posture agents, posture deployment and licensing, and the posture service in Cisco ISE. Describe and configure TACACS+ device administration using Cisco ISE, including command sets, profiles, and policy sets. Understand the role of TACACS+ within the Authentication, Authentication, and Accounting (AAA) framework and the differences between the RADIUS and TACACS+ protocols. Migrate TACACS+ functionality from Cisco Secure Access Control System (ACS) to Cisco ISE, using a migration tool. Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0 is a Cisco ISE training program that discusses the Cisco Identity Services Engine, an identity and access control policy platform that provides a single policy plane across the entire organization, combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device onboarding, and guest management, into a single context-aware identity-based platform. This CCNA course provides students with the knowledge and skills to enforce security posture compliance for wired and wireless endpoints as well as enhance infrastructure security using the Cisco ISE. Introducing Cisco ISE Architecture and Deployment Using Cisco ISE as a Network Access Policy Engine Cisco ISE Use Cases Describing Cisco ISE Functions Cisco ISE Deployment Models Context Visibility Cisco ISE Policy Enforcement Using 802.1X for Wired and Wireless Access Using MAC Authentication Bypass for Wired and Wireless Access Introducing Identity Management Configuring Certificate Services Introducing Cisco ISE Policy Implementing Third-Party Network Access Device Support Introducing Cisco TrustSec Cisco TrustSec Configuration Easy Connect Web Authentication and Guest Services Introducing Web Access with Cisco ISE Introducing Guest Access Components Configuring Guest Access Settings Configuring Sponsor and Guest Portals Cisco ISE Profiler Introducing Cisco ISE Profiler Profiling Deployment and Best Practices Cisco ISE BYOD Introducing the Cisco ISE BYOD Process Describing BYOD Flow Configuring the My Devices Portal Configuring Certificates in BYOD Scenarios Cisco ISE Endpoint Compliance Services Introducing Endpoint Compliance Services Configuring Client Posture Services and Provisioning in Cisco ISE Working with Network Access Devices Review TACACS+ Cisco ISE TACACS+ Device Administration Configure TACACS+ Device Administration TACACS+ Device Administration Guidelines and Best Practices Migrating from Cisco ACS to Cisco ISE Lab outline Access the SISE Lab and Install ISE 2.4 Configure Initial Cisco ISE Setup, GUI Familiarization, and System Certificate Usage Integrate Cisco ISE with Active Directory Configure Basic Policy on Cisco ISE Configure Policy Sets Configure Access Policy for Easy Connect Configure Guest Access Configure Guest Access Operations Create Guest Reports Configure Profiling Customize the Cisco ISE Profiling Configuration Create Cisco ISE Profiling Reports Configure BYOD Blacklisting a Device Configure Cisco ISE Compliance Services Configure Client Provisioning Configure Posture Policies Test and Monitor Compliance-Based Access Test Compliance Policy Configure Cisco ISE for Basic Device Administration Configure TACACS+ Command Authorization
Duration 3 Days 18 CPD hours This course is intended for Experienced system administrators and network administrators Customers, cloud architects, systems engineers, data center administrators Network administrators with experience in managed services or managing a Telco Cloud environment Overview By the end of the course, you should be able to meet the following objectives: Deploy VMware Telco Cloud Service Assurance Manage VMware Telco Cloud Service Assurance to satisfy Telco cloud provider needs Discuss configurable options for VMware Telco Cloud Service Assurance Identify and configure different data sources which are used with VMware Telco Cloud Service Assurance Configure different collectors in VMware Telco Cloud Service Assurance Identify the Root Cause Analysis options with VMware Telco Cloud Service Assurance Discuss data collection in VMware Telco Cloud Service Assurance Explain root cause analysis in VMware Telco Cloud Service Assurance Navigate through the logs for troubleshooting This three-day, hands-on training course provides the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Telco Cloud Service Assurance environment. In this course, you are introduced to the installation methods of VMware Telco Cloud Service Assurance? across various supported platforms and troubleshooting tools that help you install, manage, and troubleshoot your VMware Telco Cloud Service Assurance environment. In addition, you are presented with various types of configuration options, which you will identify, analyze, and navigate through as you explore the UI and configurable options of the product. Course Introduction Introduction and course logistics Course objectives Introduction to VMware Telco Cloud Service Assurance Describe the features of VMware Telco Cloud Service Assurance List the capabilities of VMware Telco Cloud Service Assurance Discuss the use cases of VMware Telco Cloud Service Assurance Describe the role played by VMware Telco Cloud Service Assurance components in delivering service assurance Deploying VMware Telco Cloud Service Assurance Explain different deployment options of VMware Telco Cloud Service Assurance Identify different deployment methods of VMware Telco Cloud Service Assurance Discuss different phases in deploying VMware Telco Cloud Service Assurance Identify different footprints available for HA based and non-HA based installation of VMware Telco Cloud Service Assurance Describe the SMARTs components of VMware Telco Cloud Service Assurance Deploy VMware Telco Cloud Service Assurance User Access Control Describe the features Role-based Access Control (RBAC) Outline the role of Keycloak in implementing RBAC in VMware Telco Cloud Service Assurance Configure user federation in Keycloak Use the VMware Telco Cloud Service Assurance UI to manage RBAC Create policies in VMware Telco Cloud Service Assurance that align with job roles Services and User Interface Configurations Describe the architecture of logical switching Describe the core services on a TCSA cluster Discuss the Global Manager or Service Assurance Manager (SAM), IP Domain Manager, Server Manager (ESM) Discuss VMware Telco Cloud Service Assurance UI Overview Explain Working with Notifications Elaborate Configuring Summary's Describe Accessing Notification Details Explain Viewing and configuring Topologies List Customizing Topologies Describe Topology Explorer Explain Collecting Troubleshooting Information Discuss Custom models Describe how compute resources are provided to VMware Telco Cloud Service Assurance Describe how storage is provided to VMware Telco Cloud Service Assurance Configure and manage VMware Telco Cloud Service Assurance Discuss configurable options for VMware Telco Cloud Service Assurance Day 1 and Day 2 Operations Review the architecture of logical routing and NSX Edge nodes Identify different data sources to be used with VMware Telco Cloud Service Assurance Configure different collectors with VMware Telco Cloud Service Assurance Describe Alarms and Thresholds Demonstrate how to configure alarms with VMware Telco Cloud Service Assurance Explain how to setup thresholds and timelines in VMware Telco Cloud Service Assurance Define Catalog management and sharing catalogs inside and between organizations. Identify the steps to import or upload data into catalogs. Explain the purpose of catalogs and How to Create a catalog organization. Describe the Purpose and Usage of Open Virtualization Format (OVA) and Custom vApp or VM Properties. Discuss vApp Templates Logs and Troubleshooting Review the architecture of the Distributed Firewall Discuss VMware Telco Cloud Service Assurance installations logs List Smarts installation logs Explain backup and restore options of VMware Telco Cloud Service Assurance Identify the approach for troubleshooting containerized services Discuss monitoring services
Duration 3 Days 18 CPD hours This course is intended for The primary audience for this course is as follows: Customers configuring and maintaining CUCM 8.x, 9.x, 10.x, 11.0, or 12.x. PBX System Administrators transitioning to CUCM administration IP networking professionals taking on responsibility for CUCM administration Workers being cross-trained for CUCM administration coverage The secondary audience for this course is as follows: Cisco Unified Communications system channel partners and resellers Overview Upon completing this course, the learner will be able to meet these overall objectives: Demonstrate an overall understanding of the Cisco Unified Communications Manager (CUCM) 12.x (or earlier version) system and its environment Configure CUCM to support IP Phones in multiple locations Configure CUCM to route calls to internal and PSTN destinations Configure User accounts and multi-level administration Understand User Web Page functionality Configure user features, including Hunt Groups, Call Pickup, and Call Park. Understand the capabilities of and demonstrate the Bulk Administration Tool Understand the SMART Licensing model for Cisco Unified Communications Understand and demonstrate the use of the Unified Reporting tool Understand and demonstrate the use of the Dialed Number Analyzer Communications Manager Administration for Version 12.5 (CMA v12.5) is an instructor-led course presented to system administrators and customers involved with the day-to-day operation of the Cisco Unified Communications Manager product. This course introduces you to the CUCM system, the necessary procedures for administering IP Phones and Users, understanding the Dial Plan and implementing Features. In addition to instructor-led lectures and discussions, you will configure CUCM and Cisco IP Phones in the lab, either in a live classroom or WebEx remote classroom environment. While the Cisco Unified Communications Manager software used in the class is version 12.5.1, the course material applies to versions 8.x, 9.x, 10.x, 11.x, or 12.x. The concepts and the lab tasks are the same for most of the Cisco Unified Communications Manager software versions CUCM System Basics Introduction to IP Telephony Traditional Voice vs. IP Telephony Clustering Overview Intra-Cluster Communications CUCM Redundancy Options Deployment Models Campus (Single Site) Deployment Centralized Call Processing Deployment Distributed Call Processing Deployment Clustering over the IP WAN Call Processing Deployment Hybrid Call Processing Deployment Basics of CUCM Configuration Administrative Interfaces Administration and Serviceability Unified Reporting and the Enterprise License Manager Disaster Recovery System and Unified OS Administration Navigation Bar Command Line Interface Server Redundancy: CM Groups CM Group Configuration Date/Time Group Regions and Codecs Locations Device Pool Configuration Service Parameters Configuration Enterprise Parameters Configuration Supporting Phones and Users Configuring CUCM to Support Phones Cisco Unified IP Phone Model Ranges Specialized Cisco IP 89xx and 99xx phones Cisco Jabber Client Phone Button Templates Softkey Template Cisco IP Phone Registration Device Defaults Phone Configuration Manual Phone Configuration Auto-Registration Self-Provisioning Using the Bulk Administration Tool (BAT) Deploying new phones and users Overview of the Auto-Register Phone Tool Configuring CUCM to Support Users Understanding CUCM Users Manual User Creation User Import with BAT Importing Users with LDAP Sync LDAP Authentication Understanding User Administration Configuring User Administration Working with Access Control Groups Assigning End Users to Access Control Groups User Web Pages Understanding the Dial Plan Dial Plan Overview Introduction to the Dial Plan Understanding Dial Plan Components Route Lists, Route Groups and Devices Call Routing Understanding Digit Analysis Basics of Dial Plan Configuration Basics of the Dial Plan Dial Plan Configuration Translation Patterns Route Plan Report Advanced Dial Plan Configuration Understanding Digit Manipulation External Phone Number Masks Transformation Masks Discard Digits Instructions: PreDot Class of Control Overview of Class of Control Partitions and Calling Search Space Traditional vs. Line/Device Approach Configuring Partitions and CSSs Time of Day Routing PLAR Application Forced Authorization Codes CUCM Features Media Resources Overview of Media Resources Conference Bridge Music on Hold Transcoder Annunciator Overview of Media Resource Management Configuring Media Resources User Features Configuring Call Coverage in Cisco Unified Communications Manager Call Coverage in Cisco Unified Communications Manager Hunt Group Overview Hunt Group Configuration Final Forwarding Shared Lines Call Pickup Directed and Group Call Pickup Call Park Lab Outline Configuring the System to Support Cisco IP Phones Creating and Associating Users Configuring Basic Dial Plan Elements Configuring Complex Dial Plan Elements Implementing Class of Control Configuring Media Resources Configuring Hunt Groups and Call Coverage Configuring Call Pickup and Call Park
Duration 3 Days 18 CPD hours This course is intended for This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager Overview This course provides the skills to create and manage BIG-IP APM system. This course covers three typical deployment scenarios for BIG-IP Access Policy Manager (APM) and is broken into three individual lessons. In lesson one, you learn how to configure BIG-IP APM to provide Active Directory-based authentication for a load-balanced pool of web servers. In lesson two, you learn how to create a policy that provides an SSL VPN (Network Access) resource to users, but only when they log into BIG-IP APM using a corporate-issued PC. Finally, lesson three builds on the first two lessons to create a policy that provides a dynamic landing page with both SSL VPN as well as an OWA (Portal Access) resource, but only to users with special authorization. Setting Up the BIG-IP System Introducing the BIG-IP System Initially Setting Up the BIG-IP System Archiving the BIG-IP Configuration Leveraging F5 Support Resources and Tools Configuring Web Application Access Review of BIG-IP LTM Introduction to the Access Policy Web Access Application Configuration Overview Web Application Access Configuration in Detail Exploring the Access Policy Navigating the Access Policy Managing BIG-IP APM BIG-IP APM Sessions and Access Licenses Session Variables and sessiondump Session Cookies Access Policy General Purpose Agents List Using Authentication Introduction to Access Policy Authentication Active Directory AAA Server RADIUS One-Time Password Local User Database Understanding Assignment Agents List of Assignment Agents Configuring Portal Access Introduction to Portal Access Portal Access Configuration Overview Portal Access Configuration Portal Access in Action Configuring Network Access Concurrent User Licensing VPN Concepts Network Access Configuration Overview Network Access Configuration Network Access in Action Deploying Macros Access Policy Macros Configuring Macros An Access Policy is a Flowchart Access Policy Logon Agents Configuring Logon Agents Exploring Client-Side Checks Client-Side Endpoint Security Exploring Server-Side Checks Server-Side Endpoint Security Agents List Server-Side and Client-Side Checks Differences Using Authorization Active Directory Query Active Directory Nested Groups Configuration in Detail Configuring AppTunnels Application Access Remote Desktop Network Access Optimized Tunnels Landing Page Bookmarks Deploying Access Control Lists Introduction to Access Control Lists Configuration Overview Dynamic ACLs Portal Access ACLs Signing On with SSO Remote Desktop Single Sign-On Portal Access Single Sign-On Using iRules iRules Introduction Basic TCL Syntax iRules and Advanced Access Policy Rules Customizing BIG-IP APM Customization Overview BIG-IP Edge Client Advanced Edit Mode Customization Landing Page Sections Deploying SAML SAML Conceptual Overview SAML Configuration Overview Exploring Webtops and Wizards Webtops Wizards Using BIG-IP Edge Client BIG-IP Edge Client for Windows Installation BIG-IP Edge Client in Action Lesson Configuration Project Additional Training and Certification Getting Started Series Web-Based Training F5 Instructor Led Training Curriculum F5 Professional Certification Program F5 Instructor Led Training Curriculum F5 Professional Certification Program Additional course details: Nexus Humans F5 Configuring BIG-IP APM - Access Policy Manager v13.x training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the F5 Configuring BIG-IP APM - Access Policy Manager v13.x course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.
Duration 5 Days 30 CPD hours Overview By the end of the course, you should be able to meet the following objectives: Describe the architecture and main components of NSX Explain the features and benefits of NSX Deploy the NSX Management cluster and VMware NSX Edge⢠nodes Prepare VMware ESXi⢠hosts to participate in NSX networking Create and configure segments for layer 2 forwarding Create and configure Tier-0 and Tier-1 gateways for logical routing Use distributed and gateway firewall policies to filter east-west and north-south traffic in NSX Configure Advanced Threat Prevention features Configure network services on NSX Edge nodes Use VMware Identity Manager⢠and LDAP to manage users and access Explain the use cases, importance, and architecture of Federation This five-day, fast-paced course provides comprehensive training to install, configure, and manage a VMware NSX© environment. This course covers key features and functionality offered in the NSX 4.0.0.1 and NSX 4.0.1 releases, including the overall infrastructure, logical switching, logical routing, networking and security services, firewalls and advanced threat prevention, and more. Course Introduction Introductions and course logistics Course objectives VMware Virtual Cloud Network and VMware NSX Introduce the VMware Virtual Cloud Network vision Describe the NSX product portfolio Discuss NSX features, use cases, and benefits Explain NSX architecture and components Explain the management, control, data, and consumption planes and their functions. Preparing the NSX Infrastructure Deploy VMware NSX© ManagerTM nodes on ESXi hypervisors Navigate through the NSX UI Explain data plane components such as N-VDS/VDS, transport nodes, transport zones, profiles, and more Perform transport node preparation and configure the data plane infrastructure Verify transport node status and connectivity Explain DPU-based acceleration in NSX Install NSX using DPUs NSX Logical Switching Introduce key components and terminology in logical switching Describe the function and types of L2 segments Explain tunneling and the Geneve encapsulation Configure logical segments and attach hosts using NSX UI Describe the function and types of segment profiles Create segment profiles and apply them to segments and ports Explain the function of MAC, ARP, and TEP tables used in packet forwarding Demonstrate L2 unicast packet flow Explain ARP suppression and BUM traffic handling NSX Logical Routing Describe the logical routing function and use cases Introduce the two-tier routing architecture, topologies, and components Explain the Tier-0 and Tier-1 gateway functions Describe the logical router components: Service Router and Distributed Router Discuss the architecture and function of NSX Edge nodes Discuss deployment options of NSX Edge nodes Configure NSX Edge nodes and create NSX Edge clusters Configure Tier-0 and Tier-1 gateways Examine single-tier and multitier packet flows Configure static routing and dynamic routing, including BGP and OSPF Enable ECMP on a Tier-0 gateway Describe NSX Edge HA, failure detection, and failback modes Configure VRF Lite NSX Bridging Describe the function of logical bridging Discuss the logical bridging use cases Compare routing and bridging solutions Explain the components of logical bridging Create bridge clusters and bridge profiles NSX Firewalls Describe NSX segmentation Identify the steps to enforce Zero-Trust with NSX segmentation Describe the Distributed Firewall architecture, components, and function Configure Distributed Firewall sections and rules Configure the Distributed Firewall on VDS Describe the Gateway Firewall architecture, components, and function Configure Gateway Firewall sections and rules NSX Advanced Threat Prevention Explain NSX IDS/IPS and its use cases Configure NSX IDS/IPS Deploy NSX Application Platform Identify the components and architecture of NSX Malware Prevention Configure NSX Malware Prevention for east-west and north-south traffic Describe the use cases and architecture of VMware NSX© Intelligence? Identify the components and architecture of VMware NSX© Network Detection and Response? Use NSX Network Detection and Response to analyze network traffic events. NSX Services Explain and configure Network Address Translation (NAT) Explain and configure DNS and DHCP services Describe VMware NSX© Advanced Load Balancer? architecture, components, topologies, and use cases. Configure NSX Advanced Load Balancer Discuss the IPSec VPN and L2 VPN function and use cases Configure IPSec VPN and L2 VPN using the NSX UI NSX User and Role Management Describe the function and benefits of VMware Identity Manager? in NSX Integrate VMware Identity Manager with NSX Integrate LDAP with NSX Identify the various types of users, authentication policies, and permissions Use role-based access control to restrict user access Explain object-based access control in NSX NSX Federation Introduce the NSX Federation key concepts, terminology, and use cases. Explain the onboarding process of NSX Federation Describe the NSX Federation switching and routing functions. Describe the NSX Federation security concepts.
Duration 2 Days 12 CPD hours This course is intended for Security architects System designers Network administrators Operations engineers Network managers, network or security technicians, and security engineers and managers responsible for web security Cisco integrators and partners Overview After taking this course, you should be able to: Describe Cisco WSA Deploy proxy services Utilize authentication Describe decryption policies to control HTTPS traffic Understand differentiated traffic access policies and identification profiles Enforce acceptable use control settings Defend against malware Describe data security and data loss prevention Perform administration and troubleshooting The Securing the Web with Cisco Web Security Appliance (SWSA) v3.0 course shows you how to implement, use, and maintain Cisco© Web Security Appliance (WSA), powered by Cisco Talos, to provide advanced protection for business email and control against web security threats. Through a combination of expert instruction and hands-on practice, you?ll learn how to deploy proxy services, use authentication, implement policies to control HTTPS traffic and access, implement use control settings and policies, use the solution?s anti-malware features, implement data security and data loss prevention, perform administration of Cisco WSA solution, and more. Describing Cisco WSA Technology Use Case Cisco WSA Solution Cisco WSA Features Cisco WSA Architecture Proxy Service Integrated Layer 4 Traffic Monitor Data Loss Prevention Cisco Cognitive Intelligence Management Tools Cisco Advanced Web Security Reporting (AWSR) and Third-Party Integration Cisco Content Security Management Appliance (SMA) Deploying Proxy Services Explicit Forward Mode vs. Transparent Mode Transparent Mode Traffic Redirection Web Cache Control Protocol Web Cache Communication Protocol (WCCP) Upstream and Downstream Flow Proxy Bypass Proxy Caching Proxy Auto-Config (PAC) Files FTP Proxy Socket Secure (SOCKS) Proxy Proxy Access Log and HTTP Headers Customizing Error Notifications with End User Notification (EUN) Pages Utilizing Authentication Authentication Protocols Authentication Realms Tracking User Credentials Explicit (Forward) and Transparent Proxy Mode Bypassing Authentication with Problematic Agents Reporting and Authentication Re-Authentication FTP Proxy Authentication Troubleshooting Joining Domains and Test Authentication Integration with Cisco Identity Services Engine (ISE) Creating Decryption Policies to Control HTTPS Traffic Transport Layer Security (TLS)/Secure Sockets Layer (SSL) Inspection Overview Certificate Overview Overview of HTTPS Decryption Policies Activating HTTPS Proxy Function Access Control List (ACL) Tags for HTTPS Inspection Access Log Examples Understanding Differentiated Traffic Access Policies and Identification Profiles Overview of Access Policies Access Policy Groups Overview of Identification Profiles Identification Profiles and Authentication Access Policy and Identification Profiles Processing Order Other Policy Types Access Log Examples ACL Decision Tags and Policy Groups Enforcing Time-Based and Traffic Volume Acceptable Use Policies, and End User Notifications Defending Against Malware Web Reputation Filters Anti-Malware Scanning Scanning Outbound Traffic Anti-Malware and Reputation in Policies File Reputation Filtering and File Analysis Cisco Advanced Malware Protection File Reputation and Analysis Features Integration with Cisco Cognitive Intelligence Enforcing Acceptable Use Control Settings Controlling Web Usage URL Filtering URL Category Solutions Dynamic Content Analysis Engine Web Application Visibility and Control Enforcing Media Bandwidth Limits Software as a Service (SaaS) Access Control Filtering Adult Content Data Security and Data Loss Prevention Data Security Cisco Data Security Solution Data Security Policy Definitions Data Security Logs Performing Administration and Troubleshooting Monitor the Cisco Web Security Appliance Cisco WSA Reports Monitoring System Activity Through Logs System Administration Tasks Troubleshooting Command Line Interface References Comparing Cisco WSA Models Comparing Cisco SMA Models Overview of Connect, Install, and Configure Deploying the Cisco Web Security Appliance Open Virtualization Format (OVF) Template Mapping Cisco Web Security Appliance Virtual Machine (VM) Ports to Correct Networks Connecting to the Cisco Web Security Virtual Appliance Enabling Layer 4 Traffic Monitor (L4TM) Accessing and Running the System Setup Wizard Reconnecting to the Cisco Web Security Appliance High Availability Overview Hardware Redundancy Introducing Common Address Redundancy Protocol (CARP) Configuring Failover Groups for High Availability Feature Comparison Across Traffic Redirection Options Architecture Scenarios When Deploying Cisco AnyConnect© Secure Mobility Additional course details: Nexus Humans SWSA v3.0-Securing the Web with Cisco Web Security Appliance training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the SWSA v3.0-Securing the Web with Cisco Web Security Appliance course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.