49 IPsec courses in Liverpool delivered Live Online

Duration 4 Days 24 CPD hours This course is intended for This course is for Azure Security Engineers who are planning to take the associated certification exam, or who are performing security tasks in their day-to-day job. This course would also be helpful to an engineer that wants to specialize in providing security for Azure-based digital platforms and play an integral role in protecting an organization's data. This course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization?s security posture, and identify and remediate security vulnerabilities. This course includes security for identity and access, platform protection, data and applications, and security operations. Prerequisites AZ-104T00 - Microsoft Azure Administrator Security best practices and industry security requirements such as defense in depth, least privileged access, role-based access control, multi-factor authentication, shared responsibility, and zero trust model. Be familiar with security protocols such as Virtual Private Networks (VPN), Internet Security Protocol (IPSec), Secure Socket Layer (SSL), disk and data encryption methods. Have some experience deploying Azure workloads. This course does not cover the basics of Azure administration, instead the course content builds on that knowledge by adding security specific information. Have experience with Windows and Linux operating systems and scripting languages. Course labs may use PowerShell and the CLI. 1 - Manage identities in Microsoft Entra ID Secure users in Microsoft Entra ID Secure groups in Microsoft Entra ID Recommend when to use external identities Secure external identities Implement Microsoft Entra Identity protection 2 - Manage authentication by using Microsoft Entra ID Configure Microsoft Entra Verified ID Implement multifactor authentication (MFA) Implement passwordless authentication Implement password protection Implement single sign-on (SSO) Integrate single sign-on (SSO) and identity providers Recommend and enforce modern authentication protocols 3 - Manage authorization by using Microsoft Entra ID Configure Azure role permissions for management groups, subscriptions, resource groups, and resources Assign built-in roles in Microsoft Entra ID Assign built-in roles in Azure Create and assign a custom role in Microsoft Entra ID Implement and manage Microsoft Entra Permissions Management Configure Microsoft Entra Privileged Identity Management Configure role management and access reviews by using Microsoft Entra Identity Governance Implement Conditional Access policies 4 - Manage application access in Microsoft Entra ID Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants Manage app registrations in Microsoft Entra ID Configure app registration permission scopes Manage app registration permission consent Manage and use service principals Manage managed identities for Azure resources Recommend when to use and configure a Microsoft Entra Application Proxy, including authentication 5 - Plan and implement security for virtual networks Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs) Plan and implement User-Defined Routes (UDRs) Plan and implement Virtual Network peering or gateway Plan and implement Virtual Wide Area Network, including secured virtual hub Secure VPN connectivity, including point-to-site and site-to-site Implement encryption over ExpressRoute Configure firewall settings on PaaS resources Monitor network security by using Network Watcher, including NSG flow logging 6 - Plan and implement security for private access to Azure resources Plan and implement virtual network Service Endpoints Plan and implement Private Endpoints Plan and implement Private Link services Plan and implement network integration for Azure App Service and Azure Functions Plan and implement network security configurations for an App Service Environment (ASE) Plan and implement network security configurations for an Azure SQL Managed Instance 7 - Plan and implement security for public access to Azure resources Plan and implement Transport Layer Security (TLS) to applications, including Azure App Service and API Management Plan, implement, and manage an Azure Firewall, Azure Firewall Manager and firewall policies Plan and implement an Azure Application Gateway Plan and implement an Azure Front Door, including Content Delivery Network (CDN) Plan and implement a Web Application Firewall (WAF) Recommend when to use Azure DDoS Protection Standard 8 - Plan and implement advanced security for compute Plan and implement remote access to public endpoints, Azure Bastion and just-in-time (JIT) virtual machine (VM) access Configure network isolation for Azure Kubernetes Service (AKS) Secure and monitor AKS Configure authentication for AKS Configure security for Azure Container Instances (ACIs) Configure security for Azure Container Apps (ACAs) Manage access to Azure Container Registry (ACR) Configure disk encryption, Azure Disk Encryption (ADE), encryption as host, and confidential disk encryption Recommend security configurations for Azure API Management 9 - Plan and implement security for storage Configure access control for storage accounts Manage life cycle for storage account access keys Select and configure an appropriate method for access to Azure Files Select and configure an appropriate method for access to Azure Blob Storage Select and configure an appropriate method for access to Azure Tables Select and configure an appropriate method for access to Azure Queues Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage Configure Bring your own key (BYOK) Enable double encryption at the Azure Storage infrastructure level 10 - Plan and implement security for Azure SQL Database and Azure SQL Managed Instance Enable database authentication by using Microsoft Entra ID Enable and monitor database audit Identify use cases for the Microsoft Purview governance portal Implement data classification of sensitive information by using the Microsoft Purview governance portal Plan and implement dynamic mask Implement transparent data encryption? Recommend when to use Azure SQL Database Always Encrypted 11 - Plan, implement, and manage governance for security Create, assign, and interpret security policies and initiatives in Azure Policy Configure security settings by using Azure Blueprint Deploy secure infrastructures by using a landing zone Create and configure an Azure Key Vault Recommend when to use a dedicated Hardware Security Module (HSM) Configure access to Key Vault, including vault access policies and Azure Role Based Access Control Manage certificates, secrets, and keys Configure key rotation Configure backup and recovery of certificates, secrets, and keys 12 - Manage security posture by using Microsoft Defender for Cloud Implement Microsoft Defender for Cloud Identify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and Inventory Assess compliance against security frameworks and Microsoft Defender for Cloud Add industry and regulatory standards to Microsoft Defender for Cloud Add custom initiatives to Microsoft Defender for Cloud Connect hybrid cloud and multicloud environments to Microsoft Defender for Cloud Identify and monitor external assets by using Microsoft Defender External Attack Surface Management 13 - Configure and manage threat protection by using Microsoft Defender for Cloud Enable workload protection services in Microsoft Defender for Cloud, including Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, Resource Manager, and DNS Configure Microsoft Defender for Servers Configure Microsoft Defender for Azure SQL Database Manage and respond to security alerts in Microsoft Defender for Cloud Configure workflow automation by using Microsoft Defender for Cloud Evaluate vulnerability scans from Microsoft Defender for Server 14 - Configure and manage security monitoring and automation solutions Monitor security events by using Azure Monitor Configure data connectors in Microsoft Sentinel Create and customize analytics rules in Microsoft Sentinel Configure automation in Microsoft Sentinel Additional course details: Nexus Humans AZ-500T00 Microsoft Azure Security Technologies training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the AZ-500T00 Microsoft Azure Security Technologies course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 2 Days 12 CPD hours This course is intended for This course is intended for anyone who is responsible for day-to-day management of many FortiGate devices via the FortiManager platform. Overview Describe capabilities of FortiManager Add FortiGate devices to Device Manager and import their running configuration Use provisioning templates and scripts for device-level changes across many devices Identify the synchronization states Manage the revision history of managed devices Offer a local FortiGuard Distribution Server to your Fortinet devices Deploy administrative domains (ADOMs) to support multiple customers on a single FortiManager Manage firewall policies across multiple FortiGate devices using policy packages with shared and dynamic objects Deploy policies and objects from the global ADOM to multiple ADOMs Explain high availability, backup, and recovery options for FortiManager Compare methods for centrally managing IPsec VPNs Explain the restricted ''admin'' profile and API high-level usage Use workspaces and workflow mode Identify steps to replace a managed FortiGate device Manage FortiGate devices' firmware centrally In this 2-day class, you will learn the fundamentals of using FortiManager for centralized network administration of many FortiGate devices. Example use cases include large enterprise and carrier networks. Course Outline Module1 - Introduction and Initial Configuration Module2 - Administration and Management Module3 - Device Registration Module4 - Device Level Configuration and Installation Module5 - Policy and Objects Module6 - Manager Panes Module7 - Diagnostics and Troubleshooting Module8 - Advanced Configuration Additional course details: Nexus Humans FortiManager training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the FortiManager course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for Security administrators Security consultants Network administrators System engineers Technical support personnel Cisco integrators and partners Overview After taking this course, you should be able to: Describe key concepts of NGIPS and NGFW technology and the Cisco Firepower Threat Defense system, and identify deployment scenarios Perform initial Cisco Firepower Threat Defense device configuration and setup tasks Describe how to manage traffic and implement Quality of Service (QoS) using Cisco Firepower Threat Defense Describe how to implement NAT by using Cisco Firepower Threat Defense Perform an initial network discovery, using Cisco Firepower to identify hosts, applications, and services Describe the behavior, usage, and implementation procedure for access control policies Describe the concepts and procedures for implementing security intelligence features This course gives you knowledge and skills to use and configure Cisco© Firepower Threat Defense technology, beginning with initial device setup and configuration and including routing, high availability, Cisco Adaptive Security Appliance (ASA) to Cisco Firepower Threat Defense migration, traffic control, and Network Address Translation (NAT). You will learn how to implement advanced Next-Generation Firewall (NGFW) and Next-Generation Intrusion Prevention System (NGIPS) features, including network intelligence, file type detection, network-based malware detection, and deep packet inspection. You will also learn how to configure site-to-site VPN, remote-access VPN, and Secure Sockets Layer (SSL) decryption before moving on to detailed analysis, system administration, and troubleshooting. Cisco Firepower Threat Defense Overview Examining Firewall and IPS Technology Firepower Threat Defense Features and Components Examining Firepower Platforms Examining Firepower Threat Defense Licensing Cisco Firepower Implementation Use Cases Cisco Firepower NGFW Device Configuration Firepower Threat Defense Device Registration FXOS and Firepower Device Manager Initial Device Setup Managing NGFW Devices Examining Firepower Management Center Policies Examining Objects Examining System Configuration and Health Monitoring Device Management Examining Firepower High Availability Configuring High Availability Cisco ASA to Firepower Migration Migrating from Cisco ASA to Firepower Threat Defense Cisco Firepower NGFW Traffic Control Firepower Threat Defense Packet Processing Implementing QoS Bypassing Traffic Cisco Firepower NGFW Address Translation NAT Basics Implementing NAT NAT Rule Examples Implementing NAT Cisco Firepower Discovery Examining Network Discovery Configuring Network Discovery Implementing Access Control Policies Examining Access Control Policies Examining Access Control Policy Rules and Default Action Implementing Further Inspection Examining Connection Events Access Control Policy Advanced Settings Access Control Policy Considerations Implementing an Access Control Policy Security Intelligence Examining Security Intelligence Examining Security Intelligence Objects Security Intelligence Deployment and Logging Implementing Security Intelligence File Control and Advanced Malware Protection Examining Malware and File Policy Examining Advanced Malware Protection Next-Generation Intrusion Prevention Systems Examining Intrusion Prevention and Snort Rules Examining Variables and Variable Sets Examining Intrusion Policies Site-to-Site VPN Examining IPsec Site-to-Site VPN Configuration Site-to-Site VPN Troubleshooting Implementing Site-to-Site VPN Remote-Access VPN Examining Remote-Access VPN Examining Public-Key Cryptography and Certificates Examining Certificate Enrollment Remote-Access VPN Configuration Implementing Remote-Access VPN SSL Decryption Examining SSL Decryption Configuring SSL Policies SSL Decryption Best Practices and Monitoring Detailed Analysis Techniques Examining Event Analysis Examining Event Types Examining Contextual Data Examining Analysis Tools Threat Analysis System Administration Managing Updates Examining User Account Management Features Configuring User Accounts System Administration Cisco Firepower Troubleshooting Examining Common Misconfigurations Examining Troubleshooting Commands Firepower Troubleshooting

Duration 5 Days 30 CPD hours This course is intended for For those seeing to prepare for CCIE Enterprise Infrastructure certification Overview This course will help prepare for CCIE Enterprise Infrastructure certification The new CCIE Enterprise Infrastructure certification program prepares you for today?s expert-level job roles in enterprise infrastructure technologies. CCIE Enterprise Infrastructure now includes automation and programmability to help you scale your enterprise infrastructure. VTP VTP and different versions Pruning EtherChannel LACP Layer 2 and Layer 3 Spanning Protocol 1d, 802.1w, and 802.1s SPAN, RSPAN, and ERSPAN DMVPN All Phases Redundancy: Two Clouds One Hub Two Hubs one Cloud Two hubs two Clouds Running Routing Protocols DMVPN over MPLS EIGRP RD, CD, S, FC, FS, and FD Configuration, and hidden debugging Authentications: MD5, and SHA, Summarization Load Balancing:Equal Cost, Unequal Cost, Add-Path, Filtering, Default Route Injection Optimization: Query Propagation Boundary, IP FRR, STUB routing (All Options) Metric: Classic, Wide Metric Route Tags: Decimal and Dotted-Decimal Notations, OTP OSPFv2 Overview and special cases GRE or Virtual-Links LSAs, FA, and RFCs (1583, 1587, 2328, 3101, 5185 and many more) Best Path Selection Network Types Area Types Optimization: GTSM, LFA, Default Route Injection Authentication: RFC 2328, RFC 5709, Summarization, Filtering BGP States Establishing a Peer Session: Regular method,Peer-Groups,Templates,Best Path Selection Attributes: Weight, AS-Path, Origin, Next-Hop, Local-Preference, Atomic-Aggregate Communities, Aggregator, and MED Load Balancing: Equal Cost,Unequal Cost,Conditional Advertisement,Out/In Bound Route Filtering and the order,ORF,Multihoming Scenarios AS-Path Manipulation: Regexp,Local-as,Allow-as,Remove-Private-as Convergence and Scalability: Route Reflectors,Confederation,Aggregation (All Options) Other BGP Features: MultiPath,Add-Path,Route-Refresh,Soft Reconfiguration IPv6 Acquiring an IPv6 Address: IPv6 General Prefix SLAAC DHCPv6 Rapid-Commit Relay Prefix Delegation IPv6 and DMVPN EIGRPv6 OSPFv3: Both flavors, LSAs, RFCs BGP for IPv6: IPv6 transport, and IPv4 route exchange Transitional Solutions: NAT-PT,6VPE,Multicast,MLD,Static RP,BSR,Embedded RP,IPv6 Traffic Filters,RA Guard,ND Inspection MPLS LDP, VRFs, RD, and RT L3VPNs Route Leaking PE to CE Routing Security Control Plane Policing VACLs Storm Control DHCP Snooping IP Source Guard DAI Private VLANs Port Security Access-lists uRPF Device Tracking IPsec Identity Use Case For FlexVPN: Site-to-Site, IKEv1, and IKEv2 Using Preshared Keys 1x Port Base Authentication : Device Roles,Port States,Authentication Process,Host Modes Network Services FHRP: HSRP, VRRP, and GLBP NAT: Static NAT, and PAT,Dynamic NAT,Policy-Base NAT,VRF-Aware NAT,VASI NAT Software Defined Infrastructure Cisco SD Access: Design a Cisco SD Access solution Underlay network (IS-IS, manual/PnP) Overlay fabric design (LISP, VXLAN, Cisco TrustSec) Fabric domains (single-site and multi-site using SD-WAN transit) Cisco SD Access deployment: Cisco DNA Center device discovery and device management Add fabric node devices to an existing fabric Host onboarding (wired endpoints only) Fabric border handoff Segmentation Macro-level segmentation using VNs Micro-level segmentation using SGTs (using Cisco ISE) Assurance Network and client health (360) Monitoring and troubleshooting Cisco SD-WAN: Design a Cisco SD-WAN solution Orchestration plane (vBond, NAT) Management Plane (vManage) Control Plane (vSmart, OMP) Data Plane (vEdge/cEdge) WAN edge deployment Onboarding new edge routers Orchestration with zero-touch provisioning/PnP OMP TLOC Configuration templates Localized policies (only QoS) Centralized policies Application aware Routing Topologies

Duration 5 Days 30 CPD hours Overview SDWAN Review Advanced Template Design and Troubleshooting Advanced Security Policies on vEdge and IOS-XE Platforms Advanced Local Policies on vEdge and IOS-XE Platforms Advanced Central Policies on vEdge and IOS-XE Platforms Advanced Troubleshooting of Policies on vEdge and IOS-XE Platforms In this Advanced Lab focused SDWAN Course, Students willExplore and Troubleshoot the initials environmentLearn Advanced Techniques to Deploy Templates with the theme of reusabilityDeploy and Troubleshoot Transport BridgingDeploy and Troubleshoot Routing including OSPF, BGP, EIGRPDeploy and Troubleshoot Multicast RoutingDesign, Configure, and Troubleshoot Advanced Security PoliciesDesign, Configure, and Troubleshoot Local PoliciesDesign, Configure, and Troubleshoot Application Aware RoutingDesign, Configure, and Troubleshoot Quality of ServiceDesign, Configure, and Troubleshoot Central Policies Including Hub Spoke, Full Mesh and Custom TopologiesDesign, Configure, and Troubleshoot Central Policies Including Service ChainingDesign, Configure, and Troubleshoot Central Policies Including Traffic Rules & CFLOW Cisco SD-WAN Overview Dashboard SD-WAN Architecture SD-WAN WAN Edges SD-WAN Controllers SD-WAN Fabric SD-WAN Advanced Settings Advanced Controller Settings Overlay and vEdge Recommended Settings Forward Error Correction (FEC) Packet Duplication System IP Design LTE Operation SD-WAN High Availability Controller High Availability Controller Scalability Active vManage, Backup Inactive vManage Clustering vManages Disaster Recovery SD-WAN Templates Template Overview Future Templates Device template using Future Templates Device template using CLI Templates Designing templates for Reusability Attaching Devices to Templates Bridging Transparent Bridging Bridging Template Configuration cEdge Bridging Template Configuration vEdge Bridging Template Configuration Monitoring Bridging Routing Protocols Static Routes Dynamic Routing Protocols Multicast Multicast Terms Requirements vEdge Multicast Support cEdge Multicast Support Multicast RPs Multicast Replicators PIM IGMP Network Optimization Optimization Overview TCP Optimization vEdge Optimization Requirements vEdge Optimization Implementation cEdge (IOS-XE) Optimization Requirements cEdge (IOS-XE) Optimization Implementation AppNAV Per Tunnel QoS Direct Internet Access (DIA) Overview SD-WAN Direct Internet Access (DIA) SD-WAN DIA Requirements SD-WAN Direct Internet Access Use Cases SD-WAN Direct Internet Access Design Components SD-WAN Direct Internet Access Design Considerations SD-WAN Direct Internet Access Failover Scenarios Cisco SD-WAN Direct Internet Access Monitoring Unified Communications Voice Integration in SD-WAN Voice Feature Templates Voice Policies IOS-XE UC Device Template SD-WAN Security Policy Authentication/Encryption/Integrity Firewall IPS (Snort) URL Filtering Web Layer Security Pairwise IPsec Keys SD-WAN Local Policy Policy Configuration Overview Policy Framework-Localized Policies Local Control Policy Local Control (Route) Policy Localized Control Policy Configuration Local Data Policy Configure Localized Data Policy for IPv4 SD-WAN Central Policy Policy Creation and Management Guidelines Centralized Data Policies Application Aware Routing Service Chaining Traffic Flow Monitoring with Cflowd Policy Construction Platform Support and Scalability SDWAN Migration Sequence of Migration Migration Planning DC/Hub Site Migration Branch/Spoke Site Migration Additional course details: Nexus Humans ADV-SDWAN-CT - Advanced Cisco SD-WAN Routing, Templates, Policy Configure, and Tshoot training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the ADV-SDWAN-CT - Advanced Cisco SD-WAN Routing, Templates, Policy Configure, and Tshoot course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 3 Days 18 CPD hours This course is intended for This course benefits individuals responsible for configuring and monitoring devices running the Junos OS. Overview Describe the value of MPLS VPNs. Describe the differences between provider-provisioned VPNs and customer-provisioned VPNs. Describe the differences between Layer 2 VPNs and Layer 3 VPNs. List the provider-provisioned MPLS VPN features supported by the JUNOS software. Describe the roles of a CE device, PE router, and P router in a BGP Layer 3 VPN. Describe the format of the BGP routing information, including VPN-IPv4 addresses and route distinguishers. Describe the propagation of VPN routing information within an AS. List the BGP design constraints to enable Layer 3 VPNs within a provider network. Explain the operation of the Layer 3 VPN data plane within a provider network. Create a routing instance, assign interfaces to a routing instance, create routes in a routing instance, and import/export routes from a routing instance using route distinguishers/route targets. Describe the purpose of BGP extended communities, configure extended BGP extended communities, and use BGP extended communities. List the steps necessary for proper operation of a PE-CE dynamic routing protocol. List the troubleshooting and monitoring techniques for routing instances. Explain the difference between the bgp.l3vpn table and the inet.0 table of a routing instance. Monitor the operation of a CE-PE dynamic routing protocol. Explain the operation of a PE mulit-access interface in a Layer 3 VPN and list commands to modify that behavior. Describe ways to support communication between sites attached to a common PE router. Provision and troubleshoot hub-and-spoke Layer 3 VPNs, Describe the flow of control traffic and data traffic in a hub-and-spoke Layer 3 VPN. Describe QoS mechanisms available in L3VPNs. Configure L3VPN over GRE tunnels. Describe the RFC 4364 VPN options. Describe the carrier-of-carriers model. Configure the carrier-of-carriers and ''Option C'' configuration. Describe the flow of control and data traffic in a draft-rosen multicast VPN. Describe the configuration steps for establishing a draft-rosen multicast VPN. Monitor and verify the operation of draft-rosen multicast VPNs. Describe the flow of control traffic and data traffic in a next-generation multicast VPN. Describe the configuration steps for establishing a next-generation multicast VPN. Describe the configuration steps for establishing a next-generation multicast VPN. Monitor and verify the operation of next-generation multicast VPNs. This three-day course is designed to provide students with MPLS-based Layer 3 virtual private network (VPN) knowledge and configuration examples. Chapter 1: Course Introduction Course Introduction Chapter 2: MPLS VPNs MPLS VPNs Provider-Provisioned VPNs Chapter 3: Layer 3 VPNs Layer 3 VPN Terminology VPN-IPv4 Address Structure Operational Characteristics Chapter 4: Basic Layer 3 VPN Configuration Preliminary Steps PE Router Configuration Lab: Layer 3 VPN with Static and BGP Routing Chapter 5: Layer 3 VPN Scaling and Internet Access Scaling Layer 3 VPNs Public Internet Access Options Lab: LDP over RSVP Tunnels and Public Internet Access Chapter 6: Layer 3 VPNs ? Advanced Topics Exchanging Routes between Routing Instances Hub-and-Spoke Topologies Layer 3 VPN CoS Options Layer 3 VPN and GRE Tunneling Integration Layer 3 VPN and IPSec Integration Layer 3 VPN Egress Protection BGP prefix-independent convergence (PIC) edge for MPLS VPNs VRF Localization Provider Edge Link Protection Support for configuring more than 3 million L3VPN Labels Lab: GRE Tunneling Chapter 7: Interprovider Backbones for Layer 3 VPNs Hierarchical VPN Models Carrier-of-Carriers Model Option C Configuration Lab: Carrier of Carrier Layer 3 VPNs Chapter 8: Troubleshooting Layer 3 VPNs Working with Multiple Layers Troubleshooting Commands on a PE Device Multiaccess Interfaces in Layer 3 VPNs PE and CE-based Traceroutes Layer 3 VPN Monitoring Commands Lab: Troubleshooting Layer 3 VPNs Chapter 9: Draft Rosen Multicast VPNs Multicast Overview Draft Rosen MVPN Overvie Draft Rosen MVPN Operation Configuration Monitoring Chapter 10: Next Generation Multicast VPNs Multicast VPN Overview Next-Generation MVPN Operation Configuration Monitoring Internet Multicast Ingress Replication Internet Multicast Signaling and Data Plane Configuring MVPN Internet Multicast Monitoring MVPN Internet Multicast Lab: MVPN Internet Multicast

Duration 5 Days 30 CPD hours This course is intended for Network and security architects and consultants who design the enterprise and data center networks and NSX environments Overview By the end of the course, you should be able to meet the following objectives: Describe and apply a design framework Apply a design process for gathering requirements, constraints, assumptions, and risks Design a VMware vSphere virtual data center to support NSX requirements Create a VMware NSX Manager™ cluster design Create a VMware NSX Edge™ cluster design to support traffic and service requirements in NSX Design logical switching and routing Recognize NSX security best practices Design logical network services Design a physical network to support network virtualization in a software-defined data center Create a design to support the NSX infrastructure across multiple sites Describe the factors that drive performance in NSX This five-day course provides comprehensive training on considerations and practices to design a VMware NSX© environment as part of a software-defined data center strategy. This course prepares the student with the skills to lead the design of an NSX environment, including design principles, processes, and frameworks. The student gains a deeper understanding of the NSX architecture and how it can be used to create solutions to address the customer?s business needs. Course Introduction Introduction and course logistics Course objectives NSX Design Concepts Identify design terms Describe framework and project methodology Describe the role of VMware Cloud Foundation? in NSX design Identify customers? requirements, assumptions, constraints, and risks Explain the conceptual design Explain the logical design Explain the physical design NSX Architecture and Components Recognize the main elements in the NSX architecture Describe the NSX management cluster and the management plane Identify the functions and components of management, control, and data planes Describe the NSX Manager sizing options Recognize the justification and implication of NSX Manager cluster design decisions Identify the NSX management cluster design options NSX Edge Design Explain the leading practices for edge design Describe the NSX Edge VM reference designs Describe the bare-metal NSX Edge reference designs Explain the leading practices for edge cluster design Explain the effect of stateful services placement Explain the growth patterns for edge clusters Identify design considerations when using L2 bridging services NSX Logical Switching Design Describe concepts and terminology in logical switching Identify segment and transport zone design considerations Identify virtual switch design considerations Identify uplink profile and transport node profile design considerations Identify Geneve tunneling design considerations Identify BUM replication mode design considerations NSX Logical Routing Design Explain the function and features of logical routing Describe the NSX single-tier and multitier routing architectures Identify guidelines when selecting a routing topology Describe the BGP and OSPF routing protocol configuration options Explain gateway high availability modes of operation and failure detection mechanisms Identify how multitier architectures provide control over stateful service location Identify EVPN requirements and design considerations Identify VRF Lite requirements and considerations Identify the typical NSX scalable architectures NSX Security Design Identify different security features available in NSX Describe the advantages of an NSX Distributed Firewall Describe the use of NSX Gateway Firewall as a perimeter firewall and as an intertenant firewall Determine a security policy methodology Recognize the NSX security best practices NSX Network Services Identify the stateful services available in different edge cluster high availability modes Describe failover detection mechanisms Compare NSX NAT solutions Explain how to select DHCP and DNS services Compare policy-based and route-based IPSec VPN Describe an L2 VPN topology that can be used to interconnect data centers Explain the design considerations for integrating VMware NSX© Advanced Load Balancer? with NSX Physical Infrastructure Design Identify the components of a switch fabric design Assess Layer 2 and Layer 3 switch fabric design implications Review guidelines when designing top-of-rack switches Review options for connecting transport hosts to the switch fabric Describe typical designs for VMware ESXi? compute hypervisors with two pNICs Describe typical designs for ESXi compute hypervisors with four or more pNICs Differentiate dedicated and collapsed cluster approaches to SDDC design NSX Multilocation Design Explain scale considerations in an NSX multisite design Describe the main components of the NSX Federation architecture Describe the stretched networking capability in Federation Describe stretched security use cases in Federation Compare the Federation disaster recovery designs NSX Optimization and DPU-Based Acceleration Describe Geneve Offload Describe the benefits of Receive Side Scaling and Geneve Rx Filters Explain the benefits of SSL Offload Describe the effect of Multi-TEP, MTU size, and NIC speed on throughput Explain the available enhanced datapath modes and use cases List the key performance factors for compute nodes and NSX Edge nodes Describe DPU-Based Acceleration Define the NSX features supported by DPUs Describe the hardware and networking configurations supported with DPUs

Duration 5 Days 30 CPD hours This course is intended for Network and security architects and consultants who design the enterprise and data center networks and VMware NSX environments Overview By the end of the course, you should be able to meet the following objectives: Describe and apply a design framework Apply a design process for gathering requirements, constraints, assumptions, and risks Design a VMware vSphere virtual data center to support NSX-T Data Center requirements Create a VMware NSX Manager™ cluster design Create a VMware NSX Edge™ cluster design to support traffic and service requirements in NSX-T Data Center Design logical switching and routing Recognize NSX-T Data Center security best practices Design logical network services Design a physical network to support network virtualization in a software-defined data center Create a design to support the NSX-T Data Center infrastructure across multiple sites Describe the factors that drive performance in NSX-T Data Center This five-day course provides comprehensive training on considerations and practices to design a VMware NSX-T? Data Center environment as part of a software-defined data center strategy. This course prepares the student with the skills to lead the design of NSX-T Data Center offered in release 3.2, including design principles, processes, and frameworks. The student gains a deeper understanding of the NSX-T Data Center architecture and how it can be used to create solutions to address the customer?s business needs. Course Introduction Introduction and course logistics Course objectives Design Concepts Identify design terms Describe framework and project methodology Describe VMware Validated Design? Identify customers? requirements, assumptions, constraints, and risks Explain the conceptual design Explain the logical design Explain the physical design NSX Architecture and Components Recognize the main elements in the NSX-T Data Center architecture Describe the NSX management cluster and the management plane Identify the functions and components of management, control, and data planes Describe the NSX Manager sizing options Recognize the justification and implication of NSX manager cluster design decisions Identify the NSX management cluster design options NSX Edge Design Explain the leading practices for edge design Describe the NSX Edge VM reference designs Describe the bare-metal NSX Edge reference designs Explain the leading practices for edge cluster design Explain the effect of stateful services placement Explain the growth patterns for edge clusters Identify design considerations when using L2 bridging services NSX Logical Switching Design Describe concepts and terminology in logical switching Identify segment and transport zone design considerations Identify virtual switch design considerations Identify uplink profile, VMware vSphere© Network I/O Control profile, and transport node profile design considerations Identify Geneve tunneling design considerations Identify BUM replication mode design considerations NSX Logical Routing Design Explain the function and features of logical routing Describe NSX-T Data Center single-tier and multitier routing architectures Identify guidelines when selecting a routing topology Describe the BGP and OSPF routing protocol configuration options Explain gateway high availability modes of operation and failure detection mechanisms Identify how multitier architectures provide control over stateful service location Identify VRF Lite requirements and considerations Identify the typical NSX scalable architectures NSX Security Design Identify different security features available in NSX-T Data Center Describe the advantages of an NSX Distributed Firewall Describe the use of NSX Gateway Firewall as a perimeter firewall and as an intertenant firewall Determine a security policy methodology Recognize the NSX-T Data Center security best practices NSX Network Services Identify the stateful services available in different edge cluster high availability modes Describe failover detection mechanisms Explain the design considerations for integrating VMware NSX© Advanced Load Balancer? with NSX-T Data Center Describe stateful and stateless NSX-T Data Center NAT Identify benefits of NSX-T Data Center DHCP Identify benefits of metadata proxy Describe IPSec VPN and L2 VPN Physical Infrastructure Design Identify the components of a switch fabric design Assess Layer 2 and Layer 3 switch fabric design implications Review guidelines when designing top-of-rack switches Review options for connecting transport hosts to the switch fabric Describe typical designs for VMware ESXi? compute hypervisors with two pNICs Describe typical designs for ESXi compute hypervisors with four or more pNICs Describe a typical design for a KVM compute hypervisor with two pNICs Differentiate dedicated and collapsed cluster approaches to SDDC design NSX Multilocation Design Explain scale considerations in an NSX-T Data Center multisite design Describe the main components of the NSX Federation architecture Describe the stretched networking capability in Federation Describe stretched security use cases in Federation Compare Federation disaster recovery designs NSX Optimization Describe Geneve Offload Describe the benefits of Receive Side Scaling and Geneve Rx Filters Explain the benefits of SSL Offload Describe the effect of Multi-TEP, MTU size, and NIC speed on throughput Explain the available N-VDS enhanced datapath modes and use cases List the key performance factors for compute nodes and NSX Edge nodes

Duration 5 Days 30 CPD hours Overview Upon completing this course, you will be able to meet the following objectives: SD-WAN Overview Cloud Concepts Cloud Technologies SD-WAN Direct Cloud Access (DCA) SD-WAN SaaS Cloud On-RAMP for IAAS (AWS) Cloud On-RAMP for IAAS (AZURE) Cloud Configuration for GCP Cloud On-RAMP for MULTI-CLOUD Cloud On-RAMP for CO-LOCATIONS This is a 5 day hands-on course on Cisco SD-WAN Cloud Configuration, Monitoring and Troubleshooting. This course provides the student with the knowledge to connect SD-WAN to SaaS Applications, as well as the ability to connect their Branches to AWS, AZURE, GCP Data Centers in the Cloud. Students will also learn how to Configure, Monitor, and Troubleshoot SD-WAN Co-Locations and SD-WAN Multicloud. SD-WAN Overview SD-WAN Controller SD-WAN WAN Edges supported in Cloud Instances Cloud Concepts Cloud Ops vs WAN Ops Cloud Connectivity Cloud Access Control Cloud Network Connectivity Cloud Regions Cloud Availability Zones Virtual Networks Cloud Routing Internet Gateways VS VPN Gateways VPC/VNET: IP Addressing Cloud Network Load Balancing Cloud Peering Cloud Transit Networks Cloud Technologies Azure Azure Basics Resource Groups vNets Availability zones Availability Set Workload and Public IP Network Virtual Appliance Load Balancer User Defined Routes Network Security Group VPN Gateway Express Routes Creating VNET for SDWAN AWS AWS Basics Region VPCs Availability zones Subnets EC2 Instance Elastic IPs Security Groups Internet Gateway NAT Gateway Route Table VPN Gateway Direct Connect Elastic Load Balancer Subscribe to Amazon machine images Setting AWS resource limits AWS Transit Gateways Creating VPC for SDWAN AWS IAM Role AWS Security Groups Service limits AWS SSH key pair Google Cloud GCP Basics Project Region Virtual Private Cloud Availability Zone Subnets Compute Engine Cloud Load Balancer Cloud DNS VPC Routing Cloud VPN & VPC peering VPC Firewall Rules SD-WAN Direct Cloud Access (DCA) DCA Prerequisites DNS on VPN 0 DIA Central Policy Configuration Match Traffic Set QOS Set External Access SD-WAN SaaS Supported Platforms and Versions SaaS Prerequisites DNS on VPN 0 DIA SaaS Access Methods Cloud Access through Direct Internet Access Links Cloud Access through a Gateway Site Hybrid Approach Supported SaaS Applications SaaS Security Options SaaS Configuration Common Scenarios for Using Cloud onRamp for SaaS Specify Office 365 Traffic Category Enable Cloud onRamp for SaaS, Cisco IOS XE SD-WAN Devices Configure Applications for Cloud onRamp for SaaS Using Cisco vManage Configure Sites for Cloud onRamp for SaaS Using Cisco vManage View Details of Monitored Applications Cloud On-RAMP for IAAS (AWS) Prerequisite AWS Configuration Verify prerequisites Configure AWS for Cisco SD-WAN Cloud On-RAMP for AWS Overview Define WAN Edge Type used Define Template Attach Devices to Template Deploy Cloud Onramp AWS IAM Role Select Region Select CPU and Memory Transit Networking IP Addresses Discover and Map Host VPCs AWS to SD-WAN Security Monitor Cisco Cloud Onramp for AWS Troubleshoot Cisco Cloud Onramp for AWS Interconnecting Cisco SD-WAN with AWS Transit Gateway (TGW) Cloud On-RAMP for IAAS (AZURE) Prerequisite AZURE Configuration Cloud On-RAMP for AZURE Configure AWS for Cisco SD-WAN Define WAN Edge Type used Define Template Attach Devices to Template Deploy Cloud Onramp Select Region Discover and Map Host VPCs Monitor Cisco Cloud Onramp for Azure Troubleshoot Cisco Cloud Onramp for AZURE Azure Virtual Wan (VWAN) Integration Cloud Configuration for GCP Prerequisite GCP Configuration SD-WAN Configuration Configure Google Cloud for SD-WAN Google Cloud GCP Basics Deploy cEdge Catalyst 8000V Edges Setup IPSEC Connections Setup BGP Connections Cloud On-RAMP for MULTI-CLOUD AWS Transit Gateway Microsoft vWAN Create Cisco Cloud GW Discover host VPCs/VNets Map Branch nets to VPCs Cloud On-RAMP for CO-LOCATIONS SD-WAN CO-LOCATIONS Overview Colocation facilities Cisco Colocation Equipment Cisco Cloud Services Platform 5444 Cisco Network Function Virtualization Infrastructure Software (NFVIS) Virtual Network Functions Network Fabric Cisco Catalyst 9500-48Y4C switch Cisco Catalyst 9500-40X switch Device Configuration and Connectivity Sizing the Colocation Solution Devices Cisco Colocation Manager Deploy Network Services at the Network Edge Colocation Solution?Deployment Workflow Monitor Cisco SD-WAN Colocation Devices Cisco Colocation Manager States for Switch Configuration Cisco Colocation Manager States and Transitions from Host Cisco Colocation Manager Notifications VM Alarms Cloud Services Platform Real-Time Commands Colocation High Availability Troubleshoot Cisco SD-WAN Cloud onRamp for Colocation Solution Troubleshoot Catalyst 9500 Issues Troubleshoot Cloud Services Platform Issues DHCP IP Address Assignment Troubleshoot Cisco Colo Manager Issues Troubleshoot Service Chain Issues Troubleshoot Physical Network Function Management Issues Log Collection from CSP Troubleshoot vManage Issues Additional course details: Nexus Humans Cisco SD-WAN Cloud (SDWAN-CLD-CT) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Cisco SD-WAN Cloud (SDWAN-CLD-CT) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.