CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022)
CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) provides detailed explanations to help you understand key concepts.
Andrew Taylor
Contributor
5.0
55
about 2 months ago
Preview (31 of 1222)
Sign in to access the full document!
CCNP Security Cisco Secure
Firewall and Intrusion
Prevention System
Official Cert Guide
Nazmul Rajib
Cisco Press
Firewall and Intrusion
Prevention System
Official Cert Guide
Nazmul Rajib
Cisco Press
CCNP Security Cisco Secure Firewall and
Intrusion Prevention System Official Cert Guide
Nazmul Rajib
Copyright© 2022 Cisco Systems, Inc.
Published by:
Cisco Press
All rights reserved. No part of this book may be reproduced or
transmitted in any form or by any means, electronic or mechanical,
including photocopying, recording, or by any information storage and
retrieval system, without written permission from the publisher,
except for the inclusion of brief quotations in a review.
ScoutAutomatedPrintCode
Library of Congress Control Number: 2022933632
ISBN-13: 978-0-13-658970-9
ISBN-10: 0-13-658970-7
Warning and Disclaimer
This book is designed to provide information about the CCNP
Security exam concentrating on Cisco Secure Firewall and Intrusion
Prevention System (IPS). Every effort has been made to make this
book as complete and as accurate as possible, but no warranty or
fitness is implied.
The information is provided on an “as is” basis. The author, Cisco
Press, and Cisco Systems, Inc. shall have neither liability nor
responsibility to any person or entity with respect to any loss or
damages arising from the information contained in this book or from
the use of the discs or programs that may accompany it.
Intrusion Prevention System Official Cert Guide
Nazmul Rajib
Copyright© 2022 Cisco Systems, Inc.
Published by:
Cisco Press
All rights reserved. No part of this book may be reproduced or
transmitted in any form or by any means, electronic or mechanical,
including photocopying, recording, or by any information storage and
retrieval system, without written permission from the publisher,
except for the inclusion of brief quotations in a review.
ScoutAutomatedPrintCode
Library of Congress Control Number: 2022933632
ISBN-13: 978-0-13-658970-9
ISBN-10: 0-13-658970-7
Warning and Disclaimer
This book is designed to provide information about the CCNP
Security exam concentrating on Cisco Secure Firewall and Intrusion
Prevention System (IPS). Every effort has been made to make this
book as complete and as accurate as possible, but no warranty or
fitness is implied.
The information is provided on an “as is” basis. The author, Cisco
Press, and Cisco Systems, Inc. shall have neither liability nor
responsibility to any person or entity with respect to any loss or
damages arising from the information contained in this book or from
the use of the discs or programs that may accompany it.
Loading page 4...
The opinions expressed in this book belong to the author and are not
necessarily those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or
service marks have been appropriately capitalized. Cisco Press or
Cisco Systems, Inc., cannot attest to the accuracy of this
information. Use of a term in this book should not be regarded as
affecting the validity of any trademark or service mark.
Microsoft and/or its respective suppliers make no representations
about the suitability of the information contained in the documents
and related graphics published as part of the services for any
purpose. All such documents and related graphics are provided “as
is” without warranty of any kind. Microsoft and/or its respective
suppliers hereby disclaim all warranties and conditions with regard to
this information, including all warranties and conditions of
merchantability, whether express, implied or statutory, fitness for a
particular purpose, title and non-infringement. In no event shall
Microsoft and/or its respective suppliers be liable for any special,
indirect or consequential damages or any damages whatsoever
resulting from loss of use, data or profits, whether in an action of
contract, negligence or other tortious action, arising out of or in
connection with the use or performance of information available from
the services.
The documents and related graphics contained herein could include
technical inaccuracies or typographical errors. Changes are
periodically added to the information herein. Microsoft and/or its
respective suppliers may make improvements and/or changes in the
product(s) and/or the program(s) described herein at any time.
Partial screenshots may be viewed in full within the software version
specified.
Microsoft® and Windows® are registered trademarks of the Microsoft
Corporation in the U.S.A. and other countries. Screenshots and
icons reprinted with permission from the Microsoft Corporation. This
necessarily those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or
service marks have been appropriately capitalized. Cisco Press or
Cisco Systems, Inc., cannot attest to the accuracy of this
information. Use of a term in this book should not be regarded as
affecting the validity of any trademark or service mark.
Microsoft and/or its respective suppliers make no representations
about the suitability of the information contained in the documents
and related graphics published as part of the services for any
purpose. All such documents and related graphics are provided “as
is” without warranty of any kind. Microsoft and/or its respective
suppliers hereby disclaim all warranties and conditions with regard to
this information, including all warranties and conditions of
merchantability, whether express, implied or statutory, fitness for a
particular purpose, title and non-infringement. In no event shall
Microsoft and/or its respective suppliers be liable for any special,
indirect or consequential damages or any damages whatsoever
resulting from loss of use, data or profits, whether in an action of
contract, negligence or other tortious action, arising out of or in
connection with the use or performance of information available from
the services.
The documents and related graphics contained herein could include
technical inaccuracies or typographical errors. Changes are
periodically added to the information herein. Microsoft and/or its
respective suppliers may make improvements and/or changes in the
product(s) and/or the program(s) described herein at any time.
Partial screenshots may be viewed in full within the software version
specified.
Microsoft® and Windows® are registered trademarks of the Microsoft
Corporation in the U.S.A. and other countries. Screenshots and
icons reprinted with permission from the Microsoft Corporation. This
Loading page 5...
book is not sponsored or endorsed by or affiliated with the Microsoft
Corporation.
Special Sales
For information about buying this title in bulk quantities, or for special
sales opportunities (which may include electronic versions; custom
cover designs; and content particular to your business, training
goals, marketing focus, or branding interests), please contact our
corporate sales department at corpsales@pearsoned.com or (800)
382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
intlcs@pearson.com.
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the
highest quality and value. Each book is crafted with care and
precision, undergoing rigorous development that involves the unique
expertise of members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you
have any comments regarding how we could improve the quality of
this book, or otherwise alter it to better suit your needs, you can
contact us through email at feedback@ciscopress.com. Please
make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Editor-in-Chief: Mark Taub
Alliances Manager, Cisco Press: Arezou Gol
Director, ITP Product Management: Brett Bartow
Executive Editor: James Manly
Corporation.
Special Sales
For information about buying this title in bulk quantities, or for special
sales opportunities (which may include electronic versions; custom
cover designs; and content particular to your business, training
goals, marketing focus, or branding interests), please contact our
corporate sales department at corpsales@pearsoned.com or (800)
382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
intlcs@pearson.com.
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the
highest quality and value. Each book is crafted with care and
precision, undergoing rigorous development that involves the unique
expertise of members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you
have any comments regarding how we could improve the quality of
this book, or otherwise alter it to better suit your needs, you can
contact us through email at feedback@ciscopress.com. Please
make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Editor-in-Chief: Mark Taub
Alliances Manager, Cisco Press: Arezou Gol
Director, ITP Product Management: Brett Bartow
Executive Editor: James Manly
Loading page 6...
Managing Editor: Sandra Schroeder
Development Editor: Ellie Bru
Senior Project Editor: Tonya Simpson
Copy Editor: Chuck Hutchinson
Technical Editors: Ed Mendez, John Wise
Editorial Assistant: Cindy Teeters
Cover Designer: Chuti Prasertsith
Composition: codeMantra
Indexer: Timothy Wright
Proofreader: Donna Mulder
Americas Headquarters
Cisco Systems, Inc.
San Jose, CA
Asia Pacific Headquarters
Cisco Systems (USA) Pte. Ltd.
Singapore
Europe Headquarters
Cisco Systems International BV
Amsterdam, The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone
numbers, and fax numbers are listed on the Cisco Website at
www.cisco.com/go/offices.
CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo,
Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco
Development Editor: Ellie Bru
Senior Project Editor: Tonya Simpson
Copy Editor: Chuck Hutchinson
Technical Editors: Ed Mendez, John Wise
Editorial Assistant: Cindy Teeters
Cover Designer: Chuti Prasertsith
Composition: codeMantra
Indexer: Timothy Wright
Proofreader: Donna Mulder
Americas Headquarters
Cisco Systems, Inc.
San Jose, CA
Asia Pacific Headquarters
Cisco Systems (USA) Pte. Ltd.
Singapore
Europe Headquarters
Cisco Systems International BV
Amsterdam, The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone
numbers, and fax numbers are listed on the Cisco Website at
www.cisco.com/go/offices.
CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo,
Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco
Loading page 7...
TelePresence, Cisco WebEx, DCE, and Welcome to the Human
Network are trademarks; Changing the Way We Work, Live, Play,
and Learn and Cisco Store are service marks; and Access Registrar,
Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA,
CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisca, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco
Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco
Unity, Collaboration Without Limitation, EtherFast, EtherSwitch,
Event Center, Fast Step, Follow Me Browsing, FormShare,
GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study,
IronPort, the IronPort logo, LightStream, Linksys, MediaTone,
MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers,
Networking Academy, Network Registrar, PCNow, PIX,
PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet,
Spectrum Expert, StackWise. The Fastest Way to Increase Your
Internet Quotient, TransPath, WebEx, and the WebEx logo are
registered trademarks of Cisco Systems, Inc. and/or its affiliates in
the United States and certain other countries.
All other trademarks mentioned In this document or website are the
property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any
other company. (0812R)
Network are trademarks; Changing the Way We Work, Live, Play,
and Learn and Cisco Store are service marks; and Access Registrar,
Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA,
CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisca, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco
Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco
Unity, Collaboration Without Limitation, EtherFast, EtherSwitch,
Event Center, Fast Step, Follow Me Browsing, FormShare,
GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study,
IronPort, the IronPort logo, LightStream, Linksys, MediaTone,
MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers,
Networking Academy, Network Registrar, PCNow, PIX,
PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet,
Spectrum Expert, StackWise. The Fastest Way to Increase Your
Internet Quotient, TransPath, WebEx, and the WebEx logo are
registered trademarks of Cisco Systems, Inc. and/or its affiliates in
the United States and certain other countries.
All other trademarks mentioned In this document or website are the
property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any
other company. (0812R)
Loading page 8...
Pearson’s Commitment to Diversity,
Equity, and Inclusion
Pearson is dedicated to creating bias-free content that reflects the
diversity of all learners. We embrace the many dimensions of
diversity, including but not limited to race, ethnicity, gender,
socioeconomic status, ability, age, sexual orientation, and religious
or political beliefs.
Education is a powerful force for equity and change in our world. It
has the potential to deliver opportunities that improve lives and
enable economic mobility. As we work with authors to create content
for every product and service, we acknowledge our responsibility to
demonstrate inclusivity and incorporate diverse scholarship so that
everyone can achieve their potential through learning. As the world’s
leading learning company, we have a duty to help drive change and
live up to our purpose to help more people create a better life for
themselves and to create a better world.
Our ambition is to purposefully contribute to a world where
Everyone has an equitable and lifelong opportunity to succeed
through learning
Our educational products and services are inclusive and
represent the rich diversity of learners
Our educational content accurately reflects the histories and
experiences of the learners we serve
Our educational content prompts deeper discussions with
learners and motivates them to expand their own learning (and
worldview)
Equity, and Inclusion
Pearson is dedicated to creating bias-free content that reflects the
diversity of all learners. We embrace the many dimensions of
diversity, including but not limited to race, ethnicity, gender,
socioeconomic status, ability, age, sexual orientation, and religious
or political beliefs.
Education is a powerful force for equity and change in our world. It
has the potential to deliver opportunities that improve lives and
enable economic mobility. As we work with authors to create content
for every product and service, we acknowledge our responsibility to
demonstrate inclusivity and incorporate diverse scholarship so that
everyone can achieve their potential through learning. As the world’s
leading learning company, we have a duty to help drive change and
live up to our purpose to help more people create a better life for
themselves and to create a better world.
Our ambition is to purposefully contribute to a world where
Everyone has an equitable and lifelong opportunity to succeed
through learning
Our educational products and services are inclusive and
represent the rich diversity of learners
Our educational content accurately reflects the histories and
experiences of the learners we serve
Our educational content prompts deeper discussions with
learners and motivates them to expand their own learning (and
worldview)
Loading page 9...
While we work hard to present unbiased content, we want to hear
from you about any concerns or needs with this Pearson product so
that we can investigate and address them.
Please contact us with concerns about any potential bias at
https://www.pearson.com/report-bias.html.
from you about any concerns or needs with this Pearson product so
that we can investigate and address them.
Please contact us with concerns about any potential bias at
https://www.pearson.com/report-bias.html.
Loading page 10...
About the Author
Nazmul Rajib is a senior product marketing manager of Cisco
Systems, Inc. He leads Cisco’s global initiatives on cybersecurity
enablement, focusing on the firewall and intrusion prevention
technologies. As a senior member of the Security Business Group
(SBG), Nazmul regularly advises Cisco on security product
roadmaps, content strategies, and technical communications. He
develops training programs for the Global Security Sales
Organization (GSSO) and worldwide channel partners. Nazmul also
worked as a technical marketing engineer in the product
management organization, where he was responsible for validating
security designs, researching best practices, publishing white
papers, and presenting new security capabilities.
Prior to joining Cisco’s core business group, Nazmul served as a
senior information security consultant in the Cisco advanced
services organization. With more than a decade of experience,
Nazmul assisted many Fortune 500 companies, government
agencies, and international organizations. He frequently met Cisco
customers to address their critical security concerns and to run
workshops.
Nazmul Rajib is a senior product marketing manager of Cisco
Systems, Inc. He leads Cisco’s global initiatives on cybersecurity
enablement, focusing on the firewall and intrusion prevention
technologies. As a senior member of the Security Business Group
(SBG), Nazmul regularly advises Cisco on security product
roadmaps, content strategies, and technical communications. He
develops training programs for the Global Security Sales
Organization (GSSO) and worldwide channel partners. Nazmul also
worked as a technical marketing engineer in the product
management organization, where he was responsible for validating
security designs, researching best practices, publishing white
papers, and presenting new security capabilities.
Prior to joining Cisco’s core business group, Nazmul served as a
senior information security consultant in the Cisco advanced
services organization. With more than a decade of experience,
Nazmul assisted many Fortune 500 companies, government
agencies, and international organizations. He frequently met Cisco
customers to address their critical security concerns and to run
workshops.
Loading page 11...
Previously, Nazmul was a technical lead in the Cisco Customer
Experiences (CX) organization, where he consistently assisted the
security engineers, and spearheaded the engineering efforts to solve
business-critical escalations. He developed several training
programs and taught many Cisco engineers worldwide. Nazmul
published numerous articles on the Cisco website. In addition to this
book, he has authored the best-selling security book Cisco
Firepower Threat Defense (ISBN: 9781587144806).
Nazmul is a veteran of Sourcefire, Inc., which developed the world’s
greatest open-source intrusion prevention system. At Sourcefire,
Nazmul created and managed the customer knowledge base, new
hire onboarding process, and partner certification program. He
routinely trained Sourcefire’s security engineers and managed
security service providers (MSSP) in the United States.
Nazmul has a master of science degree in Internetworking. He also
holds many certifications in the areas of cybersecurity, information
technology, technical communication, and product marketing. He is a
Sourcefire Certified Expert and Sourcefire Certified Security
Engineer.
Experiences (CX) organization, where he consistently assisted the
security engineers, and spearheaded the engineering efforts to solve
business-critical escalations. He developed several training
programs and taught many Cisco engineers worldwide. Nazmul
published numerous articles on the Cisco website. In addition to this
book, he has authored the best-selling security book Cisco
Firepower Threat Defense (ISBN: 9781587144806).
Nazmul is a veteran of Sourcefire, Inc., which developed the world’s
greatest open-source intrusion prevention system. At Sourcefire,
Nazmul created and managed the customer knowledge base, new
hire onboarding process, and partner certification program. He
routinely trained Sourcefire’s security engineers and managed
security service providers (MSSP) in the United States.
Nazmul has a master of science degree in Internetworking. He also
holds many certifications in the areas of cybersecurity, information
technology, technical communication, and product marketing. He is a
Sourcefire Certified Expert and Sourcefire Certified Security
Engineer.
Loading page 12...
About the Technical Reviewers
Ed Mendez is a senior instructional design and training manager
with Cisco Systems, Inc. He has been an education specialist and
instructor of many IT security products and technologies for more
than 20 years. Ed works with the Cisco certification development
team and develops courseware for various Cisco security
certification programs. He came to Cisco from the Sourcefire
acquisition, where he developed courseware, designed lab
infrastructure, and delivered training on many Sourcefire products,
including Firepower NGFW, NGIPS, AMP, and Snort. Before joining
Sourcefire, he worked at Internet Security Systems (ISS) in the
professional services and education departments. Besides holding
certifications on many products for which he developed training
courses, he also earned CISSP certification in 2002.
John Wise is a senior security instructor and courseware developer
with Cisco Systems, Inc., specializing in Cisco Secure Firewall
Threat Defense (FTD) and Advanced Malware Protection (AMP). He
develops and delivers the Cisco training offerings on next-generation
firewall (NGFW) and next-generation intrusion prevention systems
(NGIPS). With his decade of teaching and security experiences,
John also coaches new instructors at the Cisco Customer
Experience (CX) organization. John has been recognized as a
Distinguished Speaker at various Cisco Live events held in the
United States, Europe, and Latin America.
Ed Mendez is a senior instructional design and training manager
with Cisco Systems, Inc. He has been an education specialist and
instructor of many IT security products and technologies for more
than 20 years. Ed works with the Cisco certification development
team and develops courseware for various Cisco security
certification programs. He came to Cisco from the Sourcefire
acquisition, where he developed courseware, designed lab
infrastructure, and delivered training on many Sourcefire products,
including Firepower NGFW, NGIPS, AMP, and Snort. Before joining
Sourcefire, he worked at Internet Security Systems (ISS) in the
professional services and education departments. Besides holding
certifications on many products for which he developed training
courses, he also earned CISSP certification in 2002.
John Wise is a senior security instructor and courseware developer
with Cisco Systems, Inc., specializing in Cisco Secure Firewall
Threat Defense (FTD) and Advanced Malware Protection (AMP). He
develops and delivers the Cisco training offerings on next-generation
firewall (NGFW) and next-generation intrusion prevention systems
(NGIPS). With his decade of teaching and security experiences,
John also coaches new instructors at the Cisco Customer
Experience (CX) organization. John has been recognized as a
Distinguished Speaker at various Cisco Live events held in the
United States, Europe, and Latin America.
Loading page 13...
Dedications
My Lord!
Grant me wisdom, and join me with the righteous.
Bless me with honorable mention among later generations.
Glory be to You!
We have no knowledge except what You have taught us.
You are truly the All-Knowing, All-Wise.
(The Quran)
My Lord!
Grant me wisdom, and join me with the righteous.
Bless me with honorable mention among later generations.
Glory be to You!
We have no knowledge except what You have taught us.
You are truly the All-Knowing, All-Wise.
(The Quran)
Loading page 14...
Acknowledgments
My journey to write this book commenced in early 2020. The plan
was to conclude the project within a year. However, 2020 turned out
to be an unprecedented year. All praise belongs to God for keeping
me safe throughout the pandemic and giving me the ability to
complete this book.
It took hundreds of hours to write this book. I would not be able to
concentrate on research and writing without my wife’s support and
sacrifice. I am grateful for her unfailing patience and unwavering
devotion.
Sometimes I needed a smile, strength, and stamina to keep going
with writing. My marvelous princesses did an amazing job to keep
their dad motivated. Their big hugs, kind words, and prayers inspire
me to persevere.
I would also like to extend my gratitude to all my colleagues,
students, and readers around the world for encouraging me with
great feedback on my publications. It is delightful to see the photos
of my books on your blog posts.
Many thanks to the technical reviewers for taking the time to review
the chapters and providing me invaluable feedback. Their
comments, compliments, and commitments have been
indispensable to this book.
Finally, I would like to recognize all the editors at Cisco Press for
working with me diligently and keeping me on track to get this book
published.
My journey to write this book commenced in early 2020. The plan
was to conclude the project within a year. However, 2020 turned out
to be an unprecedented year. All praise belongs to God for keeping
me safe throughout the pandemic and giving me the ability to
complete this book.
It took hundreds of hours to write this book. I would not be able to
concentrate on research and writing without my wife’s support and
sacrifice. I am grateful for her unfailing patience and unwavering
devotion.
Sometimes I needed a smile, strength, and stamina to keep going
with writing. My marvelous princesses did an amazing job to keep
their dad motivated. Their big hugs, kind words, and prayers inspire
me to persevere.
I would also like to extend my gratitude to all my colleagues,
students, and readers around the world for encouraging me with
great feedback on my publications. It is delightful to see the photos
of my books on your blog posts.
Many thanks to the technical reviewers for taking the time to review
the chapters and providing me invaluable feedback. Their
comments, compliments, and commitments have been
indispensable to this book.
Finally, I would like to recognize all the editors at Cisco Press for
working with me diligently and keeping me on track to get this book
published.
Loading page 15...
Contents at a Glance
Introduction
Part I General Deployment
Chapter 1 Introduction to Cisco Secure Firewall and IPS
Chapter 2 Deployment of Secure Firewall Virtual
Chapter 3 Licensing and Registration
Chapter 4 Firewall Deployment in Routed Mode
Chapter 5 Firewall Deployment in Transparent Mode
Chapter 6 IPS-Only Deployment in Inline Mode
Chapter 7 Deployment in Detection-Only Mode
Part II Basic Security Operations
Chapter 8 Capturing Traffic for Advanced Analysis
Chapter 9 Network Discovery Policy
Chapter 10 Access Control Policy
Chapter 11 Prefilter Policy
Chapter 12 Security Intelligence
Chapter 13 Domain Name System (DNS) Policy
Chapter 14 URL Filtering
Part III Advanced Configurations
Introduction
Part I General Deployment
Chapter 1 Introduction to Cisco Secure Firewall and IPS
Chapter 2 Deployment of Secure Firewall Virtual
Chapter 3 Licensing and Registration
Chapter 4 Firewall Deployment in Routed Mode
Chapter 5 Firewall Deployment in Transparent Mode
Chapter 6 IPS-Only Deployment in Inline Mode
Chapter 7 Deployment in Detection-Only Mode
Part II Basic Security Operations
Chapter 8 Capturing Traffic for Advanced Analysis
Chapter 9 Network Discovery Policy
Chapter 10 Access Control Policy
Chapter 11 Prefilter Policy
Chapter 12 Security Intelligence
Chapter 13 Domain Name System (DNS) Policy
Chapter 14 URL Filtering
Part III Advanced Configurations
Loading page 16...
Chapter 15 Network Analysis and Intrusion Policies
Chapter 16 Malware and File Policy
Chapter 17 Network Address Translation (NAT)
Chapter 18 Traffic Decryption Policy
Chapter 19 Virtual Private Network (VPN)
Chapter 20 Quality of Service (QoS)
Chapter 21 System Logging (Syslog)
Part IV Conclusion
Chapter 22 Final Preparation
Part V Appendixes
Appendix A Answers to the “Do I Know This Already?” Questions
Appendix B CCNP Security Cisco Secure Firewall and Intrusion
Prevention System Official Cert Guide Updates
Glossary
Index
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary
Chapter 16 Malware and File Policy
Chapter 17 Network Address Translation (NAT)
Chapter 18 Traffic Decryption Policy
Chapter 19 Virtual Private Network (VPN)
Chapter 20 Quality of Service (QoS)
Chapter 21 System Logging (Syslog)
Part IV Conclusion
Chapter 22 Final Preparation
Part V Appendixes
Appendix A Answers to the “Do I Know This Already?” Questions
Appendix B CCNP Security Cisco Secure Firewall and Intrusion
Prevention System Official Cert Guide Updates
Glossary
Index
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary
Loading page 17...
Reader Services
Other Features
In addition to the features in each of the core chapters, this book has
additional study resources on the companion website, including the
following:
Practice exams: The companion website contains an exam
engine that enables you to review practice exam questions. Use
these to prepare with a sample exam and to pinpoint topics
where you need more study.
Interactive exercises and quizzes: The companion website
contains interactive hands-on exercises and interactive quizzes
so that you can test your knowledge on the spot.
Glossary quizzes: The companion website contains interactive
quizzes that enable you to test yourself on every glossary term
in the book.
To access this additional content, simply register your product. To
start the registration process, go to www.ciscopress.com/register and
log in or create an account*. Enter the product ISBN 9780136589709
and click Submit. After the process is complete, you will find any
available bonus content under Registered Products.
*Be sure to check the box that you would like to hear from us to
receive exclusive discounts on future editions of this product.
Other Features
In addition to the features in each of the core chapters, this book has
additional study resources on the companion website, including the
following:
Practice exams: The companion website contains an exam
engine that enables you to review practice exam questions. Use
these to prepare with a sample exam and to pinpoint topics
where you need more study.
Interactive exercises and quizzes: The companion website
contains interactive hands-on exercises and interactive quizzes
so that you can test your knowledge on the spot.
Glossary quizzes: The companion website contains interactive
quizzes that enable you to test yourself on every glossary term
in the book.
To access this additional content, simply register your product. To
start the registration process, go to www.ciscopress.com/register and
log in or create an account*. Enter the product ISBN 9780136589709
and click Submit. After the process is complete, you will find any
available bonus content under Registered Products.
*Be sure to check the box that you would like to hear from us to
receive exclusive discounts on future editions of this product.
Loading page 18...
Contents
Introduction
Part I General Deployment
Chapter 1 Introduction to Cisco Secure Firewall and IPS
“Do I Know This Already?” Quiz
Foundation Topics
Evolution of Next-Generation Firewall
Cisco Secure Firewall Solutions
Product Evolution and Lifecycle
Software and Hardware Architecture
Scalability and Resiliency
Clustering
Multi-Instance
High Availability
Resiliency in Connectivity
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 2 Deployment of Secure Firewall Virtual
“Do I Know This Already?” Quiz
Foundation Topics
Cisco Secure Firewall on a Virtual Platform
Introduction
Part I General Deployment
Chapter 1 Introduction to Cisco Secure Firewall and IPS
“Do I Know This Already?” Quiz
Foundation Topics
Evolution of Next-Generation Firewall
Cisco Secure Firewall Solutions
Product Evolution and Lifecycle
Software and Hardware Architecture
Scalability and Resiliency
Clustering
Multi-Instance
High Availability
Resiliency in Connectivity
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 2 Deployment of Secure Firewall Virtual
“Do I Know This Already?” Quiz
Foundation Topics
Cisco Secure Firewall on a Virtual Platform
Loading page 19...
Hosting Environment Settings
Virtual Resource Allocation
Software Package Selection
Best Practices
Configuration
Virtual Network for Management Traffic
Virtual Network for Data Traffic
Virtual Machine Creation for Secure Firewall
System Initialization and Validation
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 3 Licensing and Registration
Do I Know This Already?
Foundation Topics
Cisco Licensing Architecture
Direct Cloud Access
On-Premises Server
Offline Access
Cisco Secure Firewall Licenses
Feature License
Export-Controlled License
Evaluation License
Validation of Licensing
Device Registration
Best Practices for Registration
Configurations on Threat Defense
Configurations on Management Center
Virtual Resource Allocation
Software Package Selection
Best Practices
Configuration
Virtual Network for Management Traffic
Virtual Network for Data Traffic
Virtual Machine Creation for Secure Firewall
System Initialization and Validation
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 3 Licensing and Registration
Do I Know This Already?
Foundation Topics
Cisco Licensing Architecture
Direct Cloud Access
On-Premises Server
Offline Access
Cisco Secure Firewall Licenses
Feature License
Export-Controlled License
Evaluation License
Validation of Licensing
Device Registration
Best Practices for Registration
Configurations on Threat Defense
Configurations on Management Center
Loading page 20...
Management Communication over the Internet
Validation of Registration
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 4 Firewall Deployment in Routed Mode
“Do I Know This Already?” Quiz
Foundation Topics
Routed Mode Essentials
Best Practices for Routed Mode Configuration
Fulfilling Prerequisites
Enabling the Routed Firewall Mode
Configuration of the Routed Interface
Configuring Interfaces with Static IP Addresses
Configuring Interfaces with Automatic IP Addresses
Validation of Interface Configuration
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 5 Firewall Deployment in Transparent Mode
“ Do I Know This Already? ” Quiz
Foundation Topics
Transparent Mode Essentials
Best Practices for Transparent Mode Configuration
Fulfilling Prerequisites
Enabling the Transparent Firewall Mode
Validation of Registration
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 4 Firewall Deployment in Routed Mode
“Do I Know This Already?” Quiz
Foundation Topics
Routed Mode Essentials
Best Practices for Routed Mode Configuration
Fulfilling Prerequisites
Enabling the Routed Firewall Mode
Configuration of the Routed Interface
Configuring Interfaces with Static IP Addresses
Configuring Interfaces with Automatic IP Addresses
Validation of Interface Configuration
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 5 Firewall Deployment in Transparent Mode
“ Do I Know This Already? ” Quiz
Foundation Topics
Transparent Mode Essentials
Best Practices for Transparent Mode Configuration
Fulfilling Prerequisites
Enabling the Transparent Firewall Mode
Loading page 21...
Configuring Transparent Mode in a Layer 2 Network
Configuring the Physical and Virtual Interfaces
Verifying the Interface Status
Verifying Basic Connectivity and Operations
Deploying a Threat Defense Between Layer 3 Networks
Selecting a Default Action
Adding an Access Control Rule for a Routing Protocol
Creating an Access Control Rule for the SSH Protocol
Verifying Access Control Lists
Integrated Routing and Bridging (IRB)
Summary
Exam Preparation Tasks
Review All Key Topics
Memory Tables and Lists
Define Key Terms
Chapter 6 IPS-Only Deployment in Inline Mode
“Do I Know This Already?” Quiz
Foundation Topics
Inline Mode Essentials
Inline Mode Versus Passive Mode
Inline Mode Versus Transparent Mode
Best Practices for Inline Mode
Inline Mode Configuration
Fulfilling Prerequisites
Interface Setup
Inline Set Configuration
Verification
Event Analysis in IPS-Only Mode
Summary
Exam Preparation Tasks
Configuring the Physical and Virtual Interfaces
Verifying the Interface Status
Verifying Basic Connectivity and Operations
Deploying a Threat Defense Between Layer 3 Networks
Selecting a Default Action
Adding an Access Control Rule for a Routing Protocol
Creating an Access Control Rule for the SSH Protocol
Verifying Access Control Lists
Integrated Routing and Bridging (IRB)
Summary
Exam Preparation Tasks
Review All Key Topics
Memory Tables and Lists
Define Key Terms
Chapter 6 IPS-Only Deployment in Inline Mode
“Do I Know This Already?” Quiz
Foundation Topics
Inline Mode Essentials
Inline Mode Versus Passive Mode
Inline Mode Versus Transparent Mode
Best Practices for Inline Mode
Inline Mode Configuration
Fulfilling Prerequisites
Interface Setup
Inline Set Configuration
Verification
Event Analysis in IPS-Only Mode
Summary
Exam Preparation Tasks
Loading page 22...
Review All Key Topics
Memory Tables and Lists
Define Key Terms
Chapter 7 Deployment in Detection-Only Mode
“ Do I Know This Already? ” Quiz
Foundation Topics
Detection-Only Mode Essentials
Passive Monitoring Technology
Interface Modes: Inline, Inline Tap, and Passive
Best Practices for Detection-Only Deployment
Inline Tap Mode
Configuration of Inline Tap Mode
Verification of Inline Tap Configuration
Passive Interface Mode
Configuration of Passive Interface Mode
Configuring Passive Interface Mode on a Threat
Defense
Configuring a SPAN Port on a Switch
Verification of Passive Interface Configuration
Event Analysis in Detection-Only Mode
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Part II Basic Security Operations
Chapter 8 Capturing Traffic for Advanced Analysis
“Do I Know This Already?” Quiz
Foundation Topics
Memory Tables and Lists
Define Key Terms
Chapter 7 Deployment in Detection-Only Mode
“ Do I Know This Already? ” Quiz
Foundation Topics
Detection-Only Mode Essentials
Passive Monitoring Technology
Interface Modes: Inline, Inline Tap, and Passive
Best Practices for Detection-Only Deployment
Inline Tap Mode
Configuration of Inline Tap Mode
Verification of Inline Tap Configuration
Passive Interface Mode
Configuration of Passive Interface Mode
Configuring Passive Interface Mode on a Threat
Defense
Configuring a SPAN Port on a Switch
Verification of Passive Interface Configuration
Event Analysis in Detection-Only Mode
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Part II Basic Security Operations
Chapter 8 Capturing Traffic for Advanced Analysis
“Do I Know This Already?” Quiz
Foundation Topics
Loading page 23...
Packet Capture Essentials
Best Practices for Capturing Traffic
Capturing of Packets Using Secure Firewall
Configuration
Verification
Packet Capture versus Packet Tracer
Summary
Exam Preparation Tasks
Review All Key Topics
Memory Tables and Lists
Define Key Terms
Chapter 9 Network Discovery Policy
“Do I Know This Already?” Quiz
Foundation Topics
Network Discovery Essentials
Application Detectors
Network Discovery Operations
Best Practices for Network Discovery
Fulfilling Prerequisites
Configurations
Reusable Objects
Network Discovery Policy
Verification
Analyzing Application Discovery
Analyzing Host Discovery
Undiscovered New Hosts
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Best Practices for Capturing Traffic
Capturing of Packets Using Secure Firewall
Configuration
Verification
Packet Capture versus Packet Tracer
Summary
Exam Preparation Tasks
Review All Key Topics
Memory Tables and Lists
Define Key Terms
Chapter 9 Network Discovery Policy
“Do I Know This Already?” Quiz
Foundation Topics
Network Discovery Essentials
Application Detectors
Network Discovery Operations
Best Practices for Network Discovery
Fulfilling Prerequisites
Configurations
Reusable Objects
Network Discovery Policy
Verification
Analyzing Application Discovery
Analyzing Host Discovery
Undiscovered New Hosts
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Loading page 24...
Define Key Terms
Chapter 10 Access Control Policy
“Do I Know This Already?” Quiz
Foundation Topics
Access Control Policy Essentials
Policy Editor
Rule Editor
Best Practices for Access Control Policy
Access Control Policy Configuration
Fulfilling Prerequisites
Creating Rules
Verification
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 11 Prefilter Policy
“Do I Know This Already?” Quiz
Foundation Topics
Prefilter Policy Essentials
Prefilter Policy: Rules and Actions
Bypassing Deep Packet Inspection
Best Practices for a Prefilter Policy
Enabling Bypass Through a Prefilter Policy
Fulfilling Prerequisites
Configuring a Rule in a Prefilter Policy
Invoking a Prefilter Policy into an Access Control
Policy
Chapter 10 Access Control Policy
“Do I Know This Already?” Quiz
Foundation Topics
Access Control Policy Essentials
Policy Editor
Rule Editor
Best Practices for Access Control Policy
Access Control Policy Configuration
Fulfilling Prerequisites
Creating Rules
Verification
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 11 Prefilter Policy
“Do I Know This Already?” Quiz
Foundation Topics
Prefilter Policy Essentials
Prefilter Policy: Rules and Actions
Bypassing Deep Packet Inspection
Best Practices for a Prefilter Policy
Enabling Bypass Through a Prefilter Policy
Fulfilling Prerequisites
Configuring a Rule in a Prefilter Policy
Invoking a Prefilter Policy into an Access Control
Policy
Loading page 25...
Establishing Trust Through an Access Control Policy
Verification
Managing Encapsulated Traffic Inspection
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 12 Security Intelligence
“Do I Know This Already?” Quiz
Foundation Topics
Security Intelligence Essentials
Best Practices for Security Intelligence
Fulfilling Prerequisites
Automatic Blocking Using Cisco Intelligence Feed
Verifying the Action of Cisco Intelligence Feed
Overriding the Cisco Intelligence Feed Outcome
Instant Blocking Using Context Menu
Adding an Address to the Block List
Deleting an Address from the Block List
Manual Blocking Using Custom List
Enabling Security Intelligence in Monitor-Only Mode
Threat Intelligence Director
Enabling Threat Intelligence Director
Adding Sources and Importing Indicators
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Verification
Managing Encapsulated Traffic Inspection
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 12 Security Intelligence
“Do I Know This Already?” Quiz
Foundation Topics
Security Intelligence Essentials
Best Practices for Security Intelligence
Fulfilling Prerequisites
Automatic Blocking Using Cisco Intelligence Feed
Verifying the Action of Cisco Intelligence Feed
Overriding the Cisco Intelligence Feed Outcome
Instant Blocking Using Context Menu
Adding an Address to the Block List
Deleting an Address from the Block List
Manual Blocking Using Custom List
Enabling Security Intelligence in Monitor-Only Mode
Threat Intelligence Director
Enabling Threat Intelligence Director
Adding Sources and Importing Indicators
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Loading page 26...
Chapter 13 Domain Name System (DNS) Policy
“Do I Know This Already?” Quiz
Foundation Topics
DNS Policy Essentials
Domain Name System (DNS)
Blocking of a DNS Query Using a Secure Firewall
DNS Rule Actions
Actions That Can Interrupt DNS Queries
Actions That Allow DNS Queries
Sources of Intelligence
Best Practices for Blocking DNS Queries
Fulfilling Prerequisites
Configuring DNS Policy
Add a New Rule to a DNS Policy
Invoke the DNS Policy
Verification
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 14 URL Filtering
“Do I Know This Already?” Quiz
Foundation Topics
URL Filtering Essentials
Category and Reputation
URL Database
Fulfilling Prerequisites
Best Practices for URL Filtering Configuration
Enabling URL Filtering
“Do I Know This Already?” Quiz
Foundation Topics
DNS Policy Essentials
Domain Name System (DNS)
Blocking of a DNS Query Using a Secure Firewall
DNS Rule Actions
Actions That Can Interrupt DNS Queries
Actions That Allow DNS Queries
Sources of Intelligence
Best Practices for Blocking DNS Queries
Fulfilling Prerequisites
Configuring DNS Policy
Add a New Rule to a DNS Policy
Invoke the DNS Policy
Verification
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 14 URL Filtering
“Do I Know This Already?” Quiz
Foundation Topics
URL Filtering Essentials
Category and Reputation
URL Database
Fulfilling Prerequisites
Best Practices for URL Filtering Configuration
Enabling URL Filtering
Loading page 27...
Blocking URLs of a Certain Category
Verifying the Operation of a URL Filtering Rule
Allowing a Specific URL
Analyzing the Default Category Override
Handling Uncategorized URLs
Investigating the Uncategorized URLs
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Part III Advanced Configurations
Chapter 15 Network Analysis and Intrusion Policies
“Do I Know This Already?” Quiz
Foundation Topics
Intrusion Prevention System Essentials
Network Analysis Policy
Intrusion Policy
System-Provided Variable Sets
System-Provided Base Policies
Best Practices for Intrusion Policy Deployment
Configuring a Network Analysis Policy
Configuring an Intrusion Policy
Creating a Policy with a Default Ruleset
Incorporating Intrusion Rule Recommendations
Enabling or Disabling an Intrusion Rule
Setting Up a Variable Set
Policy Deployment
Verification
Verifying the Operation of a URL Filtering Rule
Allowing a Specific URL
Analyzing the Default Category Override
Handling Uncategorized URLs
Investigating the Uncategorized URLs
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Part III Advanced Configurations
Chapter 15 Network Analysis and Intrusion Policies
“Do I Know This Already?” Quiz
Foundation Topics
Intrusion Prevention System Essentials
Network Analysis Policy
Intrusion Policy
System-Provided Variable Sets
System-Provided Base Policies
Best Practices for Intrusion Policy Deployment
Configuring a Network Analysis Policy
Configuring an Intrusion Policy
Creating a Policy with a Default Ruleset
Incorporating Intrusion Rule Recommendations
Enabling or Disabling an Intrusion Rule
Setting Up a Variable Set
Policy Deployment
Verification
Loading page 28...
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 16 Malware and File Policy
“Do I Know This Already?” Quiz
Foundation Topics
File Policy Essentials
File Type Detection
Malware Analysis
Best Practices for File Policy Configuration
Fulfilling Prerequisites
Configuring a File Policy
Creating a File Policy
Deploying a File Policy
Verification
Analyzing File Events
Analyzing Malware Events
The Management Center Is Unable to Communicate
with the Cloud
The Management Center Performs a Cloud Lookup
The Threat Defense Blocks Malware
Overriding a Malware Disposition
Network Trajectory
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 16 Malware and File Policy
“Do I Know This Already?” Quiz
Foundation Topics
File Policy Essentials
File Type Detection
Malware Analysis
Best Practices for File Policy Configuration
Fulfilling Prerequisites
Configuring a File Policy
Creating a File Policy
Deploying a File Policy
Verification
Analyzing File Events
Analyzing Malware Events
The Management Center Is Unable to Communicate
with the Cloud
The Management Center Performs a Cloud Lookup
The Threat Defense Blocks Malware
Overriding a Malware Disposition
Network Trajectory
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Loading page 29...
Chapter 17 Network Address Translation (NAT)
“Do I Know This Already?” Quiz
Foundation Topics
NAT Essentials
NAT Techniques
NAT Rule Types
Best Practices for NAT Deployment
Fulfilling Prerequisites
Configuring NAT
Masquerading a Source Address (Source NAT for
Outbound Connection)
Configuring a Dynamic NAT Rule
Verifying the Configuration
Verifying the Operation: Inside to Outside
Verifying the Operation: Outside to Inside
Connecting to a Masqueraded Destination (Destination
NAT for Inbound Connection)
Configuring a Static NAT Rule
Verifying the Operation: Outside to DMZ
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 18 Traffic Decryption Policy
“Do I Know This Already?” Quiz
Foundation Topics
Traffic Decryption Essentials
Overview of SSL and TLS Protocols
Decryption Techniques on Secure Firewall
“Do I Know This Already?” Quiz
Foundation Topics
NAT Essentials
NAT Techniques
NAT Rule Types
Best Practices for NAT Deployment
Fulfilling Prerequisites
Configuring NAT
Masquerading a Source Address (Source NAT for
Outbound Connection)
Configuring a Dynamic NAT Rule
Verifying the Configuration
Verifying the Operation: Inside to Outside
Verifying the Operation: Outside to Inside
Connecting to a Masqueraded Destination (Destination
NAT for Inbound Connection)
Configuring a Static NAT Rule
Verifying the Operation: Outside to DMZ
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 18 Traffic Decryption Policy
“Do I Know This Already?” Quiz
Foundation Topics
Traffic Decryption Essentials
Overview of SSL and TLS Protocols
Decryption Techniques on Secure Firewall
Loading page 30...
Best Practices for Traffic Decryption
Configuring a Decryption Policy
PKI Objects
Internal CAs Object
Internal Certs Object
SSL Policy
File Policy
Access Control Policy
Verification
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 19 Virtual Private Network (VPN)
“Do I Know This Already?” Quiz
Foundation Topics
VPN Essentials
Site-to-Site VPN
Remote Access VPN
IPsec Essentials
Mode of Operation
Security Association and Key Exchange
IKEv1
IKEv2
Authentication
Site-to-Site VPN Deployment
Prerequisites
Configurations
Configuring a Decryption Policy
PKI Objects
Internal CAs Object
Internal Certs Object
SSL Policy
File Policy
Access Control Policy
Verification
Summary
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
Chapter 19 Virtual Private Network (VPN)
“Do I Know This Already?” Quiz
Foundation Topics
VPN Essentials
Site-to-Site VPN
Remote Access VPN
IPsec Essentials
Mode of Operation
Security Association and Key Exchange
IKEv1
IKEv2
Authentication
Site-to-Site VPN Deployment
Prerequisites
Configurations
Loading page 31...
30 more pages available. Scroll down to load them.
Preview Mode
Sign in to access the full document!
100%
Study Now!
XY-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
AI Assistant
Document Details
Subject
Cisco Certified Network Professional