Twenty-one advanced hands-on labs guide you through using the PIX firewall, including basic PIX firewall configuration; multiple methods of address translation; and configuration and use of PIX Access Control Lists, Object Groups, Cut-Through Proxy Authentication, Downloadable Access Lists, Attack Guards, LAN-based Failover, Site-to-Site and Remote Access PIX-based IPSec VPN scenarios, PIX Device Manager, CiscoWorks Firewall Management Center, and Auto Update Server. All labs are based on a topology enhanced by American Information System to simulate a typical production network, instead of one designed only for a classroom environment. There is also a brief introduction to the capabilities of the switch-based Firewall Services Module. This gives you the most relevant, hands-on, and real-world experience available anywhere. In our exclusive approach to the PIX firewall course, every lab has annotated (containing full command syntax) and unannotated (containing only objective statements - you have to recall and apply your knowledge of the commands) versions, to maximize your learning experience.

• Identify components and functions of the following PIX models: 501, 506, 515, 520, 525, and 535
• Configure PIX firewall security features
• Address translation and its role on the PIX firewall
• Configure and use Access Control Lists, including Turbo ACLs
• Configure and use Object Groups
• Perform OS image and feature license upgrades
• Content filtering
• AAA configuration on the Cisco PIX firewall
• Advanced protocol handling and attack guards
• PIX Failover - Cable- and LAN-Based
• Configure and test SSH access to a PIX firewall
• DHCP & PPPoE support
• Routing and Multicast support
• Configure PIX to PIX VPN using IPSec and IKE
• Configure a PIX to use X.509 digital certificates within IKE (a Global Knowledge exclusive!)
• Configure a PIX to host VPN Software Client remote access connections
• Explore the functionality of PIX Device Manager, including the VPN Wizard
• Explore the functionality of PIX Management Center, part of the VMS software suite
• Explore the functionality of Auto Update Server, also part of the VMS software suite

This course is designed for networking professionals tasked with ensuring the effective installation and deployment of their Cisco PIX firewalls -based on version 6.33 of the PIX operating system. .

Course Detail :

• Firewalls
• PIX Firewall Overview

• PIX Firewall Models
• PIX Firewall Licensing
• Firewall Services Module

• User Interface
• Configuring the PIX Firewall
• ASA Security Levels
• Basic PIX Firewall Configuration
• Examining PIX Firewall Status
• Time Setting and NTP Support
• Syslog Configuration

• Transport Protocols
• Network Address Translation
• Port Address Translation
• static Command
• Identity NAT Command
• Policy NAT
• Connections and Translations
• Configuring Multiple Interfaces

• ACLs
• Using ACLs
• Malicious Active Code Filtering
• URL Filtering

• Overview of Object Grouping
• Getting Started with Object Groups
• Configuring Object Groups
• Nested Object Groups

• Advanced Protocols
• Multimedia Support

• Attack Guards
• Intrusion Detection
• Shunning

• Introduction
• Authentication Configuration
• Authorization Configuration
• Downloadable ACLs
• Accounting Configuration
• Troubleshooting the AAA Configuration

• Understanding Failover
• Serial Cable-Based Failover Configuration
• LAN-Based Failover Configuration

• Virtual LANS
• Static and Dynamic Routing
• OSPF
• Multicast

• The PIX Firewall Enables a Secure VPN
• How IPSec Works
• IPSec Configuration Tasks
• Prepare to Configure VPN Support
• Configure IKE Parameters
• Configure IPSec Parameters
• Test and Verify VPN Configuration
• The Cisco VPN Client
• Scale PIX Firewall VPNs

• Introduction to the Cisco Easy VPN
• Overview of the Easy VPN Server
• Overview of the Easy VPN Remote Feature
• Overview of the Cisco VPN 3.6 Client
• How the Cisco Easy VPN Works
• Configuring the Easy VPN Server for Extended Authentication
• Cisco VPN Client 3.6 Manual Configuration Tasks
• Working with the Cisco VPN 3.6 Client

• PIX Easy VPN Remote Feature Overview
• Easy VPN Remote Configuration
• PPPoE and the PIX Firewall
• DHCP Server Configuration

• Remote Access
• Command Authorization
• SNMP
• Management Tools
• Activation Keys
• Password Recovery and Image Upgrade

• PDM Overview
• PDM Operating Requirements
• Prepare for PDM
• Using PDM to Configure the PIX Firewall
• Using PDM to Create Site-to-Site VPNs
• Using PDM to Create Remote Access VPNs

• Introduction
• Firewall MC Hardware Requirements
• Preparing for Firewall MC
• Understanding the Firewall MC
• Importing and Managing Devices
• Configuring Settings
• Configuring Building Blocks
• Configuring Access and Translation Rules
• Managing Workflow
• Reporting

• Introduction to the Auto Update Server
• PIX Firewall and AUS Communication Settings
• Getting Started
• Devices, Images, and Assignments
• Reports and Administration

• FWSM Overview
• Network Model
• Getting Started
• Using PDM with the FWSM
• Troubleshooting the FWSM

• Cable all network devices
• Configure the perimeter router
• Configure the PIX firewall enough to test basic connectivity
• Assign IP addresses to all PCs and perimeter router
• Set up NTP for time synchronization on the perimeter router

• Configure the PIX Firewall with the Six Basic Commands (nameif, interface, ip address, nat, global, route)
• Verify connectivity from the Inside PC to the Internet PC
• View the routing table on the PIX
• View an active NAT translation entry on the PIX
• Define a TFTP server and back up your PIX configuration

• Configure the PIX to send Syslog messages to a Syslog server
• Generate and view Syslog messages
• Configure the PIX to support authenticated NTP
• Configure the PIX to add timestamps to Syslog messages
• Filter undesirable Syslog messages

• Configure a perimeter interface as a Public Services Segment (also called a DMZ)
• Configure a policy NAT translation for Inside-PSS connectivity
• Configure a static translation for your Inside PC
• Configure a static translation for your PSS Server
• Clear the translation table
• Establish connectivity from the Inside PC to the Internet and the PSS Server

• Replace the Policy NAT rule with PAT
• Remove the static translation for your Inside PC
• Clear the translation table in order to re-initialize translation slots
• Test PAT

• Configure and test an inbound ACL
• Configure and test an outbound ACL
• Configure and test an ACL on your PSS interface
• Edit existing ACLs
• Configure ICMP filters on the PIX

• Configure object groups
• Configure nested object groups
• Configure and test an inbound ACL using object groups
• Modify object group membership and observe its effect
• Activate Turbo ACLs and observe its effect

• Configure your PIX to use informational intrusion detection signatures
• Configure your PIX to use attack intrusion detection signatures
• Test the intrusion detection policies you configure
• Return your PIX to baseline configuration

• Install Cisco Secure ACS v3.2 for Windows Server
• Add a user to the Cisco Secure ACS database
• Configure your PIX to communicate with Cisco Secure ACS using RADIUS
• Configure and test inbound AAA authentication
• Configure and test outbound AAA authentication
• Configure and test remote administration of Cisco Secure ACS

• Configure per-user access-lists on your PIX via RADIUS Downloadable IP ACLs
• Configure your PIX to generate RADIUS accounting messages to ACS
• Test RADIUS Downloadable IP ACLs with inbound and outbound authentication
• Verify RADIUS accounting messages are being logged to ACS

• Configure the Primary PIX for LAN-based failover
• Configure the Secondary PIX for LAN-based failover
• Test LAN-based failover
• Enhance LAN-based failover by enabling stateful failover
• Test LAN-based stateful failover
• Reset both PIX to pre-failover configurations

• Configure your PIX for IKE Phase 1 (ISAKMP) using pre-shared keys
• Configure your PIX for IKE Phase 2 (IPSec)
• Test and verify Site-to-Site IPSec connectivity

• Configure your PIX for Certificate Authority support
• Obtain a digital certificate from a CA for your PIX
• Configure an IKE Phase 1 (ISAKMP) policy to use RSA Signatures
• Configure new IPSec transform sets using more secure algorithms
• Alter your existing crypto map to use these new policies
• Test and verify Site-to-Site IPSec connectivity

• Configure your PIX as an Easy VPN Server, to terminate VPN Client connections
• Configure a dynamic crypto map on your PIX for use by remote VPN clients
• Configure extended authentication (XAUTH) on your PIX
• Install and configure the Cisco VPN Client on your Internet PC
• Test and verify a VPN (IPSec) connection from the Cisco VPN Client to your PIX firewall

• Securely connect to your PIX using SSH for a remote access session
• Configure your PIX to perform AAA authentication for SSH sessions

• Configure accounts in the local user database
• Configure command authorization using the local user database with different privilege levels
• Configure customized privilege levels for specific PIX commands
• Test command authorization using the local user database

• Upgrade the PIX operating system file
• Upgrade the PIX PDM image file
• Perform a password recovery on your PIX

• Prepare your PIX for management via PIX Device Manager (PDM)
• Import and review your existing PIX configuration in PDM
• Test PDM's reaction to unsupported commands
• Perform monitoring tasks with PDM
• Use PDM to define VPN connections using the VPN Wizard

• Install an update to Firewall Management Center (MC)
• Launch the Firewall MC
• Import your existing firewall into the Firewall MC topology
• Configure Global Settings to be inherited by all PIX firewalls
• Configure settings for a specific PIX firewall
• Use Firewall MC to explore current settings on your PIX firewall
• Create and deploy a Firewall MC job
• Use Firewall MC to create new access rules on your PIX firewall

• Add your PIX to the device list within Auto Update Server (AUS)
• Configure AUS communication parameters in Firewall MC
• Confirm your PIX is in contact with the AUS
• Configure Firewall MC to deploy jobs via AUS
• Edit an ACL in Firewall MC and test deployment via AUS

• Erase the contents of NVRAM on your perimeter router
• Erase the configuration in flash memory on your PIX firewall
• Rebuild the image on all three pod PCs
• Clean up and put away all cabling, surge protectors, etc.