Fundamentals of Packet flow with and without Firewall
OSI/TCP Model (specifically-Application, Presentation, Session and Transport Layers)
Concept of Networking Model and Services Model of Network
Concept of Firewalling Services
Need of DMZ
Network Design with Firewall
Course Outline
Firewall Deployment considerations
- Device level Vs Interface level Deployments
- L3 Vs L2 deployments
- Virtual wire and Tap mode Deployments
Concept of Virtual Router and Virtual Systems
Network Address Translation Concepts
- Concept of Socket
- Source NAT
- 1. Dynamic IP
- 2. Dynamic IP and Port
- 3. Static NAT
- Destination NAT
- 1. Destination IP
- 2. Destination IP and Port
- U-turn NAT
App-ID and SP3 Architecture
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Manage New and Modified App-IDs
- Use Application Objects in Policy
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
- Security Policy Rule Optimization
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
Policy
- Policy Types
- Security Policy
- Policy Objects
- Security Profiles(Content ID)
- 1. Antivirus Profiles
- 2. Anti-Spyware Profiles
- 3. Vulnerability Protection Profiles
- 4. URL Filtering Profiles
- 5. Data Filtering Profiles
- 6. File Blocking Profiles
- 7. WildFire Analysis Profiles
- 8. DoS Protection Profiles
- 9. Zone Protection Profiles
- 10. Security Profile Group
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
- Use Tags to Group and Visually Distinguish Objects
- Use an External Dynamic List in Policy
- Register IP Addresses and Tags Dynamically
- Monitor Changes in the Virtual Environment
- CLI Commands for Dynamic IP Addresses and Tags
- Identify Users Connected through a Proxy Server
- Policy-Based Forwarding
- Test Policy Rules
URL Filtering
- About URL Filtering
- How URL Filtering Works
- URL Filtering Vendors
- URL Filtering Use Cases
- URL Categories
- Plan Your URL Filtering Deployment
- URL Filtering Best Practices
- Configure URL Filtering
- Monitor Web Activity
- Create a Custom URL Category
- URL Category Exceptions
- Use an External Dynamic List in a URL Filtering Profile
- Allow Password Access to Certain Sites
- Safe Search Enforcement
- URL Filtering Response Pages
- Customize the URL Filtering Response Pages
- Request to Change the Category for a URL
- Troubleshoot URL Filtering
User-ID
- User-ID Concepts
- Enable User-ID
- Map Users to Groups
- Map IP Addresses to Users
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
- Deploy User-ID in a Large-Scale Network
- Integration of AD/LDAP/Radius/Tacacs+ Servers
High Availability
- HA Concepts
- Set Up Active/Passive HA
- Set Up Active/Active HA
Monitoring
Cryptography
- Symmetric Cryptography
- 1. Stream based
- 2. Block based
- Asymmetric Cryptography
- Public Key Infrastructure
- Root CA and more
- Data Encryption Services
- Data Integrity
- Authentication Methods
VPN
- Tunnels
- 1. Concepts
- 2. Types
- Site-Site VPN
- Remote-Access VPN
- 1. Client Based
- 2. Clientless
- IPsec Framework
- 1. Data Plane – ESP and AH
- 2. Control Plane – Phase 1 and Phase 2
- SSL/TLS/DTLS
- 1. Data Plane -Packet flow
- 2. Control Plane – Handshaking