Cisco SD-WAN Umbrella Integration (SDWUMB)

This 3-day Cisco SD-WAN (Viptela) training is targeted to engineers and technical personnel involved in deploying, implementing, operating and optimizing Cisco SD-WAN solution (Viptela), both in enterprise and Service Provider environments. This training is specially designed for customers/partners implementing Cisco SD-WAN in integration with the complete feature set of Cisco Umbrella including DNS Security, Cloud Based Firewall and Secure Internet Gateway. The course walks you through how each integration works and how to design and implement it step-by-step.

Retail Price: $3,695.00

Next Date: 06/21/2021

Course Days: 3


Enroll in Next Date

Request Custom Course


About this Course

This 3-day Cisco SD-WAN (Viptela) training is targeted to engineers and technical personnel involved in deploying, implementing, operating and optimizing Cisco SD-WAN solution (Viptela), both in enterprise and Service Provider environments. This training is specially designed for customers/partners implementing Cisco SD-WAN in integration with the complete feature set of Cisco Umbrella including DNS Security, Cloud Based Firewall and Secure Internet Gateway. The course walks you through how each integration works and how to design and implement it step-by-step.

 


Day – 1

Module 1: Cisco SD-WAN Introduction

  • High-level Cisco SD-WAN Deployment models
  • Application level SD-WAN solution
  • Cisco SDWAN plan for HA and Scalability
  • Cisco SD-WAN solution components: vManage NMS, vSmart Controller, vBond Orchestrator
  • Edge Routers (cEdge & vEdge)
  • Cloud Based Deployment vs On-Premises Deployment

Module 2: Zero Touch Provisioning

  • Overview
  • User Input Required for the ZTP Automatic Authentication Process
  • Authentication between the vBond Orchestrator and WAN Edges
  • Authentication between the Edge Routers and the vManage NMS
  • Authentication between the vSmart Controller and the Edge Routers

Module 3: Cisco SD-WAN Solution

  • Overlay Management Protocol (OMP)
  • Cisco SDWAN Circuit Aggregation Capabilities
  • Secure Connectivity in Cisco SD-WAN
  • Performance Tracking Mechanisms
  • Application Discovery
  • Dynamic Path Selection
  • Performance Based Routing
  • Direct Internet Access
  • Cisco SD-WAN In-built Security features: App Aware FW, Talos IPS, URL Filtering, Umbrella Integration & Advanced Malware Protection
  • Dynamic Cloud Access: Cloud On-Ramp for SaaS and IaaS (AWS, Azure & GPC) 

Day – 2

Module 4: Deeper Insight into Cisco SD-WAN Security 

  • Designing Security Requirements within Cisco SD-WAN
  • DIA Security
  • Direct Cloud Access Security
  • Guest User Security
  • Compliance Requirements
  • Security Implementation at the Branch Site
  • Implementing Zone Based Firewalls on Cisco WAN Edge
  • Implementing UTD on Cisco WAN Edge
  • Configuring URL Filtering
  • Configuring Snort IPS
  • Best Practices for UTD setup (Based on production deployment experiences)
  • Implementing Advanced Malware Protection
  • Configuring AMP
  • Overview of integration with Threat Grid

Module 5: Designing and Implementing DNS Security

  • Pre-requisite check before integrating Umbrella with Cisco SD-WAN
  • Making sure you have the correct licensing
  • Platform support check
  • Internet Connectivity check
  • Walking through the Umbrella Dashboard
  • Dashboard Overview
  • DNS Policy GUI Overview
  • Firewall Policy GUI Overview
  • Web Policy GUI Overview
  • Umbrella AD/SAML Integration Overview (optional)
  • Integrating Cisco Umbrella for DNS Security
  • Umbrella API Integration
  • Configuring the DNS Encryption Policy
  • Excluding the local domains
  • Configuring the Security Policy in vManage
  • Implementing the policy at the DIA Sites
  • Verification
  • Checking the logs on Umbrella Dashboard
  • Checking the vManage Security Dashboard

Day – 3

Module 6: Cisco SD-WAN and Cisco Umbrella SIG Integration

  • SIG Integration Overview
  • Configuring Cisco vManage Templates for SIG Tunnel Creation
  • Using the pre-configured Feature Templates in vManage 20.X
  • Adding the SD-WAN Routers and Sites in Umbrella Identities
  • Validate that the routers show up from the Umbrella Dashboard
  • Designing and Configuring Policy for SIG Redirection
  • Setting up the vSmart Centralized Policies for SIG Redirection on DIA Traffic
  • Verification
  • Checking the logs on Umbrella Dashboard
  • Checking the vManage Security Dashboard

Module 7: Cisco SD-WAN and Cisco Umbrella Cloud Firewall Integration

  • Umbrella Cloud Firewall Integration Overview
  • Configuring Cisco vManage Templates for Firewall Tunnel Creation
  • Using the pre-configured Feature Templates in vManage 20.X
  • Adding the SD-WAN Routers and Sites in Umbrella Identities
  • Validate that the routers show up from the Umbrella Dashboard
  • Designing and Configuring Policy for Firewall Redirection
  • Setting up the vSmart Centralized Policies for Umbrella FW Redirection on DIA Traffic
  • Verification
  • Checking the logs on Umbrella Dashboard
  • Checking the vManage Security Dashboard

Module 8: Troubleshooting Umbrella Integration

  • Troubleshooting DNS Security
  • API Integration not working
  • DNS for local domain failing
  • No redirection to Cisco Umbrella for external domains
  • Troubleshooting SIG and Firewall
  • Making sure the IPSec Tunnels to Umbrella are operational
  • Troubleshooting the vManage policies for redirection
  • Load balancing using vManage policies
  • Reviewing logs in Umbrella
  • Checking Alarms and Notifications
  • Checking Alarms on vManage
  • Checking Alarms on Cisco Umbrella

Lab Outline:

Lab 1: Deploy and Configure the Cisco SDWAN Fabric (Part 1)

  • Task 1: Onboard a vSmart Controller       
  • Task 2: Onboard a vEdge Router   
  • Task 3: Onboard a cEdge Router
  • Task 4: Use Python to Deploy a vManage Feature Template   

Lab 1: Deploy and Configure the Cisco SDWAN Fabric (Part 2)

  • Task 1: Provision and Verify Internet Exit (DIA)  
  • Task 2: Application Firewall 
  • Task 3: Create an Application Aware Routing Policy    

Lab 2: SD-WAN  Operational Best Practices  

  • Task 1: Explore vManage Configuration via API 
  • Task 2: Backup, Delete and Restore Configurational Elements via API
  • Task 3: Migrate Template Version to 20.1        
  • Task 4: Consolidate vSmart Policy 

Lab 3: Deploy and Configure SD-WAN Security Policies  

  • Task 1a: Intra-zone ZBFW Configuration and Verification       
  • Task 1b: Interzone-Service ZBFW Configuration to the Internet        
  • Task 2: Install the UTD Virtual Image on vManage       
  • Task 3: Install and Configure Snort IPS and URLF on cEdge Router  

Lab 4: Configuring Secure DNS Policies using vManage  

  • Task 1: Configure DNS Redirection to Cisco Umbrella using Data Policy    

Lab 5: Redirecting  DNS Using Umbrella VA

  • Task 1: Enable VA Redirect to Umbrella   
  • Task 2: Integrating Active Directory with Umbrella      
  • Task 3: Enforce Umbrella DNS Policies from the Umbrella Dashboard        
  • Task 4: Verify DNS Block     

Lab 6: SIG Integration      

  • Task 1: Configure Web Policy        
  • Task 2: Deploy Umbrella Root CA Certificate and PAC file     
  • Task 3: Verify Umbrella Web Policy
  • Task 4: Review Umbrella Proxy Reporting

Lab 7: Cloud Firewall Integration       

  • Task 1: Pre-Cloud Firewall Configuration Test   
  • Task 2: SD-WAN and Umbrella Tunnel Integration        
  • Task 3: Configure Cloud-Firewall Rules   
  • Task 4: Validate Cloud-Firewall Policy      

Lab 8: Troubleshooting  

  • Task 1: Troubleshooting DNS over HTTPS
  • Task 2: Troubleshooting Various Situations
Course Dates Course Times (EST) Delivery Mode GTR
6/21/2021 - 6/23/2021 10:00 AM - 6:00 PM Virtual Enroll
7/19/2021 - 7/21/2021 10:00 AM - 6:00 PM Virtual Enroll
8/16/2021 - 8/18/2021 10:00 AM - 6:00 PM Virtual Enroll
9/8/2021 - 9/10/2021 10:00 AM - 6:00 PM Virtual Enroll
10/18/2021 - 10/20/2021 10:00 AM - 6:00 PM Virtual Enroll
11/22/2021 - 11/24/2021 10:00 AM - 6:00 PM Virtual Enroll
12/13/2021 - 12/15/2021 10:00 AM - 6:00 PM Virtual Enroll