Cisco Firepower with Firepower Threat Defense (FTD)

Intense hands-on Firepower Advanced 6.3 Administration course.

Retail Price: $4,095.00

Next Date: Request Date

Course Days: 5

Request a Date

Request Custom Course

About this Course

5-day Firepower Advanced Administration Class Includes:

  • ASA with Firepower 6.3
  • Firepower Threat Defense (FTD)
  • Advanced Malware Protection (AMP)
  • Identify Services Engine (ISE) with PxGrid

Intense hands-on Firepower Advanced 6.3 Administration course.

  • This class is intense; no experience necessary!
  • Receive your own pod with no sharing!
  • Each pod has an ASA with Firepower, FTD, network and end-node AMP labs, integration with ISE/PxGrid, and more!
  • More than 65 Intense Hands-on labs with detailed instruction!
  • Learn with high-end equipment and the latest 6.3 code
  • Firepower Management Center (FMC) 6.3
  • ASA with FirePOWER! Migrate to FTD Device!
  • Experience the new Firepower Threat Defense (FTD)
  • Advanced Malware Protection (AMP)
  • Integrated Services Engine (ISE)

At Course Completion

Upon completion of this course, you should be able to:

  • Understand Sourcefire, Firepower 6.3, FireAMP, and Firepower Threat Defense (FTD)
  • Install Firepower on a Cisco ASA
  • Install and Configure the Firepower (SFR) Services Modules and the Firepower Management Center (FMC)
  • Raise your confidence managing the Firepower Manager and Firepower Threat Defense (FTD)
  • Describe the Cisco Firepower systems infrastructure
  • Navigate the user interface and administrative features of the Cisco Firepower 6.3 system, including advanced analysis and reporting functionality to properly assess threats
  • Describe how to deploy and manage Firepower modules in ASA’s, Meriaki firewalls, ISRG2 routers and Cisco appliances
  • Describe the System Configuration and Health policies and implement them
  • Describe the role Network Discovery (Firepower) technology plays in the Cisco devices
  • Describe, create, and implement objects for use in Access Control policies
  • Create DNS and URL policies and configure Sinkholes
  • Describe advanced policy configuration and Firepower system configuration options
  • Configure Malware Policies to find and stop Malware
  • Understand Security Intelligence, and how to configure SI to stop attacks NOW!
  • Configure policies to find and stop Ransomware
  • Understand how to fine tune IPS polices
  • Understand how to fine tune Snort Preprocessor polices (NAP)
  • Configure Correlation events, white rules, traffic profiles and create respective events and remediate them
  • Analyze events
  • Create reporting templates and schedule them
  • Configure backups, rule updates, Firepower Recommendations, URL updates, and more to run every week automatically
  • Set up external authentication for users using LDAP, AD and the Sourcefire User Agent (SFUA)
  • Configuring system integration, realms, and identity sources
  • Understand network and host based AMP
  • Configure and analyze host based AMP
  • Understand Cisco Identity Services Engine (ISE)
  • Configure ISE and integrate with Cisco FMC identity policy
  • Migrate your ASA to an FTD box! No other class provides these labs!

Course Outline

Day 1:

Module 1: Introduction: Firepower Overview

  • What is Sourcefire/Firepower, Firepower Management Center (FMC) and Firepower Threat Defense (FTD)?
  • 5.4/6.0/6.2/6.3 code, and Firepower Threat Defense (FTD)
  • Cisco 2100/4100 and 9300 appliances
  • Sourcefire Appliances, ASA’s, ISR routers and Meraki systems with Firepower modules.
  • How to install the FP module on a Cisco ASA
  • Firepower policies and how to upgrade or migrate to Firepower 6.3

Module 2: Understanding managed devices and the FMC

  • Configure an ASA to be managed by a Firepower Management Center (FMC)
  • Configure a class-map and service-policy to send packets to the Firepower module
  • Configure fail-open, fail-closed or monitor-only modes
  • Add your managed devices into the FMC and configure the advanced features such as Application bypass, Interfaces, inline mode, Licensing and more.
  • Understand all features; configure your System Configuration Policy, set the NTP time for your network, configure SNMP management and ACL’s, as well as external authentication, and setup an email relay. Deploy and verify.
  • Understand all possible features; configure your Health Policy, Health monitoring, setting up health email alerts and send troubleshooting files to Cisco TAC
  • Create an Application Bypass policy using a Health Alert to email you if a snort policy takes more than 3 seconds to determine alert, drop or pass on a rule

Hands-on Lab 1: Lab layout and logging into your equipment

Hands-on Lab 2: Configuring your managed device to associate to a Firepower Management Center (FMC)

Hands-on Lab 3: Logging into the FMC

Hands-on Lab 4: Adding a managed device to the FMC and configuring licensing and Application Bypass

Module 3: Configuring and applying the System Configuration

  • Understand what these policies are used for and the parameters
  • Configuring and applying the policies to your managed device

Hands-on Lab 5: Platform Settings. Creating a System policy and applying it to the managed device

Module 4: Configuring and applying Health Polices

Hands-on Lab 6: Creating a Health policy and applying it to the managed device

Hands-on Lab 7: Viewing Health information

Module 5: Creating Objects

  • Demonstration of what Objects are and how to create them
  • When to use Objects in an Access Control Policy
  • Configuring your Network objects and groups
  • Configuring your Security Intelligence IP feeds
  • Configuring your Security Intelligence URL feeds
  • Configuring Application risks
  • Configuring your Variable Set
  • Configuring Country objects
  • DNS Sinkholes

Hands-on Lab 8: Creating FTD Objects

Module 6: Module Malware/File Policy

  • How does a managed device and FMC handle malware?
  • What happens to packets when Firepower is determining file disposition?
  • What is a File Policy?
  • Creating a File/Malware Policy
  • Understanding the Advanced Tab and how to inspect archives
  • Sending hashes to the AMP cloud
  • Sending files to Talos for dynamic analysis

Hands-on Lab 9: Creating and implementing a Malware/File Policy

Day 2:

Module 7: IPS policies

  • Understanding layers
  • Finding IPS rules and understanding their documentation
  • Changing rule states
  • Thresholding and Dynamic State
  • Tuning IPS rules
  • Creating an IPS policy

Hands-on Lab 10: Creating an IPS Policy

Module 10: Access control Policies

  • What is the purpose of the ACP?
  • Choose your managed object targets
  • Understand Security Intelligence and configure feeds from your object list for both IP and URL
  • Add your White List objects
  • Understand HTTP Responses and how to customize them
  • Understand the Advanced Tab and how to add a Passive Identity, Network Access Policy, and advanced pre-processor settings
  • Understand how to create an allow, block, and interactive block rules
  • Set your default action and monitor your ACP
  • Add your Malware Policy to your ACP
  • Add your IPS policy to your ACP

Hands-on Lab 11: Creating an Access control policy and adding your File and IPS policies

Hands-on Lab 12: Testing the rules in the ACP and verifying your URL filter, AMP and IPS policy

Hands-on Lab 13: Introduction to Analyzing your connection events

Hands-on Lab 14: Introduction to Analyzing Snort events

Module 11: Identity Policy

  • What is active and passive integration?
  • Setting up your FMC to talk to LDAP/AD
  • LDAP/AD and SFUA Configuration
  • Configuring an Integration policy

Hands-on Lab 15: Setting up LDAP and the SFUA

Hands-on Lab 16: Creating a Passive Identity policy

Module 12: Network Discovery Policy (Firepower)

  • Configuring the Network Discovery policy
  • Applying Firepower Recommendation in an IPS Rule

Hands-on Lab 17: Configuring a Discovery Policy and applying it to your managed device

Hands-on Lab 18: Configuring LDAP and the Sourcefire User Agent (SFUA)

Hands-on Lab 19: Setting up Firepower Recommended Rules

Hands-on Lab 20: Viewing Connection Events

Hands-on Lab 21: Viewing the Firepower discovered Network Map

Hands-on Lab 22: Creating Host Attributes

Module 13: DNS Policies

  • What is the DNS filter?
  • How to configure and apply the DNS filter
  • Configuring and applying a Sink Hole

Hands-on Lab 23: Configuring a URL Filter

Hands-on Lab 24: Configuring a DNS Filter

Hands-on Lab 25: Configuring and verifying a DNS Sink hole

Day 3:

Module 14: User Management

  • Understanding user management
  • Understanding user pre-configured roles
  • Configuring a unique role
  • Configuring internal users
  • Escalating user privileges
  • Configuring external users

Hands-on Lab 26: Configuring a user in the local database

Hands-on Lab 27: Configuring Permission Escalation

Hands-on Lab 28: Configuring external user authentication

Module 15: Intrusion Event Analysis

  • Context Explorer
  • Dashboard
  • Connection events
  • Switch workflows
  • IPS events
  • Malware Events
  • Malware Event trajectory

Hands-on Lab 29: Intrusion Event Analysis

Hands-on Lab 30: Firepower Analysis

Module 16: Reporting and Task Management

  • What is reporting?
  • Understanding Templates
  • Creating templates
  • Generating reports
  • Scheduling reports, backups, URL updates, Firepower recommendations and more!

Hands-on Lab 31: Creating multiple custom reports and scheduling the reports

Module 17: Snort Preprocessors

  • What are preprocessors?
  • Configure Microsoft DCE/RPC preprocessors
  • Configuring HTTP Layer preprocessors
  • Configuring Application layer preprocessors
  • Configuring Transport/Network layer preprocessors
  • Configuring Port Scanning prepocessors

Hands-on Lab 32: Modifying the HTTP Configuration Preprocessor

Hands-on Lab 33: Enabling Inline Normalization and Adaptive Profiles

Hands-on Lab 34: Demonstrate the Validation of Preprocess Setting on Policy Commit

Module 18: Correlation policies/White Lists/Traffic Profiles

  • What is a Correlation policy?
  • Why use a Correlation policy?
  • Configuring Rules
  • Applying rules to the Correlation policy and setting alerts
  • Applying rules to the Correlation policy and configuring remediation modules
  • What is a White List?
  • Configuring White Lists
  • Applying White Lists to a rule and correlation policy
  • What is a traffic profile?
  • Applying Traffic profiles to a rule and correlation policy and setting alerts and remediation modules

Hands-on Lab 35: Create and implement a Correlation rule, White List and Traffic Profiles

Module 19: Review Lab!

Hands-on Lab 36: 4 Firepower/FTD review lab

Day 4:

Module 20: Advanced Malware Protection (AMP) for endpoints

  • Global Threat Intelligence
  • File Signatures, AMP threat Grid Sandboxing
  • Dynamic Analysis

Hands-on Lab 37: AMP end points browser based management console

Hands-on Lab 38: Analyzing using trajectory and file analysis

Hands-on Lab 39: Pushing out policies to users

Module 21: Integrated Services Engine (ISE)

  • Single policy control point for the entire network
  • Cisco TrustSec
  • PxGrid
  • Cisco rapid threat containment


Module 20 continued: Integrated Services Engine (ISE)

Hands-on Lab 40: Firepower and ISE integration

Hands-on Lab 41: Using ISE with ASA Tacacs+ authentication

Hands-on Lab 42: Using ISE for Radius FMC authentication

Module 21: Firepower Threat Defense

  • What is FTD?
  • Migrating an ASA to a FTD device
  • Adding an FTD device to an FMC
  • Configuring a FTD interface, ACL’s and more

Lab 43: Bringing your FTD device into the FMC

Lab 44: Interfaces and inline sets

Lab 45: Configuring an ACP with FTD

Lab 46: Configuring Pre-filters

Lab 47: Configuring Flexconfig

Lab 48: Configuring NAT

Lab 49: Configuring Objects

Lab 50: Configuring Routing

Lab 51: Configuring Anyconnect

Day 5:

Module 21: Firepower Threat Defense (cont)

Hands-on labs continued

Module 22: Captive Portal (Active Identity)

  • What is an active idenity? (compared to passive)
  • When to you a captive portal?
  • Change to active identity policy
  • Create certificates and test having guest’s login

Lab 52: Creating certificates

Lab 53: Creating a new Identity Policy

Lab 54: Creating an Active Identity Policy and testing

Module 23: Final LAB!

Lab 55: Configure an ASA for FirePOWER services

Lab 56: Configure a FMC

Lab 57: Add your ASA into the FMC

Lab 58: Configure your ACP, File, IPS and Security Intelligence

Lab 59: Configure your Passive and Active Identity Policies

Lab 60: Configure your Realms

Lab 61: Configure your Network Analysis Policy (NAP)

Lab 62: Configure your Correlation Policy

Lab 63: Configure your DNS Policy and Sinkholes

Lab 64: Migrate your ASA to FTD

Lab 65: Perform your FTD Policy labs

Lab 66: Add ISE and PxGrid to your FMC

Lab 67: Configure host based AMP

Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email

Request a Date