Description

Cisco Security Manager 3.x supports integrated provisioning of VPN and firewall services across IOS routers, PIX, ASA security appliances, IPS, and services modules in Catalyst 6500 switch series and Cisco 7600 router series devices. The resulting learning product, SMN v1.1, is a performance-based course comprised of lessons and lab activities.

Cisco Security Manager centrally provisions all aspects of device configurations and security policies for Cisco firewalls, virtual private networks (VPNs), and Cisco Intrusion Prevention System (IPS). It also supports advanced settings that are not strictly related to security, such as quality of service (QoS) routing and Simple Network Management Protocol (SNMP).

Cisco Security Manager 3.x is suitable for managing small networks consisting of a handful of devices, but also scales to efficiently manage large scale networks consisting of thousands of devices. Scalability is achieved through intelligent policy-based management techniques that can simplify administration.

Objectives

• Describe the Cisco Security Manager solution, features, and functions
• Describe how to manage devices in Cisco Security Manager
• Describe the concept of policies in Cisco Security Manager and how to use and manage them
• Describe the concept of objects in Cisco Security Manager and how to use and manage them
• Describe how to use the Map view
• Describe various services and platform policies that are used to manage site-to-site VPN, remote-access VPN, and SSL VPN
• Describe various firewall services that are used to manage firewall-related policies
• Describe how to configure platform policies on firewall devices
• Describe how to configure platform-specific services and policies on Cisco IPS sensors and Cisco IOS IPS devices
• Describe how to configure platform policies and interface policies on Cisco IOS routers
• Describe how to configure platform-specific services and policies on Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• Describe the FlexConfig feature and how to use it
• Describe the process of working with activities and managing deployment in Cisco Security Manager
• Describe monitoring, troubleshooting, and diagnostic tools that are available in Cisco Security Manager

Prerequisites

• Cisco CCSP® certification or the equivalent knowledge
• Passage of the Securing Networks with PIX and ASA exam (642-522 SNPA) and the Securing Networks with Cisco Routers and Switches exam (642-503 SNRS) or equivalent knowledge.
• Familiarity with implementing network security policies and these networking components and concepts:
  • Security Technologies: NAT, PAT, firewall appliances, VPN, IPS, CSA, ACS, integrated router and switch security and security management software.
  • Security Protocols: AAA, IPSec, IKE, and various tunneling protocols.
  • Application Protocols: HTTP, HTTPS, ICMP, SSH, SSL, NTP, FTP, TFTP, DNS etc.

Who Should Attend

The primary and secondary audience for this course is as follows:

• Engineers who support sales of Cisco security product solutions
• Cisco channel partners who sell, implement, and maintain secure networks
• Cisco customers who implement and maintain secure networks

• Module 1: Cisco Security Manager Overview Lesson 1: Introducing Cisco Security Manager
  • Product Overview
  • Using Cisco Security Manager
  • Installing Cisco Security Manager
  • Working with the Cisco Security Manager User Interface
  Lesson 2: Managing Devices
  • Preparing the Devices for Cisco Security Manager to Manage
  • Understanding Device View
  • Adding Devices to the Cisco Security Manager Inventory
  • Working with Devices with Dynamically Assigned IP Addresses
  • Understanding Device Credentials
  • Testing Device Connectivity
  • Understanding Device Properties
  • Understanding Device Grouping
  Lesson 3: Managing Policies
  • Understanding Policies
  • Managing Policies in Device View
  • Managing Shared Policies in Policy View
  • Advanced Policy Features
  • Discovering Policies
  Lesson 4: Managing Objects
  • Objects Overview
  • Understanding the Policy Object Manager Window
  • Overriding Global Objects for Individual Devices
  • Selecting Objects for Policies
  Lesson 5: Using Map View
  • Understanding Maps
  • Displaying Your Network on the Map
  • Managing Firewall Services in Map View
  • Managing VPNs in Map View
  • Managing Device Policies in Map View
• Module 2: Provisioning Cisco Security Devices Lesson 1: Managing Virtual Private Networks
  • Overview of Site-to-Site VPNs
  • Working with VPN Topologies
  • Working with Site-to-Site VPN Policies
  • Overview of Remote-Access VPNs
  • Working with Policies in Remote-Access VPNs
  Lesson 2: Managing SSL VPNs
  • Overview of SSL VPNs
  • Configuring SSL VPN on a Cisco IOS Device
  Lesson 3: Managing Firewall Services
  • Overview of Managing Firewall Services
  • Managing Rules Tables
  • Understanding Access Rules
  • ACL Settings
  • Inspection Rules
  • AAA Rules
  • Web Filter Rules
  • Transparent Firewall Rules
  Lesson 4: Managing Firewall Devices
  • Platform Policies on Firewall Devices
  Lesson 5: Managing Cisco IPS Services and Devices
  • Overview of Network Sensing
  • Configuring Interfaces
  • Configuring Signatures
  • Configuring Anomaly Detection
  • Configuring Event Actions
  • Configuring Policies for Cisco IOS IPS Devices
  • Managing Cisco IPS Devices
  Lesson 6: Managing Routers
  • Overview of Policy Management on Cisco IOS Routers
  • Working with Platform Policies for Cisco IOS Routers
  Lesson 7: Managing Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Overview of Managing Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Managing Policies for Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• Module 3: Managing FlexConfigs, Deployment, and Administration in Cisco Security Manager Lesson 1: Managing FlexConfigs
  • Understanding FlexConfig
  • Working with FlexConfig Policy Objects
  Lesson 2: Managing Activities and Workflow Deployments
  • Understanding Activities
  • Working with Activities
  • Managing Deployment
  Lesson 3: Using Monitoring, Troubleshooting, and Diagnostic Tools
  • Using the Tools Menu
  • Using Monitoring, Troubleshooting, and Diagnostic Tools