Cisco SD-WAN Advanced Policy and Security

Cisco SD-WAN Advanced Policy and SecuritySDWSECNNNterOneNN-SDWSEC1.0Upon completing this course, you will be able to meet the following objectives: <ul> <li>Describe SD-WAN Architecture</li><li>Design Cisco SD-WAN Branch Security</li><li>Implement Cisco SD-WAN Secure Internet and Cloud Access</li><li>Integrate and Troubleshoot Cisco SD-WAN with a SASE Solution</li></ul>The knowledge and skills that the learner should have before attending this course are as follows: <ul> <li>Knowledge of WAN architectures and routing networking concepts</li><li>High-level familiarity with basic network protocols and applications</li><li>Familiarity with common application delivery methods</li><li>Fundamental Understanding of perimeter security</li><li>Basic Cisco SD-WAN familiarity</li></ul>The primary audience for this course is as follows: <ul> <li>Systems Engineers</li><li>Technical Solutions Architects</li><li>Field Engineers</li></ul>Module 1: Cisco SD-WAN Introduction <ul> <li>High-level Cisco SD-WAN Deployment models</li><li>Application-level SD-WAN solution</li><li>Cisco SDWAN plan for HA and Scalability</li><li>Cisco SD-WAN solution components: vManage NMS, vSmart Controller, vBond Orchestrator</li><li>Edge Routers (cEdge, vEdge, and Catalyst 8K)</li><li>Cloud Based Deployment vs On-Premises Deployment</li></ul> Module 2: Zero Touch Provisioning <ul> <li>Overview</li><li>User Input Required for the ZTP Automatic Authentication Process</li><li>Authentication between the vBond Orchestrator and WAN Edges</li><li>Authentication between the Edge Routers and the vManage NMS</li><li>Authentication between the vSmart Controller and the Edge Routers</li></ul> Module 3: Cisco SD-WAN Solution <ul> <li>Overlay Management Protocol (OMP)</li><li>Cisco SD-WAN Circuit Aggregation Capabilities</li><li>Secure Connectivity in Cisco SD-WAN</li><li>Performance Tracking Mechanisms</li><li>Application Discovery</li><li>Dynamic Path Selection</li><li>Performance Based Routing</li><li>Direct Internet Access</li><li>Advanced Routing (OSPF, BGP, LISP, VXLAN, MPLS)</li><li>Application Aware Routing</li><li>Localized and Centralized Policies (Data and Control)</li><li>Cisco SD-WAN In-built Security features: App Aware FW, Talos IPS, URL Filtering, Umbrella Integration, and Advanced Malware Protection</li><li>Dynamic Cloud Access: Cloud On-Ramp for SaaS and IaaS (AWS, Azure & GPC)</li><li>API and Programmatic Interaction via Python</li></ul> Module 4: Deeper Insight into Cisco SD-WAN Security <ul> <li>Designing Security Requirements within Cisco SD-WAN<ul> <li>DIA Security</li><li>Direct Cloud Access Security</li><li>Guest User Security</li><li>Compliance Requirements</li></ul></li><li>Security Implementation at the Branch Site</li><li>Implementing Zone Based Firewalls on Cisco WAN Edge</li><li>Implementing UTD on Cisco WAN Edge<ul> <li>Configuring URL Filtering</li><li>Configuring Snort IPS</li><li>Best Practices for UTD setup (Based on production deployment experiences)</li></ul></li><li>Implementing Advanced Malware Protection<ul> <li>Configuring AMP</li><li>Overview of integration with Threat Grid</li></ul></li></ul> Module 5: Designing and Implementing DNS Security <ul> <li>Prerequisite check before integrating Umbrella with Cisco SD-WAN<ul> <li>Making sure you have the correct licensing</li><li>Platform support check</li><li>Internet Connectivity check</li></ul></li><li>Walking through the Umbrella Dashboard<ul> <li>Dashboard Overview</li><li>DNS Policy GUI Overview</li><li>Firewall Policy GUI Overview</li><li>Web Policy GUI Overview</li><li>Umbrella AD/SAML Integration Overview (optional)</li></ul></li><li>Integrating Cisco Umbrella for DNS Security<ul> <li>Umbrella API Integration</li></ul></li><li>Configuring the DNS Encryption Policy<ul> <li>Excluding the local domains</li><li>Configuring the Security Policy in vManage</li><li>Implementing the policy at the DIA Sites</li></ul></li><li>Verification<ul> <li>Checking the logs on Umbrella Dashboard</li><li>Checking the vManage Security Dashboard</li></ul></li></ul>Module 6: Cisco SD-WAN and Cisco Umbrella SIG Integration <ul> <li>SIG Integration Overview</li><li>Configuring Cisco vManage Templates for SIG Tunnel Creation<ul> <li>Using the pre-configured Feature Templates in vManage 20.X</li></ul></li><li>Adding the SD-WAN Routers and Sites in Umbrella Identities<ul> <li>Validate that the routers show up from the Umbrella Dashboard</li></ul></li><li>Designing and Configuring Policy for SIG Redirection<ul> <li>Setting up the vSmart Centralized Policies for SIG Redirection on DIA Traffic</li></ul></li><li>Verification<ul> <li>Checking the logs on Umbrella Dashboard</li><li>Checking the vManage Security Dashboard</li></ul></li></ul>Module 7: Cisco SD-WAN and Cisco Umbrella Cloud Firewall Integration <ul> <li>Umbrella Cloud Firewall Integration Overview</li><li>Configuring Cisco vManage Templates for Firewall Tunnel Creation<ul> <li>Using the pre-configured Feature Templates in vManage 20.X</li></ul></li><li>Adding the SD-WAN Routers and Sites in Umbrella Identities<ul> <li>Validate that the routers show up from the Umbrella Dashboard</li></ul></li><li>Designing and Configuring Policy for Firewall Redirection<ul> <li>Setting up the vSmart Centralized Policies for Umbrella FW Redirection on DIA Traffic</li></ul></li><li>Verification<ul> <li>Checking the logs on Umbrella Dashboard</li><li>Checking the vManage Security Dashboard</li></ul></li></ul> Module 8: Troubleshooting Umbrella Integration <ul> <li>Troubleshooting DNS Security<ul> <li>API Integration not working</li><li>DNS for local domain failing</li><li>No redirection to Cisco Umbrella for external domains</li></ul></li><li>Troubleshooting SIG and Firewall<ul> <li>Making sure the IPSec Tunnels to Troubleshooting the vManage policies for redirection</li><li>Load balancing using vManage policies</li><li>Reviewing logs in Umbrella</li></ul></li><li>Checking Alarms and Notifications<ul> <li>Checking Alarms on vManage</li><li>Checking Alarms on Cisco Umbrella</li></ul></li></ul>Upon completing this course, you will be able to meet the following objectives: - Describe SD-WAN Architecture - Design Cisco SD-WAN Branch Security - Implement Cisco SD-WAN Secure Internet and Cloud Access - Integrate and Troubleshoot Cisco SD-WAN with a SASE SolutionThe knowledge and skills that the learner should have before attending this course are as follows: - Knowledge of WAN architectures and routing networking concepts - High-level familiarity with basic network protocols and applications - Familiarity with common application delivery methods - Fundamental Understanding of perimeter security - Basic Cisco SD-WAN familiarityThe primary audience for this course is as follows: - Systems Engineers - Technical Solutions Architects - Field EngineersModule 1: Cisco SD-WAN Introduction - High-level Cisco SD-WAN Deployment models - Application-level SD-WAN solution - Cisco SDWAN plan for HA and Scalability - Cisco SD-WAN solution components: vManage NMS, vSmart Controller, vBond Orchestrator - Edge Routers (cEdge, vEdge, and Catalyst 8K) - Cloud Based Deployment vs On-Premises Deployment Module 2: Zero Touch Provisioning - Overview - User Input Required for the ZTP Automatic Authentication Process - Authentication between the vBond Orchestrator and WAN Edges - Authentication between the Edge Routers and the vManage NMS - Authentication between the vSmart Controller and the Edge Routers Module 3: Cisco SD-WAN Solution - Overlay Management Protocol (OMP) - Cisco SD-WAN Circuit Aggregation Capabilities - Secure Connectivity in Cisco SD-WAN - Performance Tracking Mechanisms - Application Discovery - Dynamic Path Selection - Performance Based Routing - Direct Internet Access - Advanced Routing (OSPF, BGP, LISP, VXLAN, MPLS) - Application Aware Routing - Localized and Centralized Policies (Data and Control) - Cisco SD-WAN In-built Security features: App Aware FW, Talos IPS, URL Filtering, Umbrella Integration, and Advanced Malware Protection - Dynamic Cloud Access: Cloud On-Ramp for SaaS and IaaS (AWS, Azure & GPC) - API and Programmatic Interaction via Python Module 4: Deeper Insight into Cisco SD-WAN Security - Designing Security Requirements within Cisco SD-WAN - DIA Security - Direct Cloud Access Security - Guest User Security - Compliance Requirements - Security Implementation at the Branch Site - Implementing Zone Based Firewalls on Cisco WAN Edge - Implementing UTD on Cisco WAN Edge - Configuring URL Filtering - Configuring Snort IPS - Best Practices for UTD setup (Based on production deployment experiences) - Implementing Advanced Malware Protection - Configuring AMP - Overview of integration with Threat Grid Module 5: Designing and Implementing DNS Security - Prerequisite check before integrating Umbrella with Cisco SD-WAN - Making sure you have the correct licensing - Platform support check - Internet Connectivity check - Walking through the Umbrella Dashboard - Dashboard Overview - DNS Policy GUI Overview - Firewall Policy GUI Overview - Web Policy GUI Overview - Umbrella AD/SAML Integration Overview (optional) - Integrating Cisco Umbrella for DNS Security - Umbrella API Integration - Configuring the DNS Encryption Policy - Excluding the local domains - Configuring the Security Policy in vManage - Implementing the policy at the DIA Sites - Verification - Checking the logs on Umbrella Dashboard - Checking the vManage Security Dashboard Module 6: Cisco SD-WAN and Cisco Umbrella SIG Integration - SIG Integration Overview - Configuring Cisco vManage Templates for SIG Tunnel Creation - Using the pre-configured Feature Templates in vManage 20.X - Adding the SD-WAN Routers and Sites in Umbrella Identities - Validate that the routers show up from the Umbrella Dashboard - Designing and Configuring Policy for SIG Redirection - Setting up the vSmart Centralized Policies for SIG Redirection on DIA Traffic - Verification - Checking the logs on Umbrella Dashboard - Checking the vManage Security Dashboard Module 7: Cisco SD-WAN and Cisco Umbrella Cloud Firewall Integration - Umbrella Cloud Firewall Integration Overview - Configuring Cisco vManage Templates for Firewall Tunnel Creation - Using the pre-configured Feature Templates in vManage 20.X - Adding the SD-WAN Routers and Sites in Umbrella Identities - Validate that the routers show up from the Umbrella Dashboard - Designing and Configuring Policy for Firewall Redirection - Setting up the vSmart Centralized Policies for Umbrella FW Redirection on DIA Traffic - Verification - Checking the logs on Umbrella Dashboard - Checking the vManage Security Dashboard Module 8: Troubleshooting Umbrella Integration - Troubleshooting DNS Security - API Integration not working - DNS for local domain failing - No redirection to Cisco Umbrella for external domains - Troubleshooting SIG and Firewall - Making sure the IPSec Tunnels to Troubleshooting the vManage policies for redirection - Load balancing using vManage policies - Reviewing logs in Umbrella - Checking Alarms and Notifications - Checking Alarms on vManage - Checking Alarms on Cisco Umbrella3 jours4050.004050.004050.004050.003495.003495.003995.003995.003050.003450.0014050.003450.003450.003450.003450.004825.00