Cisco Firepower Threat Defense (FTD) Configuration and Troubleshooting Best Practices for the Next-Generation Firewall (NGFW), Next-Generation Intrusion Prevention System (NGIPS), and Advanced Malware Protection (AMP)

The authoritative visual guide to Cisco Firepower Threat Defense (FTD)

This is the definitive guide to best practices and advanced troubleshooting techniques for the Cisco flagship Firepower Threat Defense (FTD) system running on Cisco ASA platforms, Cisco Firepower security appliances, Firepower eXtensible Operating System (FXOS), and VMware virtual appliances.

Senior Cisco engineer Nazmul Rajib draws on unsurpassed experience supporting and training Cisco Firepower engineers worldwide, and presenting detailed knowledge of Cisco Firepower deployment, tuning, and troubleshooting. Writing for cybersecurity consultants, service providers, channel partners, and enterprise or government security professionals, he shows how to deploy the Cisco Firepower next-generation security technologies to protect your network from potential cyber threats, and how to use Firepower’s robust command-line tools to investigate a wide variety of technical issues.

Each consistently organized chapter contains definitions of keywords, operational flowcharts, architectural diagrams, best practices, configuration steps (with detailed screenshots), verification tools, troubleshooting techniques, and FAQs drawn directly from issues raised by Cisco customers at the Global Technical Assistance Center (TAC). Covering key Firepower materials on the CCNA Security, CCNP Security, and CCIE Security exams, this guide also includes end-of-chapter quizzes to help candidates prepare.

·        Understand the operational architecture of the Cisco Firepower NGFW, NGIPS, and AMP technologies

·         Deploy FTD on ASA platform and Firepower appliance running FXOS

·         Configure and troubleshoot Firepower Management Center (FMC)

·         Plan and deploy FMC and FTD on VMware virtual appliance

·         Design and implement the Firepower management network on FMC and FTD

·         Understand and apply Firepower licenses, and register FTD with FMC

·         Deploy FTD in Routed, Transparent, Inline, Inline Tap, and Passive Modes

·         Manage traffic flow with detect-only, block, trust, and bypass operations

·         Implement rate limiting and analyze quality of service (QoS)

·         Blacklist suspicious IP addresses via Security Intelligence

·         Block DNS queries to the malicious domains

·         Filter URLs based on category, risk, and reputation

·         Discover a network and implement application visibility and control (AVC)

·         Control file transfers and block malicious files using advanced malware protection (AMP)

·         Halt cyber attacks using Snort-based intrusion rule

·         Masquerade an internal host’s original IP address using Network Address Translation (NAT)

·         Capture traffic and obtain troubleshooting files for advanced analysis

·         Use command-line tools to identify status, trace packet flows, analyze logs, and debug messages

Nazmul Rajib is a senior engineer and leader of the Cisco Global Technical Services organization focusing on next-generation security technologies. He leads cybersecurity training initiatives, develops internal training programs, and trains the current generation of Cisco engineers who support Cisco security solutions around the world. He also reviews design specifications, tests security software, and provides solutions to businesscritical networking issues. Nazmul has authored numerous technical publications at Cisco.com and in the Cisco support community.

Nazmul is a veteran engineer of Sourcefire, Inc., which developed Snort–the most popular open-source intrusion prevention system in the world. He created and managed the global knowledge base for Sourcefire and designed Sourcefire security certifications for partner enablement. Nazmul trained security engineers from many managed security service providers (MSSP) in the United States. He supported the networks of numerous Fortune 500 companies and U.S. government agencies.

Nazmul has a master of science degree in internetworking. He also holds many certifications in the areas of cybersecurity, information technology, and technical communication. He is a Sourcefire Certified Expert (SFCE) and Sourcefire Certified Security Engineer (SFCSE).

Part I: Best Practices for Installation and Hardware Troubleshooting
1. Firepower Threat Defense (FTD) on ASA
2. Firepower Threat Defense (FTD) Deployment on VMWare ESXi
3. Firepower Threat Defense (FTD) on FXOS
4. Management of Firepower Threat Defense

Part II: Best Practices and Troubleshooting of Deployment Issues
5. Issues with Device Registration and Communication
6. Issues with Licensing a Firepower Device
7. Interface and Zones
8. High Availability

Part III: Best Practices and Troubleshooting of Traffic Control Policies
9. Issues with Network Discovery and Vulnerability Database (VDB)
10. IP Address and Location Based Access Control
11. Intelligence and Reputation Based Traffic Control
12. Decryption and Inspection of SSL Encrypted Traffic
13. Routing, and Network Address Translation (NAT)

Part IV: Best Practices and Troubleshooting of System Administration
14. Issues with Update
15. Process and Task Management
16. Issues with Network and System Performance
17. Issues with Time Synchronization
18. Managing the Disk Space and the Disk Health

Part V: Best Practices and Troubleshooting of User Identity and Access Control
19. Issues with User Management
20. Issues with Integration of Firepower with ISE and ACS
21. Issues with User Agent
22. Issues with Integration of Splunk or Any Event Streamer (eStreamer)

Part VI: Best Practices for Generating Log, Report and Troubleshoot Data
23. Real Time Logging, Alerting, and Correlation
24. Searching, Reporting, and Generating Troubleshooting Data

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.