Home > Store

CCNP Security FIREWALL 642-618 Official Cert Guide

Register your product to gain access to bonus material or receive a coupon.

CCNP Security FIREWALL 642-618 Official Cert Guide

Book

  • Sorry, this book is no longer in print.
Not for Sale

Description

  • Copyright 2012
  • Edition: 1st
  • Book
  • ISBN-10: 1-58714-271-6
  • ISBN-13: 978-1-58714-271-0

Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

CCNP Security FIREWALL 642-618 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

·         Master Cisco CCNP Security FIREWALL exam topics

·         Assess your knowledge with chapter-opening quizzes

·         Review key concepts with exam preparation tasks

·         Practice with realistic exam questions on the CD-ROM

CCNP Security FIREWALL 642-618 Official Cert Guide, focuses specifically on the objectives for the CCNP Security FIREWALL exam. Expert networking consultants Dave Hucaby, Dave Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The companion CD-ROM contains a powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, comprehensive design scenarios, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The official study guide helps you master all the topics on the CCNP Security FIREWALL exam, including:

  • ASA interfaces
  • IP connectivity
  • ASA management
  • Recording ASA activity
  • Address translation
  • Access control
  • Proxy services
  • Traffic inspection and handling
  • Transparent firewall mode
  • Virtual firewalls
  • High availability
  • ASA service modules

CCNP Security FIREWALL 642-618 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

The print edition of the CCNP Security FIREWALL 642-618 Official Cert Guide contains a free, complete practice exam.

Also available from Cisco Press for Cisco CCNP Security study is the CCNP Security FIREWALL 642-618 Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson IT Certification Practice Test.

This integrated learning package:

·         Allows you to focus on individual topic areas or take complete, timed exams

·         Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions

·         Provides unique sets of exam-realistic practice questions

·         Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Extras

Related Article

Fundamentals of NAT

Author's Site

Author suggested sites: dhucaby.wordpress.com and stormwindlive.com

Premium Edition

The exciting new CCNP Security FIREWALL 642-618 Official Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test.  The Premium Edition eBook and Practice Test contains the following items:

  • The CCNP Security FIREWALL Premium Edition Practice Test, including three full practice exams and enhanced practice test features
  • PDF and EPUB formats of the CCNP Security FIREWALL 642-618 Official Cert Guide from Cisco Press, which are accessible via your PC, tablet, and Smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with three full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package:

  • Allows you to focus on individual topic areas or take complete, timed exams
  • Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
  • Provides unique sets of exam-realistic practice questions
  • Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7;

Microsoft .NET Framework 4.0 Client;

Pentium class 1GHz processor (or equivalent);

512 MB RAM;

650 MB disc space plus 50 MB for each downloaded practice exam

About the Premium Edition eBook


CCNP Security FIREWALL 642-618 Official Cert Guide focuses specifically on the objectives for the CCNP Security FIREWALL exam. Senior security consultants and instructors David Hucaby, David Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security FIREWALL 642-618 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already” quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

This official study guide helps you master all the topics on the CCNP Security FIREWALL exam, including

  • ASA interfaces
  • IP connectivity
  • ASA management
  • Recording ASA activity
  • Address translation
  • Access control
  • Proxy services
  • Traffic inspection and handling
  • Transparent firewall mode
  • Virtual firewalls
  • High availability
  • ASA service modules

Sample Content

Online Sample Chapter

CCNP Security Firewall Cert Guide: Configuring ASA Interfaces

Sample Pages

Download the sample pages (includes Chapter 3 and Index)

Table of Contents

    Introduction xxv

Chapter 1 Cisco ASA Adaptive Security Appliance Overview 3

    “Do I Know This Already?” Quiz 3

    Foundation Topics 7

    Firewall Overview 7

    Firewall Techniques 11

        Stateless Packet Filtering 11

        Stateful Packet Filtering 12

        Stateful Packet Filtering with Application Inspection and Control 12

        Network Intrusion Prevention System 13

        Network Behavior Analysis 14

        Application Layer Gateway (Proxy) 14

    Cisco ASA Features 15

    Selecting a Cisco ASA Model 18

        ASA 5505 18

        ASA 5510, 5520, and 5540 19

        ASA 5550 20

        ASA 5580 21

        Security Services Modules 22

        Advanced Inspection and Prevention (AIP) SSM 22

        Content Security and Control (CSC) SSM 23

        4-port Gigabit Ethernet (4GE) SSM 24

        ASA 5585-X 24

        ASA Performance Breakdown 25

    Selecting ASA Licenses 29

    ASA Memory Requirements 31

    Exam Preparation Tasks 33

    Review All Key Topics 33

    Define Key Terms 33

Chapter 2 Working with a Cisco ASA 35

    “Do I Know This Already?” Quiz 35

    Foundation Topics 40

    Using the CLI 40

        Entering Commands 41

        Command Help 43

        Searching and Filtering Command Output 45

        Command History 45

        Terminal Screen Format 47

    Using Cisco ASDM 47

    Understanding the Factory Default Configuration 52

    Working with Configuration Files 54

        Clearing an ASA Configuration 57

    Working with the ASA File System 58

        Navigating an ASA Flash File System 59

        Working with Files in an ASA File System 60

    Reloading an ASA 63

        Upgrading the ASA Software at the Next Reload 65

        Performing a Reload 66

        Manually Upgrading the ASA Software During a Reload 67

    Exam Preparation Tasks 71

    Review All Key Topics 71

    Define Key Terms 71

    Command Reference to Check Your Memory 71

Chapter 3 Configuring ASA Interfaces 75

    “Do I Know This Already?” Quiz 75

    Foundation Topics 80

    Configuring Physical Interfaces 80

        Default Interface Configuration 82

        Configuring Physical Interface Parameters 83

        Mapping ASA 5505 Interfaces to VLANs 84

        Configuring Interface Redundancy 84

        Configuring an EtherChannel 87

    Configuring VLAN Interfaces 95

        VLAN Interfaces and Trunks on ASA 5510 and Higher Platforms 95

        VLAN Interfaces and Trunks on an ASA 5505 97

    Configuring Interface Security Parameters 98

        Naming the Interface 98

        Assigning an IP Address 99

        Setting the Security Level 100

        Interface Security Parameters Example 103

    Configuring the Interface MTU 104

    Verifying Interface Operation 107

    Exam Preparation Tasks 109

    Review All Key Topics 109

    Define Key Terms 109

    Command Reference to Check Your Memory 109

Chapter 4 Configuring IP Connectivity 113

    “Do I Know This Already?” Quiz 113

    Foundation Topics 117

    Deploying DHCP Services 117

        Configuring a DHCP Relay 117

        Configuring a DHCP Server 119

    Using Routing Information 122

    Configuring Static Routing 124

        Tracking a Static Route 126

    Routing with RIPv2 132

    Routing with EIGRP 135

    Routing with OSPF 142

        An Example OSPF Scenario 142

    Verifying the ASA Routing Table 151

    Exam Preparation Tasks 154

    Review All Key Topics 154

    Define Key Terms 154

    Command Reference to Check Your Memory 154

Chapter 5 Managing a Cisco ASA 161

    “Do I Know This Already?” Quiz 161

    Foundation Topics 165

    Basic Device Settings 165

        Configuring Device Identity 165

        Configuring Basic Authentication 166

    Configuring DNS Resolution 168

        Configuring DNS Server Groups 168

        Verifying Basic Device Settings 168

        Verifying DNS Resolution 170

    File System Management 171

        File System Management Using ASDM 171

        File System Management Using the CLI 172

        dir 172

        more 173

        copy 173

        delete 173

        rename 173

        mkdir 174

        cd 174

        rmdir 174

        fsck 175

        pwd 175

        format or erase 176

    Managing Software and Feature Activation 176

        Managing Cisco ASA Software and ASDM Images 177

        Upgrading Files from a Local PC or Directly from Cisco.com 179

        Considerations When Upgrading from OS Version 8.2 to 8.3 or Higher 181

        License Management 182

        Upgrading the Image and Activation Key at the Same Time 183

        Cisco ASA Software and License Verification 183

    Configuring Management Access 186

        Overview of Basic Procedures 186

        Configuring Remote Management Access 188

        Configuring an Out-of-Band Management Interface 189

        Configuring Remote Access Using Telnet 190

        Configuring Remote Access Using SSH 192

        Configuring Remote Access Using HTTPS 194

        Creating a Permanent Self-Signed Certificate 194

        Obtaining an Identity Certificate by PKI Enrollment 196

        Deploying an Identity Certificate 197

        Configuring Management Access Banners 199

    Controlling Management Access with AAA 201

        Creating Users in the Local Database 203

        Using Simple Password-Only Authentication 205

        Configuring AAA Access Using the Local Database 205

        Configuring AAA Access Using Remote AAA Server(s) 208

        Step 1: Create a AAA Server Group and Configure How Servers in the Group Are Accessed 208

        Step 2: Populate the Server Group with Member Servers 209

        Step 3: Enable User Authentication for Each Remote Management Access Channel 210

        Configuring Cisco Secure ACS for Remote Authentication 211

        Configuring AAA Command Authorization 214

        Configuring Local AAA Command Authorization 215

        Configuring Remote AAA Command Authorization 219

        Configuring Remote AAA Accounting 222

        Verifying AAA for Management Access 223

    Configuring Monitoring Using SNMP 225

    Troubleshooting Remote Management Access 230

        Unlocking Locked and Disabled User Accounts 231

    Cisco ASA Password Recovery 232

        Performing Password Recovery 232

        Enabling or Disabling Password Recovery 233

    Exam Preparation Tasks 235

    Review All Key Topics 235

    Command Reference to Check Your Memory 235

Chapter 6 Recording ASA Activity 243

    “Do I Know This Already?” Quiz 243

    Foundation Topics 247

    System Time 247

        NTP 249

        Verifying System Time Settings 251

    Managing Event and Session Logging 252

        NetFlow Support 254

        Logging Message Format 254

        Message Severity 255

    Configuring Event and Session Logging 255

        Configuring Global Logging Properties 256

        Altering Settings of Specific Messages 258

        Configuring Event Filters 261

        Configuring Individual Event Destinations 262

        Internal Buffer 262

        ASDM 264

        Syslog Server(s) 265

        Email 267

        NetFlow 269

        Telnet or SSH Sessions 271

    Verifying Event and Session Logging 271

        Implementation Guidelines 272

    Troubleshooting Event and Session Logging 273

        Troubleshooting Commands 273

    Exam Preparation Tasks 275

    Review All Key Topics 275

    Command Reference to Check Your Memory 275

Chapter 7 Using Address Translation 279

    “Do I Know This Already?” Quiz 281

    Foundation Topics 288

    Understanding How NAT Works 288

    Implementing NAT in ASA Software Versions 8.2 and Earlier 290

        Enforcing NAT 290

        Address Translation Deployment Options 291

        NAT Versus PAT 292

        Input Parameters 293

        Deployment Choices 295

        NAT Exemption 296

        Configuring NAT Control 296

        Configuring Dynamic Inside NAT 298

        Configuring Dynamic Inside PAT 304

        Configuring Dynamic Inside Policy NAT 308

        Verifying Dynamic Inside NAT and PAT 311

        Configuring Static Inside NAT 312

        Configuring Network Static Inside NAT 315

        Configuring Static Inside PAT 317

        Configuring Static Inside Policy NAT 320

        Verifying Static Inside NAT and PAT 323

        Configuring No-Translation Rules 324

        Configuring Dynamic Identity NAT 325

        Configuring Static Identity NAT 326

        Configuring NAT Bypass (NAT Exemption) 328

        NAT Rule Priority 330

        Configuring Outside NAT 330

        Other NAT Considerations 333

        DNS Rewrite (Also Known as DNS Doctoring) 333

        Integrating NAT with ASA Access Control 335

        Integrating NAT with MPF 336

        Integrating NAT with AAA (Cut-Through Proxy) 337

        Troubleshooting Address Translation 337

        Improper Translation 337

        Protocols Incompatible with NAT or PAT 337

        Proxy ARP 338

        NAT-Related Syslog Messages 338

    Implementing NAT in ASA Software Versions 8.3 and Later 339

        Major Differences in NAT Beginning in Software Version 8.3 339

        Network Objects 339

        NAT Control 340

        Integrating NAT with Other ASA Functions 340

        NAT “Direction” 340

        NAT Rule Priority 340

        New NAT Options in OS Versions 8.3 and Later 340

        NAT Table 341

        Configuring Auto (Object) NAT 343

        Configuring Static Translations Using Auto NAT 344

        Configuring Static Port Translations Using Auto NAT 349

        Comparing Static NAT Configurations from OS Versions 8.2 and 8.3 351

        Configuring Dynamic Translations Using Auto NAT 352

        Using Object Groups in NAT Rules 357

        Comparing Dynamic NAT Configurations from OS Versions 8.2 and 8.3 360

        Verifying Auto (Object) NAT 361

        Configuring Manual NAT 363

        Examining the Syntax of the Manual NAT Command 368

        Configuring a NAT Exemption Using Manual NAT 369

        Configuring Twice NAT 370

        Configuring Translations Using Manual NAT After Auto NAT 373

        Configuring a Unidirectional Manual Static NAT Rule 376

        Inserting a Manual NAT Rule in a Specific Location 377

        Comparing Manual NAT Configurations from OS versions 8.2 and 8.3 378

        When Not to Use NAT 380

        Tuning NAT 380

        Troubleshooting NAT 382

        Improper Translation 382

        Proxy ARP and Syslog Messages 384

        Egress Interface Selection 384

    Exam Preparation Tasks 385

    Review All Key Topics 385

    Define Key Terms 386

    Command Reference to Check Your Memory 386

Chapter 8 Controlling Access Through the ASA 391

    “Do I Know This Already?” Quiz 392

    Foundation Topics 397

    Understanding How Access Control Works 397

    State Tables 397

        Connection Table 398

        TCP Connection Flags 401

        Inside and Outside, Inbound and Outbound 403

        Local Host Table 403

        State Table Logging 405

    Understanding Interface Access Rules 405

        Stateful Filtering 406

        Interface Access Rules and Interface Security Levels 408

        Interface Access Rules Direction 408

    Default Access Rules 410

    The Global ACL 411

    Configuring Interface Access Rules 412

        Access Rule Logging 417

        Configuring the Global ACL 421

        Cisco ASDM Public Server Wizard 424

        Configuring Access Control Lists from the CLI 425

        Implementation Guidelines 426

    Time-Based Access Rules 427

        Configuring Time Ranges from the CLI 432

    Verifying Interface Access Rules 432

        Managing Rules in Cisco ASDM 434

        Managing Access Rules from the CLI 437

    Organizing Access Rules Using Object Groups 438

    Verifying Object Groups 450

    Configuring and Verifying Other Basic Access Controls 454

        Shunning 455

    Troubleshooting Basic Access Control 457

        Examining Syslog Messages 457

        Packet Capture 459

        Packet Tracer 460

        Suggested Approach to Access Control Troubleshooting 462

    Exam Preparation Tasks 464

    Review All Key Topics 464

    Command Reference to Check Your Memory 465

Chapter 9 Inspecting Traffic 473

    “Do I Know This Already?” Quiz 473

    Foundation Topics 479

    Understanding the Modular Policy Framework 479

    Configuring the MPF 482

    Configuring a Policy for Inspecting OSI Layers 3 and 4 484

        Step 1: Define a Layers 3–4 Class Map 484

        Step 2: Define a Layers 3–4 Policy Map 486

        Step 3: Apply the Policy Map to the Appropriate Interfaces 490

        Creating a Security Policy in ASDM 490

        Tuning Basic Layers 3–4 Connection Limits 495

        Inspecting TCP Parameters with the TCP Normalizer 499

        Configuring ICMP Inspection 505

    Configuring Dynamic Protocol Inspection 507

        Configuring Custom Protocol Inspection 514

    Configuring a Policy for Inspecting OSI Layers 5–7 517

        Configuring HTTP Inspection 518

        Configuring HTTP Inspection Policy Maps Using the CLI 519

        Configuring HTTP Inspection Policy Maps

        Using ASDM 527

        Configuring FTP Inspection 539

        Configuring FTP Inspection Using the CLI 540

        Configuring FTP Inspection Using ASDM 542

        Configuring DNS Inspection 546

        Creating and Applying a DNS Inspection Policy Map Using the CLI 546

        Creating and Applying a DNS Inspection Policy Map

        Using ASDM 549

        Configuring ESMTP Inspection 552

        Configuring an ESMTP Inspection with the CLI 553

        Configuring an ESMTP Inspection with ASDM 556

        Configuring a Policy for ASA Management Traffic 559

    Detecting and Filtering Botnet Traffic 561

        Configuring Botnet Traffic Filtering with ASDM 564

        Step 1: Configure the Dynamic Database 565

        Step 2: Configure the Static Database 565

        Step 3: Enable DNS Snooping 566

        Step 4: Enable the Botnet Traffic Filter 566

        Configuring Botnet Traffic Filtering with the CLI 568

        Step 1: Configure the Dynamic Database 568

        Step 2: Configure the Static Database 568

        Step 3: Enable DNS Snooping 568

        Step 4: Enable the Botnet Traffic Filter 569

    Using Threat Detection 570

        Configuring Threat Detection in ASDM 571

        Step 1: Configure Basic Threat Detection 571

        Step 2: Configure Advanced Threat Detection 571

        Step 3: Configure Scanning Threat Detection 572

        Configuring Threat Detection with the CLI 572

        Step 1: Configure Basic Threat Detection 573

        Step 2: Configure Advanced Threat Detection 576

        Step 3: Configure Scanning Threat Detection 577

    Exam Preparation Tasks 579

    Review All Key Topics 579

    Define Key Terms 580

    Command Reference to Check Your Memory 580

Chapter 10 Using Proxy Services to Control Access 583

    “Do I Know This Already?” Quiz 583

    Foundation Topics 586

    User-Based (Cut-Through) Proxy Overview 586

        User Authentication 586

        User Authentication and Access Control 587

        Implementation Examples 587

    AAA on the ASA 587

        AAA Deployment Options 587

    User-Based Proxy Preconfiguration Steps and Deployment Guidelines 588

        User-Based Proxy Preconfiguration Steps 588

        User-Based Proxy Deployment Guidelines 589

    Direct HTTP Authentication with the Cisco ASA 589

        HTTP Redirection 590

        Virtual HTTP 590

    Direct Telnet Authentication 590

    Configuration Steps of User-Based Proxy 591

    Configuring User Authentication 591

        Configuring an AAA Group 591

        Configuring an AAA Server 592

        Configuring the Authentication Rules 593

        Verifying User Authentication 595

        Configuring HTTP Redirection 595

        Configuring the Virtual HTTP Server 596

        Configuring Direct Telnet 596

    Configuring Authentication Prompts and Timeouts 596

        Configuring Authentication Prompts 597

        Configuring Authentication Timeouts 598

    Configuring User Authorization 598

        Per-User Override 599

        Configuring Downloadable ACLs 600

        Configuring Per-User Override 600

        Verification 600

    Configuring User Session Accounting 601

        Configuring User Session Accounting 601

        Verification 602

    Troubleshooting Cut-Through Proxy Operations 602

        A Structured Approach 602

        System Messages 602

    Using Proxy for IP Telephony and Unified TelePresence 603

    Exam Preparation Tasks 604

    Review All Key Topics 604

    Define Key Terms 604

    Command Reference to Check Your Memory 604

Chapter 11 Handling Traffic 607

    “Do I Know This Already?” Quiz 607

    Foundation Topics 610

    Handling Fragmented Traffic 610

    Prioritizing Traffic 612

    Controlling Traffic Bandwidth 616

        Configuring a Traffic Policer 618

        Configuring Traffic Shaping 621

    Exam Preparation Tasks 625

    Review All Key Topics 625

    Define Key Terms 625

    Command Reference to Check Your Memory 625

Chapter 12 Using Transparent Firewall Mode 629

    “Do I Know This Already?” Quiz 629

    Foundation Topics 632

    Firewall Mode Overview 632

    Configuring Transparent Firewall Mode 635

    Controlling Traffic in Transparent Firewall Mode 639

    Using ARP Inspection 642

    Disabling MAC Address Learning 645

    Exam Preparation Tasks 648

    Review All Key Topics 648

    Define Key Terms 648

    Command Reference to Check Your Memory 648

Chapter 13 Creating Virtual Firewalls on the ASA 651

    “Do I Know This Already?” Quiz 651

    Foundation Topics 654

    Cisco ASA Virtualization Overview 654

        A High-Level Examination of a Virtual Firewall’s Configuration 654

        The System Configuration, System Context, and Other Security Contexts 655

        Packet Classification 655

    Virtual Firewall Deployment Guidelines 656

        Deployment Choices 657

        Deployment Guidelines 657

        Limitations 658

    Configuration Tasks Overview 658

    Configuring Security Contexts 658

        The Admin Context 659

        Configuring Multiple Mode 659

        Creating a Security Context 659

    Verifying Security Contexts 661

    Managing Security Contexts 661

        Packet Classification Configuration 662

        Changing the Admin Context 662

        Editing and Removing Contexts 663

    Configuring Resource Management 663

        The Default Class 663

        Creating a New Resource Class 663

    Verifying Resource Management 665

    Troubleshooting Security Contexts 665

    Exam Preparation Tasks 667

    Review All Key Topics 667

    Define Key Terms 667

    Command Reference to Check Your Memory 667

Chapter 14 Deploying High Availability Features 671

    “Do I Know This Already?” Quiz 671

    Foundation Topics 675

    ASA Failover Overview 675

        Failover Roles 675

        Detecting an ASA Failure 681

    Configuring Active-Standby Failover Mode 683

        Configuring Active-Standby Failover with the ASDM Wizard 683

        Configuring Active-Standby Failover Manually in ASDM 687

        Configuring Active-Standby Failover with the CLI 689

        Step 1: Configure the Primary Failover Unit 689

        Step 2: Configure Failover on the Secondary Device 690

    Configuring Active-Active Failover Mode 692

        Configuring Active-Active Failover in ASDM 692

        Configuring Active-Active Failover with the CLI 696

        Step 1: Configure the Primary ASA Unit 696

        Step 2: Configure the Secondary ASA Unit 697

    Tuning Failover Operation 701

        Configuring Failover Timers 701

        Configuring Failover Health Monitoring 702

        Detecting Asymmetric Routing 703

        Administering Failover 705

    Verifying Failover Operation 706

    Leveraging Failover for a Zero Downtime Upgrade 708

    Exam Preparation Tasks 710

    Review All Key Topics 710

    Define Key Terms 710

    Command Reference to Check Your Memory 710

Chapter 15 Integrating ASA Service Modules 715

    “Do I Know This Already?” Quiz 715

    Foundation Topics 718

    Cisco ASA Security Services Modules Overview 718

        Module Components 718

        General Deployment Guidelines 719

        Overview of the Cisco ASA Content Security and Control SSM 719

        Cisco Content Security and Control SSM Licensing 720

        Overview of the Cisco ASA Advanced Inspection and Prevention SSM and SSC 720

        Inline Operation 720

        Promiscuous Operation 721

        Supported Cisco IPS Software Features 721

    Installing the ASA AIP-SSM and AIP-SSC 721

        The Cisco AIP-SSM and AIP-SSC Ethernet Connections 722

        Failure Management Modes 722

        Managing Basic Features 722

        Initializing the AIP-SSM and AIP-SSC 723

        Configuring the AIP-SSM and AIP-SSC 723

    Integrating the ASA CSC-SSM 724

        Installing the CSC-SSM 724

        Ethernet Connections 724

        Managing the Basic Features 724

        Initializing the Cisco CSC-SSM 725

        Configuring the CSC-SSM 725

    Exam Preparation Tasks 726

    Review All Key Topics 726

    Define Key Terms 726

    Command Reference to Check Your Memory 726

Chapter 16 Traffic Analysis Tools 729

    “Do I Know This Already?” Quiz 729

    Foundation Topics 733

    Testing Network Connectivity 733

    Using Packet Tracer 737

    Using Packet Capture 742

        Using the Packet Capture Wizard in ASDM 742

        Capturing Packets from the CLI 746

        Controlling a Capture Session 751

    Copying Capture Buffer Contents 751

        Capturing Dropped Packets 752

        Combining Packet Tracer and Packet Capture 760

    Summary 761

    Exam Preparation Tasks 762

    Review All Key Topics 762

    Command Reference to Check Your Memory 762

Chapter 17 Final Preparation 765

    Tools for Final Preparation 765

        Pearson Cert Practice Test Engine and Questions on the CD 765

        Install the Software from the CD 766

        Activate and Download the Practice Exam 766

        Activating Other Exams 767

        Premium Edition 767

        Cisco Learning Network 767

        Chapter-Ending Review Tools 767

    Suggested Plan for Final Review/Study 768

        Using the Exam Engine 768

    Summary 769

Appendix A Answers to the “Do I Know This Already?” Quizzes 771

Appendix B CCNP Security 642-618 FIREWALL Exam Updates: Version 1.0 777

Glossary of Key Terms 779

9781587142710, TOC, 4/25/2012

More Information

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020