SDWSEC - SD-WAN Advanced Policy, Security, and Programmability
SDWSEC - SD-WAN Advanced Policy, Security, and Programmability Course Details:
This course is hands-on training on Cisco SD-WAN advanced policy implementations, basic and advanced Cisco SD-WAN Security, basic security features that are available on both vEdge and cEdge routers like Zone Based Firewall, and advanced security features on cEdge router with the latest IOS-EX code that has advanced features like URL Filtering, IPS, Application Aware Firewall, AMP Integration and many other advanced features are covered as a part of this training.
Call (919) 283-1674 to get a class scheduled online or in your area!
Course Outline:
Module 1: SD-WAN Policy Deep Dive
- Centralized Control Policy and Use Cases
- Hub and Spoke Policy
- Service Insertion Policy
- Firewall Insertion Policy
- Data Center Priority
- App-Aware Routing
- Security Policy and Use Cases
- DIA / Internet Breakout Policy
Module 2: Introduction & Security Basics in the SDWAN Ecology
- Introduction
- SD-WAN Security Challenges
- SD-WAN Threat Defense
- Security Infrastructure
- Device Identity & Security
- Control Plane and Data Plan Security
- Zone Based Firewalls
- Deploying ZBF
- Verifying ZBF
Module 3: SD-WAN Security Components
- Building New Security Applications
- Firewall DNS & IPS Packet Flows
- Container Architecture
- Security Container Deployment
- Exploring the Security Dashboard
Module 4: Firewall and IPS Policies
- Compliance: Firewall
- Firewall Policy: Intra VRF Creation and Deployment
- Firewall Policy: Inter VRF Creation and Deployment
- Introduction to IPS
- IPS: Policy Creation
- IPS: Rule Verification
Module 5: SD-WAN Security – Guest Access
- Introduction to URL Filtering
- URL Filtering Example
- URL Filtering Verification via CLI
- Introduction to Cisco Umbrella
- Integrating vManage and Umbrella
- Umbrella Configuration and Verification
Module 6: SD-WAN Security – Direct Cloud Access
- Introduction to Direct Cloud Access
- Application Firewall
- IPS
- Advanced Malware Protection
- DNS Security
- Integrating – Direct Cloud Access
- Verifying - Direct Cloud Access
Module 7: Direct Internet Access
- Introduction to DIA
- Application Firewall
- IPS
- Advanced Malware Protection
- DNS Security
- Integrating – Direct Internet Access
- Verifying – Direct Internet Access
Module 8: Programmable API
- SD-WAN Programmability Overview
- API Overview
- General use cases for API's
- Examples of API's
- Cisco Programming Basics
- Overview
- APIs 101
- Python
- Basics
- Lists, Dictionaries, & Tuples
- If-else statements
- Loops
- Functions
- REST APIs
- vManage REST APIs Overview
- *API Template*
- Using the vManage REST APIs
- Cisco SD-WAN Introduction
- High-level Cisco SD-WAN Deployment models and use cases
- Application level SD-WAN solution
- Cisco SDWAN high availability solution
- Cisco SD-WAN Scalability
- Cisco SD-WAN Solution Benefits
- Alarms, Events and Audit Log API's
- vManage Simple Query
- Alarms, Audit Log, and Events APIs
- Alarms
- Audit Log
- Events
- Bulk vManage APIs
- Overview of Bulk API Operations
- State
- Statistics
- Monitoring vManage APIs
- Application-Aware Routing
- App Logs
- ARP
- BFD
- BGP
- Show all
- Device and Configuration APIs for vManage APIs
- Device Templates
- vSmart Policy
- Device Inventory APIs
- Connected Devices
- Controllers
- vEdges
- Software Maintenance vManage APIs
- Activate Software
- Delete Software
- Reboot Device
- Set Default Software
- Upgrade Software
- Show all
- Troubleshooting vManage APIs
- Dashboard
- Device Dashboard
*Please Note: Course Outline is subject to change without notice. Exact course outline will be provided at time of registration.
Upon completing this course, you will be able to meet the following objectives:
- Implement advanced SD-WAN Policies
- Understand Cisco SD-WAN Security Features
- Implement Zone Based Firewall on the WAN Edge
- Implement Firewall and IPS Policies
- Understand Cisco SD-WAN Programmability features
- Script APIs to automate Cisco SD-WAN vManage configurations
Labs are designed to assure learners a whole practical experience, through the following practical activities:
- Lab 1 – Deploy and Configure Cisco SD-WAN Fabric (Part 1)
- Lab 2 – Deploy and Configure Cisco SD-WAN Fabric (Part 2)
- Lab 3 – SD-WAN Operational Best Practices
- Lab 4 – Install SD-AVC and Monitoring CFlowD & DPI
- Lab 5 – Deploy and Configure SD-WAN Security Policies
- Lab 6 – Configure Secure DNS Policies
- Lab 7 – Deploy Umbrella
- Lab 8 – Obtain Additional Identity Visibility in Umbrella
- Lab 9 – SIG Integration
- Lab 10 – Cloud Firewall Integration
- Lab 11 – Troubleshooting
- Lab 12 – Setting up the Admin PC for Development
- Lab 13 – Exploring the REST API
- Lab 14 – Using Postman with the REST API
- Lab 15 – Installing Python and Setting up your Python Development Environment
- Lab 16 – Using Python Scripting and the REST API
- Lab 17 – Using the vManage REST API to Gather Information
- Lab 18 – Using the vManage REST API to Monitor the Deployment
- Lab 19 – Using the vManage REST API to Manage and Configure SD-WAN devices
Case Study 1 - Lab 20 – Posting to Webex Teams when a Policy is Activated or Deactivated
Case Study 2 - Lab 21 – Opening a Ticket in ServiceNow
Professionals that want a deeper dive into SD-WAN Security