Cisco SD-WAN Advanced Policy and Security (SDWSEC)

Price
$3,495.00 USD

Duration
3 Days

Cisco Learning Credit (CLC) Eligible

 

Delivery Methods
Virtual Instructor Led
Private Group

Request More Information
Download Course Details
Course Details Only
Course Details & Schedule
Skip to Class Dates

Course Overview

SDWSEC is a Cisco SASE (Secure Access Service Edge) training targeted to engineers and technical personnel involved in designing, deploying, operating, and securing Cisco Edge solutions both in enterprise and Service Provider environments. This training is specifically designed for partners and customers implementing secure Cisco SD-WAN integrated with the complete feature set of Cisco Umbrella including DNS Security, Cloud Based Firewall and Secure Internet Gateway. The course walks you through how each integration works and how to design and implement it step-by-step.

Course Objectives

  • Describe SD-WAN Architecture
  • Design Cisco SD-WAN Branch Security
  • Implement Cisco SD-WAN Secure Internet and Cloud Access
  • Integrate and Troubleshoot Cisco SD-WAN with a SASE Solution

    • Who Should Attend?

  • Systems Engineers
  • Technical Solutions Architects
  • Field Engineers
    • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
    • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
    • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
    • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
    • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
    • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

    Course Prerequisites

  • Knowledge of WAN architectures and routing networking concepts
  • High-level familiarity with basic network protocols and applications
  • Familiarity with common application delivery methods
  • Fundamental Understanding of perimeter security
  • Basic Cisco SD-WAN familiarity

    • Agenda

    1 - Cisco SD-WAN Introduction

    • High-level Cisco SD-WAN Deployment models
    • Application-level SD-WAN solution
    • Cisco SDWAN plan for HA and Scalability
    • Cisco SD-WAN solution components: vManage NMS, vSmart Controller, vBond Orchestrator
    • Edge Routers (cEdge, vEdge, and Catalyst 8K)
    • Cloud Based Deployment vs On-Premises Deployment

    2 - Zero Touch Provisioning

    • Overview
    • User Input Required for the ZTP Automatic Authentication Process
    • Authentication between the vBond Orchestrator and WAN Edges
    • Authentication between the Edge Routers and the vManage NMS
    • Authentication between the vSmart Controller and the Edge Routers

    3 - Cisco SD-WAN Solution

    • Overlay Management Protocol (OMP)
    • Cisco SD-WAN Circuit Aggregation Capabilities
    • Secure Connectivity in Cisco SD-WAN
    • Performance Tracking Mechanisms
    • Application Discovery
    • Dynamic Path Selection
    • Performance Based Routing
    • Direct Internet Access
    • Advanced Routing (OSPF, BGP, LISP, VXLAN, MPLS)
    • Application Aware Routing
    • Localized and Centralized Policies (Data and Control)
    • Cisco SD-WAN In-built Security features: App Aware FW, Talos IPS, URL Filtering, Umbrella Integration, and Advanced Malware Protection
    • Dynamic Cloud Access: Cloud On-Ramp for SaaS and IaaS (AWS, Azure & GPC)
    • API and Programmatic Interaction via Python

    4 - Deeper Insight into Cisco SD-WAN Security

    • Designing Security Requirements within Cisco SD-WAN
    • DIA Security
    • Direct Cloud Access Security
    • Guest User Security
    • Compliance Requirements
    • Security Implementation at the Branch Site
    • Implementing Zone Based Firewalls on Cisco WAN Edge
    • Implementing UTD on Cisco WAN Edge
    • Configuring URL Filtering
    • Configuring Snort IPS
    • Best Practices for UTD setup (Based on production deployment experiences)
    • Implementing Advanced Malware Protection
    • Configuring AMP
    • Overview of integration with Threat Grid

    5 - Designing and Implementing DNS Security

    • Prerequisite check before integrating Umbrella with Cisco SD-WAN
    • Making sure you have the correct licensing
    • Platform support check
    • Internet Connectivity check
    • Walking through the Umbrella Dashboard
    • Dashboard Overview
    • DNS Policy GUI Overview
    • Firewall Policy GUI Overview
    • Web Policy GUI Overview
    • Umbrella AD/SAML Integration Overview (optional)
    • Integrating Cisco Umbrella for DNS Security
    • Umbrella API Integration
    • Configuring the DNS Encryption Policy
    • Excluding the local domains
    • Configuring the Security Policy in vManage
    • Implementing the policy at the DIA Sites
    • Verification
    • Checking the logs on Umbrella Dashboard
    • Checking the vManage Security Dashboard

    6 - Cisco SD-WAN and Cisco Umbrella SIG Integration

    • SIG Integration Overview
    • Configuring Cisco vManage Templates for SIG Tunnel Creation
    • Using the pre-configured Feature Templates in vManage 20.X
    • Adding the SD-WAN Routers and Sites in Umbrella Identities
    • Validate that the routers show up from the Umbrella Dashboard
    • Designing and Configuring Policy for SIG Redirection
    • Setting up the vSmart Centralized Policies for SIG Redirection on DIA Traffic
    • Verification
    • Checking the logs on Umbrella Dashboard
    • Checking the vManage Security Dashboard

    7 - Cisco SD-WAN and Cisco Umbrella Cloud Firewall Integration

    • Umbrella Cloud Firewall Integration Overview
    • Configuring Cisco vManage Templates for Firewall Tunnel Creation
    • Using the pre-configured Feature Templates in vManage 20.X
    • Adding the SD-WAN Routers and Sites in Umbrella Identities
    • Validate that the routers show up from the Umbrella Dashboard
    • Designing and Configuring Policy for Firewall Redirection
    • Setting up the vSmart Centralized Policies for Umbrella FW Redirection on DIA Traffic
    • Verification
    • Checking the logs on Umbrella Dashboard
    • Checking the vManage Security Dashboard

    8 - Troubleshooting Umbrella Integration

    • Troubleshooting DNS Security
    • API Integration not working
    • DNS for local domain failing
    • No redirection to Cisco Umbrella for external domains
    • Troubleshooting SIG and Firewall
    • Making sure the IPSec Tunnels to Troubleshooting the vManage policies for redirection
    • Load balancing using vManage policies
    • Reviewing logs in Umbrella
    • Checking Alarms and Notifications
    • Checking Alarms on vManage
    • Checking Alarms on Cisco Umbrella
     

    Upcoming Class Dates and Times

    May 6, 7, 8
    9:00 AM - 5:00 PM
    ENROLL $3,495.00 USD

    Virtual: Online - CST
    Aug 26, 27, 28
    9:00 AM - 5:00 PM
    ENROLL $3,495.00 USD

    Virtual: Online - CST
     



    Do You Have Additional Questions? Please Contact Us Below.

    contact us contact us 
     
    Contact Us about Starting Your Business Training Strategy with New Horizons