• Dynamic routing protocol configuration- RIP, RIPv2, EIGRP, OSPF
• Dynamic routing protocol authentication and reasons to authenticate dynamic routing.

• Extended Access-list configuration
• Configuration of a NAT- Static NAT, Dynamic NAT, PAT

• How to make router as a firewall?
• Configure Zone Based Firewall (ZBF)

• Understanding about common L2 Attacks

• Explanation about DHCP starvation attack

• LAB- DHCP Starvation attack using Kali linux

• Countermeasure- Implementing Port security on cisco switch

• Understanding about MAC flooding/ CAM table overflow attack

• LAB- MAC flooding attack using kali linux

• Countermeasure- Implementing Port security on cisco switch

• Explanation about CDP flooding attack

• LAB- CDP flooding attack from kali linux

• Countermeasure- Implementing Port security on cisco switch

• Understanding about MAC spoofing attack

• LAB- Mac spoofing attack using kali linux and windows

• Countermeasure- Implementing Port security on cisco switch

• Explanation about DHCP spoofing(Rouge DHCP server) attack

• LAB-DHCP spoofing and Man In the Middle (MITM) attack using kali linux

• Countermeasure- Implementing DHCP snooping on cisco switch

• Understanding about IP spoofing attack

• LAB- IP spoofing attack method

• Countermeasure- Implementing IP source guard on switch

• Understanding about ARP spoofing attack

• LAB- ARP spoofing attack method

• Countermeasure- Implementing Dynamic ARP Inspection(DAI) on switch

• Understanding about Spanning Tree Protocol (STP) attack

• LAB- STP attack using Kali linux

• Countermeasure- Implementing Root Guard, BPDU guard and BPDU filter on cisco

• Understanding about VTP and DTP Attack

• LAB- VTP and DTP attack using Kali linux

• Countermeasure- Implementing VTP and DTP Security on cisco switch

• Understanding about VLAN hopping (802.1Q double encapsulation) attack

• LAB- VLAN hopping attack using KALI Linux

• Countermeasure- Implementing interface security for VLAN hopping attack

• Understanding ASA Firewall and types of firewalls.
• Comparison between Cisco ASA firewall and Next Generation firewall
• Explaination of Application firewall(Host based firewall), Proxy firewall, Hardware firewall(Network based firewall), Stateful & Stateless Firewall and Next Generation firewall
• Explain different types of Hardware firewalls and comparison between vendors.

• Explain Cisco ASA firewall and different types of ASA hardware models.
• Comparison between different types of ASA Hardware models
• Explain ASA software versions.
• Explain different types of ASA licenses.
• Explain features of ASA firewall.

• Explaination of Cisco ASA Packet flow.
• Explain Security levels in Cisco ASA
• Explain Cisco ASA memory types, Boot Process and different types of CLI modes.
• Implementing Cisco ASA firewall in Network.
  • Interface configuration
  • Zone creation according to company requirements
  • Network connectivity testing

• Implementing Routing on Cisco ASA
• Static Routing
• Default Routing
• Dynamic Routing Protocol configuration
  • RIPv1 and RIPv2 configuration
  • EIGRP and OSPF configuration
• Explain potential attacks on Routing protocols
• RIPv2, EIGRP, OSPF configuration with authentication
• Routing Protocol redistribution.

• Explain Access-list(ACL) and different types of ACL on ASA Firewalls
• Implementing Extended ACL on ASA for Traffic control
• Explain Time-based ACL.
• Implementing Time based ACL on Cisco ASA firewall
• Explain Standard and Web Type ACL on ASA firewall
• Explain Object and Object Group
• Explain different types of Object - Network,Services
• Explain different types of Object groups
• ACL configuration using Object and Object group

• Explain Network address translation (NAT) and different types of NAT method on ASA.
• Explain Static NAT- Implementing Static NAT for Servers.
• Explain Dynamic NAT-Implementing Dynamic NAT for Internet Access.
• Explain Dynamic PAT - Implement PAT on interface ip , PAT with custom ip, PAT with PAT-POOL

• Explain Policy NAT- Implementing NAT only for some Service
• Explain Destination NAT- Implementing NAT only for some remote Destination
• Explain Static PAT- Implementing Static PAT for Internal servers
• Explain Object NAT( Manual NAT) -Implementing Static NAT, Dynamic NAT and PAT using object NAT
• Explain Auto NAT - implementing Auto NAT on Cisco ASA
• Comparison between objects NAT(Manual NAT), Auto NAT(Twice NAT) and After auto NAT

• ASA Remote Management Access

• Implementing Telnet, SSH and GUI(HTTPS) Access for admin

• DHCP server configuration on ASA

*ASA other features

• Explain Sub-Interface on ASA-Creating Sub Interface on ASA
• Explain Etherchannel on ASA-Implementing Etherchannel for link speed and Redundancy
• Explain Redundant Interface on ASA-Implementing Redundant interface for backup

• Explain SLA-Implementing SLA on ASA
• Explain Ip spoofing attack on ASA-Implementing URPF on ASA
• Explain ICMP flooding attack on ASA-Implementing Security for ICMP flooding attack

• Explain Transparent mode on ASA
  • Converting ASA from Routed mode to Transparent mode
  • BVI Interface configuration in transparent mode
  • Static and Default route configuration
  • Access-list configuration in transparent mode
  • Converting ASA from Transparent to Routed mode

• Explain about AAA

• Explain about local Authentication, Authorisation and Accounting (Local AAA)

• Explain about Centralized Server AAA

• Comparison between local AAA and AAA from Centralized server • Local AAA( Without any Centralized server)

1.what is Email ? 2.how Email works? 3.what are the threats come along with the email usage?

4. how to setup email server 5.understand inter domain mail vs intra domain mail transfer 6.how to secure email of a coporate enviornment with the use of CISCO EMAIL SECURITY APPLIANCE.

7.comparison between hardware models vs virtual models 8.initial setup of a ESA 9.setup of a license on a CISCO ESA Appliance

10.Policy making for mail environment protection from greymail , spam mail , unwanted attachments , phishing mails, undesirable URLs , unwanted domains. 11.understand virus scanning via McAffee & sophos scanning engines 12.Configure message filters components, rules, processing order, and attachment scanning

13.Configure scan behavior & action 14.Configure outbreak filters 15.understand concept of Data Loss Prevention (DLP)

1. Understand how web traffic works?
2. What are the web related threats to the corporate networks

3. How we secure network with the use of a CISCO WSA Appliance
4. Hardware vs virtual model comparison

5. Initial setup of WSA
6. Demo license setup on WSA

7. policy creation on WSA, scenario base policy making for the protocol of http & https using web proxy & https proxy -
   • creation of identification profile & access policy
   • Configure URL filtering ==> category wise , custom URL-FILTERING
   • Configure time-based and traffic volume acceptable use policies and end user notifications
   • Create a corporate global acceptable use policy
   • Implement policy trace tool to verify corporate global acceptable use policy
   • Configure Secure Web Appliance to inspect archive file types

8. SSL/TLS inspection via decryption policy on WSA for the https protocol

• understand concept of application visibility and control and Configure web application visibility and control

9. Traffic redirection using transparent redirection method of a web requests and WCCP protocol setup
10. Traffic redirection using explicit redirection method of a web requests
11. Describe scanning engines
12. Configure file reputation filtering and file analysis

• What is Next-Genration Firewall?
• Evolution of a Next Genration Firewall.
• How ASA Firewall turn into FTD Next Genration Firewall?
• Different model of FTD NGFW

• ASA firewall IOS change to FTD FX-OS.
• Basic Setup of a FTD NGFW.

• Routing on FTD NGFW - RIPv2,EIGRP,OSPF
• Redistribution on FTD NGFW of different routing protocol - RIPv2, EIGRP, OSPF

• To understand default working of FTD NGFW security policies.
• How to configure Access control policies with real time scenarios.
• Verify the Access control policies.

• Working of NAT concept.
• Configuration of different types of NAT-static NAT, Dynamic NAT, Static PAT, Dynamic PAT, Policy NAT, Destination NAT.
• Verification of NAT.

• What are Advance web threats?
• How to configure policies for Advance Web threats - URL-Filtering ?
• Verify URL-Filtering Policies.

• What is Application Filtering and SSL Inspection on FTD NGFW?
• Configuration of a Application Filtering.

• What is intrusion and how to control it?
• Network based IDS vs Host based IPS.
• IPS deployments - inline vs promiscuous mode.
• IPS signature alarm type.
• IPS signature actions.

• What is NGIPS?
• configuration of NGIPS for company infrastructure security.
• Impliment File Policies and scanning it with AMP.

• What is Firepower Management Center(FMC)
• How to Integrate Firepower Management Center with FTD.
• Basic Configuration of Firepower Management Center.

• Routing with the help of a FMC - RIPv2, EIGRP, OSPF.
• Redistribution between different Routing protocol- RIPv2, EIGRP, OSPF.

• Implimentation of a Security Policies with FMC.
• Verification of a Security Policies with FMC.

• Configuration of a NAT Policies with FMC.
• Verification of a NAT Policies with FMC.

• Configuration of a URL-Filtering with FMC.
• Verification of a URL-Filtering with FMC.

• Implimentation of Application Filtering
• Verification of Application Filtering

• Implimentation of a NGIPS Policies.
• Verfication of a NGIPS Policies.

• what is syslog?
• Network Event Logging on FMC
• logging setup, Configure Local Logging

• What is VPN and to learn why we need VPN.
• Types of VPN's (site-to-site, remote access)
• Scenario based site-to-site VPN usage at enterprise level.

• what is Cryptography?
• what is Hashing, Authentication, Group, Lifetime, Encryption?
• What is ESP and AH?
• What is Tunneling in VPN?

• Implimentation of a site-to-site VPN on FTD with FMC

• Describe the components, capabilities, and benefits of Cisco Umbrella
• CISCO UMBRELLA VIRTUAL APPLIANCE DEPLOYMENT
• Configure and verify Cisco Umbrella Secure Internet Gateway and web security features such as blocklisting, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
• HTTP decryption and inspection on Cisco Umbrella

• Cloud security
• DNS proxy through Cisco Umbrella virtual appliance
• DNS security policies in Cisco Umbrella
• RBI policies in Cisco Umbrella
• CASB policies in Cisco Umbrella
• DLP policies in Cisco Umbrella

• What is VPN?
• How VPN works on Enterprise level?
• What are the Differnet types of VPN?

• what is cryptography?
• What is Symetric key cryptography?
• What is Asymetric key cryptography?
• What is Encryption and how Encryption works?

• What is Hashing?
• what is Authentication?
• what is Group?
• what is lifetime?
• What is Encryption ?

• what is IPsec?
• What are the different modes of a IPsec Phase-1 and Phase-2?
• What is IKEv1?
• What is ESP & AH?
• what is transport mode and tunnel mode?

• Implimentation of IKEv1 IOS site-to-site VPN with CRYPTO MAP.
• Implimentation of IKEv1 IOS ASA Firewall site-to-site VPN with CRYPTO MAP.

• What is VTI and Different types of VTI?
• Implimentation of IKEv1 site-to-site VPN with SVTI.

• What is GRE?
• Implimentation of IKEv1 IOS site-to-site VPN with GRE.
• Implimentation of IKEv1 IOS site-to-site VPN with GRE+IPsec.

• What is Certificate Authority(CA)?
• What is Digital Certificates?
• What is Public Key Infrastructure(PKI)?
• What is Certificate Revocation?

• Implimentation of IKEv1 IOS site-to-site VPN with CA
• Implimentation of IKEv1 IOS ASA Firewall site-to-site VPN with CA

• What is DMVPN?
• Why we need DMVPN?
• How DMVPN works?
• What is NHRP Protocol?

• Implimentation of DMVPN PHASE-1 with RIPv2.
• Implimentation of DMVPN PHASE-1 with EIGRP.
• Implimentation of DMVPN PHASE-1 with OSPF.
• Implimentation of DMVPN PHASE-2 with RIPv2.
• Implimentation of DMVPN PHASE-2 with EIGRP.
• Implimentation of DMVPN PHASE-2 with OSPF.

• Implimentation of DMVPN PHASE-3 with EIGRP.
• Implimentation of DMVPN PHASE-3 with OSPF.
• Impliment DMVPN with ASA Firewall.

• DMVPN with IKEv1.
• DMVPN HUB Behind ASA Firewall with IKEv1.
• What is NAT-T and NAT-D?
• DMVPN HUB Behind NAT Device with IKEv1.

• DMVPN Hub & Spoke Behind NAT Device With IKEv1.
• IKEv1 DMVPN Dual Hub with HSRP.

• What is GET VPN?
• How GET VPN Works?
• IKEv1 GET VPN with UNICAST REKEY METHOD.
• IKEv1 GET VPN with MULTICAST REKEY METHOD.

• What is IKEv2?
• How IKEv2 works?
• IKEv2 and FLEX VPN.
• IKEv2 site-to-site VPN with CRYPTO MAP.
• IKEv2 site-to-site VPN with SVTI.

• IKv2 site-to-site VPN ASA to ASA.
• IKEv2 IPSEC site-to-site VPN DVTI vrs CRYPTO MAP.
• IKEv2 site-to-site VPN with SVTI IPv4 vrs IPV6.

• IKEv2 DMVPN Phase-2 with IPv4.
• IKEv2 DMVPN Phase-2 IPv4 vrs IPv6.
• IKEv2 DMVPN Phase-2 IPv6.

• What is Remote Access VPN?
• Why we need Remote Access VPN?
• How Remote Access VPN Works?
• What is Thin Client VPN, Thick Client VPN, Clientless VPN?
• IKEv2 REMOTE ACCESS VPN.
• IKEv2 REMOTE ACCESS VPN WITH HARDWARE CLIENT.

• IKEv2 CISCO ANYCONNECT VPN ASA.
• SSL WEBVPN CLIENTLESS ASA.
• SSL WEBVPN SMART-TUNNEL on ASA.