Automating Cisco ASA and Firepower Policies Using APIs
Network security is more important today than ever before. This course will teach you how to automate common security operations on Cisco ASA, FTD, and FMC products in the context of enterprise Internet Edge security design.
What you'll learn
Conceptually, firewall security policies are straightforward, but managing them in production has historically been a challenge due to scale, efficacy, and business alignment. In this course, Automating Cisco ASA and Firepower Policies Using APIs, you'll leverage Ansible to configure Cisco Adaptive Security Appliance (ASA) policies via infrastructure-as-code. Next, you'll discover how to interact with the Cisco Firepower Threat Defense (FTD) REST API to reconstruct classic ASA policies on the next-generation security platform, which integrates firewall and Intrusion Prevention System (IPS) capabilities. Finally, you'll learn how to manage distributed FTD deployments using the Firepower Management Center (FMC) REST API, a centralized "single pane of glass" for the Firepower ecosystem of products. When you're finished with this course, you'll have the skills and knowledge of security programmability needed to confidently build, design, and operate professional-grade automation solutions.
Table of contents
- Course Introduction, Prerequisites, and Business Scenario 6m
- Revisiting the Fundamentals of Firepower and Ansible 4m
- Demo: Installing Ansible and Building Auxiliary Files 8m
- Demo: Writing and Testing Jinja2 Templates to Define ASA Policies 7m
- Demo: Developing Playbooks to Deploy and Purge ASA Policies 6m
- Module Summary and Homework Challenge 1m
- Introducing Firepower Threat Defense (FTD) 2m
- Demo: Developer Resources to Help You 4m
- Demo: Authenticating to FTD within a Simple Python SDK 7m
- Demo: Developing Policy Object SDK Methods 8m
- Demo: Adding and Deleting Policy Objects 4m
- Demo: Collecting and Validating Policy Objects 3m
- Module Summary and Homework Challenge 1m
- Reviewing the FTD Policy Design 1m
- Demo: Collecting the Default Security Zones 3m
- Demo: Creating and Deleting FTD Access Rules 7m
- FTD Intrusion Prevention System (IPS) Policy Options 2m
- Demo: Updating Access Rules to Leverage IPS Capabilities 5m
- Demo: Final Preparation and Deployment of Access Policies 4m
- Demo: GUI and API Based Policy Validation 5m
- Module Summary and Homework Challenge 1m
- Why is Firepower Management Center (FMC) Useful? 4m
- Demo: Developer Resources to Help You 4m
- Demo: Initial Authentication to the FMC REST API 6m
- Demo: Managing FMC Policy Objects 8m
- Demo: Constructing Access Rules and Applying Access Policies 7m
- Demo: Performing GUI and API Based Policy Validation 6m
- Module Summary and Homework Challenge 1m
About the author
Nicholas (Nick) Russo, CCDE #20160041 and CCIE #42518, is an internationally recognized expert in IP/MPLS networking and design. To grow his skillset, Nick has been focused advancing Network DevOps via automation for his clients. Recently, Nick has been sharing his knowledge through online video training and speaking at industry conferences. Nick also holds a Bachelor's of Science in Computer Science from the Rochester Institute of Technology (RIT). Nick lives in Maryland, USA with his wife, Car... more