This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos.
The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.
(3 days Training)
Tuesday 26 February 2019 – Thursday 28 February 2019
Requirement
Participants should have the Xg Engineer Certification
Recommended Knowledge
Knowledge of networking to a CompTIA N+ level
Knowledge of IT security to a CompTIA S+ level
Experience configuring network security devices
Be able to troubleshoot and resolve issues in Windows networked environments
Experience configuring and administering Linux/UNIX systems
Content
- Module 1: Enterprise Deployment Scenarios
- Module 2: Advanced Firewall
- Module 3: Authentication
- Module 4: Webserver Protection
- Module 5: RED Management
- Module 6: Wireless Protection
- Module 7: Enterprise VPN
- Module 8: High Availability
- Module 9: Troubleshooting
- Module 10: Sizing
Certification
+ exam: Sophos XG Architect
Duration 3 days
Agenda
Trainer: Micheal Eleftheroglou
Day 1 Tuesday 26 February 2019
9:30-10:15 Module 1: Enterprise Deployment Scenarios Part I
- Bridge mode
- Gateway mode
- Mixed mode
10:15-10:30 break
10:30-12:00 Enterprise Deployment Scenarios Part I
- VLAN
- Link Aggregation
- Routing protocols
12:00-12:15 Break
12:15-13:45 Advanced Firewall Part I
- Stateful inspection
- Strict policy
- Fast path
- Intrusion prevention
- Anti Dos/floofing
- Advanced Threat Protection
13:45-14:45 Break Lunch
14:45-16:15 Advanced Firewall Part II
- Asymmetric routing
- Local NAT policy
- DHCP options
- Bind to existing DHCP scope
- Country list
- Drop packet capture
- IPS tuning
16:15-16:30 Break
16:30-17:15 Webserver Protection
- Overview
- Web Servers
- Application Protection policies
- Path specific routing
- Authentication policies
- Certificates
Day 2 Wednesday 27 February 2019
9:30-10:15 Module 4: Authentication
- Single sign-on (SSO)
- LDAP integration
- Secure LDAP
- STAS (Sophos Transparent Authentication Suite
- Troubleshooting STAS
10:15-10:30 Διάλειμμα
10:30-12:00 Authentication part II
- Sophos Authentication for Thin clients (SATC)
- Troubleshooting SATC
- NTLM
- Troubleshooting NTLM
12:00-12:15 Break
12:15-13:45 Module 5: Red Management
- Overview
- RED Models
- Deployment
- Adding a RED interface
- Balancing and failover
- VLAN port configuration
13:45-14:45 Break- Lunch
14:45-15:30 Module 6: Wireless Protection
- Overview
- Access Points
- Wireless networks
- Security modes
- Deployment
- Built-in wireless
- Mesh networks
- Radius authentication
- Class Activity
15:30-15:45 Break
15:45-17:15 Module 7: Enterprise VPN
- Huge and spoke topology
- Ipsec VPN configuration
- Ipsec VPN policies
- NAT overlap
- Route precedence
- VPN failover
- Logs
- Troubleshooting
Day 3 Thursday 28 February 2019
9:30-11:00 Module 8: High Availability
- Overview
- Prerequisites
- HA packet flow
- Configuration
- HA status
- Console commands
- Logs
- General Administration
11:00-11:15 Break
11:15-12:00 Module 9: Troubleshooting
- Consolidated Troubleshooting Report
- SF loader
- Tcpdump
12:00-12:15 Break
12:15-13:45 Module 10: Sizing
- Hardware appliance models
- Hardware appliance sizing
- Software and virtual devices
- Sizing scenarios
- Class activity
13:45-14:45 Break – Lunch
14:45-17-15 Labs and Exams