Sophos Firewall v20
Architect Training
Sophos Firewall v20
Architect Training
Tuesday, May 21, 2024
Wednesday, May 22, 2024
Thursday, May 23, 2024
This course is designed for technical professionals who will be administering Sophos Firewall v20 and provides the skills necessary to manage common day-to- day tasks.
It consists of presentations and practical lab exercises to reinforce the taught content. Electronic copies of the supporting documents for the course will be provided to each trainee through the online portal. The course is expected to take 3 days to complete, of which approximately 9 hours will be spent on the practical exercises and labs and will be held at the NSS Authorized Training Center, Paggaiou & 1 Aggistis st., 11855 Athens.
This course is available as an instructor-led classroom course. Due to the nature of delivery, and the varying experiences of trainees, open discussion is encouraged during this course. Electronic copies of the supporting documents for the course are provided to each trainee via the training portal.
On completion of this course, trainees will be able to:
- Explain how Sophos Firewall help to protect against security threats
- Configure firewall rules, policies, and user authentication
- Demonstrate threat protection and commonly used features
- Perform the initial setup of an Sophos Firewall and configure the required network settings
- Identify and use troubleshooting tools, reporting and management tasks
To complete this course, trainees must take and pass an online assessment.
Trainees will have 3 hours to complete the assessment; the pass mark is 80% and trainees will have 3 attempts to pass.
Each trainee is provided a pre-configured environment that simulates a company network with two sites, a head office, and a branch office.
Sophos Firewall v20 Architect
There are no prerequisites for this course; however, it is recommended you should have the following:
- Knowledge of networking to a CompTIA N+ level
- Knowledge of IT security to a CompTIA S+ level
- Experience configuring network security devices
- Be able to troubleshoot and resolve issues in Windows networked environments
- Experience configuring and administering Linux/UNIX systems
If you are uncertain whether you meet the necessary prerequisites, please email us at training@nss.gr and we will be happy to help.
Deployment
Base Firewall
Network Protection
Synchronized Security
Web Server Protection
Site-to-Site Connections
Authentications
Web Protection
Wireless
Remote Access
High Availability
Public Cloud
9:30-10:45 Module 1: Deployment and Lab
- Recall important information from Engineer courses
- Deployment modes supported by the Sophos Firwewall
- Understand a range of scenarios where each deployment mode would commonly be used
- Use built-in tools to troubleshoot issues
- Labs
10:45-11:00 break
11:00-13:00 Module 2: Base Firewall
- Explain how the sophos firewall can be accessed
- Understand the types fo interfaces that can be created
- Understand the benefits of Fast Path Technology
- Configure routing per firewall rule
- Understand best practice for ordering firewall rules
- Explain what Local NAT policy is and known how to configure it.
13:00-14:00 Lunch
14:00-16:00 Labs
- Activate the Sophos Firewalls
- Post installation Configuration
- Bridge interfaces
- Create a NAT rule to load balance access to servers
- Create a local NAT policy
- Configure routing using multiple WAN links
- Configure policy-based routing for an MPLS scenario
- Install Sophos Central
16:00-16:15 Break
16:15-17:15 Module 3: Network Protection and Lab
- Explain what IPS is and how traffic can be offloaded to Fastpath
- Demonstrate how to optimize workload y configuring IPS policies
- Examine advanced Intrusion Prevention and optimize policies
- Configure advanced DOS Protection rules
- Demonstrate how the strict policy can be used to protect networks
- Labs- Create Advanced DoS Rules
- Explain how Security Heartbeat works
- Configure Synchronized Security
- Deploy Synchronized Security in discover and inline modes
- Understand the advantages and disadvantages of deploying
- Synchronizes Security in different scenarios
- Labs
- Configure source-Based Security
- Hearteat firewall rules
- Destination based Security Heartbeat
- Missing Security Heartbeat
- Lateral Movement Protection
- Explain how Websever Protection works
- Describe protection features for a web application
- Configure Web Server authentication
- Publish a web service using the Web Application Firewall
- Use the preconfigured templates to configure Web Server Protection for common purposes
- Configure SlowHTTP protection
- WAF enhancement
- Labs (Web Application Firewall)
- Labs (Load balancing with Web Server Protection)
- Labs (Web Server Authentication and path-specific routing)
14:45-17:45 Module 6: Site to site connections and Labs
- Configure and deploy site to site VPNs in a wide range of environment
- Implement IPsec NATing and failover
- Check and modify route precedence
- Create RED tunnels between XG firewalls
- Understand when to use RED
- Network and Routing Enhancement
- Labs ( Create an IPsec site to site VPN
- Labs ( Configure VPN network NATing )
- Labs (Configure VPN failover)
- Labs (Enable RED on the XG firewall)
- Labs (Create a RED tunnel between two XG Firewalls
- Labs (Configure routing for the RED tunnel)
- Labs (Configure route-based VPN)
9:00-10:00 Module 7: Authentications and Labs
- Demonstrate how to configure and use RADIUS accounting
- Deploy STAS in large and complex environment
- Configure SATC and STAS together
- Configure Secure LDAP and identify the different secure connections available
- Labs (configure an Active Directory Authentication server)
- Labs (configure single sing-on using STAS
- Labs (Authenticate users over a site to site VPN)
10:00-11:15 Module 8: Web Protection
- Choose the most appropriate type for web protection in different deployment scenarios
- Enable web filtering using the DPI engine or legacy web proxy
- Configure TLS inspection using the DLP engine or legacy web proxy
- Labs (Install the SSL CA certificate)
- Labs (Configure TLS inspection rules)
- Labs (Create a custom web policy for users)
11:15-11:30 Break
11:30-12:15 Module 9: Wireless
- Explain how Sophos Access Points are deployed and identify some common issues
- Configure RADIUS authentication
- Configure a mesh network
12:15-13:05 Module 10: Remote Access
- Configure Sophos Connect and manage the configuration using Sophos Connect Admin
- Configure an IPsec remote access VPN
- Configure an L2TP remote access VPN for mobile devices
- Labs (Sophos Connect)
13:05-14:25 Module 11: High Availability
- Explain what HA is and how it operates
- Demonstrate how to configure HA and explain the difference between quick and manual configuration
- List the prerequisites for high availability
- Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
- Explain the packet flow in high availability
- Demonstrate how to disable HA
- Edits to cover HA changes (VLAN on dedicated port, node name, Quick HA automatic LAG, preferred primary device, license information)
- Edits for HA status changes
- Labs (Create an Active-Passive cluster)
- Labs (Disable High Availability)
14:25-15:05 Lunch Break
15:05-16-15 Public Cloud and Labs
- Deploy Sophos firewall in complex network enviroments
- Explain how Sophos firewall process traffic and use this information to inform the configuration
- Configure advanced networking and protection features
- Deploy Sophos firewall on public cloud infrastructure
- Labs (Put a service in debug mode to gather logs)
- Labs (Retrieving log files)
- Labs (Troubleshoot an issue from an imported configuration file)
- Labs (Deploy an Sophos Firewall on Azure (simulation)
16:15 (Exams)
Courses are given in English & Greek language with English documentation. Prices include training materials, vouchers for official vendor certificates when applicable, coffee & lunch during the training procedure. NSS aims to educate and prepare all participants with the skills needed to deploy a solution efficiently and effectively, maximizing the existing investment.