PRODUCTS

Sophos Firewall v20
Architect Training

Sophos Firewall v20
Architect Training

Tuesday, May 21, 2024
Wednesday, May 22, 2024
Thursday, May 23, 2024

This course is designed for technical professionals who will be administering Sophos Firewall v20 and provides the skills necessary to manage common day-to- day tasks.

It consists of presentations and practical lab exercises to reinforce the taught content. Electronic copies of the supporting documents for the course will be provided to each trainee through the online portal. The course is expected to take 3 days to complete, of which approximately 9 hours will be spent on the practical exercises and labs and will be held at the NSS Authorized Training Center, Paggaiou & 1 Aggistis st., 11855 Athens.

Duration: This course will take 3 days to complete.
Duration: This course will take 3 days to complete.
Delivery

This course is available as an instructor-led classroom course. Due to the nature of delivery, and the varying experiences of trainees, open discussion is encouraged during this course. Electronic copies of the supporting documents for the course are provided to each trainee via the training portal.

Objectives

On completion of this course, trainees will be able to:

Assessment

To complete this course, trainees must take and pass an online assessment.

Trainees will have 3 hours to complete the assessment; the pass mark is 80% and trainees will have 3 attempts to pass.

Lab Environment

Each trainee is provided a pre-configured environment that simulates a company network with two sites, a head office, and a branch office.

Certification

Sophos Firewall v20 Architect

Prerequisites

There are no prerequisites for this course; however, it is recommended you should have the following:

If you are uncertain whether you meet the necessary prerequisites, please email us at training@nss.gr and we will be happy to help.

Course Agenda
01
Module 1

Deployment

02
Module 2

Base Firewall

03
Module 3

Network Protection

04
Module 4

Synchronized Security

05
Module 5

Web Server Protection

06
Module 6

Site-to-Site Connections

07
Module 7

Authentications

08
Module 8

Web Protection

09
Module 9

Wireless

10
Module 10

Remote Access

11
Module 11

High Availability

12
Module 12

Public Cloud

Sophos Firewall Architect Certification
Training Program
Trainer: Michael Eleftheroglou

9:30-10:45 Module 1: Deployment and Lab

  • Recall important information from Engineer courses
  • Deployment modes supported by the Sophos Firwewall
  • Understand a range of scenarios where each deployment mode would commonly be used
  • Use built-in tools to troubleshoot issues
  • Labs

 10:45-11:00 break

 11:00-13:00 Module 2: Base Firewall

  • Explain how the sophos firewall can be accessed
  • Understand the types fo interfaces that can be created
  • Understand the benefits of Fast Path Technology
  • Configure routing per firewall rule
  • Understand best practice for ordering firewall rules
  • Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Lunch

14:00-16:00  Labs

  • Activate the Sophos Firewalls
  • Post installation Configuration
  • Bridge interfaces
  • Create a NAT rule to load balance access to servers
  • Create a local NAT policy
  • Configure routing using multiple WAN links
  • Configure policy-based routing for an MPLS scenario
  • Install Sophos Central

16:00-16:15 Break

16:15-17:15  Module 3: Network Protection and Lab

  • Explain what IPS is and how traffic can be offloaded to Fastpath
  • Demonstrate how to optimize workload y configuring IPS policies
  • Examine advanced Intrusion Prevention and optimize policies
  • Configure advanced DOS Protection rules
  • Demonstrate how the strict policy can be used to protect networks
  • Labs- Create Advanced DoS Rules
9:30-11:00 Module 4: Synchronized Security and Labs
  • Explain how Security Heartbeat works
  • Configure Synchronized Security
  • Deploy Synchronized Security in discover and inline modes
  • Understand the advantages and disadvantages of deploying
  • Synchronizes Security in different scenarios
  • Labs
  • Configure source-Based Security
  • Hearteat firewall rules
  • Destination based Security Heartbeat
  • Missing Security Heartbeat
  • Lateral Movement Protection
11:00-11:15 Break 11:15-13:45 Module 5: Webserver Protection and Labs
  • Explain how Websever Protection works
  • Describe protection features for a web application
  • Configure Web Server authentication
  • Publish a web service using the Web Application Firewall
  • Use the preconfigured templates to configure Web Server Protection for common purposes
  • Configure SlowHTTP protection
  • WAF enhancement
  • Labs (Web Application Firewall)
  • Labs (Load balancing with Web Server Protection)
  • Labs (Web Server Authentication and path-specific routing)
13:45-14:45 Break and Lunch
14:45-17:45 Module 6: Site to site connections and Labs
  • Configure and deploy site to site VPNs in a wide range of environment
  • Implement IPsec NATing and failover
  • Check and modify route precedence
  • Create RED tunnels between XG firewalls
  • Understand when to use RED
  • Network and Routing Enhancement
  • Labs ( Create an IPsec site to site VPN
  • Labs ( Configure VPN network NATing )
  • Labs (Configure VPN failover)
  • Labs (Enable RED on the XG firewall)
  • Labs (Create a RED tunnel between two XG Firewalls
  • Labs (Configure routing for the RED tunnel)
  • Labs (Configure route-based VPN)

9:00-10:00 Module 7: Authentications and Labs

  • Demonstrate how to configure and use RADIUS accounting
  • Deploy STAS in large and complex environment
  • Configure SATC and STAS together
  • Configure Secure LDAP and identify the different secure connections available
  • Labs (configure an Active Directory Authentication server)
  • Labs (configure single sing-on using STAS
  • Labs (Authenticate users over a site to site VPN)

10:00-11:15  Module 8: Web Protection

  • Choose the most appropriate type for web protection in different deployment scenarios
  • Enable web filtering using the DPI engine or legacy web proxy
  • Configure TLS inspection using the DLP engine or legacy web proxy
  • Labs (Install the SSL CA certificate)
  • Labs (Configure TLS inspection rules)
  • Labs (Create a custom web policy for users)

11:15-11:30 Break

11:30-12:15 Module 9: Wireless

  • Explain how Sophos Access Points are deployed and identify some common issues
  • Configure RADIUS authentication
  • Configure a mesh network

12:15-13:05 Module 10: Remote Access

  • Configure Sophos Connect and manage the configuration using Sophos Connect Admin
  • Configure an IPsec remote access VPN
  • Configure an L2TP remote access VPN for mobile devices
  • Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability

  • Explain what HA is and how it operates
  • Demonstrate how to configure HA and explain the difference between quick and manual configuration
  • List the prerequisites for high availability
  • Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
  • Explain the packet flow in high availability
  • Demonstrate how to disable HA
  • Edits to cover HA changes (VLAN on dedicated port, node name, Quick HA automatic LAG, preferred primary device, license information)
  • Edits for HA status changes
  • Labs (Create an Active-Passive cluster)
  • Labs (Disable High Availability)

14:25-15:05 Lunch Break

15:05-16-15 Public Cloud and Labs

  • Deploy Sophos firewall in complex network enviroments
  • Explain how Sophos firewall process traffic and use this information to inform the configuration
  • Configure advanced networking and protection features
  • Deploy Sophos firewall on public cloud infrastructure
  • Labs (Put a service in debug mode to gather logs)
  • Labs (Retrieving log files)
  • Labs (Troubleshoot an issue from an imported configuration file)
  • Labs (Deploy an Sophos Firewall on Azure (simulation)

16:15  (Exams)

NSS is an Authorized Training Center

Courses are given in English & Greek language with English documentation. Prices include training materials, vouchers for official vendor certificates when applicable, coffee & lunch during the training procedure. NSS aims to educate and prepare all participants with the skills needed to deploy a solution efficiently and effectively, maximizing the existing investment.

Contact us for more information on Sophos Firewall v20 Architect Training
Share this info about
Firewall v20 Training