Automating Cisco ASA and Firepower Policies Using APIs

By Nick Russo
Network security is more important today than ever before. This course will teach you how to automate common security operations on Cisco ASA, FTD, and FMC products in the context of enterprise Internet Edge security design.
Play course overview
Course info
Level
Intermediate
Updated
Jun 24, 2020
Duration
2h 5m
Table of contents
Course Overview
Course Overview 2m
Securing the Perimeter Using Cisco ASA Firewalls and Ansible
Course Introduction, Prerequisites, and Business Scenario 6m Revisiting the Fundamentals of Firepower and Ansible 4m Demo: Installing Ansible and Building Auxiliary Files 8m Demo: Writing and Testing Jinja2 Templates to Define ASA Policies 7m Demo: Developing Playbooks to Deploy and Purge ASA Policies 6m Module Summary and Homework Challenge 1m
Managing Security Policy Objects within Cisco FTD
Introducing Firepower Threat Defense (FTD) 2m Demo: Developer Resources to Help You 4m Demo: Authenticating to FTD within a Simple Python SDK 7m Demo: Developing Policy Object SDK Methods 8m Demo: Adding and Deleting Policy Objects 4m Demo: Collecting and Validating Policy Objects 3m Module Summary and Homework Challenge 1m
Constructing and Deploying Cisco FTD Access Rules
Reviewing the FTD Policy Design 1m Demo: Collecting the Default Security Zones 3m Demo: Creating and Deleting FTD Access Rules 7m FTD Intrusion Prevention System (IPS) Policy Options 2m Demo: Updating Access Rules to Leverage IPS Capabilities 5m Demo: Final Preparation and Deployment of Access Policies 4m Demo: GUI and API Based Policy Validation 5m Module Summary and Homework Challenge 1m
Managing Distributed Cisco FTD Instances Using Cisco FMC
Why is Firepower Management Center (FMC) Useful? 4m Demo: Developer Resources to Help You 4m Demo: Initial Authentication to the FMC REST API 6m Demo: Managing FMC Policy Objects 8m Demo: Constructing Access Rules and Applying Access Policies 7m Demo: Performing GUI and API Based Policy Validation 6m Module Summary and Homework Challenge 1m
Description
Course info
Level
Intermediate
Updated
Jun 24, 2020
Duration
2h 5m
Description

Conceptually, firewall security policies are straightforward, but managing them in production has historically been a challenge due to scale, efficacy, and business alignment. In this course, Automating Cisco ASA and Firepower Policies Using APIs, you'll leverage Ansible to configure Cisco Adaptive Security Appliance (ASA) policies via infrastructure-as-code. Next, you'll discover how to interact with the Cisco Firepower Threat Defense (FTD) REST API to reconstruct classic ASA policies on the next-generation security platform, which integrates firewall and Intrusion Prevention System (IPS) capabilities. Finally, you'll learn how to manage distributed FTD deployments using the Firepower Management Center (FMC) REST API, a centralized "single pane of glass" for the Firepower ecosystem of products. When you're finished with this course, you'll have the skills and knowledge of security programmability needed to confidently build, design, and operate professional-grade automation solutions.

About the author
Nick Russo
About the author

Nick Russo, CCDE #20160041 and CCIE #42518, is your go-to-guy for all things networking and automation. Nick loves training online and speaking at industry conferences sharing his expertise.

More from the author
Automating Multi-vendor and Cloud Networks Using Ansible
Intermediate
3h 30m
Jun 17, 2021
Cisco Advanced Routing: Troubleshooting with Cisco DNA Center Assurance
Advanced
25m
May 10, 2021
Cisco Advanced Routing: Leaf/Spine Data Centers
Advanced
3h 7m
May 4, 2021
More courses by Nick Russo
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is Nick Russo and welcome to my course titled Automating Cisco S A and Firepower Policies using APIs. Anyone who has worked in Network Security knows how tedious it can be to manage firewall policies manually. I'll teach you how to automate that process. Using popular automation tools specifically will cover three main topic areas. Cisco Adaptive Security Appliance or S a policy automation using answerable, Cisco Firepower, Threat Defense or FTD Policy Automation using python and rest APIs and managing distributed FTD deployments with Fire Power Management center or FMC, also using python and rest APIs. After completing this course, you'll know how to design, operate and maintain various automation scripts to help translate your business intent into a compliant security policy. Before beginning this course ID, recommend the following prerequsites courses. These three courses provide the foundation of software development and program ability skills that are extended in this course. The content around Cisco product APIs will be especially helpful. I'm assuming you already have a strong background in python programming. This fourth course focuses on enterprise network automation, which will provide useful context before digging into security program ability topics. I hope you'll join me on this journey to improve your programming skills with Cisco S, A, F T D and FMC Automation at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT