Automating Cisco ASA and Firepower Policies Using APIs

By Nick Russo
Network security is more important today than ever before. This course will teach you how to automate common security operations on Cisco ASA, FTD, and FMC products in the context of enterprise Internet Edge security design.
Play course overview
Course info
Level
Intermediate
Updated
Jun 24, 2020
Duration
2h 5m
Table of contents
Course Overview
Course Overview 2m
Securing the Perimeter Using Cisco ASA Firewalls and Ansible
Revisiting the Fundamentals of Firepower and Ansible 4m Demo: Developing Playbooks to Deploy and Purge ASA Policies 6m Demo: Writing and Testing Jinja2 Templates to Define ASA Policies 7m Course Introduction, Prerequisites, and Business Scenario 6m Demo: Installing Ansible and Building Auxiliary Files 8m Module Summary and Homework Challenge 1m
Managing Security Policy Objects within Cisco FTD
Introducing Firepower Threat Defense (FTD) 2m Demo: Adding and Deleting Policy Objects 4m Demo: Developer Resources to Help You 4m Module Summary and Homework Challenge 1m Demo: Collecting and Validating Policy Objects 3m Demo: Developing Policy Object SDK Methods 8m Demo: Authenticating to FTD within a Simple Python SDK 7m
Constructing and Deploying Cisco FTD Access Rules
Demo: Creating and Deleting FTD Access Rules 7m Demo: Collecting the Default Security Zones 3m Demo: Updating Access Rules to Leverage IPS Capabilities 5m Demo: Final Preparation and Deployment of Access Policies 4m FTD Intrusion Prevention System (IPS) Policy Options 2m Reviewing the FTD Policy Design 1m Demo: GUI and API Based Policy Validation 5m Module Summary and Homework Challenge 1m
Managing Distributed Cisco FTD Instances Using Cisco FMC
Demo: Performing GUI and API Based Policy Validation 6m Why is Firepower Management Center (FMC) Useful? 4m Demo: Constructing Access Rules and Applying Access Policies 7m Demo: Developer Resources to Help You 4m Demo: Initial Authentication to the FMC REST API 6m Demo: Managing FMC Policy Objects 8m Module Summary and Homework Challenge 1m
Description
Course info
Level
Intermediate
Updated
Jun 24, 2020
Duration
2h 5m
Description

Conceptually, firewall security policies are straightforward, but managing them in production has historically been a challenge due to scale, efficacy, and business alignment. In this course, Automating Cisco ASA and Firepower Policies Using APIs, you'll leverage Ansible to configure Cisco Adaptive Security Appliance (ASA) policies via infrastructure-as-code. Next, you'll discover how to interact with the Cisco Firepower Threat Defense (FTD) REST API to reconstruct classic ASA policies on the next-generation security platform, which integrates firewall and Intrusion Prevention System (IPS) capabilities. Finally, you'll learn how to manage distributed FTD deployments using the Firepower Management Center (FMC) REST API, a centralized "single pane of glass" for the Firepower ecosystem of products. When you're finished with this course, you'll have the skills and knowledge of security programmability needed to confidently build, design, and operate professional-grade automation solutions.

About the author
Nick Russo
About the author

Nick Russo, CCDE #20160041 and CCIE #42518, is your go-to-guy for all things networking and automation. Nick loves training online and speaking at industry conferences sharing his expertise.

More from the author
Automating Networks with Python
Intermediate
3h 49m
May 18, 2020
Consuming Cisco APIs and Understanding Application DevOps
Beginner
2h 30m
May 18, 2020
More courses by Nick Russo
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is Nick Russo and welcome to my course titled Automating Cisco S A and Firepower Policies using AP eyes. Anyone who has worked in Network Security knows how tedious it can be to manage firewall policies manually. I'll teach you how to automate that process. Using popular automation tools specifically will cover three main topic areas. Cisco Adaptive Security Appliance or A S. A Policy Automation using answerable, Cisco Firepower, Threat Defence or FTD Policy automation. Using python and rest AP Eyes and managing distributed FTD deployments with Fire Power Management Center or FMC also using python and rest AP eyes. After completing this course, you'll know how to design, operate and maintain various automation scripts to help translate your business intent into a compliant security policy. Before beginning this course, I'd recommend the following prerequisite courses. These three courses provide the foundation off software development and program ability skills that are extended in this course. The content around Cisco product AP eyes will be especially helpful. I'm assuming you already have a strong background in python programming. This fourth course focuses on enterprise network automation, which will provide useful context before digging into security program ability topics. I hope you'll join me on this journey to improve your programming skills with Cisco S, A. FTD and FMC Automation at plural site.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT