|
|
Training . UTM Expert+
|
Training
utm EXPERt+
NETASQ approved training center N° 31.59.05307.59 |
|
| |
The aim of this training course is to guide technicians in the most advanced features of the intrusion prevention/ UTM product
Venue, duration and registration
This training is exclusively conducted by NETASQ.
The Expert Plus training course takes place over three days, or over 21 hours.
|
|
The trainees are convened at 9h30 AM the first day of training.
All requests for inscriptions must be sent at your NETASQ certified training center (NCTC) or with the NETASQ service formation
(formation@netasq.com). Groups maximum are of 4 people per session.
A support of course is provided to each trainee.
Pre-requisites and hardware
Good Knowledge of the TCP/IP. Prior administrator training or its equivalent would be a bonus.
Trainees should be equipped with a
laptop on which a Windows operating system has been installed and a RS232 (serial port) disposal in order to conduct the
exercises suggested in the training course
Detailed description
| Day 1 |
. NETASQ Technical Support (support charter, case tracking, RMA)
. Support methodology (listening and paraphrasing; recording information)
. Technical document resources
Console mode
. Access
. File System
. Usual UNIX commands
. LAB CMD + UNIX password recovery
Configuration
. Storage directory, partial extraction, defaultconfig
. LAB exploring a configuration backup in CLI
Traces/logs
. Organizing and managing the rotation of files and contents
. LAB exploring logs in CLI
Network and routing
. Recap of theoretical principles
. Characteristics of network interfaces
. The NETASQ bridge
. Gatemon: fail-over and LB (DEBUG directive)
. Routing order of priority
Objects
. Correspondence of NETASQ files to UNIX files
. Dynamic objects
Daemons and the watchdog software application
ASQ
.
Schematic pyramid of treatments
. Details of treatment; attachment of plugins
. Sfctl: interactions with ASQ
. CONFIG
. DEBUG
|
| Day 2 |
Frame captures and analyses
. TCPDUMP: syntax and filters
. Detailed analysis of TCP flow
LABs
. Routing: dst‐MAC modification
. Default gateway and static routes (bounce on defGW FW instructor!= static route => asymmetrical
traffic)
. Bridge: host registration; intervention in routing (FastRoute=MAC addr)
. frame capture and analysis (observation of communications in order to manage network errors)
Filtering
. application criteria; combination with ASQ, QoS profiles...
. Configuration files and anatomy of rules
NAT
. Recaps
. Competing traffic and application priority
. Additional criteria
. Related events
LAB
. Application priority LAB + related events
FTP
. Operating modes
. LAB full information report ( ASQ Verbose + traffic capture + logs + technical report, correlation of gathered information, case study and explanation of client‐server behavior on FTP)
|
| Day 3 |
NSRPC
Eventd
. Event Manager
. LAB automating an information report
IPSec/IKE
. Recap of theoretical principles
. Running the implementation
. Additional features (SharedSA, SPD Cache)
. Enabling DEBUG
LAB . Observation of IPSec tunnel negotiations and characteristics
LAB . SharedSA
LAB . Hub'n'Spoke
Proxies
. Mechanisms
. Specific settings
DEBUG
LAB SMTP
Other debugging tools
. Dialup/PPTP
. Administration Tools
. Eventd, authd, xvpnd
. V8.0 : proxy, auth, vpn-ssl
|
|
|
|
