Instructor-led Training Comprehensive Services from Your Trusted Security Partner Additional Information Recommended prerequisite for the Certified SonicWALL Security Administrator (CSSA) exam Course Description: The CSSA Instructor-led Training curriculum is designed to reinforce the foundational knowledge in the SonicWALL Technical e*training courses. These courses provide the hands -on experiential training that will enhance problem solving and provide dynamic feedback in a classroom setting. The CSSA Instructor-led Training courses provide excellent preparation of the SonicWALL CSSA certification exam. This training is structured as a modular, multi-day course that addresses a variety of knowledge levels and learning requirements. Learning path is as follows: Technical e*training Preparation: 1. Securing Networks with SonicOS 2. Virtual Private Networking with SonicWALL 3. Securing SonicWALL Wireless Networks Instructor-led Technical Training: 1. SonicWALL Standard Security Foundations (CSSA I)? 2. SonicWALL Enhanced Security Administration (CSSA II)? 3. SonicWALL Network Security Expert (CSSA III) Who Should Attend? Those persons tasked with the support, installation, deployment or administration of SonicWALL products, including but not limited to System Administrators, Security staff, Firewall Administrators, Network Engineers, Pre-Sales Engineers, System Engineers, Reseller Support, Installation Consultants. Course Objectives: Upon completing this training course, participants should be able to: Install SonicWALL Firewall Appliances within a network Configure Network Access Rules, working with Zones, Objects, and Groups Configure VPN Solutions Configure routing options and QoS Configure and Test Load Balancing and Failover Install and Configure SonicWALL Layered Security Services, including Content Filtering, Antivirus, and Intrusion Prevention Configure and interpret logs and reports Perform basic administrative tasks and troubleshooting
SonicWALL SonicOS Standard Security Foundations (CSSA I) In Module One of the CSSA Instructor-led series, emphasis is on gaining familiarity with the most basic SonicWALL security environments, using the SonicOS Standard firmware on TZ170 appliances. Students will be introduced to network modes, product registration, NAT configuration, User Level Authentication, Proxy Relay and Routing, basic VPN configurations and layered security services. This module is intended for students not already familiar with basic SonicOS security, or for those who require experience using SonicOS Standard firmware. Labs for this class are based on SonicOS 3.1 Standard for TZ170. Prerequisites for CSSA I: All students should have a basic knowledge of networking concepts including network topologies and an understanding of the OSI model of networking protocol stacks. Familiarity with Microsoft Windows Networking is helpful. SonicWALL recommends that attendees have an understanding of TCP/IP, network addressing, subnet masks, and Network Address Translation, as well as knowledge of basic router concepts. Familiarity with Virtual Private Networking and IPSec functionality would also be helpful. Students are assumed to have a basic conceptual knowledge of firewalls and their role within a network. Students MUST complete the SonicWALL Technical e*training courses prior to attending instructor-led courses. The Technical e*training courses are: Securing Networks with SonicOS and Virtual Private Networking with SonicWALL and Securing SonicWALL Wireless Networks. Students who do not meet course prerequisites may have difficulty completing classroom labs. Topics Covered in CSSA I: Note: The Standard Security Fundamentals course has been designed as an introduction to the essentials of SonicWALL internetworking. Labs in this course are more basic, allowing for greater discussion of underlying networking concepts. Security Overview o Network Security Definitions, Risks, and Techniques Product & Services Review o Evolving Issues in Network Security o SonicWALL PRO Series o SonicWALL TZ 170 Family o SonicWALL Distributed Wireless o SonicOS Standard and Enhanced o SonicWALL Security Upgrades Configuring the Firewall o Initial Configuration (Lab) o MySonicWALL.com Licensing and Service Delivery o Licensing and Registration (Lab) o Configuring DHCP Server (Lab) o Logs and Reports Extending Firewall Functionality with Rules o Extending Firewall Functionality with Rules (Lab) o User-level Authentication (Lab) o Remote Management Rules (Lab) Extending the Network Functionality o Network Address Translation o Configuring Servers on the DMZ (Lab) SonicWALL VPN Configuration o Defining Security Associations o Create a Manual Key Tunnel (Lab) o Create an IKE Main Mode Tunnel (Lab) o Create an IKE Aggressive Mode Tunnel (Lab)
Designing SonicWALL VPN Networks o Create a hub and Spoke VPN (Lab) o Working with DHCP over VPN o Extended VPN Features Applying NAT on the VPN Tunnel (Lab) Global VPN Client o Installing the Global VPN Client (Lab) o Global VPN Settings o Group VPN Policy (Lab) o Client Provisioning (Lab) Extending the Firewall Functionality with Security Services o Antivirus o Content Filter Services (Lab) o Viewpoint Reporting Service (Demo) SonicWALL Enhanced Security Administration (CSSA II) In Module Two of the CSSA Instructor-led series, emphasis is on building a comprehensive network that demonstrates most of the commonly used features in SonicOS Enhanced firmware. Students will build a network consisting of a LAN, DMZ, and VPN tunnels. Using this network, they will create NAT policies, access rules, and layered security, apply port address translations, static and dynamic routing, configure SNMP and failover, interpret logs and generate reports, and use basic administrative features. This module is intended to provide practical hands -on learning and troubleshooting experience for students interested in obtaining Certified SonicWALL System Administrator certification. Skills applied in this class leverage concepts taught in the Technical e*training courses, and form the basis for the CSSA certification exam. Labs for this class are based on SonicOS 3.1 Enhanced firmware. Prerequisites for CSSA II: All students should have a basic knowledge of networking concepts including network topologies and an understanding of the OSI model of networking protocol stacks. Familiarity with Microsoft Windows Networking is helpful. SonicWALL recommends that attendees have an understanding of TCP/IP, network addressing, subnet masks, and Network Address Translation, as well as knowledge of basic router concepts. Familiarity with Virtual Private Networking and IPSec functionality would also be helpful. Students are assumed to have a basic conceptual knowledge of firewalls and their role within a network. Students MUST complete the SonicWALL Technical e*training courses prior to attending instructor-led courses. The Technical e*training courses are: Securing Networks with SonicOS and Virtual Private Networking with SonicWALL and Securing SonicWALL Wireless Networks. Completion of CSSA1 or equivalent knowledge basis Students who do not meet course prerequisites may have difficulty completing classroom labs. Topics Covered in CSSA II: Note: The Standard Enhanced Security course has been designed to provide hands-on experience with common SonicWALL network integration features using SonicOS Enhanced firmware. While the topic areas are similar to those presented in the CSSA I: Fundamentals course, this day of instruction assumes prior knowledge of networking concepts and focuses time on more advanced labs rather than on lecture. Security Overview o Network Security Definitions, Risks, and Techniques o SonicWALL Security Upgrades Real-Time Gateway Anti Virus Intrusion Prevention Services v2.0 o SonicOS Enhancements for 3.0 AD and LDAP
802.1q VLAN Support Advanced Routing Services Dynamic DNS Real-Time Monitoring Static ARP Support Virtual Adapter Static IP Support SYN Cookie/Other TCP Enhancements VPN Auto-Added Access Rule Control SonicSetup o Configuring the Firewall (Labs) o Booting in safe mode o Physical interface addressing o Enabling DHCP on LAN 0 o Registering firewall and configuring layered security services Extending Firewall Functionality: Zones, Objects, NAT and Rules (Labs) o Assigning interfaces to Zones o Creating Address Objects o Applying NAT Policies o Configuring Access Rules Applying Advanced User Level Access (Labs) Designing VPN Networks(Labs) o Creating a Hub & Spoke network with NAT on VPN tunnel o Provisioning remote site communication through single VPN tunnel to the head-end o Provisioning VPN between two sites using same LAN subnet Extending the Firewall Functionality with Security Services (Labs) o Provision and test AV, CFS, and IPS o Apply group-level CFS policies o Restricting web-access by user Applying Advanced NAT policies o Creating Inbound Port-address Translation Creating Advanced routing (Labs) o Creating Static routes SonicWALL Network Security Expert (CSSA III) In Module Three of the CSSA Instructor-led series, emphasis is on extending complex networks to demonstrate the more advanced features of SonicOS Enhanced 3.1. Students will build upon their knowledge of zones, address objects, and user groups to apply QoS (Bandwidth Management with DiffServ classification, granular access policies, Policy Based Routing), configure user authentication within AD/LDAP environments, specify OSPF routing, and manipulate VLAN segments, understanding VoIP deployment and Hardware Failover. This module forms assumes knowledge, proficiency, and experience with enterprise network administration concepts and applications. CCNA/CCNP recommended. Labs for this class are based on SonicOS 3.1 Enhanced for PRO4060/5060. Prerequisites for CSSA III: All attendees must have completed CSSA I and CSSA II training courses prior to attendance. SonicWALL recommends that attendees have an understanding of TCP/IP, network addressing, subnet masks, and Network Address Translation, as well as knowledge of basic router concepts. Familiarity with Virtual Private Networking and IPSec functionality would also be helpful. All students should have a basic knowledge of networking concepts including network topologies and an understanding of the OSI model of networking protocol stacks. Familiarity with Microsoft Windows Networking is helpful.
Students are assumed to have a basic conceptual knowledge of firewalls and their role within a network. Students MUST complete the SonicWALL Technical e*training courses prior to attending instructor-led courses. The Technical e*training courses are: Securing Networks with SonicOS and Virtual Private Networking with SonicWALL and Securing SonicWALL Wireless Networks. Students who do not meet course prerequisites may have difficulty completing classroom labs. Topics Covered in CSSA III: Product Overview o Sonicwall Appliances o Sonicwall Value Added Services Upgrading and Diagnosis using SonicSetup Tool o Understand the purpose of SonicSetup o Distinguish between the SonicSetup Tool and the Setup Tool o SonicSetup Requirements o Use SonicSetup (LAB) Apply SonicWALL s New SYN Flood Protection Features o Configure Firewall TCP Settings o Describe the TCP Handshake o Describe how SYN flood is used in Denial Service Attacks o Configure Lay2 and 3 SYN flood Settings o Describe the use of SYN Cookies o Configure SYN WatchList and BlackList (LAB) Applying Advanced User Level Access using LDAP/AD o Define ULA and Deployment Scenarios o List Different Authentication Method o Configure AD/LDAP Authentication (LAB) o Configure LDAP with Radius Authentication Comprehension and Implementation of VoIP environments o VoIP Overview o Understand SIP and H.322 Protocols o Describe Technical Requirements for a VoIP Environment o Describe SonicWALL s VoIP Approach o Understand a typical VoIP Call Flow o Configure SonicWALL VoIP o Troubleshooting VoIP Issues Understanding of Traffic Prioritization using QoS o Define Quality of Service and the QoS Technologies Employed by the SonicWALL o Distinguish between Layer 2 (802.1p QoS) and Layer 3 (DiffServ) Markings o Identify the process of Classification, Marking, Conditioning and Mapping in QoS Traffic Shaping Advance Extension of Firewall Functionality using VLANs o Describe the Advantages and Uses for VLAN Segmentation o Describe SonicOS VLAN Support o Describe a secure VLAN Deployment Scenario o Configure a VLAN Sub-Interface (LAB) o Apply DHCP on VLAN Subnets (LAB) o Apply VLAN Policy Enforcement (LAB) Advance Extension of Firewall Functionality with OSPF Routing o Describe the need for Dynamic Routing
o o o Distinguish between different Dynamic Routing Protocols Describe Autonomous System Topology and OSPF Terminology Configure SonicWALL Advance Routing Services using OSPF (LAB) Network Continuity using Hardware Failover o How Hardware Failover Works o Requirements of Hardware Failover Deployment o Understand the Physical Cabling required for HF Deployment o Understand and Configure HF Settings (LAB)