I wanted to write up a review of my experience with Micronics Learning Z2H Security class. A lot of folks have asked me both on Twitter and on forums about it. I was lucky enough to attend the first class they had late in 2015 and it was honestly one of the best uses of my money for training that I've ever spent. If you're looking for CCIE Security v5 training or just Cisco security training in general, this is probably the best class on the market to get it. Since they are a Cisco Learning Partner, they do accept Cisco Learning Credits definitely can help if you have an employer that will only purchase training with learning credits.
Rapid Threat Containment with ISE 2.1 and Firepower 6.1
In this post, I'm going to go through Rapid Threat Containment utilizing both ISE and Firepower. The pre-requirements in order to do this is to have configured pxGrid between ISE and the Firepower Management Center (FMC) prior. If you would like to know how to do so, I went over how to do it with self-signed certificates in this post here or CA-signed certificates in this post here.
StealthWatch 6.8 and ISE Integration with Self-Signed Certificate
I'm going to go over integration ISE 2.1 and Stealthwatch via pxGrid with self-signed certificates. I personally like using CA-Signed certificates for my deployment because if I ever need to rebuild an ISE instance or pxGrid client, it's extremely easy to get it up and running again with a CA-signed certificate but this isn't always the ideal situation for everyone. For those without a PKI infrastructure or for lab environments, it's pretty easy to set up pxGrid integration without an external PKI infrastructure.
Firepower 6.0 pxGrid Integration with ISE - Self-signed Certificates
WSA Setup
Configuring NetFlow for my lab
ISE 2.1 and WSA pxGrid Integration with Self-Signed Certificates
Connecting Firepower to the AMP Cloud
If you are using AMP for Endpoints in your lab or implementation, I would highly recommend adding the cloud connection to your Firepower Management Center. The reason you would do this is that it allows you to import threat identifications, indications of compromise (IOC), and other malware-related information that the AMP cloud gathers from the endpoints.
Firepower 6.0 pxGrid Integration with ISE - CA-Signed Certificate
In this post, I'm going to go through the configuration of Firepower v6.0.x for pxGrid integration with ISE using CA-signed certificates. In future posts, I'm planning on going through the configuration for both Firepower 5.4 and 6.0 using both self-signed and CA-signed certificates. The reason I plan on doing that is because they are slightly different and it's important to know this.
Firepower Setup and Policy Creation
ASA TrustSec Configuration
In this blog post, I'll go over the configuration of the ASA for TrustSec. This is for the native ASA code - not Firepower. I'll be going over Firepower separately in later blog posts. I'll be going over the configuration of TrustSec, SXP, and writing SGACLs for the ASA in this post. I'll be mostly utilizing the ASDM to make things a little easier and simpler to follow along with.
ASA Basic Configuration
ISE 2.1 - Switch and Wireless Controller TrustSec Configuration
In this blog post, I'll go through the configuration for TrustSec and SXP for both my Catalyst 3650 switch and wireless controller. I'll walk through the configuration, create the SXP connection, and verify. After that, I'll test out a policy by connecting a client to the switch, watching the tag be applied on ingress and the policy applied.
Nexus 1000v TrustSec Configuration
ISE 2.1 - TrustSec Overview and ISE Configuration
In this blog post, we're going to go over the configuration of TrustSec in ISE 2.1. This configuration also applies to ISE 2.0 as well for the most part. While TrustSec is not a required configuration for a secure ISE deployment, it definitely has some great advantages. It's a security architecture utilizing security group tags (SGTs) that allows that network to enforce access control policy, reduce ACL complexity, and can be utilized for policy in other security devices which I will go into further in later blog posts when I go over pxGrid on different systems.
Nexus 1000v - Installation
ISE 2.1 and WSA pxGrid Integration with CA-Signed Certificates
This blog post is going to be going over integration ISE 2.1 and WSA via pxGrid with CA-signed certificates. I personally like using CA-Signed certificates for my deployment because if I ever need to rebuild an ISE instance or pxGrid client, it's extremely easy to get it up and running again with a CA-signed certificate.
ISE 2.1 - Configuration of AMP & ISE Integration
This post is going to go over the integration of ISE 2.1 and AMP for Endpoints. ISE 2.1 introduces the concept of a "Threat Centric NAC" which allows you to configure vulnerabiltiy and threat adapters to send high fidelity Indicators of Compromise (IoC), Threat Detected events, and CVSS scores to ISE so that threat-centric access policies can be created to change the privilege of the endpoint accordingly.