Gift Guide

CCNP Security FIREWALL 642-617 Official Cert Guide [NOOK Book]


This is the eBook version of the printed book. The eBook does not contain the practice test software that accompanies the print book.

CCNP Security FIREWALL 642-617 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security FIREWALL exam. Senior security consultants and instructors David Hucaby, Dave Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of ...

See more details below
CCNP Security FIREWALL 642-617 Official Cert Guide

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac

Want a NOOK? Explore Now

NOOK Book (eBook)
$31.99 price
(Save 42%)$55.99 List Price


This is the eBook version of the printed book. The eBook does not contain the practice test software that accompanies the print book.

CCNP Security FIREWALL 642-617 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security FIREWALL exam. Senior security consultants and instructors David Hucaby, Dave Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

Learn, prepare, and practice for exam success

  • Master CCNP Security FIREWALL 642-617 exam topics
  • Assess your knowledge with chapter-opening quizzes
  • Review key concepts with exam preparation tasks

CCNP Security FIREWALL 642-617 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

CCNP Security FIREWALL 642-617 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit

The official study guide helps you master all the topics on the CCNP Security FIREWALL exam, including

  • ASA interfaces
  • IP connectivity
  • ASA management
  • Recording ASA activity
  • Address translation
  • Access control
  • Proxy services
  • Traffic inspection and handling
  • Transparent firewall mode
  • Virtual firewalls
  • High availability
  • ASA service modules

This volume is part of the Official Cert Guide Series from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.

Read More Show Less

Product Details

  • ISBN-13: 9780132378611
  • Publisher: Pearson Education
  • Publication date: 10/3/2011
  • Series: Official Cert Guide
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 768
  • File size: 33 MB
  • Note: This product may take a few minutes to download.

Meet the Author

David Hucaby, CCIE No. 4594, is a network architect for the University of Kentucky, where he works with healthcare networks based on the Cisco Catalyst, ASA, FWSM, and Unified Wireless product lines. David has a bachelor of science degree and master of science degree in electrical engineering from the University of Kentucky. He is the author of several Cisco Press titles, including Cisco ASA, PIX, and FWSM Firewall Handbook, Second Edition; Cisco Firewall Video Mentor; Cisco LAN Switching Video Mentor; and CCNP SWITCH Exam Certification Guide.

David lives in Kentucky with his wife, Marci, and two daughters.

Dave Garneau is a senior member of the Network Security team at Rackspace Hosting, Inc., a role he started during the creation of this book. Before that, he was the principal consultant and senior technical instructor at The Radix Group, Ltd. In that role, Dave trained more than 3000 students in nine countries on Cisco technologies, mostly focusing on the Cisco security products line, and worked closely with Cisco in establishing the new Cisco Certified Network Professional Security (CCNP Security) curriculum. Dave has a bachelor of science degree in mathematics from Metropolitan State College of Denver (now being renamed Denver State University). Dave lives in San Antonio, Texas with his wife, Vicki.

Anthony Sequeira, CCIE No. 15626, is a Cisco Certified Systems Instructor and author regarding all levels and tracks of Cisco Certification. Anthony formally began his career in the information technology industry in 1994 with IBM in Tampa, Florida. He quickly formed his own computer consultancy, Computer Solutions, and then discovered his true passion–teaching and writing about Microsoft and Cisco technologies. Anthony joined Mastering Computers in 1996 and lectured to massive audiences around the world about the latest in computer technologies. Mastering Computers became the revolutionary online training company KnowledgeNet, and Anthony trained there for many years. Anthony is currently pursuing his second CCIE in the area of Security and is a full-time instructor for the next generation of KnowledgeNet, StormWind Live.

Read More Show Less

Table of Contents

Introduction xxiii

Chapter 1 Cisco ASA Adaptive Security Appliance Overview 3

“Do I Know This Already?” Quiz 3

Foundation Topics 7

Firewall Overview 7

Firewall Techniques 11

Stateless Packet Filtering 11

Stateful Packet Filtering 12

Stateful Packet Filtering with Application Inspection and Control 12

Network Intrusion Prevention System 13

Network Behavior Analysis 14

Application Layer Gateway (Proxy) 14

Cisco ASA Features 15

Selecting a Cisco ASA Model 18

ASA 5505 18

ASA 5510, 5520, and 5540 19

ASA 5550 20

ASA 5580 21

Security Services Modules 22

Advanced Inspection and Prevention (AIP) SSM 22

Content Security and Control (CSC) SSM 23

4-Port Gigabit Ethernet (4GE) SSM 24

ASA 5585-X 24

ASA Performance Breakdown 25

Selecting ASA Licenses 28

Exam Preparation Tasks 31

Review All Key Topics 31

Define Key Terms 31

Chapter 2 Working with a Cisco ASA 33

“Do I Know This Already?” Quiz 33

Foundation Topics 38

Using the CLI 38

Entering Commands 39

Command Help 41

Command History 43

Searching and Filtering Command Output 43

Terminal Screen Format 45

Using Cisco ASDM 45

Understanding the Factory Default Configuration 50

Working with Configuration Files 52

Clearing an ASA Configuration 55

Working with the ASA File System 56

Navigating an ASA Flash File System 57

Working with Files in an ASA File System 58

Reloading an ASA 61

Upgrading the ASA Software at the Next Reload 63

Performing a Reload 64

Manually Upgrading the ASA Software During a Reload 65

Exam Preparation Tasks 69

Review All Key Topics 69

Define Key Terms 69

Command Reference to Check Your Memory 69

Chapter 3 Configuring ASA Interfaces 73

“Do I Know This Already?” Quiz 73

Foundation Topics 77

Configuring Physical Interfaces 77

Default Interface Configuration 78

Configuring Physical Interface Parameters 80

Mapping ASA 5505 Interfaces to VLANs 80

Configuring Interface Redundancy 81

Configuring VLAN Interfaces 83

VLAN Interfaces and Trunks on ASA 5510 and Higher Platforms 84

VLAN Interfaces and Trunks on an ASA 5505 86

Configuring Interface Security Parameters 88

Naming the Interface 88

Assigning an IP Address 89

Setting the Security Level 90

Interface Security Parameters Example 94

Configuring the Interface MTU 94

Verifying Interface Operation 96

Exam Preparation Tasks 99

Review All Key Topics 99

Define Key Terms 99

Command Reference to Check Your Memory 99

Chapter 4 Configuring IP Connectivity 103

“Do I Know This Already?” Quiz 103

Foundation Topics 107

Deploying DHCP Services 107

Configuring a DHCP Relay 107

Configuring a DHCP Server 108

Using Routing Information 111

Configuring Static Routing 115

Tracking a Static Route 117

Routing with RIPv2 122

Routing with EIGRP 125

Routing with OSPF 134

An Example OSPF Scenario 140

Verifying the ASA Routing Table 144

Exam Preparation Tasks 147

Review All Key Topics 147

Define Key Terms 147

Command Reference to Check Your Memory 148

Chapter 5 Managing a Cisco ASA 155

“Do I Know This Already?” Quiz 155

Foundation Topics 159

Basic Device Settings 159

Configuring Device Identity 159

Configuring Basic Authentication 160

Verifying Basic Device Settings 162

Configuring Name-to-Address Mappings 162

Configuring Local Name-to-Address Mappings 162

Configuring DNS Server Groups 164

Verifying Name-to-Address Mappings 166

File System Management 166

File System Management Using ASDM 166

File System Management Using the CLI 167

dir 168

more 168

copy 168

delete 168

rename 168

mkdir 169

rmdir 169

cd 170

pwd 170

fsck 170

format or erase 171

Managing Software and Feature Activation 171

Managing Cisco ASA Software and ASDM Images 171

Upgrading Files from a Local PC or Directly from 173

License Management 175

Upgrading the Image and Activation Key at the Same Time 176

Cisco ASA Software and License Verification 176

Configuring Management Access 179

Overview of Basic Procedures 179

Configuring Remote Management Access 181

Configuring an Out-of-Band Management Interface 182

Configuring Remote Access Using Telnet 182

Configuring Remote Access Using SSH 185

Configuring Remote Access Using HTTPS 187

Creating a Permanent Self-Signed Certificate 187

Obtaining an Identity Certificate by PKI Enrollment 189

Deploying an Identity Certificate 190

Configuring Management Access Banners 191

Controlling Management Access with AAA 194

Creating Users in the Local Database 196

Using Simple Password-Only Authentication 197

Configuring AAA Access Using the Local Database 198

Configuring AAA Access Using Remote AAA Server(s) 200

Step 1: Create an AAA Server Group and Configure How Servers in the Group Are Accessed 201

Step 2: Populate the Server Group with Member Servers 202

Step 3: Enable User Authentication for Each Remote Management Access Channel 203

Configuring Cisco Secure ACS for Remote Authentication 204

Configuring AAA Command Authorization 207

Configuring Local AAA Command Authorization 208

Configuring Remote AAA Command Authorization 211

Configuring Remote AAA Accounting 214

Verifying AAA for Management Access 215

Configuring Monitoring Using SNMP 216

Troubleshooting Remote Management Access 221

Cisco ASA Password Recovery 223

Performing Password Recovery 223

Enabling or Disabling Password Recovery 224

Exam Preparation Tasks 225

Review All Key Topics 225

Command Reference to Check Your Memory 225

Chapter 6 Recording ASA Activity 233

“Do I Know This Already?” Quiz 233

Foundation Topics 237

System Time 237

NTP 237

Verifying System Time Settings 241

Managing Event and Session Logging 242

NetFlow Support 243

Logging Message Format 244

Message Severity 244

Configuring Event and Session Logging 245

Configuring Global Logging Properties 245

Altering Settings of Specific Messages 247

Configuring Event Filters 250

Configuring Individual Event Destinations 252

Internal Buffer 252

ASDM 253

Syslog Server(s) 255

Email 257

NetFlow 259

Telnet or SSH Sessions 260

Verifying Event and Session Logging 261

Implementation Guidelines 262

Troubleshooting Event and Session Logging 263

Troubleshooting Commands 263

Exam Preparation Tasks 265

Review All Key Topics 265

Command Reference to Check Your Memory 265

Chapter 7 Using Address Translation 269

“Do I Know This Already?” Quiz 270

Foundation Topics 277

Understanding How NAT Works 277

Enforcing NAT 279

Address Translation Deployment Options 280

NAT Versus PAT 281

Input Parameters 283

Deployment Choices 283

NAT Exemption 284

Configuring NAT Control 285

Configuring Dynamic Inside NAT 287

Configuring Dynamic Inside PAT 292

Configuring Dynamic Inside Policy NAT 297

Verifying Dynamic Inside NAT and PAT 300

Configuring Static Inside NAT 301

Configuring Network Static Inside NAT 304

Configuring Static Inside PAT 307

Configuring Static Inside Policy NAT 310

Verifying Static Inside NAT and PAT 313

Configuring No-Translation Rules 313

Configuring Dynamic Identity NAT 314

Configuring Static Identity NAT 316

Configuring NAT Bypass (NAT Exemption) 318

NAT Rule Priority with NAT Control Enabled 319

Configuring Outside NAT 320

Other NAT Considerations 323

DNS Rewrite (Also Known as DNS Doctoring) 323

Integrating NAT with ASA Access Control 325

Integrating NAT with MPF 326

Integrating NAT with AAA (Cut-Through Proxy) 326

Troubleshooting Address Translation 326

Improper Translation 327

Protocols Incompatible with NAT or PAT 327

Proxy ARP 327

NAT-Related Syslog Messages 328

Exam Preparation Tasks 329

Review All Key Topics 329

Define Key Terms 330

Command Reference to Check Your Memory 330

Chapter 8 Controlling Access Through the ASA 333

“Do I Know This Already?” Quiz 333

Foundation Topics 338

Understanding How Access Control Works 338

State Tables 338

Connection Table 339

TCP Connection Flags 342

Inside and Outside, Inbound and Outbound 343

Local Host Table 344

State Table Logging 345

Understanding Interface Access Rules 346

Stateful Filtering 347

Interface Access Rules and Interface Security Levels 349

Interface Access Rules Direction 349

Configuring Interface Access Rules 350

Access Rule Logging 356

Cisco ASDM Public Server Wizard 363

Configuring Access Control Lists from the CLI 364

Implementation Guidelines 365

Time-Based Access Rules 366

Configuring Time Ranges from the CLI 370

Verifying Interface Access Rules 371

Managing Rules in Cisco ASDM 372

Managing Access Rules from the CLI 375

Organizing Access Rules Using Object Groups 376

Verifying Object Groups 387

Configuring and Verifying Other Basic Access Controls 390

uRPF 390

Shunning 392

Troubleshooting Basic Access Control 393

Examining Syslog Messages 393

Packet Capture 395

Packet Tracer 397

Suggested Approach to Access Control Troubleshooting 399

Exam Preparation Tasks 400

Review All Key Topics 400

Command Reference to Check Your Memory 401

Chapter 9 Inspecting Traffic 409

“Do I Know This Already?” Quiz 409

Foundation Topics 415

Understanding the Modular Policy Framework 415

Configuring the MPF 418

Configuring a Policy for Inspecting OSI Layers 3 and 4 420

Step 1: Define a Layer 3—4 Class Map 421

Step 2: Define a Layer 3—4 Policy Map 423

Step 3: Apply the Policy Map to the Appropriate Interfaces 426

Creating a Security Policy in ASDM 427

Tuning Basic Layer 3—4 Connection Limits 431

Inspecting TCP Parameters with the TCP Normalizer 435

Configuring ICMP Inspection 441

Configuring Dynamic Protocol Inspection 441

Configuring Custom Protocol Inspection 450

Configuring a Policy for Inspecting OSI Layers 5—7 451

Configuring HTTP Inspection 452

Configuring HTTP Inspection Policy Maps Using the CLI 454

Configuring HTTP Inspection Policy Maps Using ASDM 461

Configuring FTP Inspection 473

Configuring FTP Inspection Using the CLI 474

Configuring FTP Inspection Using ASDM 476

Configuring DNS Inspection 479

Creating and Applying a DNS Inspection Policy Map Using the CLI 480

Creating and Applying a DNS Inspection Policy Map Using ASDM 482

Configuring ESMTP Inspection 487

Configuring an ESMTP Inspection with the CLI 487

Configuring an ESMTP Inspection with ASDM 489

Configuring a Policy for ASA Management Traffic 492

Detecting and Filtering Botnet Traffic 497

Configuring Botnet Traffic Filtering with the CLI 498

Step 1: Configure the Dynamic Database 498

Step 2: Configure the Static Database 499

Step 3: Enable DNS Snooping 499

Step 4: Enable the Botnet Traffic Filter 499

Configuring Botnet Traffic Filtering with ASDM 501

Step 1: Configure the Dynamic Database 501

Step 2: Configure the Static Database 501

Step 3: Enable DNS Snooping 502

Step 4: Enable the Botnet Traffic Filter 502

Using Threat Detection 503

Configuring Threat Detection with the CLI 504

Step 1: Configure Basic Threat Detection 504

Step 2: Configure Advanced Threat Detection 506

Step 3: Configure Scanning Threat Detection 507

Configuring Threat Detection in ASDM 509

Step 1: Configure Basic Threat Detection 509

Step 2: Configure Advanced Threat Detection 509

Step 3: Configure Scanning Threat Detection 510

Exam Preparation Tasks 512

Review All Key Topics 512

Define Key Terms 513

Command Reference to Check Your Memory 513

Chapter 10 Using Proxy Services to Control Access 515

“Do I Know This Already?” Quiz 515

Foundation Topics 518

User-Based (Cut-Through) Proxy Overview 518

User Authentication 518

AAA on the ASA 519

AAA Deployment Options 519

User-Based Proxy Preconfiguration Steps and Deployment Guidelines 520

User-Based Proxy Preconfiguration Steps 520

User-Based Proxy Deployment Guidelines 520

Direct HTTP Authentication with the Cisco ASA 521

HTTP Redirection 521

Virtual HTTP 522

Direct Telnet Authentication 522

Configuration Steps of User-Based Proxy 522

Configuring User Authentication 522

Configuring an AAA Group 523

Configuring an AAA Server 524

Configuring the Authentication Rules 524

Verifying User Authentication 526

Configuring HTTP Redirection 527

Configuring the Virtual HTTP Server 527

Configuring Direct Telnet 528

Configuring Authentication Prompts and Timeouts 528

Configuring Authentication Prompts 529

Configuring Authentication Timeouts 529

Configuring User Authorization 530

Configuring Downloadable ACLs 531

Configuring User Session Accounting 531

Using Proxy for IP Telephony and Unified TelePresence 532

Exam Preparation Tasks 534

Review All Key Topics 534

Define Key Terms 534

Command Reference to Check Your Memory 534

Chapter 11 Handling Traffic 537

“Do I Know This Already?” Quiz 537

Foundation Topics 541

Handling Fragmented Traffic 541

Prioritizing Traffic 543

Controlling Traffic Bandwidth 547

Configuring Traffic Policing Parameters 550

Configuring Traffic Shaping Parameters 553

Exam Preparation Tasks 557

Review All Key Topics 557

Define Key Terms 557

Command Reference to Check Your Memory 557

Chapter 12 Using Transparent Firewall Mode 561

“Do I Know This Already?” Quiz 561

Foundation Topics 564

Firewall Mode Overview 564

Configuring Transparent Firewall Mode 567

Controlling Traffic in Transparent Firewall Mode 569

Using ARP Inspection 571

Disabling MAC Address Learning 575

Exam Preparation Tasks 579

Review All Key Topics 579

Define Key Terms 579

Command Reference to Check Your Memory 580

Chapter 13 Creating Virtual Firewalls on the ASA 583

“Do I Know This Already?” Quiz 583

Foundation Topics 586

Cisco ASA Virtualization Overview 586

The System Configuration, the System Context, and Other Security Contexts 586

Virtual Firewall Deployment Guidelines 587

Deployment Choices 587

Deployment Guidelines 588

Limitations 588

Configuration Tasks Overview 589

Configuring Security Contexts 589

The Admin Context 590

Configuring Multiple Mode 590

Creating a Security Context 590

Verifying Security Contexts 592

Managing Security Contexts 592

Packet Classification 592

Changing the Admin Context 593

Configuring Resource Management 594

The Default Class 594

Creating a New Resource Class 594

Verifying Resource Management 596

Troubleshooting Security Contexts 596

Exam Preparation Tasks 598

Review All Key Topics 598

Define Key Terms 598

Command Reference to Check Your Memory 598

Chapter 14 Deploying High Availability Features 601

“Do I Know This Already?” Quiz 601

Foundation Topics 605

ASA Failover Overview 605

Failover Roles 605

Detecting an ASA Failure 611

Configuring Active-Standby Failover Mode 612

Step 1: Configure the Primary Failover Unit 613

Step 2: Configure Failover on the Secondary Device 614

Scenario for Configuring Active-Standby Failover Mode 614

Configuring Active-Standby Failover with the ASDM Wizard 616

Configuring Active-Standby Failover Manually in ASDM 618

Configuring Active-Active Failover Mode 621

Step 1: Configure the Primary ASA Unit 622

Step 2: Configure the Secondary ASA Unit 623

Scenario for Configuring Active-Active Failover Mode 623

Tuning Failover Operation 630

Configuring Failover Timers 630

Configuring Failover Health Monitoring 631

Detecting Asymmetric Routing 632

Administering Failover 634

Verifying Failover Operation 635

Leveraging Failover for a Zero Downtime Upgrade 637

Exam Preparation Tasks 639

Review All Key Topics 639

Define Key Terms 639

Command Reference to Check Your Memory 639

Chapter 15 Integrating ASA Service Modules 645

“Do I Know This Already?” Quiz 645

Foundation Topics 648

Cisco ASA Security Services Modules Overview 648

Module Components 648

General Deployment Guidelines 649

Overview of the Cisco ASA Content Security and Control SSM 649

Cisco Content Security and Control SSM Licensing 649

Overview of the Cisco ASA Advanced Inspection and Prevention SSM and SSC 649

Inline Operation 650

Promiscuous Operation 650

Supported Cisco IPS Software Features 650

Installing the ASA AIP-SSM and AIP-SSC 651

The Cisco AIP-SSM and AIP-SSC Ethernet Connections 651

Failure Management Modes 652

Managing Basic Features 652

Initializing the AIP-SSM and AIP-SSC 653

Configuring the AIP-SSM and AIP-SSC 653

Integrating the ASA CSC-SSM 653

Installing the CSC-SSM 653

Ethernet Connections 654

Managing the Basic Features 654

Initializing the Cisco CSC-SSM 654

Configuring the CSC-SSM 655

Exam Preparation Tasks 656

Review All Key Topics 656

Definitions of Key Terms 656

Command Reference to Check Your Memory 656

Chapter 16 Final Preparation 659

Tools for Final Preparation 659

Pearson Cert Practice Test Engine and Questions on the CD 659

Install the Software from the CD 659

Activate and Download the Practice Exam 660

Activating Other Exams 660

Premium Edition 660

The Cisco Learning Network 661

Chapter-Ending Review Tools 661

Suggested Plan for Final Review/Study 661

Using the Exam Engine 662

Summary 663

Appendix A Answers to the “Do I Know This Already?” Quizzes 665

Appendix B CCNP Security 642-617 FIREWALL Exam Updates: Version 1.0 671

Appendix C Traffic Analysis Tools 675

Glossary 707

9781587142796 TOC 8/25/2011

Read More Show Less

Customer Reviews

Average Rating 5
( 1 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Posted October 12, 2011


    Are you preparing for the Cisco FIREWALL v1.0 certification exam? If you are, then this book is for you! Authors David Hucaby, Dave Garneau and Anthony Sequeira, have done an outstanding job of writing book that introduces the Adaptive Security Appliance (ASA) security products, explains how each product is applied, and how it can be leveraged to increase the security of your network. Hucaby, Garneau and Sequeira, begin by discussing basic network security and traffic filtering strategies. Then, the authors review the basic methods that are used to interact with an ASA, and to control its basic operation. The authors also explain how to configure ASA interfaces with the parameters they need to operate on a network. They continue by covering the ASA features related to providing IP addressing through DHCP and to exchanging IP routing information through several different dynamic routing protocols. Next, the authors review the configuration commands and tools that can be used to manage and control an ASA, both locally and remotely. Then, they describe how to configure an ASA to generate logging information that can be collected and analyzed. The authors also describe how IP addresses can be altered or translated as packets move through an ASA. They continue by reviewing access control lists and host shunning, and how these features can be configured to control traffic movement through an ASA. Next, the authors cover the Modular Policy Framework, a method used to define and implement many types of traffic inspection policies. Then, they discuss the features that can be leveraged to control the authentication, authorization, and accounting of users as they pass through an ASA. The authors also cover the methods and features that can be used to handle fragmented traffic, to prioritize traffic for QoS to police traffic rates, and to shape traffic bandwidth. They continue by reviewing the transparent firewall mode, and how it can be used to make an ASA more stealthy, when introduced into a network. Next, the authors discuss the multiple context mode that can be used to allow a single physical ASA device to provide multiple virtual firewalls or security contexts. Then, they cover two strategies that can be used to implement high availability between a pair of ASAs. The authors also explain the basic steps needed to configure an ASA to work with the AIP and CSC Security Services Modules, which can be used to offload in-depth intrusion protection and content handling. Finally, they list the exam preparation tools useful in the study process and provide a suggested study plan. The goal of this most excellent book is to provide the most comprehensive coverage to ensure that you are well prepared for the exam. Perhaps more importantly, this great book can be used as a static reference, whereas the exam topics are dynamic.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)