Cisco Firewall Video Mentor (Video Mentor Series)

( 3 )


“ The Cisco Firewall Video Mentor is an outstanding aide in learning to configure and understand the Cisco Adaptive Security Appliance. Whether you are a newcomer to the ASA or operationally experienced, these videos clearly explain and demonstrate how to configure and manage the ASA from the commandline and from the ASDM GUI.”

—Mark Macumber, Systems Engineer, Cisco

Cisco Firewall Video Mentor is a unique video product that provides you with more than five hours of personal visual instruction from best-selling ...

See more details below
This Multimedia Set (DVD-ROM) is Not Available through
Sending request ...


“ The Cisco Firewall Video Mentor is an outstanding aide in learning to configure and understand the Cisco Adaptive Security Appliance. Whether you are a newcomer to the ASA or operationally experienced, these videos clearly explain and demonstrate how to configure and manage the ASA from the commandline and from the ASDM GUI.”

—Mark Macumber, Systems Engineer, Cisco

Cisco Firewall Video Mentor is a unique video product that provides you with more than five hours of personal visual instruction from best-selling author and lead network engineer David Hucaby. In the 16 videos presented on the DVD, David walks you through common Cisco® firewall configuration and troubleshooting tasks. Designed to develop and enhance hands-on skills, each 10–30 minute video guides you through essential configuration tasks on the Cisco ASA and FWSM platforms and shows you how to verify that firewalls are working correctly.

Lab Layout:

Each video lab presents objectives, dynamic lab topology diagrams, command syntax overviews, and video captures of command-line input and GUI configuration. All of this is coupled with thorough audio instruction by an industry expert making learning easy and engaging.

Network Animation:

Animated network diagrams show you lab setup, device addressing, and how traffic flows through the network.

Command-Line Interface (CLI) Video:

Video screencasts of ASA and FWSM CLI and the ASDM GUI demonstrate command entry, configuration techniques, and device response.

This video product is part of the Cisco Press® Video Mentor Series. The video products in this series present expert training from industry-leading instructors and technologists. This dynamic learning environment combines animations, screencasts, and audio instruction to help users bridge the gap between conceptual knowledge and hands on application.

System Requirements:

  • Microsoft Windows XP, 2000, or Vista
  • Apple OS 9 or later
  • Linux operating systems that have a web browser with Flash 7 or later plug-in
  • Speakers or headphones
  • Color display with a minimum 1024x768 resolution
  • 1 GHz or faster CPU recommended
  • DVD drive
Read More Show Less

Product Details

  • ISBN-13: 9781587201981
  • Publisher: Cisco Press
  • Publication date: 5/20/2008
  • Series: Video Mentor
  • Edition description: DVD-ROM
  • Pages: 90
  • Product dimensions: 7.50 (w) x 9.10 (h) x 1.30 (d)

Meet the Author

David Hucaby, CCIE® No. 4594, is a lead network engineer for the University of Kentucky, where he works with healthcare networks based on the Cisco® Catalyst®, ASA/PIX®/FWSM security, and VPN product lines. David was one of the beta reviewers of the ASA/PIX 7.0 and 8.0 operating system software. David has a B.S. and M.S. in electrical engineering from the University of Kentucky and has worked in the IT field for 19 years. He lives in Kentucky with his wife Marci and two daughters.

Read More Show Less

Table of Contents

Lab 1 Initial Configuration 1

Scenario 1

Initial Configurations 1

Video Presentation Reference 1

Step 1: Connect to the Firewall Console 2

Step 2: Explore the CLI Modes 2

Step 3: Search the CLI Output 3

Step 4: Set the Firewall Hostname and Domain Name 4


Lab 2 Configuring Interfaces 5

Scenario 5

Initial Configurations 5

Video Presentation Reference 5

Step 1: Set the Firewall Mode 6

Step 2: Configure Interface Parameters 6

Step 3: Configure a Physical Interface 6

Step 4: Configure a Redundant Interface 7

Step 5: Configure a Logical VLAN Interface 8


Lab 3 Setting Up Routing 11

Scenario 11

Initial Configurations 11

Video Presentation Reference 12

Step 1: Configure Static Routes 12

Step 2: Configure a Default Route 12

Step 3: Configure the Standby ISP 13

Step 4: Use a Dynamic Routing Protocol 14


Lab 4 Firewall Administration over the Network 15

Scenario 15

Initial Configurations 15

Video Presentation Reference 16

Step 1: Set Up Telnet Access 16

Step 2: Set Up SSH Access 17

Step 3: Set Up ASDM Access 17

Step 4: View ASDM Session Demonstration 18


Lab 5 Using Multiple Security Contexts 19

Scenario 19

Initial Configurations 19

Video Presentation Reference 19

Step 1: Enable Multiple Context Mode 19

Step 2: Create New Security Contexts 20

Step 3: Administer Contexts Through the CLI 22

Step 4: Configure Security Contexts and Their Interfaces 22

Step 5: Learn Context Arrangement23


Lab 6 Using Failover for High Availability 25

Scenario 25

Initial Configurations 25

Video Presentation Reference 29

Step 1: Identify the Failover Role 29

Step 2: Set Up LAN-Based Failover 29

Step 3: Set Up Stateful Failover 31

Step 4: Tune the Unit Failover Threshold 31

Step 5: Set Up the Active-Active Failover Groups 32

Step 6: Define Context Interface Addresses 32

Step 7: Assign Contexts to the Two Failover Groups 34

Step 8: Bootstrap the Secondary Firewall Unit 35

Monitoring Failover Operation 35


Lab 7 Failover in Action 37

Scenario 37

Initial Configurations 38

Video Presentation Reference 38

Scenario 1: Physical Interface Failure 38

Scenario 2: Logical Interface Failure 38

Scenario 3: Failover Unit Failure 39

Scenario 4: Hitless Code Upgrade 39


Lab 8 Setting Up Address Translation and Connection Limits 45

Scenario 45

Initial Configurations 45

Video Presentation Reference 46

Step 1: Configure Static NAT 46

Step 2: Configure Policy NAT 47

Step 3: Configure Identity NAT 48

Step 4: Configure NAT Exemption 48

Step 5: Configure Dynamic NAT and PAT 49

Step 6: Set UDP and TCP Connection Limits 50


Lab 9 Setting Up Firewall Rules 51

Scenario 51

Initial Configurations 51

Video Presentation Reference 52

Step 1: Configure an Access List for the Inside Interface 52

Step 2: Configure an Access List for the Outside Interface 52

Step 3: Configure a Network Object Group 53

Step 4: Configure an Enhanced Service Object Group 54

Step 5: Configure an Access List to Use the Object Groups 55

Lab 10 Setting Up a DMZ 57

Scenario 57

Initial Configurations 57

Video Presentation Reference 58

Step 1: Consider Connections from the Inside Toward the DMZ 59

Step 2: Consider Connections from the DMZ Toward the Outside 59

Step 3: Consider Connections from the Outside Toward the DMZ 59

Step 4: Consider Connections from the DMZ Toward the Inside 60

Step 5: Review the DMZ Access List for Conflicting Entries 60


Lab 11 Setting Up Logging 63

Scenario 63

Initial Configurations 63

Video Presentation Reference 64

Step 1: Send Logging Messages to the Internal Buffer 65

Step 2: Send Logging Messages to an ASDM Session 65

Step 3: Send Logging Messages to a Syslog Server 66


Lab 12 Using MPF to Control Layer 3/4 Connections 67

Scenario 67

Initial Configurations 67

Video Presentation Reference 68

Step 1: Classify Interesting Traffic with a Class Map 69

Step 2: Define a Policy with a Policy Map 69

Step 3: Apply the Policy 70

Step 4: Monitor the Policy 70

Lab 13 Using MPF to Perform QoS Queuing and Policing 71


Scenario 71

Initial Configurations 71

Video Presentation Reference 72

Step 1: Send Traffic to the Priority Queue 72

Step 2: Use a Policer to Limit Bandwidth 73


Lab 14 Using MPF to Tune Application Inspection Engines 75

Scenario 75

Initial Configurations 75

Video Presentation Reference 76

Step 1: Enable an Inspection Engine 76

Step 2: Change the Inspection Engine Listening Port 77

Step 3: Use an Inspection Policy Map 77

Step 4: Use an Inspection Regex Match 78

Lab 15 Testing Security Policies with Packet Tracer 79

Scenario 79

Initial Configurations 79

Video Presentation Reference 83

Step 1: Send an Outbound ICMP Packet Through a Static Address Translation 83

Step 2: Send an Outbound ICMP Packet Through a Dynamic Address Translation 83

Step 3: Send an Inbound ICMP Packet 84

Step 4: Send an Outbound TCP Packet Through an Application Inspection Engine 84


Lab 16 Capturing Traffic 85

Scenario 85

Initial Configurations 85

Video Presentation Reference 89

Step 1: Configure a Raw Data Capture Through the CLI 89

Step 2: Configure an ASP Drop Capture Through the CLI 89

Step 3: Copy the Capture Buffer to an External Host 90

Step 4: Configure a Capture Session with ASDM 90

Read More Show Less



The Cisco Firewall Video Mentor supplies 16 instructional videos that cover a variety of firewall configuration tasks. Because firewall features can be complex and tedious to configure, each video presents a scenario that visually demonstrates a feature configuration step by step, along with a running audio commentary.

This product is one of several in the Cisco Press Video Mentor series. The Video Mentor series offers a learning environment that is different from that of printed books, where you can only read about concepts and look at static examples. With the video labs, you can learn about concepts much as you would in a classroom setting, with a live instructor. As well, you can watch configurations and examples unfold, step by step, with explanations along the way.

The Video Mentor covers the firewall features found in the Cisco ASA 5500 family of security appliances, as well as the Cisco Catalyst 6500 Firewall Services Module (FWSM).Who Should Use the Cisco Firewall Video Mentor?

The Cisco Firewall Video Mentor is intended for people who are involved in firewall installation and administration. Although it is not designed around any specific Cisco course or exam, it can be used to augment self-study books about firewalls and security topics.

Because of the multimedia format, the Video Mentor uses video and audio media to deliver information more effectively than printed material alone—especially for visual learners.Goals and Methods

The Cisco Firewall Video Mentor shows the author's computer desktop as a firewall is being configured and tested. A running audio commentary accompanies the video so that everyactivity is explained.

Most of the video labs follow the same format, using these steps as they are appropriate to the lab:

Step 1.
The video begins by listing goals or topics for the lab.

Step 2. An overview of specific firewall features is given.

Step 3. A scenario involving a firewall feature is presented, and related command syntax is discussed.

Step 4. A terminal emulator window shows how the firewall feature is configured with the command-line interface, step by step.

Step 5. The configuration is reset, and the same scenario is rebuilt using the Adaptive Security Device Manager (ASDM) management tool.Cisco Firewall Video Mentor Contents

The Cisco Firewall Video Mentor contains a DVD and a printed booklet. The DVD consists of a series of 16 video labs. The DVD is viewed on a computer screen and is optimized for display in a 1024x768-pixel minimum area.

The booklet contains information that you can use as a reference while watching the video labs. It is not meant to be a standalone tool. The booklet has a section devoted to each of the 16 video labs, containing the figures and configuration information used in the video.

Each booklet section includes the following:

  • A list of objectives or topics for the video lab

  • A description of the scenario, broken into steps

  • The initial configuration entered in the firewall before the video lab begins

  • The configuration commands that are entered during the video lab

The booklet also includes topology figures from the video labs as appropriate.

The booklet is also available in PDF format on the disc. You can switch between displaying the video and the booklet as you work your way through the video labs.How the Cisco Firewall Video Mentor Is Organized

When the DVD starts, the Cisco Firewall Video Mentor application displays the list of 16 video labs. From the initial menu, you can also view an introductory video that describes the entire product. The video labs are organized as follows:

Lab 1, "Initial Configuration": This lab demonstrates how a new firewall can be configured for the first time. The command-line interface (CLI) is used while the computer is connected to the firewall console.

Lab 2, "Configuring Interfaces": This lab shows how the firewall mode (transparent or routed) is set. Then a variety of firewall interfaces, both physical and logical, are configured.

Lab 3, "Setting Up Routing": In this lab, sources of routing information are configured. Static routes, default routes, standby ISPs, and the OSPF dynamic routing protocol are all demonstrated.

Lab 4, "Firewall Administration over the Network": This lab shows how a firewall can be configured for remote management through Telnet, SSH, and ASDM sessions.

Lab 5, "Using Multiple Security Contexts": This lab demonstrates how a single physical firewall platform can be configured to run multiple instances of virtual firewalls or security contexts.

Lab 6, "Using Failover for High Availability": In this lab, two firewalls are configured as a failover pair. This enables them to operate in a redundant fashion, increasing their availability during a failure.

Lab 7, "Failover in Action": This lab demonstrates several different kinds of failures, triggering the failover operation presented in Lab 6. A "hitless" upgrade is also shown, in which the operating system of each firewall in a failover pair is upgraded without impacting the traffic passing through.

Lab 8, "Setting Up Address Translation and Connection Limits": This lab shows examples of six different ways to configure address translation on a firewall.

Lab 9, "Setting Up Firewall Rules": In this lab, security policies are defined through access list configuration. Furthermore, access lists are configured in a more organized, compact fashion with object groups.

Lab 10, "Setting Up a DMZ": This lab demonstrates how additional interfaces can be added to a firewall, beyond the simple "inside" and "outside" interfaces.

Lab 11, "Setting Up Logging": In this lab, a firewall is configured to generate and send logging messages to a collection point. After they are collected, the messages can be analyzed, or they can become a record for an audit trail.

Lab 12, "Using MPF to Control Layer 3/4 Connections": This lab demonstrates how the Modular Policy Framework (MPF) is used to define a policy that sets connection limits on UDP and TCP connections.

Lab 13, "Using MPF to Perform QoS Queuing and Policing": In this lab, the MPF is used to configure priority queuing policies that handle specific types of traffic more efficiently than other traffic. In addition, policing is used to limit the bandwidth used by certain types of traffic.

Lab 14, "Using MPF to Tune Application Inspection Engines": This lab shows how a firewall can be configured to change how it inspects traffic related to specific applications.

Lab 15, "Testing Security Policies with Packet Tracer": This lab demonstrates the Packet Tracer tool and how it can be used to verify a firewall's configuration. A virtual packet is sent from one interface to another, with a graphical display showing what happens to the packet at each step along the way.

Lab 16, "Capturing Traffic": In this lab, a firewall is configured to capture traffic for further analysis. Both the CLI and ASDM are used to configure a capture session and to display the packets captured.

© Copyright Pearson Education. All rights reserved.

Read More Show Less

Customer Reviews

Average Rating 5
( 3 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 3 Customer Reviews
  • Posted January 3, 2010

    If you work with Cisco ASA Firewalls - this is for you!

    An excellent tutorial on the ASA series...

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted September 29, 2008

    Excellent learning tool for cisco firewall devices

    The Cisco Firewall Video Mentor 'ISBN:1587201984' by David Hucaby is a step-by-step video training guide for configuring the PIX or ASA firewall and is a must for beginner and intermediate level engineers. Hucaby is a natural at teaching and the video and audio make for a smooth learning experience. It comes with a handy 90 page book that follows labs but is also a great command and process reference guide to keep at your desk. Hucaby moves along fairly quickly so you never get bored and it¿s easy to stop the video if you need to do a bit more research. Because he moves at a perfect speed, I found myself watching areas that I was already familiar with because I wanted to see if there was something he might do differently. I never felt as though I had wasted my time after finishing any of the sections. One thing I really like about this is you can be completely new to Cisco and he gives you the essential tools you need to know to hit the ground running. I feel strongly that I could give this to a IT professional new to Cisco and help them feel relatively comfortable with the basics of a Cisco firewall. But it¿s not just the basics it covers more advanced features like MPF, rules, traffic capture, etc.. The layout of the video is perfect and allows Hucaby to quickly move through the bottom console while displaying commands, images, and other data at the top of the screen. It¿s also easy and quick to navigate through the various labs. I used a pretty old computer yet I could jump from one lab to the middle of another in a very reasonable amount of time. The time is always on the bottom of the layout so you can remember exactly where you were at one point for later reference or research. Not only does Hucaby cover configurations on the command line interface but he also does demonstrations in the ADSM. Right after he completes a CLI config, he removes it and shows the same config in the ADSM. I¿m still not a fan of using the ADSM graphical user interface but it was nice to see commands translate from the CLI to the GUI. I¿d have to say what I was most impressed with was how Hucaby often spends a lot of time explaining why he is doing something, as opposed to someone who moves from step to step with little value to add. For example, in the chapter titled Packet Capture, he goes through all of the command syntax arguments before he actually types the command. After covering the syntax, you feel a lot more comfortable as he types the particular command arrangement. Overall, I¿m very impressed with this publication and I will seek others like it for more Cisco topics.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted August 1, 2008

    Firewall Mentor for the Novice or the Expert

    This video provides a great learning experience, David really explains and describes the technology in a straight forward manner. If you are a novice or an expert looking to learn from scratch or just brush up on Multiple Context Mode than this is the resource for you. One great thing I find is when David says firewall he is usually specific as to mention PIX/ASA/FWSM and believe me this is important because some features are platform specific. The videos strike a good balance in that they are not horribly long and winding yet they provide enough information on the subject matter. It is a great learning tool because you feel like you are taking part in the exercises and you can with the provided manual or pdf. Every topic is easily broken down into its own lab/chapter so it's easy to learn and review the subject you want without hassle. David's explanations are very precise and simple to follow, he is a great instructor in this video and you will feel confident behind the cli once you are done.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 3 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)