This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos.

The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

(3 days Training)

Tuesday 26 February 2019 – Thursday 28 February 2019

Requirement

Participants should have the  Xg Engineer Certification

Recommended Knowledge

Knowledge of networking to a CompTIA N+ level

Knowledge of IT security to a CompTIA S+ level

Experience configuring network security devices

Be able to troubleshoot and resolve issues in Windows networked environments

Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Enterprise Deployment Scenarios
• Module 2: Advanced Firewall
• Module 3: Authentication
• Module 4: Webserver Protection
• Module 5: RED Management
• Module 6: Wireless Protection
• Module 7: Enterprise VPN
• Module 8: High Availability
• Module 9: Troubleshooting
• Module 10: Sizing

Certification

+ exam: Sophos XG Architect

Duration 3 days

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 26 February  2019

9:30-10:15 Module 1: Enterprise Deployment Scenarios Part I

• Bridge mode
• Gateway mode
• Mixed mode

10:15-10:30 break

10:30-12:00 Enterprise Deployment Scenarios Part I

• VLAN
• Link Aggregation
• Routing protocols

12:00-12:15 Break

12:15-13:45 Advanced Firewall  Part I

• Stateful inspection
• Strict policy
• Fast path
• Intrusion prevention
• Anti Dos/floofing
• Advanced Threat Protection

13:45-14:45 Break Lunch

14:45-16:15 Advanced Firewall  Part II

• Asymmetric routing
• Local NAT policy
• DHCP options
• Bind to existing DHCP scope
• Country list
• Drop packet capture
• IPS tuning

16:15-16:30 Break

16:30-17:15 Webserver Protection

• Overview
• Web Servers
• Application Protection policies
• Path specific routing
• Authentication policies
• Certificates

Day 2  Wednesday 27 February 2019

9:30-10:15 Module 4: Authentication

• Single sign-on (SSO)
• LDAP integration
• Secure LDAP
• STAS (Sophos Transparent Authentication Suite
• Troubleshooting STAS

10:15-10:30 Διάλειμμα

10:30-12:00 Authentication part II

• Sophos Authentication for Thin clients (SATC)
• Troubleshooting SATC
• NTLM
• Troubleshooting NTLM

12:00-12:15 Break

12:15-13:45 Module 5: Red Management

• Overview
• RED Models
• Deployment
• Adding a RED interface
• Balancing and failover
• VLAN port configuration

13:45-14:45 Break- Lunch

14:45-15:30 Module 6: Wireless Protection

• Overview
• Access Points
• Wireless networks
• Security modes
• Deployment
• Built-in wireless
• Mesh networks
• Radius authentication
• Class Activity

15:30-15:45 Break

15:45-17:15 Module 7: Enterprise VPN

• Huge and spoke topology
• Ipsec VPN configuration
• Ipsec VPN policies
• NAT overlap
• Route precedence
• VPN failover
• Logs
• Troubleshooting

Day 3 Thursday 28 February 2019

9:30-11:00 Module 8: High Availability

• Overview
• Prerequisites
• HA packet flow
• Configuration
• HA status
• Console commands
• Logs
• General Administration

11:00-11:15  Break

11:15-12:00 Module 9: Troubleshooting

• Consolidated Troubleshooting Report
• SF loader
• Tcpdump

12:00-12:15 Break

12:15-13:45 Module 10: Sizing

• Hardware appliance models
• Hardware appliance sizing
• Software and virtual devices
• Sizing scenarios
• Class activity

13:45-14:45 Break – Lunch

14:45-17-15 Labs and Exams