This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

(3 days Training)

Tuesday 17 March 2020– Thursday 19 March 2020

Requirement

XG Firewall _ Certified Engineer course and delta modules up to version 18.0

Recommended Knowledge
Knowledge of networking to a CompTIA N+ level
Knowledge of IT security to a CompTIA S+ level
Experience configuring network security devices
Be able to troubleshoot and resolve issues in Windows networked environments
Experience configuring and administering Linux/UNIX systems

Content

Module 1: Deployment
Module 2: Base Firewall
Module 3: Network Protection
Module 4: Synchronized security
Module 5: Web server Protection
Module 6: Site to site connections
Module 7: Authentications
Module 8: Web Protection
Module 9: Wireless
Module 10: Remote Access
Module 11: High Availability
Module 12: Public Cloud

Certification

+ exam: Sophos XG Architect

Duration: 3 Days

Agenta

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 17th March  2020

9:30-10:45 Module 1: Module 1: Deployment and Lab

  • Recall important information from Engineer courses
  • Deployment modes supported by the XG Firewall
  • Understand a range of scenarios where each deployment mode would commonly be used
  • Use built-in tools to troubleshoot issues
  • Labs

10:45-11:00 Break
11:00-13:00 Module 2: Base Firewall

  • Explain how the XG firewal can be accessed
  • Understand the types fo interfaces that can be created
  • Understand the benefits of Fast Path Technology
  • Configure routing per firewall rule
  • Understand best practice for ordering firewall rules
  • Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Break
14:00-16:00 Base Firewall

  • Activate the Sophos XG Firewalls
  • Post installation Configuration
  • Bridge interfaces
  • Create a NAT rule to load balance access to servers
  • Create a local NAT policy
  • Configure routing using multiple WAN links
  • Configure policy-based routing for an MPLS scenario
  • Install Sophos Central

16:00-16:15 Break
16:15-17:15 Module 3: Network Protection and Lab

  • Explain what IPS is and how traffic can be offloaded to Fastpath
  • Demonstrate how to optimize workload y configuring IPS policies
  • Examine advanced Intrusion Prevention and optimize policies
  • Configure advanced DOS Protection rules
  • Demonstrate how the strict policy can be used to protect networks
  • Labs- Create Advanced DoS Rules

Day 2 Wednesday 18th March 2020

9:30-11:00: Module 4: Synchronized Security and Labs

  • Explain how Security Heartbeat works
  • Configure Synchronized Security
  • Deploy Synchronized Security in discover and inline modes
  • Understand the advantages and disadvantages of deploying
  • Synchronizes Security in different scenarios
  • Labs
  • Configure source-Based Security
  • Hearteat firewall rules
  • Destination based Security Heartbeat
  • Missing Security Heartbeat
  • Lateral Movement Protection

11:00-11:15 Break
11:15-13:45 Module 5 Webserver Protection and Labs

  • Explain how Websever Protection works
  • Describe protection features for a web application
  • Configure Web Server authentication
  • Publish a web service using the Web Application Firewall
  • Use the preconfigured templates to configure Web Server Protection for common purposes
  • Configure SlowHTTP protection
  • Labs (Web Application Firewall)
  • Labs (Load balancing with Web Server Protection)
  • Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Break and Launch
14:45-17:45 Module 5: Red Management

  • Configure and deploy site to site VPNs in a wide range of environment
  • Implement IPsec NATing and failover
  • Check and modify route precedence
  • Create RED tunnels between XG firewalls
  • Understand when to use RED
  • Labs ( Create an IPsec site to site VPN
  • Labs ( Configure VPN network NATing )
  • Labs (Configure VPN failover)
  • Labs (Enable RED on the XG firewall)
  • Labs (Create a RED tunnel between two XG Firewalls
  • Labs (Configure routing for the RED tunnel)
  • Labs (Configure route-based VPN)

Day 3 Thursday 19th March 2020

9:00-10:00 Module 7: Authentications and Labs

  • Demonstrate how to configure and use RADIUS accounting
  • Deploy STAS in large and complex environment
  • Configure SATC and STAS together
  • Configure Secure LDAP and identify the different secure connections available
  • Labs (configure an Active Directory Authentication server)
  • Labs (configure single sing-on using STAS
  • Labs (Authenticate users over a site to site VPN)

10:00-11:15 Module 8: Web Protection

  • Choose the most appropriate type for web protection in different deployment scenarios
  • Enable web filtering using the DPI engine or legacy web proxy
  • Configure TLS inspection using the DLP engine or legacy web proxy
  • Labs (Install the SSL CA certificate)
  • Labs (Configure TLS inspection rules)
  • Labs (Create a custom web policy for users)

11:15-11:30 Break
11:30-12:15 Module 9: Wireless

  • Explain how Sophos Access Points are deployed and identify some common issues
  • Configure RADIUS authentication
  • Configure a mesh network

12:15-13:05 Module 10: Remote Access

  • Configure Sophos Connect and manage the configuration using Sophos Connect Admin
  • Configure an IPsec remote access VPN
  • Configure an L2TP remote access VPN for mobile devices
  • Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability 

  • Explain what HA is and how it operates
  • Demonstrate how to configure HA and explain the difference between quick and manual configuration
  • List the prerequisites for high availability
  • Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
  • Explain the packet flow in high availability
  • Demonstrate how to disable HA
  • Labs (Create an Active-Passive cluster)
  • Labs (Disable High Availability)

14:25-15:05 Break and Launch

15:05-16-15 Public Cloud and Labs

  • Deploy XG firewall in complex network enviroments
  • Explain how XG firewall process traffic and use this information to inform the configuration
  • Configure advanced networking and protection features
  • Deploy XG firewall on public cloud infrastructure
  • Labs (Put a service in debug mode to gather logs)
  • Labs (Retrieving log files)
  • Labs (Troubleshoot an issue from an imported configuration file)
  • Labs (Deploy an XG Firewall on Azure (simulation)

16:15 (Exams)