CCIE Security v5 :: TCP Interception

This article accompanies the demonstration video I have created below. TCP interception is a CCIE Security version 5 blueprint topic. What is TCP interception? TCP interception is a method used to protect against TCP SYN-flooding attacks. This is achieved by intercepting TCP connection requests (SYN packets) and verifying the connection before passing the original TCP SYN packet [...]

Cisco :: Configuring Smart License Software

In this article, I would like to demonstrate how to configure Cisco Smart Licensing on the virtual Cisco Adaptive Security Appliance (ASAv). This post assumes that readers already have access to there own Smart Account and would like to know the process of applying licenses. Step 1: Generate ID Token Sign into your Cisco Software [...]

CCIE Security v5 :: ASA Packet Processing Post 8.3 Code

In this article, I will share my notes on the ASA packet process for version 8.3+. Domain 1.0 off the CCIE Security version blueprint focuses on perimeter security and intrusion prevention, both of which include the ASA. In order to understand the ASA and how it works, it is important to understand how packets are processed [...]

Cisco :: Configuring ASAv Active/Standby Failover

In this article, I will share the configurations used in the within the video below. The configurations enable one to configure Active/Standby ASA's with failover and redundant failover links. I have included the topology below as a reference.   ASAv1 Configurations #Interface redundant 1 #Member-interface g0/0 #Member-interface g0/1 #No shutdown #Interface G0/0 #No shutdown #Interface [...]

CCIE Security v5 :: Adding Remote FTD Device To The FMC

In this article, I wanted to demonstrate how we can add a Firepower Threat Defence appliance to an FMC located at another site. Let's take a fictitious scenario to provide some context to why and how we configure the FTD device the way we do. Scenario Currently Synack Corp has one Firepower Management Center (FMC) [...]