The questions for each certification exam are a closely guarded secret. But even if you obtained the questions and passed the exam, you would be in for quite an embarrassment as soon as you arrived at your first job that required PIX skills. The point is to know the material, not just to successfully pass the exam. We know what topics you must understand to pass the exam. Coincidentally, these are the same topics required for you to be proficient with the PIX Firewall. We have broken these into “foundation topics” and cover them throughout this book. Table I-1 describes each foundation topic.
Table I-1 CSPFA Foundation Topics Reference
Number Exam Topic Description
1 Firewalls Firewalls process network traffic in three different ways. Chapter 2 discusses these technologies and their advantages.
2 PIX Firewall overview Chapter 2 explains the PIX Firewall’s design and its advantages compared to other firewall products.
3 PIX Firewall models Currently, the PIX Firewall has six different models. Chapter 3 discusses each model, its specifications, and how and when it is applied.
4 PIX Firewall licensing Chapter 3 discusses the different licensing options available for the PIX Firewall and how each license applies.
5 User interface The CLI is one of the methods used to configure the PIX Firewall.
Chapter 6 covers the CLI and many of the commands used to configure the firewall.
6 Configuring the PIX
Firewall
Many different commands are used to configure the PIX Firewall.
These commands are discussed in Chapters 6 through 15.
7 Examining the PIX
Firewall status
Verifying the configuration of the PIX Firewall helps you troubleshoot connectivity issues.
xxv
Reference
Number Exam Topic Description
8 Time setting and NTP
support
It is important to ensure that your firewall time is synchronized with your network. Chapter 6 covers the commands for configuring time on the PIX Firewall.
9 ASA security levels The Adaptive Security Algorithm is a key component of the PIX Firewall. It is discussed in great detail in Chapters 2, 3, 5, and 6.
10 Basic PIX Firewall
configuration
The basic configuration of the PIX Firewall is discussed in Chapter 6.
11 Syslog configuration The logging features of the PIX Firewall are covered in Chapter 8.
12 Routing configuration Because the firewall operates at multiple layers of the OSI model, it can route traffic as well as filter it. The route commands for the PIX Firewall are discussed in Chapter 6.
13 DHCP server
configuration
The PIX Firewall can function as both a DHCP server and a DHCP client. These configurations are covered in Chapters 3 and 6.
14 Transport Protocols The transport layer protocols and how they are handled by the PIX Firewall are discussed in Chapter 5.
15 Network Address
Translation
Network Address Translation is used by many different firewalls to secure network segments. This is discussed in Chapters 5 and 6.
16 Port Address
Translations
Port Address Translation is a method used by the PIX Firewall to NAT multiple internal sources to a single external address. This
configuration is covered in Chapters 5 and 6.
17 Configuring DNS
support
As a perimeter device, the PIX Firewall must support the Domain Name Service. Configuring DNS on the PIX is discussed in Chapter 5.
18 ACLs Access control lists are used to allow or deny traffic between different network segments that attach via the PIX Firewall. Configuring ACLs is discussed in Chapter 7.
19 Using ACLs Configuring ACLs is discussed in Chapter 7.
20 URL filtering The PIX Firewall can be configured to work with other products to perform URL content filtering. This is done to ensure that users use company assets in accordance with company policies. Configuring the PIX for content filtering is discussed in Chapter 12.
21 Overview of object
grouping
Service, host, and network objects can be grouped to make processing by the firewall more efficient. Object grouping is discussed in Chapter 7.
22 Getting started with group objects
Object grouping is discussed in Chapter 7.
23 Configuring group
objects
Object grouping is discussed in Chapter 7.
Table I-1 CSPFA Foundation Topics (Continued)
xxvi
Reference
Number Exam Topic Description
24 Nested object groups Object groups can be nested into other object groups. Object grouping is discussed in Chapter 7.
25 Advanced protocols Many advanced protocols require special handling by the firewall.
Some protocols require multiple inbound and outbound connections.
The handling of advanced protocols by the PIX Firewall is discussed in Chapter 7.
26 Multimedia support Multimedia protocols are considered advanced protocols. The handling of advanced protocols by the PIX Firewall is discussed in Chapter 7.
27 Attack guards The PIX Firewall can be configured to recognize an attack and react to it. This is covered in Chapter 15.
28 Intrusion detection The PIX Firewall can be configured to perform as an Intrusion Detection System as well as a firewall. It also can be configured to work with external IDSs. These issues are covered in Chapter 15.
29 Overview of AAA AAA is a method of ensuring that you can verify who is accessing your network resources, restrict their access to specific resources, and keep track of what actions they take on the network. Configuring the PIX Firewall to support AAA is discussed in Chapters 13 and 14.
30 Installation of CSACS for Windows NT/2000
CSACS is a Cisco AAA server product. Installing and configuring CSACS is covered in Chapter 13.
31 Authentication
configuration
Configuring CSACS is discussed in Chapters 13 and 14.
32 Downloadable ACLs Configuring CSACS is discussed in Chapters 13 and 14.
33 Understanding
failover
Mission-critical systems require high-availability solutions to minimize any chance of network outages. Two PIX firewalls can be configured as a high-availability solution. This configuration is covered in Chapter 9.
34 Failover configuration PIX failover configuration is discussed in Chapter 9.
35 LAN-based failover
configuration
PIX failover configuration is discussed in Chapter 9.
36 PIX Firewall enables a secure VPN
Dedicated circuits between different locations can be cost-prohibitive.
It is much less expensive and just as secure to create an encrypted connection between those locations across public network space.
Configuring virtual private networks is discussed in Chapter 10.
37 IPSec configuration tasks
Configuring virtual private networks is discussed in Chapter 10.
38 Prepare to configure VPN support
Both ends of a virtual private network must have a termination point.
The PIX Firewall can be configured as a VPN termination point.
Configuring virtual private networks is discussed in Chapter 10.
Table I-1 CSPFA Foundation Topics (Continued)
xxvii
Reference
Number Exam Topic Description
39 Configure IKE
parameters
IKE is a key exchange method used to ensure that the encrypted connection is not easily compromised.
Configuring virtual private networks is discussed in Chapter 10.
40 Configure IPSec
parameters
IP Security (IPSec) is a standard for creating an encrypted VPN connection. Configuring virtual private networks is discussed in Chapter 10.
41 Test and verify VPN
configuration
Configuration and troubleshooting of Virtual Private Networks is discussed in Chapter 10.
42 Cisco VPN Client Remote users can create a VPN from their computers to the company network using VPN client software. Configuring virtual private networks and VPN client software is discussed in Chapter 10.
43 Scale PIX Firewall
VPNs
Configuring virtual private networks is discussed in Chapter 10.
44 PPPoE and the PIX
Firewall
PPPoE is used to connect multiple hosts via a single dialup or broadband connection. Some PIX Firewall models support PPPoE.
This topic is covered in Chapter 10.
45 Remote access The PIX Firewall can be managed either locally or remotely.
Configuring the PIX to allow remote access is discussed in Chapter 4.
46 Command-level
authorization
Remote management of the PIX Firewall is discussed in Chapter 4.
47 PDM overview The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.
48 PDM operating
requirements
The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.
49 Prepare for PDM The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.
50 Using PDM to
configure the PIX Firewall
The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.
51 Using PDM to create
a site-to-site VPN
The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.
52 Using PDM to create
a remote access VPN
The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.
Table I-1 CSPFA Foundation Topics (Continued)
xxviii