Description

The SD-WAN & Security Bootcamp (SDWANAB) v20.1.x course is an intensive 3-day instructor-led training with heavy focus on how to deploy and configure the most relevant features of the SD-WAN solution. It covers both on-prem and cloud deployment details, and dives into the details of control, data and security policies. Students spend more than 50% of time in a dedicated lab environment, where they deploy the SD-WAN solution from scratch, including controllers bring-up, device templates configuration, control, data and security policies definitions, and deployment.

Objectives

Upon completing this course, the learner will be able to meet these overall objectives:
  • Design and Deploy on-prem and cloud SD-WAN controllers
  • Utilize device templates to centralize configuration management
  • Design and implement control policies
  • Design and implement data policies
  • Design and implement direct Internet access
  • Design and implement application aware policies
  • Design and implement security policies (ENT FW, IPS, AMP, TG, Umbrella)

Outline

The course contains these components:
SD-WAN Basics
  • SD-WAN Architecture overview
  • Deploying the controllers on-prem
    • Lab: Configuring a redundant vSmart Controller
  • Cisco Cloud Delivered Controllers Specifics
  • Deploying WAN EDGE Routers
    • Lab: Configuring WAN Edge Routers
  • Zero Touch Provisioning (ZTP/PnP)
  • Network Address Translation (NAT) Traversal
  • High Availability and Scaling
  • Migration from Traditional WAN to SD-WAN
  • SD-WAN Multi-Tenancy
    • Demonstration: Multi-tenancy Configuration
SD-WAN Templates and Policies
  • Configuration Templates
    • Lab: Using Configuration Templates
  • Service Side Routing
    • Lab: Configuring OSPF
  • Policy Basics
  • Centralized Policies
    • Lab: Configuring topologies
  • Localized Policies
    • Configuring OSPF metric-type and cost
    • Cisco SD-WAN Lawful Intercept
  • Cloud optimization with Cloud OnRamp
  • Cloud OnRamp for SaaS
  • Cloud OnRamp for IaaS
  • Policy Applications
    • Quality of Service
    • Lab: QoS
    • Network Address Translation
    • NAT Policies
SD-WAN Security
  • Policy Applications
    • Application-Aware Routing
    • Lab: Application Aware Routing
    • Service Chaining
    • Lab: Service Chaining
  • SD-WAN Security Overview
  • Enterprise Firewall with Application Awareness
  • Unified Threat Defense
    • Intrusion Detection-Prevention System
    • Umbrella DNS Security
    • Umbrella Secure Internet Gateway
    • URL Filtering
    • Advanced Malware Protection
    • TLS/SSL Decryption Proxy
    • Threat Grid
  • Security Policies
    • Compliance
    • Lab: Configuring a Compliance Policy
    • Guest Access
    • Lab: Configuring a Guest Access Policy
    • Direct Cloud Access
    • Direct Internet Access
    • Lab: Configuring a DIA Policy
    • Custom Policies
    • Lab: Configuring Custom Security Policies
  • Using APIs
    • Lab: Configuring and using vManage APIs
  • Licensing

Prerequisite Knowledge

The knowledge and skills that a learner should possess before attending this course are as follows:
  • Solid understanding of WAN technologies
  • Basic understanding of the SD-WAN solution