The Cisco Secure SD-WAN and SASE Deep Dive Design and Operations (SDWANBDO) v.17.3 20.3 is a 3-day instructior-led or virtual instructor-led course where the focus is on the fundamentals of the solution; it enables participants to deploy the solution in a lab, learn about the architecture and fundamental principles. To actually design and operate a real-life SD-WAN network, more in-depth knowledge is required. WAN Edge devices are CSR1000v (cEdge) and vEdge Cloud virtual routers running IOS XE 17.3 / 20.3 release. It is a high-end training, focused on the detailed design and operation of a real-life network, with 50% personal lab exercises.

The SDWANBDO course that is part of Cisco Black Belt Academy Aligned Content. It belongs to the stage: Black Belt SD-WAN Deployment Stage-3.

Choose date

Price chage currency
Date: from 24.11.2021 to 26.11.2021
Language: English
Location: Online (CET, UTC+01:00)
2850 $ Book now
Date: from 13.12.2021 to 15.12.2021
Language: English
Location: Online (CET, UTC+01:00)
2850 $ Book now
Date: from 17.1.2022 to 19.1.2022
Language: English
Location: Online (CET, UTC+01:00)
2850 $ Book now
Date: from 31.1.2022 to 2.2.2022
Language: English
Location: Online (CET, UTC+01:00)
2850 $ Book now


Upon completing this course, the learner will be able to meet these overall objectives:
  • Designing of complex SD-WAN networks with real-life network topologies and scenarios.
  • Operating a SD-WAN network, including change management, monitoring and troubleshooting guides (including better understanding of Cisco SD-WAN policy engine) .
  • Securing your network with SD-WAN and selecting the best suited security model ranging from dedicated security to moving towards SASE
  • Integrating Amazon AWS with practical lab exercises, and understanding SaaS and IaaS in multi-cloud environments (Amazon AWS, Microsoft Azure, Google Cloud)
  • An introduction to multi-domain: Interfacing SD-WAN deployments with SDA and ACI architecture.


The course contains these components:
  • Part 1: Installing devices (quick review)
  • Part 2: Underlay (routing, NAT, templates, certificates, troubleshooting)
  • Part 3: Templates (operational best practices, and advanced features)
  • Part 4: Overlay: Design and troubleshooting (goal: “all desired tunnels up”)
      • Understanding routing (TLOCs, vRoutes, and how policies affect them).
      • Design Guide Overlay: Where do we NOT need tunnels? Methodology for TLOC and routes (constraints: device scale, license, crypto performance, bandwidth bottlenecks, link cost, delay, traffic optimization, security, …).
      • Amazon AWS integration (with lab exercise).
      • Multi-cloud design and operation.
      • Cloud OnRamp for Colocation, IaaS.
      • Dynamic Tunnels.
      • Troubleshooting the Overlay (Tunnels)
    • Lab: Overlay
      • Design and implement an overall tunnel infrastructure for all VPNs.
      • Complex custom topologies and VPN membership.
      • Amazon AWS integration, with two Edges in AWS. Monitor with Cloud OnRamp for IaaS.
      • Change management of the policy.
  • Part 5: Policies: Construction of an incremental, complex policy (goal: “policy design”).
      • Design Guide Policy: How to construct and edit complex policies.
      • Internet Breakout for guestnet, with NAT, switching between local and remote breakout policies.
      • Complex Data traffic policies (QoS, traffic shaping, traffic engineering …)
      • AAR and App QoE in detail
      • Cloud OnRamp for SaaS.
      • Troubleshooting policies
    • Lab: Policies
      • Design and Configure Per-VPN topologies
      • Building a complex Per-VPN data traffic policy including local DIA
      • Application aware routing
      • Optimization of centralized policies including control, data traffic and AAR
  • Part 6: Security Policies
      • Moving SD-WAN towards SASE
      • Integrating Umbrella
      • Compliance (FW, IPS) (short intro)
      • URL filtering and DNS-Security (short intro)
      • AMP (short intro)
      • Choosing the right tools (on-box, dedicated, cloud-delivered).
      • Managing a security policy (with changes).
      • Performance considerations
      • Troubleshooting security policies
    • Lab: Security Policies
      • Design and configure external firewall service for Cisco SD-WAN
      • TLS Proxy: Inspecting encrypted content.
      • Design and build a single complex security policy
  • Part 7: Migration
      • Overall migration process and planning
      • DC migration, site migration, migrate flows
  • Part 8: Operation, monitoring, logging, analytics, multidomain integration
      • vManage Clustering, disaster recovery. When do you need a cluster?
      • Monitoring network performance, and Application Aware Routing.
      • Netflow and visibility per VPN
      • Logging and High-speed logging
      • Certificates: Rollover, revocation, CA cert rollover.
      • Working with Cisco API
      • Multi-domain: Integration with SDA and ACI
    • Lab: Operations
      • Monitoring: logging, netflow, app performance
      • Certificates: rollover device cert, root cert; revoke devices and certs.
      • Troubleshooting Lab with LiveAction
      • Working with API to automate basic operational tasks

Prerequisite Knowledge

The knowledge and skills that a learner should possess before attending this course are as follows:

Associated certifications