Experience the latest capabilities of Cisco Secure Firewall 10.0 in a practical hands-on lab focused on modern network protection, traffic visibility, secure remote access, SD-WAN scenarios, and the use of AI in security policy management.
This lab is not only about traditional firewall configuration. Participants will go through real-world scenarios that demonstrate how Cisco Secure Firewall helps protect users, applications, and branch networks in an environment with an ever-growing volume of encrypted traffic, dynamic identities, cloud services, and hybrid infrastructure.
During the workshop, participants will get hands-on experience with advanced Cisco Firewall Management Center features, Zero Trust Access, user identity and Security Group Tags, SD-WAN extensions including DVTI and monitoring dashboards, as well as security mechanisms for threat detection in encrypted traffic. Version 10.0 also brings enhancements in the area of EVE, new options for traffic decryption, and expanded management and analytics capabilities.
What you will try in the lab
Advanced Cisco Secure Firewall capabilities
Participants will learn how Cisco Secure Firewall works with dynamic attributes, identity, and security tags. The lab covers CSDAC in Firewall Management Center, Zero Trust Access, policy-based routing based on user identity or SGT, and the use of VRF with Dynamic VTI through the SD-WAN Wizard. It also includes new traffic visibility views through the SD-WAN Summary Dashboard, Site-to-Site VPN Dashboard, and Remote Access VPN Dashboard.
SD-WAN and secure branches
The lab shows how a firewall can serve not only as a security control, but also as part of branch connectivity. Cisco documentation for SD-WAN features describes support for scenarios such as Direct Internet Access, Umbrella Auto Tunnel, DVTI hub-and-spoke topology, application-aware routing, ECMP, dual ISP, and WAN link performance monitoring.
Threat Lab and encrypted traffic
Participants will try security scenarios focused on threat detection, QUIC decryption, exceptions for the Encrypted Visibility Engine, and security content tagging. EVE in version 10.0 introduces new monitor and protect modes, the use of EVE for application detection, and new dashboard widgets that provide better visibility into suspicious encrypted traffic.
AIOps and AI-assisted policy management
A dedicated part of the lab focuses on Cisco AI Assistant, Policy Analyzer, and Policy Optimizer. The goal is to demonstrate how operational effort in firewall policy management can be reduced, how configuration can be understood more quickly, and how potential conflicts or optimization opportunities can be identified more effectively. Cisco states that FMC integration with Security Cloud Control provides access to services such as Cisco AI Assistant for Security, Policy Analyzer and Optimizer, and Zero-Touch Provisioning.
Who the lab is for
This workshop is intended for technical specialists, presales consultants, network administrators, security architects, and partners who want to better understand the current capabilities of Cisco Secure Firewall and learn how to present or deploy them in real-world customer scenarios.
It is also suitable for participants who already know Cisco Secure Firewall but want to gain practical experience with the new features of version 10.0, especially in the areas of Zero Trust Access, SD-WAN, encrypted visibility, threat detection, and AI-assisted policy management.
Prerequisites
Participants should have a basic understanding of networking principles, TCP/IP, routing, VPNs, and cybersecurity fundamentals. It is not necessary to be a Cisco Secure Firewall expert, but practical experience with firewalls, security policies, or network administration is an advantage.
Participants need to bring their own laptop to the workshop.
What participants will take away
After completing the lab, participants will have a better understanding of how Cisco Secure Firewall 10.0 helps address modern security challenges: protecting users and applications, controlling encrypted traffic, securely connecting branches, enabling remote access, working with identity, and managing firewall policies more efficiently.
The goal is for participants to leave not only with a theoretical overview, but with practical experience they can use when designing solutions, discussing requirements with customers, or deploying Cisco Secure Firewall in their own environment.