Get hands-on experience with the essential steps required to bring a newly installed Cisco Firewall Management Center and Cisco Secure Firewall Threat Defense device into an operational state. This foundation lab is designed to guide participants through the core configuration tasks needed to build a functional, secure, and properly managed firewall deployment.
This lab is focused on the fundamentals of Cisco Secure Firewall. Participants will start with the initial setup of Firewall Management Center, continue with device registration, security zones, interface configuration, routing, NAT, and basic access control. Once the firewall is operational, the lab moves into the configuration of key threat protection capabilities such as network discovery, intrusion prevention with Snort 3, malware and file inspection, Security Intelligence, decryption policy, access control rules, and selected advanced settings.
The workshop uses a Cisco dCloud lab environment with a prepared virtual infrastructure. The environment includes Firewall Management Center, Cisco Secure Firewall Threat Defense devices, Windows Domain Controllers, and additional Windows and Linux hosts that are used to simulate realistic network traffic and security scenarios.
Participants will begin with the foundational configuration of Cisco Firewall Management Center. This includes initial FMC setup, creating network objects and variable sets, defining security zones, configuring basic access control, registering managed firewall devices, and applying platform settings.
The lab covers the essential network configuration required for a working firewall deployment. Participants will configure interfaces, routing, and NAT policies, and learn how these components work together to control traffic flow through Cisco Secure Firewall.
Participants will configure core threat protection features, including Network Discovery policy, Malware and File policy, Decryption policy, Intrusion policy, and Network Analysis policy. The lab also introduces Snort 3-based inspection and shows how these security controls help detect and block malicious activity.
A key part of the lab is dedicated to Access Control Policy configuration. Participants will work with policy settings, access control rules, rule ordering, inspection options, and selected advanced settings. The goal is to understand how Cisco Secure Firewall evaluates traffic and applies security decisions.
The lab also introduces the Encrypted Visibility Engine, which provides additional visibility into encrypted traffic without requiring full decryption in every scenario. Participants will learn how EVE can support threat detection and improve insight into encrypted communication.
The lab includes the following main scenarios:
Initial Configuration
FMC Configuration
Network Object Creation and Variable Set
Security Zones
Basic Access Control
Device Registration
Platform Settings
Network Configuration
Interfaces, Routes, and NAT
Threat Configuration
Network Discovery Policy
Malware and File Policy
Decryption Policy
Intrusion and Network Analysis Policy
Access Control Policy Settings
Access Control Rules
Encrypted Visibility Engine
This foundation lab is intended for technical specialists, network administrators, security engineers, presales consultants, and partners who want to understand the basic deployment and configuration workflow of Cisco Secure Firewall.
It is especially suitable for participants who are new to Cisco Secure Firewall, or for those who want to strengthen their practical understanding of Firewall Management Center, Secure Firewall Threat Defense, policy configuration, and core threat protection features.
Participants should have a basic understanding of networking principles, TCP/IP, routing, NAT, VPN concepts, and general cybersecurity fundamentals. Previous hands-on experience with firewalls is helpful, but not required.
Participants need to bring their own laptop to the workshop.
After completing the lab, participants will understand the main steps required to deploy and operate Cisco Secure Firewall using Firewall Management Center. They will gain practical experience with device registration, interface and zone configuration, routing, NAT, access control, threat inspection, decryption policy, and encrypted traffic visibility.
The goal is for participants to leave with a solid practical foundation that can be used when preparing customer demonstrations, designing firewall deployments, or starting their own work with Cisco Secure Firewall in real environments.