Yesterday marked the kickoff of the new CCIE Security v4 Advanced Technologies Class. In our first session we discussed the scope of the new CCIE Security Version 4.0 blueprint, recommended readings (which can be found at the bottom of this post), the new format of class, and technical topics that included stateless traffic filters on IOS with standard ACLs, extended ACLs, time-based ACLs, and dynamic ACLs.

Going forward the SCv4 ATC will be delivered over the next 4 – 6 weeks as shorter, more spread out class days, typically of about 4 hours apiece.  The specific class schedule will be posted here on the blog at least a week in advance so you can plan which sessions you want to attend live.  Anyone with an active All Access Pass subscription or that has previously purchased the download version of the SCv3 ATC can attend the live sessions. The link to join class can be found at the top of the Members Site dashboard, or direct at  In the short-term the next upcoming class sessions are as follows:

  • 2013-09-26 10:00 PDT (17:00 GMT) – Reflexive ACLs, CBAC, & ZBPF
  • 2013-09-30 10:00 PDT (17:00 GMT) – Advanced ZBPF

A longer-term schedule will be posted after the weekend.  In general, the class flow will follow the below outline. If you have specific topics requests for class please feel free to post a comment below and I will take it into account.

  • IOS Security
    • Understanding IOS Architecture
    • IOS Access-Lists
    • CBAC
    • ZBPF
    • User Based Firewall
    • Security Group Firewall
    • Transparent vs Routed Firewall
    • IOS NAT
    • IOS PBR
  • ASA Security
    • Understanding ASA Architecture
    • ASA Management Plane
    • ASA Control Plane
    • Routed vs Transparent Mode
    • Single vs Multi Context Mode
    • Active/Standby vs Active/Active Failover Mode
    • Routing
    • Access-Lists before and after 8.3
    • NAT before and after 8.3
    • Identity Firewall
    • MPF and Application Inspection
    • URL, Java and ActiveX Filtering
  • Virtual Private Networks
    • Understanding IPsec Framework
    • Understanding ISAKMP, IKEv1, IKEv2 and TLS
    • Understanding PKI Infrastructure
    • IKEv1 L2L VPN on IOS and ASA
    • IKEv1 RA VPN on IOS and ASA
    • IKEv1 Easy VPN
    • IKEv1 VRF Aware VPN
    • IKEv1 VTI (SVTI and DVTI)
    • IKEv1 with GRE Tunneling
    • IKEv1 IPsec High Availability
    • GETVPN
    • DMVPN (Phase1, 2, 3)
    • AnyConnect VPN on IOS and ASA
    • Clientless SSL VPN on IOS and ASA
    • IKEv2 on ASA
    • FlexVPN
  • Identity Management
    • Understanding AAA Framework
    • Understanding RADIUS, TACACS and LDAP
    • Understanding ACS and ISE Architecture
    • Understanding 802.1x Framework
    • Understanding EAP Methods
    • ACS and ISE Initial Configuration
    • AAA Services for IOS
    • AAA Services for ASA
    • IOS and ASA Cut-Through Proxy
    • ACS and ISE PKI Integration
    • ACS and ISE AD Integration
    • MAB With ACS and ISE
    • PEAP with ACS and ISE
    • EAP-FAST with ACS and ISE
    • ISE Client Provisioning and Posture
    • ISE Profiling
    • Local and Centralized Web Authentication
    • Monitoring and debugging
    • 802.1ae MacSec
  • Wireless Security
    • Understanding WLC Architecture
    • Understanding AP Functional Modes
    • WLC and AP Initial Configuration
    • WLC Control-Plane Security
    • WLC Integration with ACS and ISE
    • WLC Local and Centralized Web Authentication
    • WLAN Security
    • wIPS
  • Intrusion Prevention Systems:
    • Understanding IPS Architecture
    • IPS Initialization and Management
    • IPS Inline Mode vs Promiscuous Mode
    • IPS Inline VLAN Pair vs Inline Interface Pair
    • Virtual Sensors
    • Configuring Signatures
    • Configuring Event Actions
    • Configuring Event Overrides and Filters
    • Configuring Anomaly Detection
    • Configuring Shunning, Blocking and Rate Limiting
    • SPAN and RSPAN
  • Content Security
    • Understanding IronPort WSA Architecture
    • WSA Transparent vs Forwarding Mode
    • WSA Initial Configuration
    • Configuring WCCP
    • Configuring Identities and Access Rules
    • Active Directory Integration
    • Configuring URL Filtering
    • Configuring WBRS
    • Configuring HTTPS Decryption
    • Configuring AVC
    • Monitoring and debugging
  • Threat Identification and Mitigation
    • Control-Plane Security
    • RFC 1918,2827,3330 AntiSpoofing
    • FPM, NBAR and Netflow
    • PVLAN
    • Access-Lists (MACL, PACL, VACL, RACL)
    • DHCP Snooping, DAI and IPSG
    • IPv6 FH Security
    • BPDU Guard, BPDU Filter
    • Loop Guard, Root Guard
    • Preventing Network attacks
    • MQC
    • RTBHF
    • MQC Marking and Classification
    • IOS Rate-Limiting, Policing and Shaping

Beyond reading the documentation, we’ve compiled a list of relevant books on a per-topic domain basis.  Most, if not all, of these titles can be found on Safari Online.

About Brian McGahan, CCIE #8593, CCDE #2013::13:

Brian McGahan was one of the youngest engineers in the world to obtain the CCIE, having achieved his first CCIE in Routing & Switching at the age of 20 in 2002. Brian has been teaching and developing CCIE training courses for over 10 years, and has assisted thousands of engineers in obtaining their CCIE certification. When not teaching or developing new products Brian consults with large ISPs and enterprise customers in the midwest region of the United States.

Find all posts by Brian McGahan, CCIE #8593, CCDE #2013::13 | Visit Website

You can leave a response, or trackback from your own site.

6 Responses to “CCIE Security v4 ATC Schedule & Recommended Reading”

  1. Deepak Arora says:

    See if you guys can include following:

    Hair Pinning
    DNS Doctoring
    VRF-Aware IPsec
    QOS over IPSEC Tunnels/VPNs
    High Availability Using Link Resiliency (with Loopback Interface for Peering)
    IPSEC HA in Multihoming Scenarios

    Deepak Arora
    Evil CCIE

  2. Deepak Arora says:

    Forgot to ask for – GetVPN over DMVPN :)

    Also if you can number all topics and put video ref number against each to easily track down things and help someone looking for specific topics


  3. Ajit says:

    Is link is working to access ccie security v4 atc live

    for me clock is not shown up in my account

    CLASS STARTS IN: ? no value to figure out schedule

  4. Lee W says:

    Would you be able to include advanced configurations for Anyconnect SSL VPN? E.g LDAP attribute maps and dynamic group policies

  5. Ajit says:

    When will CCIE Security ATC Live class will Resume, Brian.

    Ajit Patel

  6. Hamood says:

    Hello Brian ,

    When are you going to post the video online ?


Leave a Reply


CCIE Bloggers