Posts from ‘CCIE Security’
INE is reducing the cost of our live, instructor-led bootcamps by $1,000 each. Our new pricing model will still include access to our workbooks and ATC video courses with the purchase , but will separate out the Lab Exam Voucher and access to our All Access Pass as optional add-ons to provide you with a more flexible options for both your learning style and your budget. If you would like the existing complete, bundled solution, you have until Aug 1 to make a bootcamp purchase.
See this advert for more details.
Look forward to seeing you in a bootcamp soon!
Earlier this year in April, we reported to you about a major change in policy to retakes of the CCIE Written and Lab exam. Just today Cisco updated that policy with a major blow for anyone who has been preparing under the old pretenses. Namely that: “These policy changes will be applied retroactively from the date of a candidate’s first lab attempt.” The seemingly innocuous announcement can be found on their CCIE Lab Policy page, just above the table indicating how long you must wait between attempts. This means that if you already have, for instance, two attempts (and unfortunate fails) going into August 2 (when the new policy goes into effect), you would have to wait 90 days from the time of your last attempt to retry the exam. This still gives folks a chance to get another attempt (or 2, possibly) in before this Aug 2 deadline, regardless of the number of previous failed (or missed, if you simply didn’t show) attempts. But of course the real goal of Cisco here is to try to get you to study harder before even attempting your first CCIE Lab – which isn’t a bad idea for everyone.
So as always – Happy Labbing and STUDY HARD!
In a continuing effort to protect the integrity of the CCIE program, Cisco has announced a major change regarding the retake policy of the CCIE Written and Practical Lab exams. These changes take effect on August 1, 2014. Assuming a candidate happens not to pass on their first attempt at either a written or a practical “lab” exam within a given track, the frequency with which they will be allowed to retake the exam will change dramatically from past allowances, effectively not allowing the candidate virtually ‘unlimited’ retakes within a single calendar year (more specifically, within 12 calendar months from the date of the first attempt).
Changes to CCIE Practical Lab Exam
Perhaps the most interest for most people will be the frequency with which one will be allowed to re-sit for a CCIE Lab exam. Assuming a candidate does not pass on their first attempt at a given lab exam, they will still be allowed to attempt to retake the exam after 30 days has elapsed. The major change comes with the possibility that the candidate does not pass on their second attempt – after this attempt they must now wait for another 90 days to make their third attempt. Unlikely, but assuming a failure on attempt three, and a need to sit for attempt four, the candidate must wait another 90 days. Same goes for attempt four to attempt five. After a very, very bad year whereby a need to appear a sixth time becomes necessary, the wait period goes up to a full six months between attempts. The changes can be seen in a screenshot from a recent webinar below (after the jump).
CCIE Security Version 4.0 adds new software version updates, as well as introduces new hardware platforms to the exam, such as ISE and WSA. The hardware used in our new course is available through our CCIE Security Rack Rentals. The playlist for the new CCIE SCv4 ATC is as follows. A few minor topics are still in video post-processing and will be posted shortly.
- Recommended Study Resources
- ASA Firewall Overview
- ASA Basic Initialization
- ASA IP Routing
- ASA ACLs
- ASA High Availability Overview
- ASA Active/Standby Failover
- ASA Multiple Context Mode Overview
- ASA Multiple Context Mode Configuration
- ASA Active/Active Failover
- ASA Transparent Firewall
- ASA Transparent Firewall & ARP Filtering
- ASA Transparent Failover
- ASA Modular Policy Framework (MPF) Overview
- ASA Modular Policy Framework (MPF) Configuration
- ASA Advanced TCP Inspection with MPF
- ASA Advanced Application Inspection with MPF
- ASA Quality of Service (QoS)
- ASA Network Address Translation (NAT) Part 1
- ASA Network Address Translation (NAT) Part 2
- ASA Redundant Interfaces
- Standard, Extended, Time Based, & Dynamic ACLs
- Reflexive ACLs
- TCP Intercept
- Content Based Access Control (CBAC)
- CBAC High Availability
- Zone Based Firewall (ZBPF) Overview
- ZBPF Configuration
- Port to Application Mapping (PAM)
- ZBPF Parameter Tuning
- ZBPF Application Inspection
- IOS Transparent Firewall
- ZBPF Transparent Firewall
- IPsec VPN Overview
- IOS LAN-to-LAN IPsec Configuration
- IPsec Verification & Troubleshooting
- ASA LAN-to-LAN IPsec Configuration
- IOS & ASA PKI Overview
- IPsec & PKI Certificates
- GRE over IPsec Tunnels
- IPSec Profiles & Virtual Tunnel Interfaces (VTIs)
- Easy VPN Overview
- IOS Easy VPN Server
- IOS Easy VPN Client
- IOS Easy VPN with Dynamic VTIs, ISAKMP Profiles
- ASA Easy VPN Server
- ASA Easy VPN Server & IOS Easy VPN Client
- ASA Clientless & AnyConnect SSL VPN
- IPS Overview, Promiscuous Mode & SPAN
- IPS Promiscuous Mode & RSPAN
- IPS Blocking Devices & Custom Signatures
- IPS Inline Mode, VLAN Pairing
- IPS Virtual Sensors and Signature Engines
- WSA Overview & Initial Setup
- WSA Management, Identities, & Access Policies
- WSA HTTP Session Processing
- WSA Transparent Mode & WCCP L2 Mode
- WSA Transparent Mode & WCCP GRE Mode
- WSA HTTPS Decryption Policies
- AAA Overview, Local AAA, & Role Based CLI
- IOS AAA with ACS
- ASA AAA with ACS
- ACS IOS Auth-Proxy Authentication
- ACS IOS Auth-Proxy Authorization
- ACS ASA Cut-Through Proxy
- ISE Overview
- 802.1x, MAB, & EAP Overview
- ISE MAB Authentication
- ISE 802.1x & MAB Authorization
- ISE 802.1x Authentication
- ISE MACsec
- ISE Central Web Authentication
- ISE Profiling
Tomorrow, December 6th 2013, at 10:00 PST (GMT 18:00) I will be running a free live online session on Introduction to DMVPN for CCIE R&S v5 Candidates. You can sign-up for this seminar here. Additionally the link to attend is available at the top of the dashboard when you login to the INE Members Site.
This session is the first of many to help candidates transition from the current CCIE R&S v4 Blueprint to the recently announced CCIE R&S v5 Blueprint that goes live on June 4th 2014. We will continue to run additional sessions in the future on new topics that have been added to the CCIE R&S v5 Blueprint, such as IPv6 First Hop Security, IPsec LAN-to-LAN tunnels, GET VPN, IGP Convergence & Scalability, and BGP Convergence & Scalability, just to name a few. These sessions are not only applicable to CCIE R&S v5 candidates, but also to those pursuing the CCNA, CCNP, or CCIE Security tracks, as well as for everyday engineers looking to apply these technologies in their production environments.
Tomorrow’s session will focus on the theory of what Dynamic Multipoint VPN (DMVPN) is, what problems it was designed to solve, and where it fits in the overall network design as compared to other technologies such as MPLS Virtual Private LAN Service (VPLS) or MPLS Layer 3 VPNs. The session will also include live implementation examples of DMVPN on the Cisco IOS CLI. Expect this session to run somewhere around 2 – 3 hours in length.
I hope to see you there!
INE’s new CCIE Security V4 Advanced Technologies Class continues this week, with a focus on ASA Firewall. This week’s classes will run Wednesday Oct 9th – Friday Oct 11th at 10:00 PDT (17:00 GMT) daily, with class days running typically about 4 hours each.
Anyone with an active All Access Pass subscription or that has previously purchased the download version of the SCv3 ATC can attend the live sessions. The link to join class can be found at the top of the Members Site dashboard, or direct at http://ine.co/scv4.
Specifically this week’s classes will focus on the following topics:
- Security Levels
- Access Lists before and after 8.3
- Routed vs. Transparent Firewall
- Single vs. Multi Context Mode
- Active/Standby vs. Active/Active Failover Mode
- ASA Routing
- NAT before and after 8.3
- ASA Modular Policy Framework and Application Inspection
Yesterday marked the kickoff of the new CCIE Security v4 Advanced Technologies Class. In our first session we discussed the scope of the new CCIE Security Version 4.0 blueprint, recommended readings (which can be found at the bottom of this post), the new format of class, and technical topics that included stateless traffic filters on IOS with standard ACLs, extended ACLs, time-based ACLs, and dynamic ACLs.
Going forward the SCv4 ATC will be delivered over the next 4 – 6 weeks as shorter, more spread out class days, typically of about 4 hours apiece. The specific class schedule will be posted here on the blog at least a week in advance so you can plan which sessions you want to attend live. Anyone with an active All Access Pass subscription or that has previously purchased the download version of the SCv3 ATC can attend the live sessions. The link to join class can be found at the top of the Members Site dashboard, or direct at http://ine.co/scv4. In the short-term the next upcoming class sessions are as follows:
- 2013-09-26 10:00 PDT (17:00 GMT) – Reflexive ACLs, CBAC, & ZBPF
- 2013-09-30 10:00 PDT (17:00 GMT) – Advanced ZBPF
A longer-term schedule will be posted after the weekend. In general, the class flow will follow the below outline. If you have specific topics requests for class please feel free to post a comment below and I will take it into account.
Starting tomorrow, September 24th 2013 at 10:00 PDT (17:00 GMT), I will begin the running the new CCIE Security Advanced Technologies Class for the newest version 4.0 blueprint. Online streaming of tomorrow’s class is free for anyone to attend. Simply login to http://members.ine.com and then browse to the streaming url of http://ine.co/scv4. A link to the streaming page is also located in the members dashboard.
Tomorrow’s class will start with an introduction about the scope of the CCIE Security v4 blueprint, including the hardware and software versions, as well as the specific technologies within the scope, and then will continue with the technical topics of IOS Firewall, including stateless ACL filtering and stateful filtering with both CBAC and ZBPF.
The format of this class will be a little different than previous iterations of ATCs for Security, R&S, SP, etc. Instead of running a 5-day class with 8 – 10 hours per day, the class will be spread out over the next 4 – 6 weeks in smaller increments. This will allow you to plan your study schedule more accordingly, and ideally not have to take a full week or more of vacation time or PTO in order to attend the sessions. More details of the specific class schedule will be discussed during the class intro tomorrow.
Beyond tomorrow’s class, anyone with a currently active All Access Pass subscription or that has previously purchased the CCIE Security ATC Download will be able to attend the live streaming sessions. Streaming and download versions of the class recordings will be available sometime around November, but more updates will be posted as the live class progresses.
I hope to see you in class tomorrow!
The SCv4 rack scheduler has been updated to account for additional SCv4 racks. These new racks will be available for rental after the SCv4 CCIE Bootcamp in Chicago but you can of course schedule them now in your members site account.
Lastly as I stated previously the pricing is still the old pricing of 10 tokens for 2.5 hours.
The scheduler for the CCIE SCv4 racks is now live. This means you can schedule your sessions for our new SCv4 racks through our members site. Additionally the feedback we received from the beta testers was overwhelmingly positive in regards to our new virtual machine management interface along with the fact we included ALL of the hardware and software from the CCIE SCv4 lab blueprint which is unmatched.
Lastly as I stated previously the pricing will remain for now the old SCv3 rack price of 10 tokens per session.
UPDATE – Tomorrow afternoon (July 3rd) the rack scheduler will be updated to include 8 additional SCv4 racks.