Passed Firewall on Thursday

gorebrushgorebrush Member Posts: 2,741
So yeah, scored over 900 (957), very pleased with that result. Didn't find it overly challenging.

So, onto VPN now, booked for May 9th as I'm on holiday on May 10th so decided to get it booked in so I can get on with it.


  • webgeekwebgeek Member Posts: 495
    Congrats! icon_thumright.gif
    BS in IT: Information Assurance and Security (Capella) ETA 2013/Early 2014
    2013 Goals: CISSP [:cheers:] ITIL Foundations [ ] Project+ [ ] Linux+ [ ] CCNA (Maybe) [ ]
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Congrats and good luck on the VPN studies!
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • doverdover Member Posts: 184 ■■■■□□□□□□
    Excellent score! I enjoyed Firewall material the most. I had to slug my way through the VPN information - not sure why I wasn't as interested.

    Good luck!
  • KelkinKelkin Member Posts: 261 ■■■□□□□□□□
    What materials you guys use?
  • gorebrushgorebrush Member Posts: 2,741
    CBT Nuggets - Keith Barker
    Official Cisco Press Book
    An actual ASA5505 I've bought
    Lots of experimenting

    From what I've seen of the VPN content it doesn't look overly complex, it's just a case of remembering things like policy preferences and stuff like that. I wonder what treats will be in store for it. My worry is the IPS exam - how on earth are you meant to lab anything? Do I need to buy a card and slot that into my ASA?

  • NutsyNutsy Member Posts: 136
    Just rent some rent a CCIE Security rack for whatever vendor you prefer.
  • doverdover Member Posts: 184 ■■■■□□□□□□
    For VPN, I was able to do a ton of work, practice and labbing in GNS3. I also had the good fortune to be deploying a VPN solution at a bunch of branch sites using ASA's at the same time. You shouldn't have any problem with any of the material - there's just quite a bit to remember especially if you are trying to learn both the CLI and ASDM configs. I was trying to make sure I knew how to config each type of VPN from the command line and GUI.

    I just took IPS two weeks ago. Proctorlabs has IPS v7 on their rack sensor...I'm pretty sure INE's racks are still running v.6 until they update their Security racks for the new CCIE Security blueprint.

    You can buy an AIP SSC 5 IPS for the ASA 5505 but it is very expensive and pretty functionally limited. I thought about it, but decided against it. My money was better used for rack rentals. The only thing I wanted a hands on IPS for was so I could practice writing custom signatures and testing them with SCAPY or Metasploit - but really that was just because its fun for me.

    Other than racks download the Cisco IME demo mode with your CCO account. BRYGUY did an excellent write-up of his IPS experience that really helped me. The IME demo allows you to get your feet wet with the interface and navigation. After I got comfortable with it, I started doing some rack time. Not a whole lot you can do on the racks as far as generating malicious traffic but you can write your custom sigs, do wizard based sigs and go through some of the CLI commands you need for the exam.
  • gorebrushgorebrush Member Posts: 2,741
    All very good points, thanks!

    I support many ASA's at work so VPN support stuff does come up from time to time.

    I'll GNS/ASA5505 most of the stuff by myself.
  • wintermute000wintermute000 Banned Posts: 172
    How much does the exam stress ASDM over the GUI? I've only started the book but it seems pretty ASDM heavy whereas FIREWALL was like 40/60 (ASDM/CLI) and real life is 100% CLI lol. I"m only overcoming my inherent GUI distrust now, gotten by on pure CLI in real life up to now
  • doverdover Member Posts: 184 ■■■■□□□□□□
    VPN was - if I recall correctly - as much (or even more) GUI-centric. But I studied with an eye towards the CCIE exam so I made sure I documented and labbed all the configs through both interfaces. Can't go wrong knowing both ways...

    I've found that quite a few people manage their Cisco firewalls using the GUI. I still prefer the CLI, but for speed and efficiency in making minor rule changes I've seen most fire up the GUI or CSM.

    One thing about the GUI I seriously dislike is the amount of excess garbage and odd naming conventions it puts in my configs.
  • gorebrushgorebrush Member Posts: 2,741
    VPN is very much GUI-centric and it's boring me already! However I've got the exam in 4 weeks so I kinda just need to suck it down and get on with it :)

    Also, dover -yes I dislike how it does that to my configs too.
  • cmitchell_00cmitchell_00 Too many to name Member Posts: 245 ■■■□□□□□□□
    Congrats on the pass. I find GUI sucks after getting an better understanding of the CLI so; keep us posted.
Sign In or Register to comment.