Firewall certifcation

swish45swish45 Member Posts: 30 ■■□□□□□□□□
Hello All,

I'm looking at a firewall certification (my first) to help accelerate my entry into the firewall management side of things.
I am looking for opinions as to which vendor specific certification to tackle that would be most relevant (In terms of job opportunities and popularity in the job world).

Much appreciated.

Comments

  • KrunchiKrunchi Member Posts: 237
    I know Sonicwall is pretty relevant might give them a go.
    Certifications: A+,Net+,MCTS-620,640,642,643,659,MCITP-622,623,646,647,MCSE-246
  • drkatdrkat Banned Posts: 703
    ASA Specialist

    CCNA Security/VPN/Firewall exams to complete
  • spiderjerichospiderjericho Registered Users, Member Posts: 890 ■■■■■□□□□□
    There's Fortinet, Checkpoint, Cisco, Juniper and Sonicwall (not sure about Palo Alto) certifications. Unfortunately, there's no general firewall cert that I know about. I'd guess having certs with a security slant would be relevant to demonstrating some of the underlying concepts like VPN, Firewall policies, UTM, etc.
  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    I wouldn't focus on any vendor but Cisco, at least not to start. I certainly wouldn't take SonicWALL to start with, or ever, unless an employer paid for it.

    Focus on core networking and security. CCNA, CCNA Security, CCNP, CCNP Security, Cisco Firewall Security Special, IPS Specialist, and so on. GCFW if you can get an employer interested in paying for it.

    It's not that Cisco is the only player. There are lots of other firewall vendors; I would go as far as to say Cisco hasn't nearly the hold on the firewall market that it has on R&S. However, if you focus on Cisco certs you will at the very least be prepared for a good deal of jobs, and the principles you learn will easily translate to other vendors, in most cases. SonicWALLs and the like will be easy to master in short order if you can handle Cisco. Almost anyone will hire Cisco certified people for these types of positions, regardless of whether Cisco is what's in use.

    But I will reiterate the advise to get fundamental networking certification first. Get CCNA before moving on to firewall exams, maybe even CCNP.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • drkatdrkat Banned Posts: 703
    Yeah I second the cisco for firewall.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Cisco firewalls are probably the most common that I've seen, but there are still a lot of other installations in the market such as Check Point. Vendor-neutral would be the GCFW, but even then you should have some foundational networking knowledge. GIAC certs such as GCFW, however, aren't as well-known unless you're specifically in the security space and the folks doing the hiring are aware of them (not usually the case).

    I don't know what your current networking background is, but you need to have a pretty strong underlying foundation of how packet flows work. The CCNA levels help a tiny bit, but I think it's just as important to have basic security concepts down as well. If you decide to go the Cisco route, you'll need to achieve the CCNA, CCNA Security, and the four exams which make up the CCNP Security (or just an ASA specialist level with one or two certs beyond the CCNA Security).
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • m3zillam3zilla Member Posts: 172
    It depends on where you're working, or looking to work. Cisco ASAs can be found any where from small-large companies. When you move to some of bigger/enterprise level environment, you may start seeing more CheckPoints pop up.

    I would go start out with the CCNA Security if I was in your shoe.
  • HypntickHypntick Member Posts: 1,451 ■■■■■■□□□□
    ptilsen wrote: »
    I certainly wouldn't take SonicWALL to start with, or ever, unless an employer paid for it.

    As someone that has their Sonicwall CSSA, I have to agree completely. It's an open book test that requires a 2 day class, and from my understanding it's quite expensive. I would say i'd be shocked at someone failing the test, but I work with someone who failed it twice before finally squeaking out a pass (then again he just doesn't care). I know that even with our partner status and purchasing from a reseller, the class was over a grand, although you do get a Sonicwall for home lab use which is kinda neat. I would go with the Cisco or even CheckPoint certs as they are actually applicable to most networks.
    WGU BS:IT Completed June 30th 2012.
    WGU MS:ISA Completed October 30th 2013.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    Nobody here is giving some love for Juniper SRX's? Firewall, packet screening, IDS/IPS, and UTM all in one box with a slick CLI OS. And a bunch of certs too! Come on! icon_lol.gif
  • spiderjerichospiderjericho Registered Users, Member Posts: 890 ■■■■■□□□□□
    Yeah, I mentioned Juniper, Fortinet, Checkpoint as well as the unanimous recommendation for either Sonicwall or Cisco.

    But at the end of the day, the thread starter was looking for a more generic solution than what others were recommending.

    I'd definitely start with Network+, Security+ and then delve into the technology that one believes they will come across.

    With the ASA, it can be emulated. I've seen rumblings of Checkpoint emulation. But firewall handson is a little more difficult than routers and switches (which there's after market, new, network simulator, emulation, etc).
  • DPGDPG Member Posts: 780 ■■■■■□□□□□
    Yeah, I mentioned Juniper, Fortinet, Checkpoint as well as the unanimous recommendation for either Sonicwall or Cisco.

    But at the end of the day, the thread starter was looking for a more generic solution than what others were recommending.

    I'd definitely start with Network+, Security+ and then delve into the technology that one believes they will come across.

    With the ASA, it can be emulated. I've seen rumblings of Checkpoint emulation. But firewall handson is a little more difficult than routers and switches (which there's after market, new, network simulator, emulation, etc).


    Why would you need to emulate Check Point? It will run on almost any hardware or virtualization platform.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    JDMurray wrote: »
    Nobody here is giving some love for Juniper SRX's? Firewall, packet screening, IDS/IPS, and UTM all in one box with a slick CLI OS.

    I have extremely limited exposure to Juniper's SRX line, but I will say that from the little I've seen of Junos, I can see why the people who use it like it so much. It does indeed seem like an excellent CLI environment. I dare say I might also prefer it over Cisco IOS if I worked with it long enough.

    The SRX GUI, on the other hand, is horrible. Even if you couple Junos Space with it, I still feel it's immature looking. I think I get where Juniper is trying to go with it and the idea makes sense, but the look and feel doesn't seem polished to me.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    docrice wrote: »
    The SRX GUI, on the other hand, is horrible.
    STRM looks and works well for me in a browser. NSM, Juniper's Java GUI application, is one slow and ugly pig, and it only supports the Netscreen and ISG firewalls and not the SRX. I have yet to try JunOS Space.
  • spiderjerichospiderjericho Registered Users, Member Posts: 890 ■■■■■□□□□□
    DPG wrote: »
    Why would you need to emulate Check Point? It will run on almost any hardware or virtualization platform.

    I've personally never used Check Point but that's great to hear. I've only had exposure to Cisco ASA and Fortinet. I'm going to a Checkpoint class in a few weeks, so I hope to see this.
  • PsychoFinPsychoFin Member Posts: 280
    JDMurray wrote: »
    STRM looks and works well for me in a browser. NSM, Juniper's Java GUI application, is one slow and ugly pig, and it only supports the Netscreen and ISG firewalls and not the SRX. I have yet to try JunOS Space.

    Space is slowly turning out great, especially once the new unified management app comes out.
  • networkjutsunetworkjutsu Member Posts: 275 ■■■□□□□□□□
    There's Fortinet, Checkpoint, Cisco, Juniper and Sonicwall (not sure about Palo Alto) certifications.

    Yup, Palo Alto Networks has CNSE. Keith Barker just passed it about a month ago.
  • nelnel Member Posts: 2,859 ■□□□□□□□□□
    i would say:

    Cisco ASA specialist cert
    JNCIS-SEC - you can get free study material and half price vouchers too
    Checkpoint CCSA/CCSE combo

    Out of all i would say from my experience the ASA's are very popular. Job advertisement wise the Checkpoint cert is the most common ive seen - Note: from my experience. The Juniper stuff is pretty sweet though on CLI. The ASA/Checkpoint trumps it on usage though with their GUI's imo. Once the SRX gets a similar management GUI it will boom i reckon.
    Xbox Live: Bring It On

    Bsc (hons) Network Computing - 1st Class
    WIP: Msc advanced networking
  • m3zillam3zilla Member Posts: 172
    The CCNA/CCNP Security track will probably help you the most. Not sure about others, but CheckPoint CCSA/CCSE is very vendor specific. The entire exam is based on whether or not you know how to configure CP firewalls, and not much else. Plus, unless you have access to their Admin guides, you're SOL as far as study materials.
  • DPGDPG Member Posts: 780 ■■■■■□□□□□
    m3zilla wrote: »
    The CCNA/CCNP Security track will probably help you the most. Not sure about others, but CheckPoint CCSA/CCSE is very vendor specific. The entire exam is based on whether or not you know how to configure CP firewalls, and not much else. Plus, unless you have access to their Admin guides, you're SOL as far as study materials.

    Study material is very hard to come by with Check Point. Even their official courseware is very lacking. The admin guides are available to anyone with a (free) User Center account.
Sign In or Register to comment.