Passed FIREWALL

I passed today with 915. However, I am a little iritated because I had a major problem during the most important lab of the exam - nothing was working! The lady at the testing center was sure I was doing something wrong(seriously?) but after a couple of minutes, she also determined it was a problem with the simulation. I don't care about the score at all because I passed but if I needed those points to pass, I would have been very angry. I left them a comment and I think I'm going to leave it at that.

Resources used:
- OCG - read 2 times and labbed
- CBT Nuggets - watched 3 times and labbed
- Quick reference
- 8.4 CLI guide

The good thing about this exam is that there almost wasn't anything new to me in the material. I had done that stuff at work before starting my preparation. As a result, I was able to prepare for it in a more timely manner.

For those about to take the exam - make sure you are equally good with ASDM and the CLI. When applying commands with ASDM, stop and study them, be sure to understand. When you are configuring something with ASDM, know the commands that every click of the mouse will generate. If you are like me, you live at the CLI and neglect GUIs but this is a terrible idea here.

Next is VPN!
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    Congrats!

    Wait until you do VPN (assuming you haven't), if you have done a handful of AnyConnect implementations in production, this one will be an easy read and the exam is straightforward. Was a fun exam

    I liked VPN mostly because it helped me delve deeper into DAP, WebACLs, Clientless features (Plugins), double authentication that I never implemented previously.

    Also, EVERYTHING is ASDM based..don't recall much hammering on CLI..sure random tunnel group issues based off CLI output but all sims are ASDM based, easy stuff man..it really was.

    Understanding difference between Connection Profiles/Group Policies is crucial and of course inheritance of policies. Again, if you've done it before in the real world I think you will enjoy this one.
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    That's good to know. I have had my fair share of AnyConnect implementations. In that case, VPN will also probably not take too long. I also think I'm going to have some fun although my guess is that IPS will be the most exciting(and this is where I don't have a lot of experience). Thanks for the tips icon_thumright.gif
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    I did VPN 3 weeks after FIREWALL simply due to the fact I have done so much VPN stuff before. IPS, well that's the one I expected to take longer since I haven't messed with much IPS stuff, at least nothing in house managed.

    So which ones do you have to go? SECURE, VPN and IPS? I see you got your R/S NP so SECURE will have some things you will skip over, CoPPr and CoPP...dynamic routing auth, NAT..you should be smooth sailing if you stay focused and lab it all out.
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Yup, I have VPN, IPS and SECURE to go. SECURE should be a piece of cake so I'm leaving it for last. Just looking at the contents of the VPN ocg, I think I can do it by the end of this year. It's also worth mentioning that I will study and lab every day. When I get tired, I start watching the CBT Nuggets. Things are a little slower at work lately so I have time to prepare.

    I also think IPS will be the hardest. I feel comfortable with the other stuff but the IPS side of things is not my strength. However, it looks like I am going to be doing a serious project in around 2 months that will involve 3 or 4 ASAs, two of which will have IPS modules. I'm really looking forward to that.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    Yup, I have VPN, IPS and SECURE to go. SECURE should be a piece of cake so I'm leaving it for last. Just looking at the contents of the VPN ocg, I think I can do it by the end of this year. It's also worth mentioning that I will study and lab every day. When I get tired, I start watching the CBT Nuggets. Things are a little slower at work lately so I have time to prepare.

    I also think IPS will be the hardest. I feel comfortable with the other stuff but the IPS side of things is not my strength. However, it looks like I am going to be doing a serious project in around 2 months that will involve 3 or 4 ASAs, two of which will have IPS modules. I'm really looking forward to that.


    The thing with IPS is, how are you going to lab it? That's the question when it comes to IPS...I luckily have a 5510 racked in at home with a 4240 IPS.

    SECURE is going to break you in on IBNS (802.1x).

    I did more labbing than reading to be honest, rarely used the nuggets..I couldn't stand Keith Barker's voice..another guy does one of the series from NP Security and he was ok to listen to. ha

    Let me know how it goes..
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • SharkDiverSharkDiver Member Posts: 844
    Congratulations Master!
    Good Luck with SECURE!
  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
    Congrats on the pass icon_thumright.gif
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Well, RouteMyPacket, you were spot on. If you have done this stuff in production, VPN really does seem like a straightforward exam. I was thinking of taking it at the end of December and I wasn't sure if I was going to make it. However, the preparation has been going very well and I am going to have a go at it tomorrow. I feel like I'm very well prepared for this but I guess we'll see what happens tomorrow.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
Sign In or Register to comment.