This five-day, hands-on training course provides you with the knowledge, skills, and tools to achieve competency in configuring, operating, and troubleshooting VMware NSX® for intrinsic security. This course introduces all the security features in NSX, including Distributed Firewall and Gateway Firewall, Intrusion Detection and Prevention (IDS/IPS), NSX Application Platform, NSX Malware Prevention, VMware NSX® Intelligence™, and VMware NSX® NDR™. In addition, this course presents common configuration issues and gives a methodology to resolve them.

starstarstarstarstar_half

* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

By the end of the course, you should be able to meet the following objectives:
Define the concepts related to information security
Explain the different types of firewalls and their use cases
Describe the operation of intrusion detection and intrusion prevention systems
Differentiate between Malware Prevention approaches
Describe the VMware intrinsic security portfolio
Use NSX segmentation to implement Zero-Trust Security
Configure user and role management
Configure and troubleshoot Distributed Firewall, Identity Firewall, and time-based policies
Configure and troubleshoot Gateway Security
Use VMware Aria Operations™ for Logs and VMware Aria Operations™ for Networks to operate NSX firewalls
Explain the security best practices related to grouping, tagging, and rule configuration
Describe north-south and east-west service insertion
Describe endpoint protection
Configure and troubleshoot IDS/IPS
Deploy NSX Application Platform
Configure and troubleshoot NSX Malware Prevention
Describe the capabilities of NSX Intelligence and NSX NDR

1
  • COURSE INTRODUCTION

  • Introduction and course logistics

    Course objectives


2
  • SECURITY BASICS

  • Define the concepts related to information security

    Explain the different types of firewalls and their use cases

    Describe the operation of IDS/IPS

    Differentiate between Malware Prevention approaches


3
  • VMWARE INTRINSIC SECURITY

  • Define the VMware intrinsic security strategy

    Describe the VMware intrinsic security portfolio

    Explain how NSX aligns with the intrinsic security strategy


4
  • IMPLEMENTING ZERO-TRUST SECURITY

  • Define Zero-Trust Security

    Describe the five pillars of a Zero-Trust architecture

    Define NSX segmentation and its use cases

    Describe the steps needed to enforce Zero-Trust with NSX segmentation


5
  • USER AND ROLE MANAGEMENT

  • Integrate NSX and VMware Identity Manager™

    Integrate NSX and LDAP

    Describe the native users and roles in NSX

    Create and assign custom user roles

    Explain object-based RBAC in a multitenancy environment


6
  • DISTRIBUTED FIREWALL

  • Configure Distributed Firewall rules and policies

    Describe the NSX Distributed Firewall architecture

    Troubleshoot common problems related to NSX Distributed Firewall

    Configure time-based policies

    Configure Identity Firewall rules

    Configure the distributed firewall to block malicious IPs


7
  • GATEWAY SECURITY

  • Configure Gateway Firewall rules and policies

    Describe the architecture of the Gateway Firewall

    Identify and troubleshoot common Gateway Firewall issues

    Configure TLS Inspection to decrypt traffic for both internal and external services

    Configure URL filtering and identify common configuration issues


8
  • OPERATING INTERNAL FIREWALLS

  • Use VMware Aria Operations for Logs and VMware Aria Operations for Networks to operate NSX firewalls

    Explain security best practices related to grouping, tagging, and rule configuration


9
  • NETWORK INTROSPECTION

  • Explain network introspection

    Describe the architecture and workflows of north-south and east-west service insertion

    Troubleshoot north-south and east-west service insertion


10
  • ENDPOINT PROTECTION

  • Explain endpoint protection

    Describe the architecture and workflows of endpoint protection

    Troubleshoot endpoint protection


11
  • INTRUSION DETECTION AND PREVENTION

  • Describe the MITRE ATT&CK framework

    Explain the different phases of a cyber attack

    Describe how NSX security solutions can be used to protect against cyber attacks

    Configure and troubleshoot Distributed IDS/IPS

    Configure and troubleshoot North-South IDS/IPS


12
  • NSX APPLICATION PLATFORM

  • Describe NSX Application Platform and its use cases

    Identify the topologies supported for the deployment of NSX Application Platform

    Deploy NSX Application Platform

    Explain the NSX Application Platform architecture and services

    Validate the NSX Application Platform deployment and troubleshoot common issues


13
  • NSX MALWARE PREVENTION

  • Identify use cases for NSX Malware Prevention

    Identify the components in the NSX Malware Prevention architecture

    Describe the NSX Malware Prevention packet flows for known and unknown files

    Configure NSX Malware Prevention for east-west and north-south traffic


14
  • NSX INTELLIGENCE AND NSX NDR

  • Describe NSX Intelligence and its use cases

    Explain NSX Intelligence visualization, recommendation, and network traffic analysis capabilities

    Describe NSX NDR and its use cases

    Explain the architecture of NSX NDR in NSX

    Describe the visualization capabilities of NSX NDR


Audience

Experienced security administrators

Language

English

Prerequisites

You should also have the following understanding or knowledge: Good understanding of TCP/IP services and protocols Knowledge and working experience of network security, including: L2 through L7 firewalling Intrusion detection and prevention systems Malware prevention systems Knowledge of and working experience with VMware vSphere® environments The VMware Certified Technical Associate - Network Virtualization is recommended.

$4,250

Length: 5.0 days (40 hours)

Level:

Not Your Location? Change

Course Schedule:

To request a custom delivery, please chat with an expert.

Loading...