The CCIE Security v5 has just been announced. Coming as no surprise, it now follows the new format, and is broken down into a troubleshooting section (2 hours), diagnostic section (30 minutes) and the configuration section (5 hours).
So, naturally, as soon as I heard this, I went and booked the v4 lab exam for the end of September, which still gives me a chance to re-sit in December if I do not pass. Now my goal for readiness has been reduced from six months to three months.
What’s new in the CCIE Security v5?
FirePOWER, FirePOWER and more FirePOWER. I did a word count and it mentions “FirePower” six times, and FTD (FirePOWER Threat Defense) eight times.
I won’t just copy and paste the whole list of topics here, you can find it here instead. Instead, I’ll do a few bullet points of the salient topics:
- NAT for IPv6
- CWS (Content Web Security)
- ESA (Email Security Appliance)
- DLP (Data Loss Prevention)
- SMA (Security Management Appliance)
- ASA VPN Clustering
- VRF-Lite / VRF-Aware VPN
- VSG (Virtual Security Gateway)
- ACI, EVPN, VXLAN, NVGRE
- NetFlow and IPFIX
- REST / Python
The v5 is a natural progression, and the changes within are a natural progression. We still have a few old favourites, and I am surprised that ACS is still listed.
There does seem to be a greater emphasis on virtualized technologies with the v5. It’s easier and cheaper to run these for the lab then having racks of equipment. ASAv, WSAv, ESAv, and NGIPSv are all listed. This may mean that we see support for them in VIRL (ASAv is already supported), which means that it would be MUCH easier to study them, currently, it’s hard(er) to do this with the v4.
Here is a list of the hardware and software for the new v5:
Cisco Identity Services Engine (ISE): 2.1.0
Cisco Secure Access Control System (ACS): 220.127.116.11
Cisco Web Security Appliance (WSA): 9.2.0
Cisco Email Security Appliance (ESA): 9.7.1
Cisco Wireless Controller (WLC): 8.0.133
Cisco Firepower Management Center Virtual Appliance: 6.0.1 and/or 6.1
Cisco Firepower NGIPSv: 6.0.1
Cisco Firepower Threat Defense: 6.0.1
IOSv L2: 15.2
IOSv L3: 15.5(2)T
Cisco CSR 1000V Series Cloud Services Router: 3.16.02.S
Cisco Adaptive Security Virtual Appliance (ASAv): 9.6.1
Test PC: Microsoft Windows 7
Active Directory: Microsoft Windows Server 2008
Cisco Application Policy Infrastructure Controller Enterprise Module : 1.2
Cisco Unified Communications Manager: 8.6.(1)
FireAMP Private Cloud
Cisco Catalyst Switch
Cisco Adaptive Security Appliance
Cisco 2504 Wireless Controller
Cisco Unified IP Phone