SonicWALL CSSAadmin | Saturday, January 15th, 2011 | 12 Comments »
Not much has been blogged about SonicwWALL’s CSSA(Certified Sonicwall Security Administrator) certification program, so I think I’ll take a stab at it!
Last month my company was visited by Sonicwall to take a 2 day course on administering and securing Sonicwall firewalls. Believe it or not, there was no catch, other than having to wake up extremely early in the morning in order to avoid New York City commuting traffic!
I kept a clear mind when going in, not sure what to expect. Will it be hands on? Will it just be theory based? How much knowledge of their firewalls must one have before taking this course?
Well to be fair, the course was based on those who have had very little interaction with their firewalls. My experience with SonicWALL’s firewalls, at the writing of this post, is about 6 months. Granted it’s web-gui based, one probably thinks it’s easy. And for the most part it is. If you know how to configure firewalls in general, they are all the same. The key is understanding how to go about it from Sonicwall’s point-of-view. How to navigate their web interface.
I had been thrown into the fire on day one when starting at my new company 6 months ago. I was sent to troubleshoot a Sonicwall firewall issue, it was a TZ 210 model. Not ever having even seen a TZ-210, I wasn’t sure what to expect. To make the long story short, the web interface was very nice to be honest with you. Very nice icons, clearly laid out. I really admired what they have done with their interface. Being a web guy, I love clean designs. (cough cough, Cisco ASDM/SDM)
Anyways, back to the training. The first day was pretty basic in that we went over the operations and features of the SonicOS 5.6. What to expect from the firewall and just overall general understanding. We also began to configure the firewall using a nifty remote desktop session to our own TZ-210 firewalls. The way it worked was that the firewalls were actually housed in another location, I think the instructor mentioned somewhere in Tennessee?
The second day we went over some more fun features such as:
- failover/load balancing
- route based VPN
- dynamic route based VPN
- global VPN clients with local and LDAP database
- SSL VPN with local and LDAP database
- Gateway Anti-Virus
- System settings & firmware backup and restore
It was actually quite an educational experience. It’s always nice to receive formal training and fill in the gaps in areas that you may not work with on a daily basis. The instructor really knew his stuff with the SonicOS.
During lab time, because it was hands on, we were able to configure the firewalls for all the above items I mentioned, with our lab partners. It was quite fun!
At the end of the 2nd day, we were given a choice to take the exam on-premise or take it later. But you had to sit in another course if you take it later, so what’s the point? To be honest, I was a bit nervous because, well, does anyone want to fail a Sonicwall exam? Just sayin’……
We had roughly 2 hours to take the exam which was made up of 60 questions.
It took me about one hour and a half to finish this exam! The questions, which may not be technical in the sense of taking a CCNA exam (no subnetting or questions about routing protocols for example)…… The reason it took me so long was that it was all based on understanding how to configure features in the OS. So it was having a solid familiarity with the interface and it’s abilities.
Can it do this? Can it not? If you only want client VPN’s to receive one login prompt instead of two, what do you have to do?
In conclusion, I am happy to say that I passed. There were many however in the course that did not pass with MANY more years of experience than me. I’m not sure what I would have done if I didn’t pass, so I’m glad I don’t have to think about that right now.
If you’re unsure of taking the exam, go to Sonicwall’s website and look at the CSSA’s course objectives. I won’t list them here as they can change. I think having certifications is a good start, if you look at what Cisco has done with their certfication programs, they are the gold standard IMO. The more educated your users are on your product, the better they will market your products by proxy. And this, is at no cost to the vendor.
Not everyone has the luxury of working on just a single vendor in their daily workplace. My experience is with mostly with Cisco and Sonicwalls. Most of our customers use Sonicwalls for their ease of installation and configuration. One can argue until you’re blue in the face the specs between a TZ-210 and a Cisco ASA 5505.
The point is, at the end of the day, customers don’t really care all that much what product you implement, as long as it WORKS and is cost efficient. As long as they don’t have to think about it. It’s a business decision on both the customer and the provider. Do you implement a Cisco ASA if only one engineer knows it? How will your other engineers support this client if that engineer leaves or is out sick? You have to step a little bit out of your shoe and think from a business standpoint.
Having 10 engineers who know how to configure Sonicwalls is a better business decision than having 1 guy that knows Cisco ASA’s. I would be more than happy to implement any Cisco ASA if the customer requests it. I suppose that is what I’m getting at.
I’d be happy to answer any CSSA questions regarding the course, feel free to comment! Thanks for reading! Oh, one more thing, I also plan on adding more blogs in regards to Sonicwall products and configurations, and no, I’m not defecting to Sonicwall from Cisco. LOL!
*If anyone is wondering, that is the actual photo of my course. I appeared too early for my course before anyone else showed up so I took a quick shot of the room.