Scribd Logo
Upload

Welcome to Scribd!

  • SD-WAN Security Powered by Viptela: Orchestration

    Uploaded by

    Karim Has
    15 views4 pages

    Original Title

    nb-06-sd-wan-secur-faq-cte-en

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views4 pages

    SD-WAN Security Powered by Viptela: Orchestration

    Uploaded by

    Karim Has

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    FAQ

    Cisco public

    SD-WAN Security Powered by Viptela

    Orchestration Contents
    Orchestration
    Q What router platforms are we going to support in vManage?
    vEdge, CSR, ISRv, ISR-4K, ISR-1K, ASR-1K Branch Edge Security
    A
    Enterprise firewall
    Enterprise URL DNS-layer
    Platforms/Features* IPS Intrusion prevention system
    Firewall filtering security
    URL filtering
    Viptela - (100, 1000, 2000
    DPI using Qosmos N/A N/A Yes Cloud Edge Security
    and 5000)
    Duo
    Cisco - CSR Yes Yes Yes Yes
    Umbrella
    Cisco – ENCS (ISRv) Yes Yes Yes Yes vManage

    Cisco – ISR4K** Cisco Routers vs vEdge


    (4451, 4431, 4351, 4331, Yes Yes Yes Yes
    4321, 4221X, 4221***) How does licensing work?

    Cisco – ISR1K (1111X-8P) Yes Yes Yes Yes

    Cisco - ASR1K (1001-HX,


    Yes N/A N/A Yes
    1002-HX, 1001-X, 1002-X)

    *The RAM memory requirement to run these security features is 8GB.


    **Support for ASR 4400 models planned for January, 2019.
    ***4221 model comes with 4 GB fixed DRAM - therefore, it doesn’t support IPS and URL Filtering.

    © 2018
    © 2018 Cisco Cisco
    and/or itsand/or its affiliates.
    affiliates. All rights All rights reserved.
    reserved.
    FAQ
    Cisco public

    Embedded security features URL filtering

    Enterprise firewall Q How many categories do we support?


    A We support 82 categories. If you count the uncategorized category,
    Q What is an Enterprise firewall? then it is 83

    A Traditional stateful firewall integrates with NBAR 2 to provide Duo


    application awareness. An application aware firewall is able to block
    or allow 1400+ applications based on category, application family, Q How does Duo enable SD-WAN Security?
    application group, and match protocol. As remote users in the WAN access applications, Duo gives secure
    A access to all applications based on the trustworthiness of users
    Do vEdges and other Cisco routers both have an Enterprise and devices. Duo offers the world’s easiest and most secure Multi-
    Q firewall using NBAR? Factor Authentication (MFA). Learn more at https://duo.com/
    A vEdges will continue to use Quosmos initially for its
    enterprise firewall. Q Does Duo have an integration with Cisco SD-WAN?
    A No, there isn’t a technical integration. However, Duo provides
    Intrusion prevention system user and device verifications for branch users accessing their
    cloud applications.
    Q Can one configure IPS profiles on the router with vManage?
    Q How do I order Duo with SD-WAN?
    A Yes, vManage can be used to configure IPS policies (just one global
    As a new part of the Cisco product portfolio, Duo is currently not
    policy). It will not be able to support multiple profiles for different A part of the CIsco DNA enterprise agreement. Of course, you can
    groups of users in the initial release.
    engage with your Cisco representative that will help setup a
    Duo order.
    Q Can we create new signatures?
    A No. We do not have options to create new signatures.

    Q Are we able to tweak existing signatures?


    A No. We do not support tweaking existing signatures. What we can
    do is whitelist signatures.

    Q Will vEdges also have IPS like the Cisco routers?


    A Not initially.

    © 2018 Cisco and/or its affiliates. All rights reserved.


    FAQ
    Cisco public

    Umbrella Q How do I buy an Umbrella license with SD-WAN?


    A As part of the Cisco DNA Enterprise Agreement, it includes Umbrella
    Q What is a SIG? DNS Monitoring, which provides fast and reliable recursive DNS
    service that includes real-time reporting and categorization of all
    A A Secure Internet Gateway (SIG) is a cloud-delivered platform that
    Internet activity, including threats.
    multiple security services are built upon. It provides safe access to
    the internet anywhere users go, even when they are off the VPN.
    Does DNS Monitoring include security blocking and
    Before you connect to any destination, a SIG acts as your secure
    Q enforcement?
    onramp to the internet and provides the first line of defense and
    inspection. Regardless of where users are located or what they’re No. Security blocking and enforcement requires licenses from a core
    trying to connect to, traffic goes through the SIG first and there
    A
    Umbrella package (Education, Professional, Insights, or Platform).
    are different types of inspection and policy enforcement that can Learn more here https://learn-umbrella.cisco.com/datasheets/
    happen. Cisco’s secure internet gateway is called Umbrella. Learn umbrella-package-comparison
    more at cisco.com/go/sig

    Q How does SIG fit-in with SD-WAN? vManage


    A Traditional network and web security, like firewalls and proxies,
    Does vManage have a limit to the number of router
    provide visibility and control for employee activity when on your Q instances it can support?
    corporate network, but that is no longer enough. Security needs to
    log and block all malicious activity regardless of employee locale. A 2000. Number of vEdges per vManage = 2000.
    Umbrella provides the visibility needed to protect internet access Note: Horizontally scale vManage based on number of vEdges.
    across all devices on your network, all office locations, and roaming
    users. If we use the FW/IPS functionality, does that above number
    Q remain the same?
    Q Is SIG a Cisco product?
    A Yes.
    A No, SIG is a product category. And Cisco Umbrella is Cisco’s SIG
    solution. As the industry’s first Secure Internet Gateway in the cloud,
    Cisco Umbrella provides the first line of defense against threats on
    the internet. Because Umbrella is delivered from the cloud, it is the
    easiest way to protect all of your users in minutes.

    © 2018 Cisco and/or its affiliates. All rights reserved.


    FAQ
    Cisco public

    cEdge vs vEdge
    Q What is supported with and when?

    A Feature cEdge vEdge vManage

    Enterprise firewall 16.10.1: July 2018 18.4

    Enterprise Firewall with Application Awareness 16.10.1: N/A 18.4

    Intrusion Prevention System (IPS) 16.10.1: N/A 18.4

    URL Filtering 16.10.1: N/A 18.4

    DNS-layer security 16.10.1: 18.4

    How does licensing work?


    • Cisco Umbrella
    • CIsco DNA Essentials: Enterprise FW, IPS, URL-F, and Umbrella DNS Monitoring
    • CIsco DNA Advantage: Advanced SD-WAN and cloud app discovery, and includes everything from essentials bundle
    • CIsco DNA Premier: TBD
    • Duo: Duo Multi-Factor Authentication (MFA)

    © 2018 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/
    trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C67-741498-00  11/18

    You might also like