Sec Product Update

Network Security:
Firepower and CDO Session
Steve Kane, Nico Dard, Nick Carrieri, William Hansch

Product Management
October 21, 2019
Global
Sales Training
Today’s Agenda
Network Security:
What’s New
Roadmap Update
Product Update:
6.5/6.6/CDO
Tools and Resources
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Cisco a Leader in Gartner’s Magic Quadrant for Network Firewalls
Gartner Magic Quadrant for Network Firewalls
Rajpreet Kaur, Adam Hils, Jeremy D’Hoinne, John Watts
17 September 2019
This graphic was published by Gartner, Inc. as part of a

larger research document and should be evaluated in
the context of the entire document. The Gartner
document is available upon request from Cisco.
Gartner does not endorse any vendor, product or service
depicted in its research publications, and does not
advise technology users to select only those vendors
with the highest ratings. Gartner research publications
consist of the opinions of Gartner's research organization
and should not be construed as statements of fact.
Gartner disclaims all warranties, expressed or implied,
with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.
Sales Training
2018-19:
Highlighted Engineering Accomplishments
New Modern New Introduction

FMC UI Hardware of CDO
Integration TrustSec Multi-

with CTR Support Instance
Sales Training
New NGFW Hardware
NEW
FPR 9300 Series
SM-40
SM-48 NEW
FPR 4115/25/45
SM-56
Performance
NEW SM-24
FPR 2110/20/30/40 SM-36
FPR 4110/20/40/50 SM-44
NEW
FPR 1120/40/50
ASA 5525/45/55
FPR 1010
ASA 5506/08/16
SOHO Branch Mid-size Large Data Service

SMB Office Enterprise Enterprise Center Provider
Sales Training
Major Investment Into FMC
New Modern UI Big Usability Improvements
Key Features Delivered

Sales Training
Improved Product Quality
FY18: Big investment in quality with FTD 6.2.3
FY19: Not stopping there:
Monthly escalations down by half since the launch of 6.2.3
CFDs down ~29% in FY19 compared to FY18
FTD 6.3 + 6.4 releases addressed >5.7k SRs
~80% of customers surveyed say

FTD meets, exceeds or strongly exceeds their business needs
Sales Training
Today’s Agenda
Network Security:
What’s New
Roadmap Update
Product Update:
6.5/6.6/CDO
Tools and Resources

Key Investments
Ease of Use and Reduce the cost of deploying New FMC UI
Deployment and managing our offering Change Mgmt
Unified Policy and Manage and monitor across AWS and Meraki Mgmt
Threat Visibility SBG Cloud Logging
World-Class Security Build on our core TrustSec / Destination SGT

Controls firewall/threat capability VRF
Maximize our core security

FMCv300
Deploy Everywhere capabilities across a broader
Horizontal Scale for Virtual
portfolio
Deliver tools that make selling

Tools and Support and deploying easier
Migrations from PAN and CP
Sales Training
Roadmap FTD 6.5 / ASA 9.13.1
(2H CY2019)
FTD 6.6 / ASA 9.14.1
(1H CY2020)
• New FMC UI • Change Management for FMC (delta preview,
• FMC Usability Improvements sec/netops deploys)
• FMC Model Migration • Policy Usability Improvements (policy filters,
Ease of Use and • Shorter deploy times for HA/Clustering object previews)
Deployment • CDX: TAC proactive assessment • Deployment time optimizations
• PLR for FDM
• Incremental upgrade improvements (status
monitoring, alt download sources)
• CDO management of Meraki (L3, L4, • Cloud logging for ASA*

objects) • CDO management of Umbrella**
Unified Policy and Threat • CDO additional FTD support • FXOS image management
Visibility • CDO 4100 / 9300 management • Keep expanding FTD support for edge <100
• CDO / CTR / SAL working together users
• AWS security groups orchestration
• ISE: Destination SGT • VRF

• L2 Switching/PoE for FPR1010 • Multi-instance with clustering
• FTD Support for NEW FPR1150 • Time-based ACLs
• ASA Support for FPR1010/1120/1140/1150 • Improved Identity support – 150K users
World-Class Security
including appliance mode • PAT improvements for clustering
Controls
• Appliance mode support for ASA on 2100 • IKEv2 crypto map for ASA
series
• HW Crypto support for Multi-Instance
• Improved URL Filtering
• Azure FTDv Larger Instance Types • Automated horizontal scale for FTDv
Deploy Everywhere
• FMCv managing 300 devices
• ASA-FTD Migrations in CDO • Competitive Migrations (PAN)

Tools and Resources • Competitive Migrations (Check Point)
*Targeted Sales Training
Today’s Agenda
Network Security:
What’s New
Roadmap Update
Product Update:
6.5/6.6/CDO
Tools and Resources
Sales Training
Ease of use and deployment
Product Update: Unified policy and threat visibility
6.5/6.6/CDO World-class security controls
Deploy everywhere
Sales Training
FTD and FMC Deploy Performance Optimizations
Platform Config push 6.2.3 6.3 6.4 6.5
AC + NAT 2m 44s 2m 00s

2110 Standalone 20%-40% reduction
IP only 2m 26s 1m 30s
AC + NAT 8m 10s 4m 10s

2110 HA ~50% reduction
IP only 4m 40s 2m 26s
Tests done with 500 AC + 250 NAT + 2000 Objects
Sales Training
6.5 FMC GUI
Makeover
Sales Training
New Modern User Interface for FMC – 6.5
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
FMC Usability Improvements – 6.5
Rules management Other
Cut through the noise Don’t be in the dark

New rule search (single column), filtering and Deployment errors and warnings
insertion
Enjoy a consolidated experience
See more Use of Talos instead of BrightCloud
Up to 1000 rules in a single page (ACP, NAT)
Support more customers (SPs) or segment
Get more context from anywhere your network
Recursive find objects, usage and history
Official support for up to 100 domains
Let us guide you
NAT policy warnings
Sales Training
Deploy everywhere
Sales Training
CDO July - Oct 2019 update
Simplified operations Expanded firewall support

• Token based Direct to cloud FTD • S2S and RA VPN management for FTD
onboarding (Branch, DHCP) • High Availability management
• Cisco Secure Sign On with DUO • HA image upgrades
• ASA to FTD migration • 6.5 support
• Templates with parameters • 4100 and 9300 support
• FTD license management • ASA timerange objects and policies
Broader Integrations Sales enablement

• Cloud based logging (SAL) for FTD • New Datasheet, TDM and BDM and
• CDO and CTR working together ordering guide
• Firewall Analytics and Detection • CDO PoV guide
• Meraki MX L3/L4 • dCloud live demo
• AWS Security groups management • Logging estimator tool
Sales Training
Highlights – Improved Firewall Operations - Available
Fast, secure and flexible deployments
ASA to FTD migration in CDO
with direct to cloud FTD onboarding
Maintain business and operational continuity with an Token based

integrated experience
No on-prem component
Smooth, stress-free transition and sales motion
Ideal for Branch and DHCP based deployments
1 – Buy new hardware running ASA, onboard in CDO
2 – Migrate config to an FTD template Direct to cloud logging with 6.5
3 – Update the template as long as needed
4 – When ready, reimage to FTD, and apply template
Sales Training
Cloud based logging and analytics (SAL) - Available
Store firewall and network logs securely in the

cloud, accessible and searchable from CDO
Identify and enrich high fidelity alerts
Enable smarter response and reduce

investigation times
Enhance breach detection capability

using best-in-class security analytics
Volume estimator tool available

Available PIDs starting with SAL-SUB
Sales Training
Highlights – Cross platform management - Available
Meraki MX AWS security groups orchestration
Layer 3 and 4 policies management Orchestrate AWS security groups across

multiple VPCs and AWS accounts
Share objects with other platforms
Visualize VPN tunnels between DC and cloud
Maintain consistency and reduce daily change
management efforts Keep the security team aware and in control of
cloud applications traffic
Improve consistency and reduce efforts by

sharing objects with other security controls
Licensed per device, 1Y 3Y and 5Y
Position for Hybrid DC-Cloud deployments
L-MX64-P= L-MX84-P=
L-MX65-P= L-MX100-P=
L-MX67-P= L-MX250-P= Licensed per security group, 1Y 3Y and 5Y
L-MX68-P= L-MX450-P= L-AWS-SG=
Sales Training
Highlights – CDO and CTR working together
Investigate
• View firewall threat events in CDO
• Additional event types supported with 6.5
• Pivot to CTR investigation with casebook
Remediate
• Identify an IP or URL to block in CTR
• 1-click push to CDO for object update
Sales Training
Coming to CDO in Nov 2019 - Jan 2020
Simplified operations Expanded firewall support

• FTD hit counts • Anyconnect image management
• Upgraded changelog retention • CLI console for FTD troubleshooting
• Additional S2S VPN options support
Broader integrations Policy orchestration

• Meraki native objects • Rulesets
• Direct to cloud SAL and CTR • Objects override
• ASA support by SAL • Copy / paste rules
• Granular AMP file policy
Sales Training
Deploy everywhere
Sales Training
Selective Config Deploy (6.6)
Sales Training
Delta Preview (6.6)
Sales Training
Multi Column Filter in ACP (6.6)
Sales Training
Bulk Edit in ACP (6.6)
Sales Training
• Time Based ACLs
• Concurrent User Scale
(300k)
6.6 Features
• Install and Upgrade
Improvements
• PLR on FDM
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deploy everywhere
Sales Training
FMCv300 (6.5)
• Virtual FMC for of up to 300 devices, on VMWare
• Hard drive: 250 GB
PID
vFMC25 • Memory: 8GB
FS-VMW-SW-K9
• vCPU: 4
• Hard drive: 2.2 TB
PID
vFMC300 • Memory: 64GB
FS-FMC-VMW-300-K9
• vCPU: 32
• Perfect for customers virtualizing everything

• Available migration tool to migrate from vFMC25 (and from any FMC to equivalent or
higher capacity)
• Upgrade PID: FMC-UPG-25-TO-300
• Higher event storage capacity
Sales Training
FTDv Autoscale Azure/AWS (6.4, 6.5, 6.6)
FMC Autoscale
manager
Virtual Machine Scale Set
(VMSS )
FTDv Inside
Subnet
Application
Subnet 1 inside outside
Resource
FTDv 1
Application
Subnet 2 mgmt dmz
Outbound Inbound
Resource Initiated flows Initiated flows
Routed to ILB Load Balanced
inside outside
ILB
Application FTDv 2 ELB
Subnet 3
Resource
mgmt diag
Application
Subnet N
Resource
inside outside
FTDvN
mgmt diag
Sales Training
Today’s Agenda
Network Security:
What’s New
Roadmap Update
Product Update:
6.5/6.6/CDO
Tools and Resources
Sales Training
• Engineering,
Escalations, and TAC
How do we select • Certain amount of
Recommended customer adoption
Releases? • Soak Time
• No Catastrophic Bugs
open
Sales Training
Why Upgrade to FTD 6.4(.0.4)
FTD 6.4.0.4 is the suggested release for customers looking for reliability and stability.
Numerous Ø Hitcounts for ACL and Prefilter rules Ø FMCv on Azure

high-value Ø Multi-Instance Ø RA VPN + S2S VPN enhancements
features Ø SSL hardware acceleration Ø API enhancements for FMC and FDM
Ø Integrations with CTR and Splunk Ø Scheduling of backups of managed devices
ü SSL inspection, data base issues

ü User identity
Critical Issues ü AMP by addressing critical bugs and issues with the ThreatGrid integration and with local
Addressed malware detection updates
ü Improved deployment times
~48% faster than 6.2.3 and ~20% faster than 6.3.0
Strongest FTD ü With the lowest escalation rate and lowest customer-found defects
release to date ü Showing tremendous adoption trending amongst our install base:
>20K downloads by >6.5k unique customers and partners
6.4.0.4 release notes S a l e s T r a i n i n g
New Software Lifecycle Policy
New Recommended
Release: 6.4.0.4
• Even-numbered
long-term releases
• Certification every 2
years (6.4, 6.8)
… • Predictable cadence
Sales Training
EOL Updates and Last Supported Code
Last Supported Releases
Name Replacement ASA ASA w FPS FTD

ASA 5505 1010 9.2 X X
ASA5506 1010 TBD 6.2.3 6.2.3
ASA5512 FPR1120 9.9.2 9.9.2/6.2.3 6.2.3
ASA 5515 FPR1140 9.12 9.12/6.4 6.4
ASA 5585-X FPR4100/9300 9.12 9.12/6.4 N/A
FPR7K FPR1140/50/FPR2K N/A N/A 6.4
FPR4115-45/FPR9300
FPR8K N/A N/A 6.4
(SM40/48/56)
FMC 1500, 3500 FMC 1600, 2600, 4600 N/A 6.4 6.4
Sales Training
Overview: Available NetSec Tools and Resources
Field Field Request Portal and Firestarter
Partners Customers
Performance Estimator Firepower Migration Tool
NetSec Technical Programs
Dcloud Netsec Demos
Ø Demonstration
Ø Design Logging Volume Estimator
Ø Proof-of-Value
Ø Migration
Sales Training
Partners: Network Security Technical Programs
• CDO & FMC instant and guided demos
Demonstration • https://dcloud.cisco.com
• Design Review & Assistance from NetSec TMEs

Design • http://cs.co/netsec-design
• Performance testing, Firepower Threat Tuner, functional

Proof-of-Value testing, and custom scripting from GSSO TSAs
• http://cs.co/netsec-pov
• Configuration migration, pre-deployment consultation, and

Migration cutover support for partners
• https://fwm.cisco.com
Sales Training
Partner: Firewall Migration Help-Desk fwm.cisco.com
• Ensure successful firewall migrations with free services

delivered through a 24x5 help-desk with global availability for all
partners
• Configuration migration
• Pre-deployment consultation
Firewall
Migration • Cutover support
Partner
Help-Desk • Requests submitted by partners through online portal
• Technical resources enabled on latest releases and migration
best practices
• New support for competitive migrations from PAN, Fortinet,
Checkpoint, and Juniper
Sales Training
Customers: Firepower Migration Tool
CY19 CY20*
Key Features Key Features
• Migrations in CDO (public beta) • Further 3rd party migrations (PAN, … )
• Migrations from CP to FTD (beta) • FMC to CDO migration
Usability Usability
• Parsing & UI performance enhancements • Integration with Services
• CSV download of review & validate tables • Migration Versatility
• Selective migration of ACL, NAT, object reuse • Layer 3 to Layer 7 mapping
Continued Support for:

• Access rules, CSM object grouping
• Multi-Context to Multi-Instance
• NAT, Static routes, IPv6
• Enablement of L7 Firewalling capabilities
• Physical interface, port channels
• Network, Service & FQDN objects and groups
• Bridge groups (transparent mode only)
* Live roadmap to be found: go2.cisco.com/fmt-roadmap Sales Training
Recap
You asked for We’ve listened:
Product Quality à 6.4 is setting a new standard of

Improvements quality for FTD
Roadmap Input and à Tighter collaboration between the

Request Transparency BU, the field & partners
FTD Management à Big investment in FMC for improved

Focus usability and more features
Sales Training

Sec Product Update

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sec Product Update

Uploaded by

Copyright:

Available Formats

Network Security:

Firepower and CDO Session

Steve Kane, Nico Dard, Nick Carrieri, William Hansch

Tools and Resources

Gartner Magic Quadrant for Network Firewalls

Rajpreet Kaur, Adam Hils, Jeremy D’Hoinne, John Watts

This graphic was published by Gartner, Inc. as part of a

New Modern New Introduction

Integration TrustSec Multi-

SOHO Branch Mid-size Large Data Service

Key Features Delivered

FY19: Not stopping there:

Monthly escalations down by half since the launch of 6.2.3

CFDs down ~29% in FY19 compared to FY18

FTD 6.3 + 6.4 releases addressed >5.7k SRs

~80% of customers surveyed say

Tools and Resources

World-Class Security Build on our core TrustSec / Destination SGT

Maximize our core security

Deliver tools that make selling

• CDO management of Meraki (L3, L4, • Cloud logging for ASA*

• ISE: Destination SGT • VRF

• ASA-FTD Migrations in CDO • Competitive Migrations (PAN)

Tools and Resources

Product Update: Unified policy and threat visibility

6.5/6.6/CDO World-class security controls

Platform Config push 6.2.3 6.3 6.4 6.5

AC + NAT 2m 44s 2m 00s

AC + NAT 8m 10s 4m 10s

Tests done with 500 AC + 250 NAT + 2000 Objects

Cut through the noise Don’t be in the dark

Product Update: Unified policy and threat visibility

6.5/6.6/CDO World-class security controls

Simplified operations Expanded firewall support

Broader Integrations Sales enablement

Maintain business and operational continuity with an Token based

3 – Update the template as long as needed

4 – When ready, reimage to FTD, and apply template

Store firewall and network logs securely in the

Identify and enrich high fidelity alerts

Enable smarter response and reduce

Enhance breach detection capability

Volume estimator tool available

Layer 3 and 4 policies management Orchestrate AWS security groups across

Improve consistency and reduce efforts by

Simplified operations Expanded firewall support

Broader integrations Policy orchestration

Product Update: Unified policy and threat visibility

6.5/6.6/CDO World-class security controls

Product Update: Unified policy and threat visibility

6.5/6.6/CDO World-class security controls

• Perfect for customers virtualizing everything

Tools and Resources

Numerous Ø Hitcounts for ACL and Prefilter rules Ø FMCv on Azure

ü SSL inspection, data base issues

Name Replacement ASA ASA w FPS FTD

FPR7K FPR1140/50/FPR2K N/A N/A 6.4

Field Field Request Portal and Firestarter

• Design Review & Assistance from NetSec TMEs

• Performance testing, Firepower Threat Tuner, functional

• Configuration migration, pre-deployment consultation, and

• Ensure successful firewall migrations with free services