Professional Documents
Culture Documents
and ASAv
Azure
BRKSEC-3093
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Speaker TAC Engineer (Security) – 5 Years NGFW NGIPS ASA
Then Now
Anubhav Swami
Security Solutions Architect
CCIE# 21208
From Based in
answami@cisco.com Photography
Delhi (India) RTP (NC) - USA
http://cs.co/anubhavswami
answami-public-folder
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Q&A Manager
1999 Now
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Agenda
• Introduction
• Cisco NGFW and ASAv introduction and what’s new
• Use-cases
• Default Azure marketplace template deployment
• Azure Resource Manager (ARM) template Overview
• Introduction and benefit of an ARM template deployment
• Structure, sections, format and tools
Register Now
January 30, 2020
9 AM
Few seats available
Lab is Full
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Introduction
Changing Tread
Movement to public cloud
Challenges
Layer 2 Abstraction
Security Model
Cloud Services
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Why is everyone moving to the cloud?
Cloud-Native
24x7 support
Transformation
Free up Internal
Lower Capital Expenditure
Resources
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Azure Services Overview
Azure Resource Group Resource Group
Region (us-east-1)
Region
Availability Zone 1 Availability Zone
Subnet 1a and Availability Set
Network Security Group
Express Route
LTRSEC-3052 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Azure Load Balancer
Basic LB and Standard LB
Basic LB Standard LB
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Azure Basic Load Balancer
Azure Load Balancer you can scale your
applications and create high availability for
services.
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Azure Standard Load Balancer
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Cisco NGFW, ASA
Introduction
and
what’s new
FTD
Next-Generation Firewall
Overview Stateful firewall
NAT
Static and dynamic routing
Firewall
NGIPS URL
NGFWv
FTD Appliance
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
NGFWv Management Options
Cisco Firepower Cisco Firepower
Cisco Defense Orchestrator
Management Center Device Manager
(CDO)
(FMC) (FDM) Cloud based manager
Centralized Manager On-box manager
FTD
release 6.5+
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
ASAv overview
AWS and Azure
Stateful Firewall, NAT, Routing and ACL
VPN
RAVPN and S2S
VPN
Policy Based VPN and Route Based VPN (VTI)
Management Options
CLI, ASDM, CSM, CDO, and API
ASA Appliance
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
ASAv Management Options
Adaptive Security Device Manager Simplify and unify policy across Cisco ASA offers powerful CLI for Cisco Security Manager helps
(ASDM) delivers world-class firewalls, next-generation firewalls, Cisco configuration, monitoring, to enable consistent policy
security management and Web Security Appliances, and Cisco troubleshooting enforcement and rapid
monitoring through an intuitive, Umbrella. Spot misconfigurations easily. troubleshooting of security
easy to use Web-based Respond to threats quickly. Orchestrate events, offering summarized
management interface. policy changes across dozens or reports across the security
thousands of devices in a single pane of deployment.
glass.
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
FTD Release 6.5
What’s new in NGFWv (FTD)
Cisco Firepower
Standard D4v2 PAY-G model
Device Manager - FDM
Higher Throughput
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
NGFWv Supported Instance Types and No. of Interfaces
Standard D3
Four Interfaces
(management, diagnostics, external, and internal)
Standard D3v2
Standard D4v2
Upto Eight Interfaces
(minimum four interfaces)
Standard D5v2
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
ASAv
ASAv Supported Instance Types
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Use-cases
Azure User Defined Route (UDR)
Reference
Azure UDR is a native tool provided by Azure, it lets you create custom routes in a
route-table. UDR is associated with a subnet and routes defined in UDR override Azure’s
default system routes.
Benefits:
• UDR can be modified using an API call
• UDR can have more specific route
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
ASAv HA (Active/Backup)
Protected ASAv HA released in version 9.8.1.200
Workloads HA Agent (Aug 2017)
• Communicates with Peer
and determines Integrated Solution
Active/Backup State Frontend Public IP No external scripts/agent required
• Responses to LB probes Active Frontend IP is assigned on
• Programs Azure user Azure Load Balancer
defined route (UDR) ASAv
Azure UDR HA Multiple Subscription
(user defined route) Agent Support
HA can modify UDR in multiple
Public subscription
IP
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
ASAv HA– Multiple subscriptions
vNET 10.82.0.0/16
Protected
Workloads Azure UDR
(dmz1-RT)
10.82.2.0/24
vNET 10.32.0.0/16
Active
Azure UDR
ASAv (dmz2-RT)
Azure UDR
(partner-udr)
10.82.3.0/24
HA 10.32.1.0/24
Agent vNET peer
HA
Azure UDR Agent
(inside-RT)
10.82.1.0/24 Backup Subscription 2
ASAv
Availability Set
Inside Subscription 1
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Cloud Failover Configuration Recommendation
Primary ASA configuration Backup ASA configuration
failover cloud route-table inside-RT failover cloud route-table inside-RT
rg answamiasavha rg answamiasavha
route Route-Internet-To-ASAv prefix 0.0.0.0/0 nexthop 10.82.1.4 route Route-Internet-To-ASAv prefix 0.0.0.0/0 nexthop 10.82.1.5
route Route-Subnet1-To-ASAv prefix 10.82.0.0/24 nexthop 10.82.1.4 route Route-Subnet1-To-ASAv prefix 10.82.0.0/24 nexthop 10.82.1.5
route Route-Subnet2-To-ASAv prefix 10.82.2.0/24 nexthop 10.82.1.4 route Route-Subnet2-To-ASAv prefix 10.82.2.0/24 nexthop 10.82.1.5
route Route-Subnet3-To-ASAv prefix 10.82.3.0/24 nexthop 10.82.1.4 route Route-Subnet3-To-ASAv prefix 10.82.3.0/24 nexthop 10.82.1.5
failover cloud route-table partner-udr subscription-id cd5fe6b4-d2ed failover cloud route-table partner-udr subscription-id cd5fe6b4-d2ed
rg answamiasavha rg answamiasavha
route Route-Internet-To-ASAv prefix 0.0.0.0/0 nexthop 10.82.3.4 route Route-Internet-To-ASAv prefix 0.0.0.0/0 nexthop 10.82.3.5
route Route-Subnet1-To-ASAv prefix 10.82.0.0/24 nexthop 10.82.3.4 route Route-Subnet1-To-ASAv prefix 10.82.0.0/24 nexthop 10.82.3.5
route Route-Subnet2-To-ASAv prefix 10.82.1.0/24 nexthop 10.82.3.4 route Route-Subnet2-To-ASAv prefix 10.82.1.0/24 nexthop 10.82.3.5
route Route-Subnet3-To-ASAv prefix 10.82.2.0/24 nexthop 10.82.3.4 route Route-Subnet3-To-ASAv prefix 10.82.2.0/24 nexthop 10.82.3.5
Recommendation
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
NGFWv and ASAv scalable design
Azure internal load balancer (ILB) standard & external load balancer
vNET
WEB-UDR Stateless
Destination Next Hop Switchover
Default/Internet ILB VIP
FW01 Firewalls in
DB, APP and DC ILB VIP Availability Set
Internet Users
WEB
NGFWv
FW02
APP-UDR
ILB
Destination Next Hop
Standard NGFWv
Internet
FMC
NVA Subnet (inside)
DB-UDR
FW02
ILB
Standard NGFWv
Internet
x
(VIP)
HA Port FW..n
External
LB
APP NGFWv
FMC
NVA Subnet (inside)
Azure
Express Route
Virtual Network
Gateway
DB
Gateway Subnet Data Center
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
NGFWv and ASAv scalable design (cont.)
Traffic flow - Outbound traffic (Mapped public IP address)
vNET
Translate outbound traffic to Mapped Public IP
outside Interface of NGFWv
FW01
Internet Users
WEB
NGFWv
FW02
APP-UDR
ILB
Destination Next Hop
Standard NGFWv
Internet
FMC
NVA Subnet (inside)
Azure
Express Route
Virtual Network
Gateway
DB
Gateway Subnet Data Center
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
NGFWv and ASAv scalable design (cont.)
Traffic flow – East/West traffic
vNET
Stateless
WEB-UDR
Switchover
Destination Next Hop
FW01
Default/Internet ILB VIP
Internet Users
WEB APP, DB & DC ILB VIP
NGFWv
FW02
ILB
Standard NGFWv
Internet
x
(VIP)
HA Port FW..n
External
LB
APP NGFWv
FMC
NVA Subnet (inside)
Azure
Express Route
Virtual Network
Gateway
DB
Gateway Subnet Data Center
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
NGFWv and ASAv scalable design (cont.)
Traffic flow – DC traffic
vNET
Stateless
Switchover
DC traffic (N/S) FW01
Internet Users
WEB
NGFWv
FW02
ILB
Standard NGFWv
Internet
x
(VIP)
HA Port FW..n
External
LB
APP NGFWv
FMC
NVA Subnet (inside)
GW-UDR Azure
Destination Next Hop
Express Route
Virtual Network
WEB, APP & DB ILB VIP
Gateway
DB
Gateway Subnet Data Center
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
NGFWv and ASAv scalable design
Separation of Internet and E/W traffic
FW01 vNET
Firewalls in
WEB-UDR Internet Users
Availability Set
Destination Next Hop ILB
NGFWv
Default/Internet ILB VIP1 Standard
DB, APP and DC ILB VIP2 (VIP1) FW02
HA Port
WEB (Internet traffic) Internet
NGFWv
External
APP-UDR FW03 LB
Destination Next Hop
ILB
Default/Internet ILB VIP1
Standard NGFWv
DB, WEB and DC ILB VIP2 (VIP2)
HA Port FW04
APP
(E/W traffic)
NGFWv Gateway Subnet FMC
DB-UDR NVA Subnet (inside)
Destination Next Hop GW-UDR Azure
Express Route
Default/Internet ILB VIP1 Destination Next Hop
Virtual Network
APP, WEB & DC ILB VIP2 WEB, APP & DB ILB VIP2 Gateway
DB
Data Center
Stateless Switchover
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Secure Service vNET
NGFWv and ASAv Spoke vNETs
All-Subnets-UDR
vNET A vNET B
Destination Next Hop
Gateway Subnet
ILB GW-Subnet-UDR
Internet (VIP)
FW02 Destination Next Hop
HUB
Traffic is handled by UDR and LBs
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
NGFWv Management
FDM (On-box manager) and CDO (Cloud based manager)
vNET
FTD release 6.5 introduced FDM
FW01
WEB
CDO
NGFWv
Cisco Defense Orchestrator
FW02 (Cloud based management)
ILB
MGMT
Standard NGFWv
(VIP)
HA Port FW..n
Firewall
APP NGFWv Administrator
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Cisco appliances in Azure Marketplace
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Deploy NGFWv using marketplace default template
Basic settings
• Access Azure marketplace and search for Cisco
Firepower Next-Generation Firewall
• Click create and enter information on basic
settings
• Add following detail:
• VM name
• Username
• Password/SSH public key
• Select Subscription
• Select Resource Group (New)
• Pick Location
• Click OK to configure FTDv settings
Cisco
Minimum 4 subnets required and
additional interfaces can be attached later
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Deploy NGFWv using marketplace default template
Summary
• Azure portal is going to run deployment
script validation.
• Once validation is passed, click OK
button to read and accept “Term of
use/Privacy Policy”
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Deploy NGFWv using marketplace default template
Summary
• Read and accept “Term of use/Privacy
Policy”
• Enter contact information
• Click Create
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Points to remember when using default template
deployment
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Azure Resource Manager
Template Overview
Azure Resource Management Overview
• Azure Resource Manager is the deployment and management service for Azure. It
provides a management layer that enables you to create, update, and delete
resources in your Azure subscription
• Resource Manager sends the request to the Azure service, which takes the
requested action. All requests are handled through the same API
Visual Studio
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Microsoft VS Code
• VS Code has a plugin from Microsoft for ARM templates:
“Azure Resource Manager (ARM) Tools”
• Color coding
• Mouse over help for some
elements
• Highlight formatting errors
• Template outline
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Why ARM template?
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Structure and syntax of
ARM template
Template File Sections
Reference
User defined
Create customized functions that simplify your template
functions
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Template Format
In its simplest structure, a template has the following elements:
• $schema: Specifies the location of the JSON schema file. The schema
file describes the properties that are available within a template.
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
variables
Example
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Resources
Example
resources:
Resource types that are
deployed or updated in a
resource group or
subscription
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
ARM template references
and resource IDs
Arm template reference
useful when composing templates
How do you know what elements to include when creating a resource with an ARM
template?
Compute
• Virtual machines
• availability sets
• Disks
• Image
• VM scale sets
• + more
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Arm template reference
useful when composing templates
Network
• Virtual Networks
• Subnets
• Public IP Addresses
• Route Tables
• Network Security Groups
• + more
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Resource IDs
• Resources in Azure are identified by a resource id.
• Often a resource definition includes the ids of other resources.
• They’re long and cumbersome to compose manually in template
• Azure provides a resourceId() function
An Example:
/subscriptions/c1234567-89012-1234-5678-91bcdef0123456/resourceGroups/ourteam-
rg/providers/Microsoft.Network/networkInterfaces/mynic
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Order of resource
deployment
Order of Resource deployment in an ARM
template
• By default Azure Resource Manager will attempt to deploy resources in
parallel, however, many resources are dependent upon other
resources – without defined dependencies there can be intermittent
deployment failures.
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
ARM template Example
Deploy Azure Infrastructure and NGFWv
using an ARM template
vNET 10.0.0.0/16
Internet Users
mgmt 10.0.1.0/24 diag 10.0.2.0/24
(VIP1)
FW02 NGFWv
HA Port
(Internet traffic)
NGFWv External
LB
Inside-UDR Outside-UDR
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Example Template
Template header
• $schema
• ContentVersion
• no parameters
• no variables
• The beginning of the resource list []
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Example Template
First two resources are route tables
Type: Microsoft.Network/routeTables
• API-Version: “2019-09-01”
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Example Template
Virtual Network
Type: Microsoft.Network/virtualNetworks
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Example Template
Availability Set
Type: Microsoft.Compute/availabilitySets
• Name = NGFWvAVS
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Example Template
Public IP address
Type: Microsoft.Network/publicIPAddresses
• Name = ngfwv-elb-ip
• Sku = standard
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Example Template
Network Security Group
Type:
Microsoft.Network/networkSecurityGroups
• Name = MGMT-SG
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Example Template
Network Interface
Type:
Microsoft.Network/networkInterfaces
• Named
• Dependencies are declared
• Given static ip of 10.0.0.10
• Attached to a subnet
• Associated with a specific public IP
• Attached to a Network Security
Group
• Ip forwarding enabled (enables
through traffic)
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Example Template breakdown
Load Balancer (1 of 3)
Type: Microsoft.Network/loadBalancers
• Resource is Named
• SKU
• Given a public IP
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Example Template breakdown
Load Balancer (2 of 3)
Type: Microsoft.Network/loadBalancers
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Example Template breakdown
Load Balancer (3 of 3)
Type: Microsoft.Network/loadBalancers
• protocol
• port
• probe interval
• Number of failed probes that
constitute a failed backend pool
member
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Example Template breakdown
Revisit Network Interface – now with Load Balancer attachment
Type: Microsoft.Network/networkInterfaces
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Example Template breakdown
NGFWv (1 of 4)
Type: Microsoft.Compute/virtualMachines
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Example Template breakdown
NGFWv (2 of 4)
Type: Microsoft.Compute/virtualMachines
• Vm Size
• osProfile
id and password required (can’t be admin)
customData = day0 config
• storageProfile
Points to marketplace offer / version
osDisk – no specific disk specified so it will
be given an azure “managed disk”
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Example Template breakdown
NGFWv (3 of 4)
Type: Microsoft.Compute/virtualMachines
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Example Template breakdown
NGFWv (4 of 4)
Type: Microsoft.Compute/virtualMachines
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Demo - Deploy Azure Infrastructure and
NGFWv using ARM template
Deploy Azure Infrastructure and NGFWv
using an ARM template
vNET 10.0.0.0/16
Internet Users
mgmt 10.0.1.0/24 diag 10.0.2.0/24
(VIP1)
FW02 Availability
NGFWv Set
HA Port
(Internet traffic)
NGFWv External
LB
Inside-rt Outside-rt
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Best Practices for using
ARM templates
Best practices for using ARM templates
Use marketplace image Specify Instance Size Specify License
(D3, D3v2, D4v2, D5v2) (BYOL or PAYG)
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Best practices for using ARM templates (cont.)
Use linked ARM Test every template and
Automate Deployments
templates automate it
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Best practices for using ARM templates (cont.)
Minimize number of Make naming convention
Use output parameters
parameters template
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Best practices for using ARM templates (cont.)
One deployment per Keep secrets out of your
Default parameters
resource group deployment parameters
An ARM template is
executed on a single
resource group by If you have secrets like Don’t set default values
default. An application ssh keys, disk encryption for required input
can be deployed to keys, and passwords, parameters or
multiple resource etc. Best practice is to parameters that need to
groups. Each resource mask all secrets. differ over environments
group has its own ARM
template with resources.
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Best practices for using ARM templates (cont.)
Use complete deployment
mode as much as possible
Always use versioning
When deploying
resources to a resource
group, complete
Always use version in
deployments will
your template to track
guarantee that your
your deployment and
resources in the
upgrade
resource group are the
same as in your source
control
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Licensing
Smart Licensing for NGFWv and ASAv
NGFWv
1
2 Cisco Smart
HTTP/HTTPS
ASAv FMC(v)
3 proxy
Licensing
Note: In NGFWv, Base features such as networking, firewall. and application visibility and control are enabled by default.
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Licensing ASAv and NGFWv in Public Cloud
Cisco Smart Licensing for NGFWv and ASAv in AWS and Azure
This is just an example, actual cost of instance would depend on region, instance type and billing option (on-demand) or Upfront
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Resources
Additional Resources
Important Links and YouTube Channel
BRKSEC-2064 LTRSEC-3052
NGFWv and ASAv in Public Cloud (AWS and Azure) Deploy NGFWv and ASAv in Public Cloud (AWS and Azure)
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Continue your education
Demos in the
Walk-In Labs
Cisco Showcase
BRKSEC-3093 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Thank you