Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect...
Transcript of Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect...
![Page 1: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/1.jpg)
Welcome to Your Cisco Connect & Grow Series: Heat Up Your Sales with Cisco Security for SMB
![Page 2: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/2.jpg)
BEFORE WE TAKE OFF… This webinar is being recorded and will be available 48 hours after the event at www.ingrammicro.com/ciscowebinars
This is your event – So please ask questions! Utilize the Q&A box or take the opportunity to call in and ask your question live during the broadcast. We love to hear from you!
And now, let’s get going…
Thank you for being a valued Cisco partner!
Cisco Connect & Grow Series
![Page 3: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/3.jpg)
Incentive Drawing
Three $50 AmEx Gift Cards will be drawn at the close of the session
![Page 4: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/4.jpg)
Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro’s express written permission.
Cisco Connect & Grow Series Heat Up Your Sales with Cisco Security for SMB Peter Avino Solution Center Engineer/Instructor Cori Hahn Tech Support Specialist II (Cisco Security Lead),Ingram Micro June 24th, 2015
![Page 5: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/5.jpg)
• Security Threats • ASA 5500X • Meraki MX • Demo • Q&A
Today’s Agenda
![Page 6: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/6.jpg)
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
CISCO ASA
Identity-Policy Control & VPN
ASA + Sourcefire = New, Adaptive, Threat-focused NGFW
URL Filtering (subscription)
FireSIGHT Analytics & Automation
Advanced Malware Protection (subscription)
Intrusion Prevention (subscription)
Application Visibility & Control
Network Firewall Routing | Switching
Clustering & High Availability
WWW
Cisco Collective Security Intelligence Enabled
Built-in Network Profiling
![Page 7: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/7.jpg)
SMBs Are Underserved by Legacy Solutions
Legacy next-generation firewall and unified threat management (NGFW + UTM) solutions were never designed for advanced threat protection.
• UTMs are less effective
• Legacy NGFWs and point solutions are costly and impractical to administer
• Point solutions bring major integration risks and questionable security efficacy
![Page 8: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/8.jpg)
ASA for SMB
![Page 9: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/9.jpg)
Superior Threat Defense Featuring integrated,
best-of-breed security technologies
Continually updated with superior threat
intelligence feeds
Superior Product Value Small footprint devices capable
of running superior, next-generation,
threat-focused capabilities
Flexible Management Simplified, integrated, local
management for single-instance deployments
Centralized management for threat data correlation across
the distributed enterprise
A New Way Forward for SMBs and Distributed Enterprises
![Page 10: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/10.jpg)
Cisco Next-Generation Firewalls for SMBs, Distributed Enterprises, and Industrial Control
Desktop Model Integrated Wireless Access Point
Higher Performance Ruggedized
100% NGFW - Ships with AVC
Wireless can be managed locally or through WLC
1RU; New value-focused
price-performance points
NGFW for industrial control and critical infrastructure
5506-X 5506W-X 5508-X 5516-X
5506H-X
Perfect for Cisco® ASA
5505 Refreshes
![Page 11: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/11.jpg)
Performance Comparison
Category Features ASA 5506-X/5506H-X/5506W-X ASA 5508-X ASA 5516-X
Performance
Maximum stateful firewall throughput 750 Mbps 1 Gbps 1.8 Gbps
VPN throughput 100 Mbps 175 Mbps 250 Mbps
Maximum AVC throughput 250 Mbps 450 Mbps 850 Mbps
Maximum AVC and NGIPS throughput 125 Mbps 250 Mbps 450 Mbps
AVC or IPS sizing throughput [440 B] 90 Mbps 180 Mbps 300 Mbps
Maximum concurrent sessions 50,0001 100,000 250,000
Maximum CPS 5000 10000 20000
~1.5x to 2x ~1.5x to 2x
![Page 12: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/12.jpg)
Model Comparison
Category Features ASA 5506-X ASA 5506W-X ASA 5506H-X ASA 5508-X ASA 5516-X
Hardware
Form factor Desktop Desktop Desktop 1RU 1RU
CPU [email protected] GHz [email protected] GHz Multicorex 1.25 GHz Multicorex 2 GHz Multicorex 2.4 GHz
Memory - RAM 4 GB 4 GB 4 GB 8 GB 8 GB
Flash 8 GB 8 GB 8 GB 8 GB 8 GB
Fan No No No Yes Yes
I/O 8x GE 8x GE; Wi-Fi 8x GE 8 x GE 8 x GE
Software
Stateful firewall Yes Yes Yes Yes Yes
FirePOWER™ services (all) Yes Yes Yes Yes Yes
User (node) support Unlimited (default) Unlimited (default) Unlimited (default) Unlimited (default) Unlimited (default)
High availability Yes - Active/Standby only1
Yes - Active/Standby only1
Yes - Active/Standby only1
Yes (Active/Active)
Yes (Active/Active)
Security context No No No Yes2 Yes2
Clustering No No No No Planned
![Page 13: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/13.jpg)
Platform Features
• The product has a reset pin. If it is pressed after more than three seconds, it will restore the factory configuration, clear passwords, and erase Rommon variables.
• Cisco® Trust Anchor is implemented to validate the source of the image file and to also protect against hardware tampering and counterfeiting.
![Page 14: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/14.jpg)
Superior Threat Defense
![Page 15: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/15.jpg)
Integrated Threat Defense
URL Filtering (Subscription)
On-box or Centralized
Management
Advanced Malware
Protection (AMP) (Subscription)
Application Visibility and Control
(AVC)
Network Firewall Routing | Switching
WWW
VPN
Next-Generation Intrusion Prevention
(NGIPS) (Subscription)
Threat protection is our #1 differentiator.
• Same features and licenses as the larger Cisco® ASA with FirePOWER™ Services models when used with FireSIGHT®
• Simplified NGFW offering with on-box ASDM 7.3.x
![Page 16: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/16.jpg)
Functional Distribution of Features
Advanced Malware Protection
File Type Filtering Application Visibility and Control
NGIPS
URL Category and Reputation
*File Capture FirePOWER™ Services
IP Fragmentation
IP Option Inspection
TCP Intercept
TCP Normalization
ACL
NAT
VPN Termination
Routing ASA
![Page 17: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/17.jpg)
Cisco FirePOWER Provides Superior Visibility for Accurate Threat Detection and Adaptive Defense
![Page 18: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/18.jpg)
Cisco Advanced Malware Protection Built on Superior Collective Security Intelligence
101000 0110 00 0111000 111010011 101 1100001 110 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00
• 1.6 million global sensors
• 100 TB of data received per day
• 150 million+ deployed endpoints
• 600 engineers, technicians, and researchers
• 35% worldwide email traffic
101000 0110 00 0111000 111010011 101 1100001 110 1100001110001110 1001 1101 1110011 0110011
1001 1101 1110011 0110011 101000 0110 00 Cisco®
Collective Security
Intelligence
Web
WWW
Endpoints Devices
Networks Email IPS
Cisco Collective Security Intelligence Cloud
Automatic Updates Every 3–5 Minutes
• 13 billion web requests
• 24-hour daily operations
• 4.3 billion web blocks per day
• 40+ languages
• 1.1 million incoming malware samples per day
• AMP community
• Private/public threat feeds
• Talos security intelligence
• AMP threat grid intelligence
• AMP Threat Grid dynamic analysis 10 million files/monthly
• Advanced Microsoft and industry disclosures
• Snort and ClamAV open source communities
• AEGIS program
![Page 19: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/19.jpg)
Cisco Confidential 19 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Five Subscription Packages to Choose From for Each Appliance
URL
IPS
URL
• AVC is part of the default offering
• 1, 3 and 5 year terms
• SMARTnet is ordered separately with the appliance
IPS
AMP
IPS
“NGFW” Packages
“NGIPS” Packages
AMP
URL
IPS
![Page 20: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/20.jpg)
Key ASA Features
ASA 9.3.2 Release (Key Features) • REST API • Transport Layer Security (TLS) 1.2 • ECMP support, IPV6 Border Gateway Protocol (BGP) • Standards-based IKE v.2 support; Citrix HTML5 browser support • VPN clients Windows 7, 8.1, 8.1 phone client, iOS8, Knox, Strong Swan • Cisco AnyConnect® 4.0
ASA 9.4.1 Release (Key Features) • Policy-based routing • REST API phase 2, SNMP enhancement • Client less tagging, WebVPN support for OWA2013 and XenDesktop7.5 • Full VX LAN support
![Page 21: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/21.jpg)
Diverse Endpoint Support for Greater Flexibility
Flexible Options
Advanced VPN Capabilities AnyConnect 4.0 Secure Mobility
Corporate File Sharing
Access Granted
Rich, Granular Security Integrated into the Network
Superior Threat Defense
Always on for seamless experience and performance
Superior Value
Data-Loss Prevention
Threat Prevention
Acceptable Use
Access Control
Skype Youtube
Salesforce.com
![Page 22: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/22.jpg)
Centralized or Local Management
Flexible Management Options
![Page 23: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/23.jpg)
Centralized Management
• Management for multiple devices
• Comprehensive visibility and control over network activity
• Optimal remediation through infection scoping and root-cause determination
Provides Security Teams with:
Centralized Management: Same as Larger Models - Uses CSM and FireSIGHT™
BEFORE Discover Enforce Harden
DURING Detect Block
Defend
AFTER Scope
Contain Remediate
![Page 24: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/24.jpg)
NEW - Integrated Onbox Management
• The Cisco® Adaptive Security Device Manager (ADSM) 7 combines control of access policy and advanced threat defense functions
• The enhanced UI provides quick views on trends and the ability to navigate to more details
• Centralized management is optionally available with FireSIGHT® + Cisco Security Manager
![Page 25: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/25.jpg)
Better Together Continuous Visibility and Control
!
Network Remote
Remediation
Discover infections Find the root cause Understand threats
Mobile Deep Visibility and Control (Remediate)
*Note: Blocking on the network is available in version 5.2
Network Visibility and Control* (Block)
OS Hypervisor
APP OS
APP OS
APP OS
Hypervisor Vmware vSphere
VM VM VM SVM
AV
![Page 26: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/26.jpg)
Cisco/Meraki Cloud Managed MX Security Appliance
![Page 27: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/27.jpg)
Cloud-managed networking architecture
Network endpoints securely connected to the cloud
Cloud-hosted centralized management platform
Intuitive browser-based dashboard
![Page 28: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/28.jpg)
Out of band cloud management in every product
Scalable – Unlimited throughput, no bottlenecks – Add devices or sites in minutes
Reliable – Highly available cloud with multiple datacenters – Network functions even if connection to cloud is interrupted
Secure – No user traffic passes through cloud – Fully HIPAA / PCI compliant (level 1 certified) – 3rd party security audits, daily penetration testing
Future-proof – New features pushed through firmware, guided by customer feedback – Automatic firmware and security updates (user-scheduled) – Reliability and security information at meraki.cisco.com/trust
Management data (1 kb/s) WAN
![Page 29: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/29.jpg)
MX security appliances
A complete unified threat management solution
7 models scaling from teleworker and small branch to campus / datacenter
Feature highlights
Application Control Traffic Shaping, Content Filtering, Geo Firewall Rules
Security NG Firewall, Client VPN, Site to Site VPN, IDS/IPS
Networking NAT/DHCP, 3G/4G Cellular, Static Routing, Link Balancing
![Page 30: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/30.jpg)
Stateful firewall
Site to site VPN
Branch routing
Link bonding and failover
Application control
Web caching
Client VPN
`
All enterprise features, plus: Content filtering (with Google SafeSearch)
Kaspersky Anti-Virus and Anti-Phishing
SourceFire IPS / IDS
Geo-based firewall rules
MX security appliances: Licenses
Enterprise License Advanced Security License
![Page 31: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/31.jpg)
Designed for security and availability
Redundancy & availability Increased uptime of mission-critical
infrastructure
Increase reliability with multi-hub VPN and warm spare failover (HA)
Comprehensive Security Granular control over phishing, foreign-
originated and malicious traffic
Monitor and prevent threats based on severity, specific signatures, and region
Multi-site connectivity IPSec VPN connections with flexible
topology and security policies
Reduce VPN configuration time to seconds and complexity to a few clicks
![Page 32: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/32.jpg)
Teleworker
Z1
- 1-5 users
- Dual-radio wireless
- FW throughput: 50 Mbps
MX security appliances: Models
Users Unique features Throughput
Small branch
MX64 / MX64W ~50 - Wireless (MX60W) 200 Mbps
Medium branch
MX80 ~100 - Large WAN Opt cache (1 TB) 250 Mbps
MX100 ~500 - Gigabit uplinks
- Large WAN Opt cache (1 TB) 500 Mbps
Large branch / campus
MX400 ~2,000
- High-speed uplinks
- Built-in redundancy
- Modular interface
- Large WAN Opt cache (1TB)
1 Gbps
MX600 ~10,000
- High-speed uplinks
- Built-in redundancy
- Modular interface
2 Gbps All devices support 3G/4G
![Page 33: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/33.jpg)
CISCO CLOUD MANAGED CISCO ENTERPRISE
Cisco Enterprise and Cloud Managed primary positioning
Easy to deploy and manage over the web
Out-of-the-box optimized feature set
Ongoing managed upgrades and enhancements
Optimized for lean IT, with limited requirement for 3rd Party integration
Flexible deployment and configuration options
Highly customizable and advanced feature set
Advanced professional services, extended support
Extensive integration capabilities
Both portfolios offer significant professional services opportunities
![Page 34: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/34.jpg)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Partner Demo Promotion - ASA5506-K9 Get 1 unit of the New Cisco ASA5506-K9 with Firepower Services At 99.9% discount to Demo with Your Customers. Includes a Free 45 day trial of Firepower Services (URL AMP and IPS) and Cisco Support
STEP by STEP • Partner contacts their Distributor of Choice to Register • Partner will use CCW ( Cisco Commerce Workspace) to order the ASA5506-K9 DEMO Unit at 99.9% discount • Partner agrees to obtain their Cisco Express Security Specialization(ESS) within 45 Business once registered • Partner will be registered by their distributor and show a special incentive (ASA5506 Demo Promotion) in CCW • CCW Deal ID is approved, Product is shipped from Distributor to Partner. Note - Partner has the option to conduct FirePower Services Demos with their Customers (or) Install the product at a Customer Site, for a potential sale, and later offer the suite of Firepower Services (1yr AMP URL or IPS licenses ) with Smartnet * after the 45 day trial licenses expire. For questions please contact: Scott Schweizer, SBDM Americas Distribution [email protected]
![Page 35: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/35.jpg)
Experience Center How can Cisco and Ingram Enable You to Fly Higher?
![Page 36: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/36.jpg)
Strength in Numbers
300+ $2.5B
18+
$150M+
145+
Years Cisco Experience
Annual Cisco Revenue
Years Cisco Partnership
Inventory Industry Leader
Dedicated Cisco Specialists
![Page 37: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/37.jpg)
Partner Enablement & Services
State of the Art Experience Center
Technical & Business Sales Training
Config to Order
Professional Services
Build to Order
World Class Tech Support
Dedicated Field Engineers
Flexible Financing Opportunities
![Page 38: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/38.jpg)
Partner Programs & Promotions
Just Switch It
Fast Track
Unified Access
Collaborate Now
UCS Advantage
ASA Migration Program
Mobility Express Bundles
Security Ignite
![Page 39: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/39.jpg)
Experience Center
Hands on Technology from ALL Cisco Architectures
$10M+ Cisco Equipment
Product Demos
Dedicated Cisco Engineering Team
Solution Proof-of-Concepts
Exec. Meeting Presence w/ Latest Video Conf
End Users & Staff Training
Live or Remote Demos/Trainings
![Page 40: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/40.jpg)
Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro’s express written permission.
Questions? Peter Avino Solution Center Engineer/Instructor, Ingram Micro [email protected]
Cori Hahn Tech Support Specialist II (Cisco Security Lead),Ingram Micro [email protected]
![Page 41: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/41.jpg)
Incentive Drawing
And the winner is …..
![Page 42: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/42.jpg)
Connect & Grow Upcoming Webinars June 25
July 8
July 7 CSCC Quoting
Build Next-Gen Automated Data Center w/ Nexus 9k
Introduction to Cisco Services
July 9 CSCC Quoting
July 15 Cisco 101: Onboarding Steps for New Registered and Select Partners
![Page 43: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/43.jpg)
Contact Us
Hardware
Partner Development
Services
Public Sector
(800) 456-8000 ext. 76471 Option 1: Hardware
(800) 456-8000 ext. 76799 [email protected]
(800) 456-8000 ext. 76471 Option 2: Services
(800) 456-8000 ext. 76471 Opt 1: HW Opt. 2: Services
![Page 44: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/44.jpg)
![Page 45: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/45.jpg)
Cisco Confidential 45 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
![Page 46: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/46.jpg)
Cisco Confidential 46 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Security "Expert" Level Series For Partner SE/FE’s, TAC Level NPI Training
• Featured ASA Courses – ASAv & ASA 9.2 NGFW – ASA 9.0 Firewall Features (Clustering, Suite B,
etc.) – ASA 9.0.1 Remote Access VPN – ASA (Cloud Web Security- CWS) – ASA CX/PRSM Advanced Topics – AnyConnect 3.1
• Featured ISE
– ISE 1.2 BYOD – The Identity Services Engine Design/ Install -Part
1 – The Identity Services Engine Design/Install -Part
2 "Certificates & EAP-TLS“
• Featured Management – CSM 4.3 – CSM 4.4
https://communities.cisco.com/docs/DOC-26324
![Page 47: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/47.jpg)
Cisco Confidential 47 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Security Voice of the Engineer
• Slides and recordings posted to Partner Community
• All Sessions are 1:00 – 2:00 Eastern Time
Date Topic
July 29 Adaptive Security Appliance
September 9 Identity Services Engine
October 7 Content Security (ESA, WSA, CWS)
November 4 Sourcefire
Target Date Topic
March 13 Cisco’s Intelligent Cybersecurity for the Real World
March 27 TrustSec 4.0 Launch
April 11 Sourcefire AMP Updates Launch
April 24 Secure Data Center Solutions
May 1 Sourcefire 5.3 Launch
May 29 ISE Licensing
June 12 ASA 9.2 Launch
September 18 FirePOWER Services for ASA Launch
September 25 ISE 1.3 Launch
October 9 ASA Licensing
https://communities.cisco.com/docs/DOC-52899
https://communities.cisco.com/docs/DOC-30718
Rebranded
![Page 48: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/48.jpg)
Cisco Confidential 48 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Tech Talks – Security Deep-Dives Recorded Sessions & Slides https://communities.cisco.com/docs/DOC-30977
AnyConnect • AnyConnect VPN – 1/15/13 • AnyConnect NAM – 1/29/13 • AnyConnect Mobile – 2/12/13 • Advanced AnyConnect Configuration – 2/26/13 • AnyConnect TAC Tips – 3/12/13
Content Security • ESA Architecture & Deployment Best Practices - 3/5/13 • WSA Architecture & Deployment Best Practices– 3/19/13 • CWS Architecture & Deployment Best Practices – 4/2/13 • ASA CX Architecture & Deployment Best Practices – 4/16/13 • TAC Tips: Email – 4/30/13 • TAC Tips: Web – 5/14/13
Identity Services Engine (ISE) • TrustSec & ISE Overview - 9/25/12 • AAA, 802.1X, MAB - 10/9/12 • ISE Profiling – 10/23/12 • Web Auth, Guest & Device Registration – 11/6/12 • Bring Your Own Device & EAP Chaining – 11/20/12 • Posture & Security Group Access – 12/4/12 • Best Practices – 12/18/12 • TAC Tips: Processes, Trends, Troubleshooting – 1/8/13 • TAC Tips: Documentation, Tools, Troubleshooting – 1/22/13
SourceFire • System Overview – 5/28/14 • Threat Control – 6/11/14 • Application Control – 7/2/14 • File Control – 7/16/14 • FireAMP Overview – 7/30/14 • FireAMP Outbreak Control – 8/6/14
Adaptive Security Appliance
• ASA Overview – 10/1613 • Data Center & HA – 10/30/13 • Next Generation Firewall – 11/20/13 • IPS for NGFW – 12/4/13 • ASA Management – 12/18/13
![Page 49: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/49.jpg)
Cisco Confidential 49 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
ASA FirePOWER Services launched Sept. 16, 2014. Pricing & Orderable on CCW now. Generally Available August 1, 2014.
Ordering Guide, Data Sheets, Sizing Guide, Promos, Presentations: http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/partner-resources-listing.html/index.html
Sales Resources: http://www.cisco.com/c/en/us/products/security/asa-firepower-services/sales-resources-listing.html
Training: ASA with FirePOWER Services: Technical: https://communities.cisco.com/docs/DOC-53979
Training: ASA with FirePOWER Services: Sales: https://communities.cisco.com/docs/DOC-53978
Install Quick Start Guide: http://www.cisco.com/c/en/us/support/security/asa-firepower-services/products-installation-guides-list.html
Sales Acceleration Center (SAC): https://communities.cisco.com/docs/DOC-53126
Support Resources
![Page 50: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/50.jpg)
Cisco Confidential 50 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
![Page 51: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/51.jpg)
Cisco Confidential 51 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Available on all ASA platforms State-sharing between Firewalls for high availability L2 Transparent or L3 Routed deployment options Failover Link ASA provides valid, normalized flows to FirePOWER
module
*State sharing does not occur between FirePOWER Services Modules
Deploying ASA w/ FirePOWER Services: High Availability with ASA Failover
![Page 52: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/52.jpg)
Cisco Confidential 52 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Up to 8 ASA5585-X IPS
Stateless load balancing by external switch
L2 Transparent or L3 Routed deployment options
Support for vPC, VSS and LACP
Cluster Control Protocol/Link
State-sharing between Firewalls for symmetry and high availability
Every session has a primary and secondary owner ASA
ASA provides traffic symmetry to FirePOWER module
*State sharing does not occur between FirePOWER Services Modules
Deploying ASA w/ FirePOWER Services: Scaling IPS with ASA5585-X Clustering
![Page 53: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/53.jpg)
Cisco Confidential 53 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Asymmetry is an issue
• A standard Nexus deployment uses L3 routing protocol to the core and a L2 environment to the access layer where the Nexus is the default gateway for all servers in the access switch.
• The Nexus uses a virtual port channel (vPC) for connections to the Access layer. This allows the dual connection of the access layer without having spanning tree running.
• One requirement for inserting security services into this deployment is that it has to handle the fact that traffic will be asymmetric (return traffic is not guaranteed to take the same path as inbound traffic) due to the vPC and potentially routing inbound.
• These problems get worse when you move to distributed datacenters!
Asymmetric Traffic in a Nexus 7K Datacenter
N7K
Access
vPC
Core
DC Servers
vPC Peer-link
Internal Network
![Page 54: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/54.jpg)
Cisco Confidential 54 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Clustering and Asymmetry
Traffic going to the Datacenter
• ASA 1 sees the traffic and becomes the owner
• Asymmetry is introduced on the return path
• ASA 2 sees the traffic and has never seen it before so asks, on the Cluster Control Link, who owns the flow
• ASA 1 signals that it owns the flow
• ASA 2 sends ASA 1 the packet from the flow in question over the CCL
• FirePOWER Services for ASA module inside ASA 1 sees the entire flow
• The module in ASA 2 sees no packets from that flow
![Page 55: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/55.jpg)
Cisco Confidential 55 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Multi-Context ASA Deployments
• ASA can be configured in multi context mode such that traffic going through the ASA can be assigned different policies
• These interfaces are reported to the FirePOWER blade and can be assigned to security zones that can be used in differentiated policies.
• In this example, you could create one policy for traffic going from Context A Outside to Context A Inside. And then a different policy for Context B Outside to Context B Inside.
• Note: There is no management segmentation inside the FirePOWER module similar to the context idea inside ASA configuration.
Context A Context B
Outside
Inside
![Page 56: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/56.jpg)
Cisco Confidential 56 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Multi-Context ASA Deployments
Admin Context Context-
1
![Page 57: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/57.jpg)
Cisco Confidential 57 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
FirePOWER Services Demonstration Monitor-Only Mode (Demonstration Purposes Only currently)
• Monitor Mode allows FirePOWER Services to analyze traffic without being placed in the data path. The ASA is connected to a SPAN port on a switch or router, and copies of both inbound and outbound packets are sent to the FirePOWER Service. This copied traffic bypasses the ASA policy and goes directly to the FirePOWER Services which will apply policies to determine what traffic would have been blocked. After analysis of the traffic, the packets are discarded.
• https://communities.cisco.com/docs/DOC-50586
SPAN FirePOWER Services for ASA in Monitor-Only Mode
![Page 58: Welcome to Your Cisco Connect & Grow Series: Heat Up · PDF fileWelcome to Your Cisco Connect & Grow Series: ... Email . Endpoints . Networks . IPS . ... Site to Site VPN, IDS/IPS](https://reader031.fdocuments.us/reader031/viewer/2022021818/5ab982867f8b9ad5338e0d5b/html5/thumbnails/58.jpg)
Cisco Confidential 58 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
FirePOWER devices, appliances and modules, support what is called mid session pickup.
This occurs when a flow is seen by an FP device at some point after the 3 way handshake has occurred.
FP device will attempt to sync up state for the client and server and once complete will enable the “Flow Established” flag that is required for most IPS signatures.
For customers more risk averse, “Require 3 way handshake” can be enabled that tells FirePOWER to ignore all flows where the 3 way handshake has not been seen. This prevents any possible false positives that might results from picking up a flow mid stream.
Session Failover (HA) Discussion