Policing The Borderless Network: Integrating Web Security
|
|
- Avice Turner
- 5 years ago
- Views:
Transcription
1 Policing The Borderless Network: Integrating Web Security Hrvoje Dogan Consulting Systems Engineer, Security March 16, Cisco and/or its affiliates. All rights reserved. Cisco Public 1
2 About Cisco Web Security Products How To Integrate the Web Security Appliance How To Integrate ScanSafe 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
3 Web Security Appliance (WSA) THREAT DEFENSE Block Malware Prevent Data Loss ACCEPTABLE USE ENFORCEMENT Application Control visibility URL Filtering Centralized Management and Reporting Coffee Shop Home Office Mobile User AnyConnect Secure Mobility 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4 Gartner Magic Quadrant for Secure Web Gateway, 2011 The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6 Explicit Mode Client directs traffic to proxy server Requires no network infrastructure to redirect client request Proxy resolves hostname of target web server Authentication is straight-forward Client config must change (several options available) Transparent Mode Client directs traffic to target web server Network infrastructure (such as WCCP) redirects client request to proxy server Client resolves hostname of target web-server Authentication is problematic 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 Three methods to configure a client: Automatically Detect Settings WPAD Protocol Use automatic configuration script Proxy Auto-Configuration (PAC) Files Enter the Address of a Proxy Server Use Microsoft Group Policy Objects for central control of these settings Microsoft Internet Explorer 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8 Deployment of Explicit Forward Proxy uniformly on many clients Avoid Configuration at the Desktop Failover and/or Load Balancing Performance Solution: Proxy Auto-configuration (PAC) files The S-Series can host the PAC files Internet Explorer 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 DHCP Higher priority than DNS If DHCP provides the WPAD URL, no DNS lookup is performed Passed as option number 252 in the DHCP lease DNS search Example, the FQDN of the client is pc.department.branch.com the browser will try the following URLs in order: Microsoft Group Policy Objects Central control of Internet Explorer settings 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 Example 1: Single Proxy function FindProxyForURL(url,host){ return "PROXY alpha.wsa.train:3128 ; } Example 2: Failover Example function FindProxyForURL(url,host){ return "PROXY alpha.wsa.train:3128; PROXY bravo.wsa.train:3128; DIRECT"; } 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 Web Cache Control Protocol (WCCP) Available on many switches, routers and firewalls Will be the redirection mechanism used in this course Policy Based Routing (PBR) Resource intensive for the router (performed in software) Not available on Cisco ASA firewalls Layer 4 Switch Redirects traffic based on port numbers and IP addresses Can do simple load balancing and failover Layer 7 Switch Like Layer 4 switch, but can also redirect traffic based on URL Can do sophisticated load balancing and failover 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 Introduced by Cisco in 1997 WCCP Version 2 integrated into Cisco IOS 12.0(3)T Transparently redirects UDP/TCP packets Supports flows being returned to original traffic path (bypass) Supports up to 32 routers and 32 caches per service Enforces connection stickiness by source or destination address Optional MD5 authentication to secure engine registration Egress and ingress interface intercept 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 1. Connection initiated from web-browser or other service Internet 2. Router intercepts flow and redirects it to new location (L2: the router rewrites the destination ethernet address with the S-Series address. GRE: the original packet is encapsulated unchanged within a GRE frame.) Router running WCCP Web server 3. Device that flow is redirected to can choose what to do with flow: A. send somewhere else B. masquerade as real server 4. Cache Engine will serve flow (in case of hit), will initiate second flow if a miss 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 HIA: Here-I-Am ISY: I-See-You RA: Redirect Assignment 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Identify traffic Ingress redirection (preferred) Egress redirection Routers and S-Series send heartbeats every 30 seconds HIA (Here I am) ISY (I see you) S-Series failure results in redistribution of load in 30 sec WCCP load balances based on a source or destination IP address If no remaining S-Series, service group is taken offline and packets are not redirected ( Fail Open ) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Web Server IP: WCCP is used to redirect traffic leaving the client Internet S: D: S: D: S-Series IP: S & D IP depend on the redirect method: L2: changes ethernet address only GRE: original packet encapsulated, GRE packet has S & D of router S: D: Client IP: Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Web Server IP: WCCP is not involved in the downstream traffic Internet S: D: S: D: S-Series IP: S: D: S: D: Client IP: Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 GRE: Redirected packet is returned to the router, unchanged, in a GRE tunnel. This tells the Router Send this packet out, I m not dealing with it! S: S: D: D: <WCCP Router IP> Internet Web Server IP: S: D: S-Series IP: S & D IP depend on L2 or GRE redirect method S: D: L2: Packet sent on, unchanged, to next hop Client IP: Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 Web Server IP: Return traffic bypasses the S-Series Internet S: D: S-Series IP: S: D: Client IP: Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 S-Series spoofs the client IP address Sometimes used by Enterprise customers if upstream devices need the client IP (for example, to do accounting) Used by ISPs who need to show customer IP on HTTP requests Requires more complex WCCP configuration Difficult to troubleshoot 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Web Server IP: WCCP is used to redirect traffic leaving the client Internet Router must distinguish S-Series and client traffic S: D: S: D: S-Series IP: S & D IP depend on the L2 or GRE redirect method S: D: Client IP: Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 Web Server IP: A separate WCCP service group must redirect downstream traffic to the S-Series (based on source port) Internet S & D IP depend on the redirect method S: D: S-Series IP: S: D: S: D: Client IP: Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 Select Network Transparent Redirection Add Service 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 ip wccp 91 int g0/0 ip wccp 91 redirect in 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
26 Secure Mobility Client Appliance Integration Integrated Login Script Software Connector 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 Workplace Portability Insecure Wi-Fi Mobile Device Proliferation Employee Demand Consistent User Experience Public Wi-Fi Security Issues Data Snooping & Theft Device Choice Explosion Security & Policy must be maintained 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 Web Security installs a Network Driver which binds to all connections (LAN, Wireless, 3G) Websecurity Service Automatic Peering Identifies nearest ScanSafe Datacenter and whether a connection is possible AD information can be remembered from when the user was last on the corporate network using the Gpresult API (group policy) Hotspot 3 rd Party Firewall 3 rd Party Proxy Anywhere Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 Authenticates and directs the user s external web traffic to ScanSafe s scanning infrastructure Numerous datacenters are located all over the world ensuring that users are never too far from ScanSafe s scanning services All web traffic is SSL encrypted for improved security over public networks Works with Full or Split Tunnel VPN clients (AnyConnect, or others) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 29
30 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 Full support for Windows (XP, Vista, 7) and Mac OS X (10.5, 10.6, 10.7) - 32 and 64 bit versions Support for all WWAN (3G modem) network interfaces Control of direct access to native IPv6 websites (e.g. IPv6.Google.com) Lockdown to prevent local Admin users from altering the service in any way Hosted configuration to allow the organization to make changes to their AnyConnect profile and push it to all their roaming clients 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Secure Mobility Client Appliance Integration Integrated Login Script Software Connector 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 Integrate cloud security services at many points in the network Utilize existing Cisco appliances to advance security posture Simple deployment Simple management Allow new methods of securing infrastructure 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 Enterprise branches using split tunneling, also interfacing directly to Internet Cisco ISR G2 with ScanSafe VPN Cisco IOS Firewall Secure Split Tunneling Head Office Local LAN POS Wired Security Zone Cisco IOS IPS Guest Users Wireless Security Zone Flexible and simplified deployment options capitalize on network footprint, local, premise, and split services enforcement Internet 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 The Connector is available in IOS (universal) images with security feature set (K9) licenses Supported on the 880, 890, 19xx, 29xx & 39xx/E ISR G2 platforms Supports re-direction of HTTP/HTTPS traffic No need to install Connector on dedicated hardware, or make any browser changes/install AnyConnect on end users machines 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 Supports Single Sign-on based identity with LDAP and AD sync All ScanSafe admin, web filtering, and reporting performed in ScanCenter Web Portal as with other deployment methods ISR Connector is able to work independently with or without IOS Security services such as IOS FW, IPS, VPN CSM (Cisco Security Manager) and CCP (Cisco Configuration Professional) will be supported in the future 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 1. Enable the Content Scan feature in IOS CLI 2. Configure primary IP address for ScanSafe infrastructure on any router interface 3. Configure secondary (Backup) ScanSafe infrastructure on any router interface 4. Configure the DNS/Proxy address to access the ScanSafe infrastructure 5. Configure ScanSafe license key via IOS CLI Notes: The license key is not bound to the serial number of a router, so it can be used on multiple routers within an organization The license key is included in all HTTP/HTTPS requests, in order to verify ScanSafe entitlement (not by the ISR s public IP addresses) 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 ISR integration is also useful for retail & commercial enterprises who provide WiFi access to customers, guests and casual users, preventing inappropriate content and risk of malware Guest Access Retailers Hotels Airports Cafés Restaurants 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 ScanSafe Users Supported per ISR G2 Platform 3945E 3925E No Auth Phase II Phase I Web Proxy HTTP Basic NTLM Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40 Global config: parameter-map type content-scan global server scansafe primary name proxyxxx.scansafe.net port http 8080 https 8080 server scansafe secondary name proxyxxx.scansafe.net port http 8080 https 8080 license 0 abcdef source interface GigabitEthernet0/0 timeout server 30 server scansafe on-failure block-all Interface config int g0/0 content-scan out 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41 Whitelisting: parameter-map type regex foo pattern exit content-scan whitelisting whitelist header host regex foo 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 LDAP integration: aaa new-model aaa group server ldap scansafe server ss ldap server ss ipv transport port 3268 bind authenticate root-dn CN=ldap,CN=Users,DC=isrvlab,DC=com password cisco123 base-dn CN=Users,DC=isrvlab,DC=com authentication bind-first search-filter user-object-type top 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43 aaa authentication login ss-aaa group scansafe aaa authorization network ss-aaa group scansafe aaa accounting network ss-aaa none ip admission virtual-ip virtual-host proxy ip admission name ssauth http-basic inactivity-time 2 ip admission name ssauth order http-basic ip admission name ssauth method-list authentication ss-aaa authorization ss-aaa accounting ss-aaa ip http server int g0/1 ip admission ssauth 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 ip admission name ssntlm ntlm passive inactivity-time 60 ip admission name ssntlm order ntlm ip admission name ssntlm method-list authentication ss-aaa authorization ss-aaa accounting ss-aaa aaa authentication login default group scansafe aaa authentication login noaaa none aaa authorization network default group scansafe ip http server int g0/1 ip admission ssntlm 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 Thank you.
Web Security Deployment. Ryan Wager Technical Marketing Engineer
Web Security Deployment Ryan Wager Technical Marketing Engineer Agenda Overview Web Security Web Security with Cisco Ironport Web Security Critical Functionalities Places in the Network Authentication
More informationCisco AnyConnect Secure Mobility Solution. György Ács Regional Security Consultant
Cisco AnyConnect Secure Mobility Solution György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security Deployment Methods Live Q&A 2011 Cisco and/or its affiliates.
More information2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco AnyConnect as a Service György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security
More informationIntercepting Web Requests
This chapter contains the following sections: Overview of, on page 1 Tasks for, on page 1 Best Practices for, on page 2 Web Proxy Options for, on page 3 Client Options for Redirecting Web Requests, on
More informationNew Features for ASA Version 9.0(2)
FIREWALL Features New Features for ASA Version 9.0(2) Cisco Adaptive Security Appliance (ASA) Software Release 9.0 is the latest release of the software that powers the Cisco ASA family. The same core
More informationConnect the Appliance to a Cisco Cloud Web Security Proxy
Connect the Appliance to a Cisco Cloud Web Security Proxy This chapter contains the following sections: How to Configure and Use Features in Cloud Connector Mode, on page 1 Deployment in Cloud Connector
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0
BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web
More informationIdentity Firewall. About the Identity Firewall
This chapter describes how to configure the ASA for the. About the, on page 1 Guidelines for the, on page 7 Prerequisites for the, on page 9 Configure the, on page 10 Monitoring the, on page 16 History
More informationCisco Cloud Web Security Troubleshooting Guide
Troubleshooting Guide Cisco Cloud Web Security Troubleshooting Guide 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 13 Contents Introduction... 3 Connectivity
More informationCisco Cloud Web Security
Cisco Cloud Web Security WSA ment Guide Internal Use Only 1 October 2014 Cisco CWS WSA/WSAv ment Guide Contents Introduction... 1 Cloud ment... 1 Additional Redirect Methods... 1... 2 Verify connection
More informationCisco ISR G2 and Cloud Web Security Troubleshooting Guide
Design Guide Cisco ISR G2 and Cloud Web Security Troubleshooting Guide Design Guide September, 2014 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 18 Contents
More informationConfiguring Web Cache Services By Using WCCP
CHAPTER 44 Configuring Web Cache Services By Using WCCP This chapter describes how to configure your Catalyst 3560 switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine
More informationConfiguring Cache Services Using the Web Cache Communication Protocol
Configuring Cache Services Using the Web Cache Communication Protocol Finding Feature Information, page 1 Prerequisites for WCCP, page 1 Restrictions for WCCP, page 2 Information About WCCP, page 3 How
More informationConfiguring Request Authentication and Authorization
CHAPTER 15 Configuring Request Authentication and Authorization Request authentication and authorization is a means to manage employee use of the Internet and restrict access to online content. This chapter
More informationWireless LAN Controller Web Authentication Configuration Example
Wireless LAN Controller Web Authentication Configuration Example Document ID: 69340 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Web Authentication Process
More informationTest - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version
Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version ACE Exam Question 1 of 50. Traffic going to a public IP address is being translated by your Palo Alto Networks firewall to your
More informationConfiguring Content Authentication and Authorization on Standalone Content Engines
CHAPTER 10 Configuring Content Authentication and Authorization on Standalone Content Engines This chapter describes how to configure content authentication and authorization on standalone Content Engines
More informationIdentity Firewall. About the Identity Firewall. This chapter describes how to configure the ASA for the Identity Firewall.
This chapter describes how to configure the ASA for the. About the, page 1 Guidelines for the, page 7 Prerequisites for the, page 9 Configure the, page 10 Collect User Statistics, page 19 Examples for
More informationThe following topics explain how to get started configuring Firepower Threat Defense. Table 1: Firepower Device Manager Supported Models
The following topics explain how to get started configuring Firepower Threat Defense. Is This Guide for You?, page 1 Logging Into the System, page 2 Setting Up the System, page 6 Configuration Basics,
More informationChapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM
Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces. 2015 Cisco and/or its affiliates. All rights
More informationRemote Access VPN. Remote Access VPN Overview. Licensing Requirements for Remote Access VPN
Remote Access virtual private network (VPN) allows individual users to connect to your network from a remote location using a laptop or desktop computer connected to the Internet. This allows mobile workers
More informationAT&T SD-WAN Network Based service quick start guide
AT&T SD-WAN Network Based service quick start guide After you order your AT&T SD-WAN Network Based service, you can: Create administrator accounts Log in to the SD-WAN orchestrator Configure business policy
More informationFireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.
Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationChapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM
Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces.
More informationChapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM
Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces. 2016 Cisco and/or its affiliates. All
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More informationCisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller
Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table
More informationConfiguring Web-Based Authentication
CHAPTER 42 This chapter describes how to configure web-based authentication. It consists of these sections: About Web-Based Authentication, page 42-1, page 42-5 Displaying Web-Based Authentication Status,
More informationDeployment Scenarios for Standalone Content Engines
CHAPTER 3 Deployment Scenarios for Standalone Content Engines This chapter introduces some sample scenarios for deploying standalone Content Engines in enterprise and service provider environments. This
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationConfiguring Web-Based Authentication
CHAPTER 61 This chapter describes how to configure web-based authentication. Cisco IOS Release 12.2(33)SXH and later releases support web-based authentication. Note For complete syntax and usage information
More informationUser Guide TL-R470T+/TL-R480T REV9.0.2
User Guide TL-R470T+/TL-R480T+ 1910012468 REV9.0.2 September 2018 CONTENTS About This Guide Intended Readers... 1 Conventions... 1 More Information... 1 Accessing the Router Overview... 3 Web Interface
More informationConfiguring Caching Services
CHAPTER 8 This chapter describes how to configure conventional caching services (HTTP, FTP [FTP-over-HTTP caching and native FTP caching], HTTPS, and DNS caching) for centrally managed Content Engines.
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you
ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationManaging Authentication and Identity Services
You can create access policies based on user identity rather than IP addresses. To enable identity-based services, you configure policies and options to obtain user identity, and then use identity objects
More informationNGF0502 AWS Student Slides
NextGen Firewall AWS Use Cases Barracuda NextGen Firewall F Implementation Guide Architectures and Deployments Based on four use cases Edge Firewall Secure Remote Access Office to Cloud / Hybrid Cloud
More informationConfiguring FlexConnect Groups
Information About FlexConnect Groups, page 1, page 5 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 10 Configuring WLAN-VLAN Mappings on FlexConnect Groups, page 11 Information About FlexConnect
More informationFirepower Threat Defense Remote Access VPNs
About, page 1 Firepower Threat Defense Remote Access VPN Features, page 3 Firepower Threat Defense Remote Access VPN Guidelines and Limitations, page 4 Managing, page 6 Editing Firepower Threat Defense
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo
Vendor: Cisco Exam Code: 300-207 Exam Name: Implementing Cisco Threat Control Solutions Version: Demo DEMO QUESTION 1 When learning accept mode is set to auto, and the action is set to rotate, when is
More informationVRF-Aware Cloud Web Security
The feature adds virtual routing and forwarding (VRF) support to the Cisco Cloud Web Security configuration. VRF instances in IP-based networks enable a device to have multiple instances of the routing
More informationRelease Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...
SonicOS SonicOS Contents Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues... 5 Release Purpose SonicOS 6.1.1.5 is a general
More informationInterfaces for Firepower Threat Defense
This chapter includes Firepower Threat Defense interface configuration including Ethernet settings, EtherChannels, VLAN subinterfaces, IP addressing, and more. About Firepower Threat Defense Interfaces,
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationCCNP Security VPN
CCNP Security VPN 642-647 Official Cert Guide Howard Hooper, CCIE No. 23470 Cisco Press 800 East 96th Street Indianapolis, IN 46240 Contents Introduction xxiv Part I ASA Architecture and Technologies Overview
More informationP ART 3. Configuring the Infrastructure
P ART 3 Configuring the Infrastructure CHAPTER 8 Summary of Configuring the Infrastructure Revised: August 7, 2013 This part of the CVD section discusses the different infrastructure components that are
More informationCisco ASA Next-Generation Firewall Services
Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco
More informationConfiguration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0
Configuration Guide TL-ER5120/TL-ER6020/TL-ER6120 1910012186 REV3.0.0 June 2017 CONTENTS About This Guide Intended Readers... 1 Conventions... 1 More Information... 1 Viewing Status Information... 2 System
More informationCisco Passguide Exam Questions & Answers
Cisco Passguide 642-648 Exam Questions & Answers Number: 642-648 Passing Score: 800 Time Limit: 120 min File Version: 61.8 http://www.gratisexam.com/ Cisco 642-648 Exam Questions & Answers Exam Name: Deploying
More informationSelftestengine q
Selftestengine 700-281 49q Number: 700-281 Passing Score: 800 Time Limit: 120 min File Version: 18.5 http://www.gratisexam.com/ 700-281 Web Security for Field Engineers Still Valid in Egypt, Passed today
More informationDeployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1
Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1 Last revised: February 1, 2008 Contents Overview section on page 1 Configuring Guest Access on the Cisco Wireless
More informationMobility First How Tomorrow Moves for Education
Mobility First How Tomorrow Moves for Education Presented by: Sponsored by: CONFIDENTIAL Copyright 2016. Aruba Networks, an HP Company. All rights reserved GENMOBILE IS AT THE HEART OF OUR TECHNOLOGY STRATEGY
More informationCisco Exam Questions & Answers
Cisco 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.4 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF - Cisco
More informationF5 DDoS Hybrid Defender : Setup. Version
F5 DDoS Hybrid Defender : Setup Version 13.1.0.3 Table of Contents Table of Contents Introducing DDoS Hybrid Defender... 5 Introduction to DDoS Hybrid Defender...5 DDoS deployments... 5 Example DDoS Hybrid
More informationcnpilot Enterprise AP Release Notes
cnpilot Enterprise AP Release Notes cnpilot E400/e410/e430w/E500/E501S/E502S/e600 System Release 3.6 System Release 3.4.1-R9 Sections Included: Supported Platforms Supported Features Problems Corrected
More informationPMS 138 C Moto Black spine width spine width 100% 100%
Series MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. 2009 Motorola, Inc. Table of
More informationApplication Note Asterisk BE with Remote Phones - Configuration Guide
Application Note Asterisk BE with Remote Phones - Configuration Guide 15 January 2009 Asterisk BE - Remote SIP Phones Table of Contents 1 ASTERISK BUSINESS EDITION AND INGATE... 1 1.1 REMOTE SIP PHONE
More informationNew Features and Functionality
This section describes the new and updated features and functionality included in Version 6.2.1. Note that only the Firepower 2100 series devices support Version 6.2.1, so new features deployed to devices
More informationConfiguring Web-Based Authentication
The Web-Based Authentication feature, also known as web authentication proxy, authenticates end users on host systems that do not run the IEEE 802.1x supplicant. Finding Feature Information, on page 1
More informationThe following topics provide more information on user identity. Establishing User Identity Through Passive Authentication
You can use identity policies to collect user identity information from connections. You can then view usage based on user identity in the dashboards, and configure access control based on user or user
More informationD-Link DSR Series Router
D-Link DSR Series Router U s e r M a n u a l Copyright 2010 TeamF1, Inc. All rights reserved Names mentioned are trademarks, registered trademarks or service marks of their respective companies. Part No.:
More informationAccessEnforcer Version 4.0 Features List
AccessEnforcer Version 4.0 Features List AccessEnforcer UTM Firewall is the simple way to secure and manage your small business network. You can choose from six hardware models, each designed to protect
More informationCisco Next Generation Firewall Services
Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the
More informationHigh Availability Synchronization PAN-OS 5.0.3
High Availability Synchronization PAN-OS 5.0.3 Revision B 2013, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Device Configuration... 4 Network Configuration... 9 Objects Configuration...
More informationExpressway for Mobile and Remote Access Deployments, page 1 Cisco AnyConnect Deployments, page 9 Survivable Remote Site Telephony, page 17
Expressway for Mobile and Deployments, page 1 Cisco AnyConnect Deployments, page 9 Survivable Remote Site Telephony, page 17 Expressway for Mobile and Deployments Expressway for Mobile and for Cisco Unified
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-210 Title : Implementing Cisco Threat Control Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-210
More informationUniversal Wireless Controller Configuration for Cisco Identity Services Engine. Secure Access How-To Guide Series
Universal Wireless Controller Configuration for Cisco Identity Services Engine Secure Access How-To Guide Series Author: Hosuk Won Date: November 2015 Table of Contents Introduction... 3 What Is Cisco
More informationConfiguring DHCP, DDNS, and WCCP Services
CHAPTER 10 This chapter describes how to configure the DHCP server, dynamic DNS (DDNS) update methods, and WCCP on the security appliance. DHCP provides network configuration parameters, such as IP addresses,
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 642-618 EXAM QUESTIONS & ANSWERS Number: 642-618 Passing Score: 800 Time Limit: 120 min File Version: 39.6 http://www.gratisexam.com/ CISCO 642-618 EXAM QUESTIONS & ANSWERS Exam Name: Deploying Cisco
More informationConfiguration Guide. BlackBerry UEM. Version 12.9
Configuration Guide BlackBerry UEM Version 12.9 Published: 2018-07-16 SWD-20180713083904821 Contents About this guide... 8 Getting started... 9 Configuring BlackBerry UEM for the first time...9 Configuration
More informationBIG-IP Access Policy Manager : Implementations. Version 12.1
BIG-IP Access Policy Manager : Implementations Version 12.1 Table of Contents Table of Contents Web Access Management...11 Overview: Configuring APM for web access management...11 About ways to time out
More informationDeploying Cisco ASA VPN Solutions v2.0 (VPN)
Deploying Cisco ASA VPN Solutions v2.0 (VPN) Course Overview: The Deploying Cisco ASA VPN Solutions (VPN) v2.0 course is part of the curriculum path that leads to the Cisco CCNP Security certification.
More informationCisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.2
Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.2 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com
More informationSecure Mobility. Klaus Lenssen Senior Business Development Manager Security
Secure Mobility Klaus Lenssen Senior Business Development Manager Security KL Secure Mobility 2008 Cisco Systems, Inc. All rights reserved. Cisco public 1 Complete Your Online Session Evaluation Please
More informationAruba Instant. Validated Reference Design. Chapter 2 Branch Connectivity. Version Roopesh Pavithran Andrew Tanguay
Aruba Instant Chapter 2 Branch Connectivity Version 2.0.1 Authors: Vishal Mann Roopesh Pavithran Andrew Tanguay Contributors: Sathya Narayana Gopal Yan Liu Validated Reference Design Copyright Information
More informationBi-directional ADN Deployment Using WCCP with Reflect Client IP [Configuration Sample] Ken Fritz (PSS)
Bi-directional ADN Deployment Using WCCP with Reflect Client IP [Configuration Sample] February 17, 2011 Ken Fritz (PSS) Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of
More informationConfiguration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2
Configuration Guide BlackBerry UEM Version 12.7 Maintenance Release 2 Published: 2017-12-04 SWD-20171130134721747 Contents About this guide... 8 Getting started... 9 Configuring BlackBerry UEM for the
More informationApplication Note 3Com VCX Connect with SIP Trunking - Configuration Guide
Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide 28 May 2009 3Com VCX Connect Solution SIP Trunking Table of Contents 1 3COM VCX CONNECT AND INGATE... 1 1.1 SIP TRUNKING SUPPORT...
More informationMigration Technologies. Dual Stack and Tunneling Using GRE, 6to4, and 6in4.
Migration Technologies. Dual Stack and Tunneling Using GRE, 6to4, and 6in4. 1 By Gaza IPv6 Project Team Eng. Mohammed Abu-Jamous Why Not Dual Stack? Dual Stack is very important in our migration plane.
More informationActualTorrent. Professional company engaging Providing Valid Actual Torrent file for qualification exams.
ActualTorrent http://www.actualtorrent.com/ Professional company engaging Providing Valid Actual Torrent file for qualification exams. Exam : 300-206 Title : Implementing Cisco Edge Network Security Solutions
More informationCCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, ,
CCNA Cisco Certified Network Associate (200-125) Exam DescrIPtion: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment
More informationDeploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2
Deploying VMware Identity Manager in the DMZ JULY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationSophos Firewall Configuring SSL VPN for Remote Access
Sophos Firewall Configuring SSL VPN for Remote Access Product Version: 1 Document date: October 2014 Contents 1 Introduction 3 2 Configuring Sophos Firewall 4 2.1 Defining a User Account 4 2.2 Configuring
More informationA+ Guide to Managing & Maintaining Your PC, 8th Edition. Chapter 17 Windows Resources on a Network
Chapter 17 Windows Resources on a Network Objectives Learn how to support some client/server applications Learn how to share and secure files and folders on the network Learn how to troubleshoot network
More informationCisco Certified Network Associate ( )
Cisco Certified Network Associate (200-125) Exam Description: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that
More informationGigabit SSL VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the
More informationService Graph Design with Cisco Application Centric Infrastructure
White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...
More informationISE Primer.
ISE Primer www.ine.com Course Overview Designed to give CCIE Security candidates an intro to ISE and some of it s features. Not intended to be a complete ISE course. Some topics are not discussed. Provides
More informationConfiguring Traffic Interception
4 CHAPTER This chapter describes the WAAS software support for intercepting all TCP traffic in an IP-based network, based on the IP and TCP header information, and redirecting the traffic to wide area
More informationSupport for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.
Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Transparently Routing Web Traffic to the Barracuda Web Security Gateway This article demonstrates
More informationBlackBerry UEM Configuration Guide
BlackBerry UEM Configuration Guide 12.9 2018-11-05Z 2 Contents Getting started... 7 Configuring BlackBerry UEM for the first time... 7 Configuration tasks for managing BlackBerry OS devices... 9 Administrator
More informationDevice Management Basics
The following topics describe how to manage devices in the Firepower System: The Device Management Page, on page 1 Remote Management Configuration, on page 2 Adding Devices to the Firepower Management
More informationForeScout CounterACT. Configuration Guide. Version 4.3
ForeScout CounterACT Authentication Module: RADIUS Plugin Version 4.3 Table of Contents Overview... 4 Understanding the 802.1X Protocol... 4 About the CounterACT RADIUS Plugin... 6 IPv6 Support... 7 About
More informationNew methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall
New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall Claudiu Onisoru, Senior Network Specialist Cisco Connect - 15 May 2014 1 Agenda Frontal Communication: Who
More informationMWA Deployment Guide. VPN Termination from Smartphone to Cisco ISR G2 Router
MWA Deployment Guide Mobile Workforce Architecture: VPN Deployment Guide for Microsoft Windows Mobile and Android Devices with Cisco Integrated Services Router Generation 2 This deployment guide explains
More information