Contents. Introduction
|
|
- Joella Hunter
- 6 years ago
- Views:
Transcription
1 Contents Introduction Prerequisites Requirements Components Used Background Information Cisco Anyconnect Secure Mobility Client Internet Protocol Flow Information Export (IPFIX) IPFIX Collector Splunk Topology Configure Anyconnect NVM client profile Configure NVM client profile via ASDM Configure NVM client profile via Anyconnect Profile Editor Configure Web-Deployment on Cisco ASA Configure Web-Deployment on Cisco ISE Trusted Network Detection Deploy Step 1. Configure Anyconnect NVM on Cisco ASA/ISE Step 2. Set up IPFIX Collector component Step 3. Set up Splunk with Cisco NVM App Verify Validate Anyconnect NVM installation Validate Collector status as Running Validate Splunk Troubleshoot Packet Flow Basic troubleshoot steps Trusted Network Detection (TND) Flow Templates Recommended Release Related Defects Related Links Introduction This document describes the method to install and configure the Cisco AnyConnect Network Visibility Module (NVM) on an end-user system using AnyConnect 4.2.x or higher. The Cisco AnyConnect NVM is used as a medium for deploying security analytics. NVM empowers organizations to see endpoint & user behavior on their network, collects flows from endpoints both on and off-premise along with additional context like users, applications, devices, locations and destinations.
2 This technote is a configuration example using AnyConnect NVM with Splunk. Prerequisites Requirements Cisco recommends that you have knowledge of these topics: AnyConnect or higher with NVM AnyConnect APEX license ASDM or higher Components Used The information in this document is based on these software and hardware versions: Cisco AnyConnect Security Mobility Client 4.2 or later Cisco AnyConnect Profile Editor Cisco Adaptive Security Appliance (ASA), version Cisco Adaptive Security Device Manager (ASDM), version Splunk Enterprise 6.3 Ubuntu LTS as a collector device The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Background Information Cisco Anyconnect Secure Mobility Client Cisco Anyconnect is a unified agent that delivers multiple security services to protect the enterprise. Anyconnect is most commonly used as an enterprise VPN client, but it also supports additional modules that cater to different aspects of enterprise security. The additional modules enable security features like posture assessment, web security, malware protection, network visibility and more. This technote is about Network Visibility Module (NVM), which integrates with Cisco Anyconnect to provide administrators the ability to monitor endpoint application usage. For more information regarding Cisco Anyconnect, refer to: Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.3 Internet Protocol Flow Information Export (IPFIX)
3 IPFIX is an IETF protocol to define a standard for exporting IP flow information for various purposes like accounting/auditing/security. IPFIX is based on Cisco NetFlow protocol v9, though not directly compatible. Cisco vzflow is a protocol specification extended based on the IPFIX protocol. IPFIX doesn t have enough standard Information Elements to support all the parameters can be collected as part of AC NVM. Cisco vzflow protocol extends the IPFIX standard and defines new Information Elements as well as defines a standard set of IPFIX templates that will be used by AC NVM for exporting IPFIX data. For more information on IPFIX, refer to rfc5101,rfc7011,rfc7012,rfc7013,rfc7014,rfc7015. IPFIX Collector A collector is a server that receives and stores IPFIX data. It can then feed this data to Splunk. Eg. Lancope. Cisco also provide its home-grown IPFIX collector. Splunk Splunk is a powerful tool that collects and analyses diagnostic data to give meaningful information about the IT infrastructure. It provides a one-stop location for administrators to collect data that is crucial in understanding the health of the network. Splunk is not owned or maintained by Cisco Systems, however Cisco provides Cisco AnyConnect NVM App for Splunk. For more information regarding Spunk, please visit their website. Topology
4 IP address conventions in this technote : Collector IP address: Splunk IP address: Configure This section covers configuration of Cisco NVM components. Anyconnect NVM client profile Anyconnect NVM configuration is saved in an XML file that contains information about the collector IP address and port number, along with other information. The collector IP address and port number need to be correctly configured on NVM client profile. For correct operation of the NVM module, the XML file is required to be placed in this directory: For Windows 7 and later: %ALLUSERSPROFILE%\Cisco\Cisco AnyConnect Secure Mobility Client\NVM For Mac OSX: /opt/cisco/anyconnect/nvm If the profile is present on Cisco ASA/Identity Services Engine (ISE), then it is auto-deployed along with Anyconnect NVM deployment. XML profile example: <?xml version="1.0" encoding="utf-8"?> -<NVMProfile xmlns:xsi=" xsi:nonamespaceschemalocation="nvmprofile.xsd"> -<CollectorConfiguration> <CollectorIP> </CollectorIP> <Port>2055</Port> </CollectorConfiguration> <Anonymize>false</Anonymize> <CollectionMode>all</CollectionMode> </NVMProfile> NVM profile can be created using two different tools: Cisco ASDM Anyconnect Profile Editor Configure NVM client profile via ASDM This method is preferable if Anyconnect NVM is being deployed via Cisco ASA. 1. Navigate to Configuration > Remove Access VPN > Network (Client) Access > Anyconnect Client Profile 2. Click Add
5 3. Give the profile a name. In Profile Usage, select Network Visibility Service Profile 4. Assign it to the group-policy being used by Anyconnect users. Click OK. 5. The new policy is created. Click Edit 6. Fill information regarding the Collector IP address and port number. Click OK.
6 7. Click Apply. Configure NVM client profile via Anyconnect Profile Editor This is a stand-alone tool available on Cisco.com. This method is preferable if Anyconnect NVM is being deployed via Cisco ISE. The NVM profile created using this tool can be uploaded to Cisco ISE, or copied directly to endpoints.
7 For detailed information on Anyconnect Profile Editor, refer to: The AnyConnect Profile Editor Configure Web-Deployment on Cisco ASA This technote assumes that Anyconnect is already configured on the ASA, and only NVM module configuration needs to be added. For detailed information on ASA Anyconnect configuration, refer to: ASDM Book 3: Cisco ASA Series VPN ASDM Configuration Guide, 7.5 In order to enable Anyconnect NVM module on Cisco ASA, perform these steps: 1. Navigate to Configuration > Remote Access VPN > Network (Client) Access > Group Policies 2. Select relevant group-policy and click Edit 3. Within the group-policy pop-up, navigate to Advanced > Anyconnect Client. 4. Expand Optional Client Modules to Download and select Anyconnect Network Visibility. 5. Click OK and apply changes.
8 Configure Web-Deployment on Cisco ISE In order to configure Cisco ISE for Anyconnect Web-Deployment, perform these steps: In Cisco ISE GUI, navigate to Policy > Policy Elements > Results Expand Client Provisioning to show Resources, and select Resources Adding Anyconnect Image Select Add > Agent Resources, and upload the Anyconnect package file. Confirm the package's hash in the pop-up. The file-hash can be verified against Cisco.com download page or using third-party tool. This step can be repeated to add multiple Anyconnect images. (for Mac OSX and Linux OS) Adding Anyconnect NVM profile: Select > Agent Resources, and upload the NVM client profile.
9 Add Anyconnect configuration file: Select Add > AnyConnect Configuration Choose the package uploaded in previous step. Enable NVM in the AnyConnect Module Selection along with the policy required. In the above section, we enable AnyConnect Client modules, profiles, customization/language packages, and the Opswat packages. For detailed information regarding web-deployment configuration on Cisco ISE, refer to: Web-Deploying AnyConnect Trusted Network Detection The NVM sends flow information only when it is on a Trusted Network. It uses the TND feature of
10 Anyconnect client to learn if the endpoint is in a trusted network. TND uses DNS/domain information to determine if the endpoint is in a trusted network. When VPN is connected, it is considered to be in a trusted network, and flow information is sent to the collector. TND needs to be correctly configured for correct functioning of NVM. For details on TND configuration, refer to: Configure Trusted Network Detection Deploy Deploying Anyconnect NVM solution involves these steps: 1. Configure Anyconnect NVM on Cisco ASA/ISE 2. Set up IPFIX Collector component 3. Set up Splunk with Cisco NVM App Step 1. Configure Anyconnect NVM on Cisco ASA/ISE This step has been covered in detail in the Configure section. Once NVM is configured on Cisco ISE/ASA, it can be auto-deployed to client endpoints. Step 2. Set up IPFIX Collector component The Collector Component is responsible for collecting and translating all IPFIX data from the endpoints and forwarding it to the Splunk App. There are various third-party collector tools available, and Cisco NVM is compatible with any collector that understands IPFIX. This technote uses Cisco homegrown collector tool running on 64-bit Linux. CentOS and Ubuntu configuration scripts are included in with the splunk application. The CentOS install scripts and configuration files can also be used in Fedora and Redhat distributions as well. The collector should be run on either a standalone 64-bit Linux system or a Splunk Forwarder running on 64-bit Linux. In order to install the collector you will need to copy the application in the CiscoNVMCollector_TA.tar file, located in the $APP_DIR$/appserver/addon/ directory to the system you plan to install it on. Splunk, for this technote, is installed on Windows workstation on the E: drive. CiscoNVMCollector_TA.tar file can be located in the following directory : E:\Program Files\Splunk\etc\apps\CiscoNVM\appserver\addon\ Extract the tar file on the system where you plan to install the collector and execute the install.sh script with super user privileges. It is recommended to read the $PLATFORM$_README file in the.tar bundle before executing the install.sh script. The $PLATFORM$_README file provides information on relevant configuration settings that need to be verified and modified (if necessary) before the install.sh script is executed. Collector directory on Ubuntu server:
11 ls acnvmcollector CENTOS_README libboost_log.so acnvmcollectord install_centos.sh libboost_system.so acnvm.conf install.sh libboost_thread.so acnvm.conf~ install_ubuntu.sh UBUNTU_README acnvm.service libboost_filesystem.so The information needs to be configured in the configuration file (acnvm.conf): 1. IP address and listening port of Splunk instance. 2. Listening port for collector (incoming IPFIX data). Per Flow Data Port, Endpoint Identity Data Port and Collector Port are pre-configured to default settings in the configuration file. Ensure that these values are changed if non-default ports are being used. This information is added in the configuration file (acnvm.conf): GNU nano File: acnvm.conf { "syslog_server_ip" : " ", "syslog_flowdata_server_port" : 20519, "syslog_sysdata_server_port" : 20520, "netflow_collector_port" : 2055, "log_level" : 7 } For more information, refer to: Step 3. Set up Splunk with Cisco NVM App Cisco AnyConnect NVM App for Splunk is available on Splunkbase. This app helps with predefined reports and dashboards to use IPFIX (nvzflow) data from end points in usable reports, and correlates user and endpoint behavior. Link for Cisco NVM App on Splunkbase: Install: Navigate to Splunk > Apps and install the tar.gz file downloaded from the Splunkbase or search within the Apps section.
12 By default, Splunk receives two data input feeds for Per Flow Data and Endpoint Identity Data, on UDP ports and respectively. The collector component sends these feeds on these ports by default. The default ports can be changed on the splunk, but the same ports also need to be specifed in the collector configuration (see Step 2) In order to change default ports, navigate to Splunk > Settings > Data Input > UDP Verify Validate Anyconnect NVM installation After successful installation, the Network Visibility Module should be listed in Installed Modules, within in the Information section of Anyconnect Secure Mobility client.
13 Also, verify if the nvm service is running on the end point and profile is in the required directory. Validate Collector status as Running Ensure that the collector status is running. This ensures that the collector is receiving IPFIX/cflow from the endpoints at all times. GNU nano File: acnvm.conf { "syslog_server_ip" : " ", "syslog_flowdata_server_port" : 20519, "syslog_sysdata_server_port" : 20520, "netflow_collector_port" : 2055, "log_level" : 7 } Validate Splunk Ensure that Splunk and its relevant services are running. For documentation on troubleshooting Splunk, please refer to their website. Troubleshoot Packet Flow 1. IPFIX packets are generated on client endpoints by Anyconnect NVM module. 2. Client endpoints forward IPFIX packets to the Collector IP address 3. Collector collects the information and forwards it to Splunk 4. Collector sends traffic to Splunk on two different streams: Per Flow Data and Endpoint Identity Data All traffic is UDP based on there is no acknowledgement of traffic. Default port for traffic: IPFIX data 2055 Per Flow Data Per Flow Data NVM module caches IPFIX data and sends it to collector when it is in Trusted Network. This can either be when the laptop is connected to the corporate network (on-prem) or when it is connected via VPN. Basic troubleshoot steps Ensure network connectivity between client endpoint and collector.
14 Ensure network connectivity between collector and splunk. Ensure that NVM is correctly installed on client endpoint. Apply captures on endpoint to see if IPFIX traffic is being generated. Apply captures on collector to see if it is recieving IPFIX traffic, and if it is forwarding traffic to Splunk. Apply captures on Splunk to see if it is recieving traffic. IPFIX traffic as seen in Wireshark: Trusted Network Detection (TND) NVM relies on TND for detecting when the endpoint is within trusted network. If the TND configuration is incorrect, this will cause issues with NVM. TND works based on information received via DHCP: domain-name and DNS server. If the DNS server and/or domain-name match the configured values, then the network is deemed to be trusted. If NVM is not forwarding traffic to collector, then it could be an issue with TND. Flow Templates IPFIX flow templates are sent to collector at the start of the IPFIX communication. These templates help the collector to make sense of the IPFIX data. If this information is not sent to the collector, then the collector can not collect the IPFIX data. This causes issues with data collection. Such issues are seen if the collector is configured later, or if the first few IPFIX packets are dropped in the network (common over VPN). In order to mitigate this, one of the below events should occur: 1. There is a change in the NVM client profile. 2. There is a network change event. 3. The nvmagent service is restarted. 4. End point is rebooted/restarted. This issue can be recovered by rebooting the endpoint, or reconnecting VPN. The issue can be identified by observing no template found in a packet capture on the end point, or no templates for flowset in the collector logs. Packet capture
15 Collector logs: GNU nano File: acnvm.conf { "syslog_server_ip" : " ", "syslog_flowdata_server_port" : 20519, "syslog_sysdata_server_port" : 20520, "netflow_collector_port" : 2055, "log_level" : 7 } Recommended Release Cisco always recommends the latest software version of AnyConnect at the time of use or updating. While choosing AnyConnect version, please use the latest 4.2.x or 4.3.x client. This will give the latest enhancements with resepect NVM, defect fixes and mitigate recent changes with Microsoft Code Signing Certificates enforcements. More details here. Related Defects 1. CSCva Anyconnect NVM Handles/Leak for acnvmagent.exe*32 process Related Links 1. Cisco AnyConnect Network Visibility (NVM) App for Splunk: 2. Splunk Documentation on Splunk Collector Setup and installing collector scripts : 3. Cisco AnyConnect Secure Mobility Client Administrator Guide, Release Release notes of AnyConnect 4.3
Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM
Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM How to implement the Cisco Stealthwatch Endpoint License with the Cisco AnyConnect Network Visibility Module Table of Contents About This Document...
More informationYes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com
Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com Endpoint Footprint Problem: TOO MANY AGENTS! Anti-Virus/Anti-Spyware agent IPSec/SSLVPN agent Host IPS/FW
More informationCisco Secure Access Control
Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security
More informationCertKiller q
CertKiller.500-451.28q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 5.3 500-451 Cisco Unified Access Systems Engineer Exam I just passed today with 89%. My sole focus was the VCE.
More informationCisco Virtualization Experience Media Engine Overview
Cisco Virtualization Experience Media Engine Overview Purpose of This Guide, page 1 About Cisco Virtualization Experience Media Engine, page 1 Cisco AnyConnect Feature Support, page 4 Purpose of This Guide
More informationSASSL v1.0 Managing Advanced Cisco SSL VPN. 3 days lecture course and hands-on lab $2,495 USD 25 Digital Version
Course: Duration: Fees: Cisco Learning Credits: Kit: 3 days lecture course and hands-on lab $2,495 USD 25 Digital Version Course Overview Managing Advanced Cisco SSL VPN (SASSL) v1.0 is an instructor-led
More informationDeploy AnyConnect. Before You Begin Deployment
Before You Begin Deployment, page 1 AnyConnect Deployment Overview, page 2 Preparing the Endpoint for AnyConnect, page 3 Pre-Deploying AnyConnect, page 7 Web-Deploying AnyConnect, page 21 Updating AnyConnect
More informationAnyConnect HostScan. Prerequisites for HostScan
The AnyConnect Posture Module provides the AnyConnect Secure Mobility Client the ability to identify the operating system, anti-virus, anti-spyware, and firewall software installed on the host. The HostScan
More informationDeploy AnyConnect. Before You Begin Deployment
Before You Begin Deployment, page 1 AnyConnect Deployment Overview, page 2 Preparing the Endpoint for AnyConnect, page 3 Using NVM on Linux, page 7 Pre-Deploying AnyConnect, page 8 Web-Deploying AnyConnect,
More informationConfigure 2.2 Client Provisioning and Application
Configure 2.2 Client Provisioning and Application Contents Introduction Prerequisites Requirements Components Used Configure Configurations Section 1. Configure Client Provisioning Step 1. Upload AnyConnect
More informationConfigure Posture. Note
The AnyConnect Secure Mobility Client offers an VPN Posture (HostScan) Module and an ISE Posture Module. Both provide the Cisco AnyConnect Secure Mobility Client with the ability to assess an endpoint's
More informationCisco AnyConnect Secure Mobility Client
To provide secure VPN connections, the Cisco VXC 6215 supports the Cisco AnyConnect Secure Mobility Client, Release 3.1. The Cisco AnyConnect Secure Mobility client provides remote users with secure VPN
More informationForeScout CounterACT. Configuration Guide. Version 1.4
ForeScout CounterACT Core Extensions Module: Flow Analyzer Plugin Version 1.4 Table of Contents About the Flow Analyzer... 3 How It Works... 3 CounterACT Software Requirements... 4 Configure the Sharing
More informationDeploy AnyConnect. AnyConnect Deployment Overview
AnyConnect Deployment Overview, page 1 Preparing the Endpoint for AnyConnect, page 2 Pre-Deploying AnyConnect, page 6 Web-Deploying AnyConnect, page 19 Updating AnyConnect Software and Profiles, page 27
More informationNetFlow Optimizer. Overview. Version (Build ) May 2017
NetFlow Optimizer Overview Version 2.4.9 (Build 2.4.9.0.3) May 2017 Copyright 2013-2017 NetFlow Logic Corporation. All rights reserved. Patents both issued and pending. Contents About NetFlow Optimizer...
More informationForeScout CounterACT. Configuration Guide. Version 1.2
ForeScout CounterACT Core Extensions Module: NetFlow Plugin Version 1.2 Table of Contents About NetFlow Integration... 3 How it Works... 3 Supported NetFlow Versions... 3 What to Do... 3 Requirements...
More information2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco AnyConnect as a Service György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security
More informationVMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway
VMware AirWatch Content Gateway for Linux VMware Workspace ONE UEM 1811 Unified Access Gateway You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationForeScout Extended Module for IBM BigFix
ForeScout Extended Module for IBM BigFix Version 1.0.0 Table of Contents About this Integration... 4 Use Cases... 4 Additional BigFix Documentation... 4 About this Module... 4 Concepts, Components, Considerations...
More informationForescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2
Forescout Version 1.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationConfigure Client Posture Policies
Posture Service Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance
More informationConfigure Client Provisioning
in Cisco ISE, on page 1 Client Provisioning Resources, on page 2 Add Client Provisioning Resources from Cisco, on page 3 Add Cisco Provided Client Provisioning Resources from a Local Machine, on page 4
More informationAlways-on Endpoint Remote Access and Protection with Cisco AnyConnect
Always-on Endpoint Remote Access and Protection with Cisco AnyConnect Dan Stotts, Security Product Marketing Manager PSOSEC-1900 Agenda Introduction Works Everywhere Expanded Visibility User Experience
More informationConfigure Client Provisioning
in Cisco ISE, on page 1 Client Provisioning Resources, on page 2 Add Client Provisioning Resources from Cisco, on page 3 Add Cisco Provided Client Provisioning Resources from a Local Machine, on page 4
More informationConfigure Client Posture Policies
Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate
More informationCisco AnyConnect Secure Mobility Solution. György Ács Regional Security Consultant
Cisco AnyConnect Secure Mobility Solution György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security Deployment Methods Live Q&A 2011 Cisco and/or its affiliates.
More informationASA 8.0: How to Change the WebVPN Logo
ASA 8.0: How to Change the WebVPN Logo Contents Introduction Prerequisites Requirements Components Used Conventions Change the WebVPN Logo Upload and Configure the Logo Apply the Customization Customize
More informationCisco ASA Software Release 8.2
Cisco ASA Software Release 8.2 Q. When will the Cisco ASA Software Release 8.2 be available? A. Cisco ASA Software Release 8.2 has a targeted release date of April 13, 2009. Q. How do I obtain Cisco ASA
More informationNetwork Operations Analytics
Network Operations Analytics Solution Guide Version 2.4.4 (Build 2.4.4.0.x) June 2016 Copyright 2012-2016 NetFlow Logic Corporation. All rights reserved. Patents Pending. Contents Introduction... 2 Solution
More informationForeScout Extended Module for IBM BigFix
Version 1.1 Table of Contents About BigFix Integration... 4 Use Cases... 4 Additional BigFix Documentation... 4 About this Module... 4 About Support for Dual Stack Environments... 5 Concepts, Components,
More informationCisco Identity Services Engine
164 CISCO Cisco Identity Services Engine Configuration overview The Cisco Identity Services Engine (ISE) DSM for QRadar accepts syslog events from Cisco ISE appliances with log sources configured to use
More informationRemote Access VPN. Remote Access VPN Overview. Licensing Requirements for Remote Access VPN
Remote Access virtual private network (VPN) allows individual users to connect to your network from a remote location using a laptop or desktop computer connected to the Internet. This allows mobile workers
More informationIMC Network Traffic Analyzer 7.2 (E0401P04) Copyright 2016 Hewlett Packard Enterprise Development LP
Network Traffic Analyzer 7.2 (E0401P04) Copyright 2016 Hewlett Packard Enterprise Development LP Table of Contents 1. What's New in this Release 2. Problems Fixed in this Release 3. Software Distribution
More informationWorkspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810
Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN VMware Workspace ONE UEM 1810 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationData Onboarding. Where Do I begin? Luke Netto Senior Professional Services Splunk. September 26, 2017 Washington, DC
Data Onboarding Where Do I begin? Luke Netto Senior Professional Services Consultant @ Splunk September 26, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may
More informationConfigure Client Posture Policies
Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationImplementing Core Cisco ASA Security (SASAC)
1800 ULEARN (853 276) www.ddls.com.au Implementing Core Cisco ASA Security (SASAC) Length 5 days Price $6215.00 (inc GST) Overview Cisco ASA Core covers the Cisco ASA 9.0 / 9.1 core firewall and VPN features.
More informationExpressway for Mobile and Remote Access Deployments, page 1 Cisco AnyConnect Deployments, page 9 Survivable Remote Site Telephony, page 17
Expressway for Mobile and Deployments, page 1 Cisco AnyConnect Deployments, page 9 Survivable Remote Site Telephony, page 17 Expressway for Mobile and Deployments Expressway for Mobile and for Cisco Unified
More informationAdministering System Center 2012 Configuration Manager
Administering System Center 2012 Configuration Manager Duration: 5 Days Course Code:10747D About this Course This course describes how to configure and manage a System Center 2012 R Configuration Manager
More informationWhat s New in Fireware v12.3 WatchGuard Training
What s New in Fireware v12.3 2 What s New in Fireware v12.3 Updates to Networking functionality: SD-WAN actions SD-WAN reporting enhancements NetFlow support Link monitor enhancements Centralized FireCluster
More informationContents. Introduction. Prerequisites. Requirements. Components Used
Contents Introduction Prerequisites Requirements Components Used Configure Network Diagram ASA ISE Step 1. Configure Network Device Step 2. Configure Posture conditions and policies Step 3. Configure Client
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationConfigure Posture. Note
The AnyConnect Secure Mobility Client offers an VPN Posture (HostScan) Module and an ISE Posture Module. Both provide the Cisco AnyConnect Secure Mobility Client with the ability to assess an endpoint's
More informationCisco Asa Version 8.0 Vpn Anyconnect Configuration Guide
Cisco Asa Version 8.0 Vpn Anyconnect Configuration Guide After this configuration is complete, Cisco IP Phones can establish VPN connections Dependent upon the ASA version, you will see either "AnyConnect
More informationForeScout CounterACT. Plugin. Configuration Guide. Version 2.1
ForeScout CounterACT Core Extensions Module: DHCP Classifier Plugin Version 2.1 Table of Contents About the DHCP Classifier Plugin... 3 What to Do... 3 Requirements... 3 Verify That the Plugin Is Running...
More informationCertificates for Live Data Standalone
Certificates and Secure Communications, on page 1 Export Self-Signed Live Data Certificates, on page 2 Import Self-Signed Live Data Certificates, on page 3 Produce Certificate Internally, on page 4 Deploy
More informationConfigure HTTPS Support for ISE SCEP Integration
Configure HTTPS Support for ISE SCEP Integration Document ID: 116238 Contributed by Todd Pula and Sylvain Levesque, Cisco TAC Engineers. Jul 31, 2013 Contents Introduction Prerequisites Requirements Components
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-208 Title : Implementing Cisco Secure Access Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-208
More informationConfigure Client Provisioning
in Cisco ISE, on page 1 Client Provisioning Resources, on page 2 Add Client Provisioning Resources from Cisco, on page 3 Add Cisco Provided Client Provisioning Resources from a Local Machine, on page 4
More informationNGFW Security Management Center
NGFW Security Management Center Release Notes 6.5.3 Revision A Contents About this release on page 2 System requirements on page 2 Build number and checksums on page 4 Compatibility on page 5 New features
More information"Charting the Course to Your Success!" MOC D Administering System Center 2012 Configuration Manager. Course Summary
Description Course Summary This course describes how to configure and manage a site and its associated site systems. The course focuses on day-to-day management tasks for. Objectives At the end of this
More informationVMware AirWatch Content Gateway Guide for Linux For Linux
VMware AirWatch Content Gateway Guide for Linux For Linux Workspace ONE UEM v9.7 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationFirepower Threat Defense Remote Access VPNs
About, page 1 Firepower Threat Defense Remote Access VPN Features, page 3 Firepower Threat Defense Remote Access VPN Guidelines and Limitations, page 4 Managing, page 6 Editing Firepower Threat Defense
More informationRealms and Identity Policies
The following topics describe realms and identity policies: Introduction:, page 1 Creating a Realm, page 5 Creating an Identity Policy, page 11 Creating an Identity Rule, page 15 Managing Realms, page
More information802.1x EAP TLS with Binary Certificate Comparison from AD and NAM Profiles Configuration Example
802.1x EAP TLS with Binary Certificate Comparison from AD and NAM Profiles Configuration Example Document ID: 116018 Contributed by Michal Garcarz, Cisco TAC Engineer. Apr 09, 2013 Contents Introduction
More informationCisco Stealthwatch. Update Guide 7.0
Cisco Stealthwatch Update Guide 7.0 Table of Contents Introduction 5 Overview 5 Audience 5 Terminology 5 New Update Process 6 Before You Begin 7 Software Version 7 Java 7 TLS 7 Default Credentials 8 Third
More informationSIEM Product Comparison
SIEM Product Comparison SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013) Only products with technology
More informationCCNP Security VPN
CCNP Security VPN 642-647 Official Cert Guide Howard Hooper, CCIE No. 23470 Cisco Press 800 East 96th Street Indianapolis, IN 46240 Contents Introduction xxiv Part I ASA Architecture and Technologies Overview
More informationCisco Passguide Exam Questions & Answers
Cisco Passguide 642-648 Exam Questions & Answers Number: 642-648 Passing Score: 800 Time Limit: 120 min File Version: 61.8 http://www.gratisexam.com/ Cisco 642-648 Exam Questions & Answers Exam Name: Deploying
More informationCisco Day Hotel Mons Wednesday
Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April
More informationVMware AirWatch Certificate Authentication for Cisco IPSec VPN
VMware AirWatch Certificate Authentication for Cisco IPSec VPN For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationF5 Analytics and Visibility Solutions
Agility 2017 Hands-on Lab Guide F5 Analytics and Visibility Solutions F5 Networks, Inc. 2 Contents: 1 Class 1: Introduction to F5 Analytics 5 1.1 Lab Environment Setup.......................................
More informationConfiguring AVC to Monitor MACE Metrics
This feature is designed to analyze and measure network traffic for WAAS Express. Application Visibility and Control (AVC) provides visibility for various applications and the network to central network
More informationDOWNLOAD PDF CISCO IRONPORT CONFIGURATION GUIDE
Chapter 1 : Cisco IronPort E-mail Security Appliance Best Practices : Part 3 - emtunc's Blog Cisco IronPort AsyncOS for Email Security Advanced Configuration Guide (PDF - 9 MB) Cisco IronPort AsyncOS for
More informationCisco CTL Client Setup
This chapter provides information about Cisco CTL client setup. About, page 2 Addition of Second SAST Role in the CTL File for Recovery, page 2 Cluster Encryption Configuration Through CLI, page 3 Remove
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for IP Flow (NetFlow/J-Flow) Configuration Guide October 17, 2017 SmartConnector for IP Flow (NetFlow/J-Flow) October 17, 2017 Copyright 2004 2017 Hewlett
More informationIBM Endpoint Manager. OS Deployment V3.5 User's Guide
IBM Endpoint Manager OS Deployment V3.5 User's Guide IBM Endpoint Manager OS Deployment V3.5 User's Guide Note Before using this information and the product it supports, read the information in Notices
More informationSystem Center Course Administering System Center Configuration Manager. Length. Audience. 5 days
System Center Course - 207031-1 Administering System Center Configuration Manager Length 5 days Audience This course is for experienced information technology (IT) professionals, typically described as
More informationCisco ASA Next-Generation Firewall Services
Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco
More informationADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER
CENTER OF KNOWLEDGE, PATH TO SUCCESS Website: ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER Course 10747D; Duration: 5 Days; Instructor-led WHAT YOU WILL LEARN This course describes how to configure
More informationCisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1
Cisco ISE Overview, page 2 Key Functions, page 2 Identity-Based Network Access, page 2 Support for Multiple Deployment Scenarios, page 3 Support for UCS Hardware, page 3 Basic User Authentication and Authorization,
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, on page 1 Service Subscriptions for Firepower Features, on page 2 Smart Licensing for the Firepower System,
More informationMcAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator)
McAfee Threat Intelligence Exchange 2.2.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,
More informationDeploying Cisco ASA VPN Solutions v2.0 (VPN)
Deploying Cisco ASA VPN Solutions v2.0 (VPN) Course Overview: The Deploying Cisco ASA VPN Solutions (VPN) v2.0 course is part of the curriculum path that leads to the Cisco CCNP Security certification.
More informationCisco dan Hotel Crowne Plaza Beograd, Srbija.
Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationvrealize Operations Management Pack for NSX for vsphere 3.5.0
vrealize Operations Management Pack for NSX for vsphere 3.5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationThis document describes the configuration of Secure Sockets Layer (SSL) decryption on the FirePOWER Module using ASDM (On-Box Management).
Contents Introduction Prerequisites Requirements Components Used Background Information Outbound SSL Decryption Inbound SSL Decryption Configuration for SSL Decryption Outbound SSL decryption (Decrypt
More informationIMC Network Traffic Analyzer 7.1 (E0301P04) Copyright (c) 2015 Hewlett-Packard Development Company, L.P. All Rights Reserved.
Network Traffic Analyzer 7.1 (E0301P04) Copyright (c) 2015 Hewlett-Packard Development Company, L.P. All Rights Reserved. Table of Contents 1. What's New in this Release 2. Problems Fixed in this Release
More informationIBM Endpoint Manager Version 9.0. Software Distribution User's Guide
IBM Endpoint Manager Version 9.0 Software Distribution User's Guide IBM Endpoint Manager Version 9.0 Software Distribution User's Guide Note Before using this information and the product it supports,
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationvrealize Operations Management Pack for NSX for Multi-Hypervisor
vrealize Operations Management Pack for This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more
More informationForescout. Configuration Guide. Version 2.2
Forescout Version 2.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationADMINISTERING SYSTEM CENTER CONFIGURATION MANAGER
ADMINISTERING SYSTEM CENTER CONFIGURATION MANAGER Course Code: 20703-1a Duration 5 days Introduction This five-day course describes how to use Configuration and its associated site systems to efficiently
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationNew Features and Functionality
This section describes the new and updated features and functionality included in Version 6.2.1. Note that only the Firepower 2100 series devices support Version 6.2.1, so new features deployed to devices
More informationDomainTools for Splunk
DomainTools for Splunk Installation Guide version 2.0 January 2018 Solution Overview The DomainTools Technology Add-On (TA) for Splunk populates a whois index with DomainTools Whois and Risk Score data
More informationForescout. Configuration Guide. Version 3.5
Forescout Version 3.5 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationNew Features for ASA Version 9.0(2)
FIREWALL Features New Features for ASA Version 9.0(2) Cisco Adaptive Security Appliance (ASA) Software Release 9.0 is the latest release of the software that powers the Cisco ASA family. The same core
More informationCarbon Black QRadar App User Guide
Carbon Black QRadar App User Guide Table of Contents Carbon Black QRadar App User Guide... 1 Cb Event Forwarder... 2 Overview...2 Requirements...2 Install Cb Event Forwarder RPM...2 Configure Cb Event
More informationIMC Network Traffic Analyzer 7.3 (E0504) Copyright 2015, 2017 Hewlett Packard Enterprise Development LP
Network Traffic Analyzer 7.3 (E0504) Copyright 2015, 2017 Hewlett Packard Enterprise Development LP Table of Contents 1. What's New in this Release 2. Problems Fixed in this Release 3. Software Distribution
More informationDesigning and Implementing a Server Infrastructure
Designing and Implementing a Server Infrastructure Duration: 5 Days Course Code: 20413 About this course Get hands-on instruction and practice planning, designing and deploying a physical and logical Windows
More information10747D: Administering System Center 2012 Configuration Manager
10747D: Administering System Center 2012 Course Details Course Code: 10747D Elements of this syllabus are subject to change. About this course Duration: Notes: 5 days This course syllabus should be used
More informationSophos Mobile as a Service
startup guide Product Version: 8 Contents About this guide... 1 What are the key steps?... 2 Change your password... 3 Change your login name... 4 Activate Mobile Advanced licenses...5 Check your licenses...6
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 2 Smart Licensing for the Firepower System,
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationFeatures and Functionality
Features and functionality introduced in previous versions may be superseded by new features and functionality in later versions. New or Changed Functionality in Version 6.2.2.x, page 1 Features Introduced
More informationvsphere Upgrade Update 2 Modified on 4 OCT 2017 VMware vsphere 6.0 VMware ESXi 6.0 vcenter Server 6.0
Update 2 Modified on 4 OCT 2017 VMware vsphere 6.0 VMware ESXi 6.0 vcenter Server 6.0 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you
More informationCisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions
Data Sheet Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions Security Operations Challenges Businesses are facing daunting new challenges in security
More information