Cisco Firewall Basics

Mark Cairns, Consulting Systems Engineer

BRKSEC-1020

Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

cs.co/clus17/#BRKSEC-1020Cisco Spark spaces will be available until July 3, 2017.

Mark Cairns

• Based in Richmond, VA and cover accounts in Virginia and Washington DC

• 19 years experience with Cisco Security Solutions

• You can reach me at marcairn@cisco.com and @12LISN2

Consulting Systems Engineer, GSSO, supporting US Commercial

BRKSEC-1020 5

Session Information

• This is an introductory 1000 level session

• It is not meant for professionals with deep knowledge of firewalls and Cisco ASA

• This session is not for you if you want to deep dive into configurations for specific features / functionality

• References may be made to advanced functionality for context but we will stay at a fairly high level

Cisco Firewall Basics

BRKSEC-1020 6

Follow up SessionsDeeper dives on specific content

BRKSEC-1020 7

Session ID Session Description Time

BRKSEC-2058 A Deep Dive into using the Firepower Manager Wed 4:00-5:30

BRKSEC-3007 Advanced Cisco IOS Security Tuesday 1:30-3:30

BRKSEC-3300 Advanced IPS Deployment Thursday 8:30-10:00

BRKSEC-3690 Advanced Security Group Tags Monday 1:30-3:30

BRKSEC-2050 ASA Firepower NGFW typical deployment scenarios Monday 1:30-3:30, Tuesday 1:30-3:30

BRKSEC-2033 Best Security and deployment strategies SMB NGFW Tuesday 8:00-10:00

BRKSEC-2342 Branch Router Security Thursday 10:30-12:00

BRKSEC-2055 Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Wednesday 4-5:30

Follow up SessionsDeeper dives on specific content

BRKSEC-1020 8

Session ID Session Description Time

BRKSEC-2203 Deploying TrustSec Security Group Tagging Tuesday 4:00-5:30

BRKSEC-3455 Dissecting Firepower NGFW "Installation & Troubleshooting" Tuesday 1:30-3:30

BRKSEC-3035 Firepower Platform Deep Dive Wednesday 1:30-3:30

LTRSEC-1000 Firepower Threat Defense Deployment Hands-on Lab Wed 8:00-12:00, Thursday 8:00-12:00

BRKSEC-3032 NGFW Clustering Deep Dive Tuesday 8:00-10:00

BRKSEC-2020 NGFW Deployment in the Data Center and Network Edge Using

Firepower Threat Defense

Tuesday 8:00-10:00, Wed 1:30-3:30

BRKSEC-2064 NGFW and ASAv in Public Cloud (AWS and Azure) Thursday 1:00-2:30

• Introduction

• Firewalls in General

• Use Cases - Why

• Firewall Options - What

• Introduction to Firepower

• Advanced Use Case Examples

• Q&A – Feel free to ask questions

Agenda

Firewalls in General

Securing/Hardening for What Purpose or Need?

Subversion

Bots, Viruses, and Worms

Spyware and Adware

Disruption

Denial of service attacks

Advanced Persistent Threats (APTs)

Penetration Attempt

Zero-day Attacks

Hacker Attacks

Data Loss

Data theft and/or interception

Identity theft

BRKSEC-1020 11

FirewallsWhat are they?

• Primary filtering appliances/VMs that work at both the network and application layers

• Provide a platform for the features/functionality needed for network security

• VPNs (remote-access and site to site)

• NGIPS

• Anti-Malware Protection

• Next-generation security should not abandon proven stateful inspection capabilities in favor of application and user ID awareness by itself

• Comprehensive network security solution needs include firewalls, next-generation firewalls (application inspection and filtering) and next generation intrusion prevention systems (context aware)

• The firewall often is the conduit from which other defense components combat the threats that face the network

BRKSEC-1020 12

Filtering on a Tuple?

• The genesis of firewalls was initially a means to filter traffic based on the five tuple

• Source IP address – the IP address of the initiator of the IP packet

• Destination IP Address – the IP address of the destination of the IP packet

• Source Port – UDP or TCP port used by initiator to establish communications with destination

• Destination Port – UDP or TCP port used by destination to establish communications with source

• IP Protocol – the specific IP protocol used in the communication

Packet

BRKSEC-1020 13

Filtering – IP Protocols

• ICMP (1)

• TCP (6)

• UDP (17)

• GRE (47)

• ESP (50)

• AH (51)

• EIGRP (88)

• OSPF (89)

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Packet

BRKSEC-1020 14

Stateful Inspection

• Most routers and switches can filter based on the five tuple…why a firewall then?

• Stateful firewalls track L3/L4 traffic as it leaves and returns to the network

• Connections are maintained in the connection table tracking five tuple and additional information such as sequence

Packet

TCP outside:2.2.2.2/80 (2.2.2.2/80) inside:1.1.1.1/35478 (1.1.1.1/35478), flags UIO, idle 4m39s, uptime 6m16s, timeout 1h0m, bytes 3002

Src IP – 2.2.2.2

Dest IP – 1.1.1.1

Src Port – TCP/80

Dest Port – TCP/35478

Src IP – 1.1.1.1

Dest IP – 2.2.2.2

Src Port – TCP/35478

Dest Port – TCP/80*Best Practice – Limit outbound connections to known services and hosts such as SMTP servers only for port 25.

BRKSEC-1020 15

Network Address Translation

• Network address translation (NAT) is the mapping of IP addresses from a private network to a public network

• NAT gives network administrators and security administrators:

• Access to non-publically routable IPv4 space

• Cost savings because addresses are not cheap

• Allows for masquerading of internal network addresses

• IPv4 Address space is exhausted

Packet

Src IP – 3.3.3.3

Dest IP – 2.2.2.2

Src IP – 10.1.1.1

Dest IP – 2.2.2.2

BRKSEC-1020 16

Use Cases

Use Case #1

• Hospitality, Retail or other similar distributed deployment

• Remote sites 100+

• Direct Internet Access (DIA) at remote sites

• Company has a “Cloud First” mandate

• 4 Network / Security Engineers (“jack of all trades, master of none”)

• Basic security needs for URL filtering, DNS security, IPS

• Need VPN connectivity to HQ

BRKSEC-1020 18

Cloud Networking Group

BRKSEC-1020 19

MX64(W)

~50 users

802.11ac wireless

FW throughput: 250 Mbps

MX65(W)

~50 users

802.11ac wireless & PoE+

branch

~200 users

Dedicated WAN uplinks

~500 users

Gigabit uplinks

~2,000 users

Modular interface

FW throughput: 1 Gbps

branch

~10,000 users

Modular interface

FW throughput: 1 Gbps

branch

or campus

All devices support 3G/4G

Teleworker

1-5 users

Dual-radio wireless

Meraki MX OptionsReference

BRKSEC-1020 20

Meraki MX Security

Next Generation Firewall Application aware firewalling

Intrusion Prevention

(IPS)Based on Cisco Snort

URL Content FilteringWith over 80 categories and

over 4 billion categorized URLs

Geo-based security Allow or block traffic by country

Malware Protection Cisco AMP and Threat Grid

Automatic updatesSoftware and security updates

delivered from the cloud

PCI compliancePCI 3.2 certified cloud

management backend

BRKSEC-1020 21

Meraki MX Basics

BRKSEC-1020 22

Meraki MX Basics continued

BRKSEC-1020 23

Meraki MX Basics continued

BRKSEC-1020 24

Meraki Threat and Filtering

BRKSEC-1020 25

Meraki Threat and Filtering continued

BRKSEC-1020

Cisco Umbrella

Use Case #2

• Regional Services Company

• 8 sites on MPLS with ISR routers deployed

• Broadband Internet being added for DMVPN backup/redundancy (IWAN)

• Simple filter to protect the new Internet link

• HQ has a proxy for Internet

BRKSEC-1020 27

Securing the WAN

• Typical MPLS WAN

• Does not ensure privacy

• Best Practice – Consider encryption across existing WAN

BRKSEC-1020 28

Internet based WAN

• Lower cost alternative to MPLS

• Dictates VPN for routing and privacy

• Balance complexity with features and functionality

• Typically no need for inbound access directly from Internet

BRKSEC-1020 29

Zone Based Firewall

BRKSEC-1020 30

Zone Based Firewall

G0/1.103

G0/0G0/1.101

InternetTrusted

TCP/UDP/ICMP

Response OK

All Traffic Permit

Support for:

• ISR, ASR, CSR

• NAT

• WAAS

• VRFs

• Redundancy

• VTIs for VPNs

• Deep Packet Inspection

BRKSEC-1020

Note: For simple inside to outside

configuration, remove all reference to

DMZ interface. This DMZ configuration

assumes a second security device to filter

traffic or terminate VPN.

Configuring ZBFzone security Internet

zone security Trusted

zone security DMZ

interface LISP0

zone-member security DMZ

interface GigabitEthernet0/0

description Public Outside

zone-member security Internet

interface GigabitEthernet0/1.101

description Inside

zone-member security Trusted

interface GigabitEthernet0/1.103

description Public DMZ

zone-member security DMZ

Create Zones

Assign interfaces to security zones

BRKSEC-1020

Configuring ZBFclass-map type inspect match-any All_Protocols

description - Match all outgoing protocols

match protocol tcp

match protocol udp

match protocol icmp

policy-map type inspect trusted-to-internet

class type inspect All_Protocols

inspect

class class-default

policy-map type inspect DMZ

class class-default

zone-pair security Trusted->Internet source Trusted destination Internet

service-policy type inspect trusted-to-internet

zone-pair security Internet->DMZ source Internet destination DMZ

service-policy type inspect DMZ

zone-pair security DMZ->Internet source DMZ destination Internet

service-policy type inspect DMZ

Create Inspection Class

Create Inspection Policy

Create Zone Pairs and Associate Policy

BRKSEC-1020

Use Case #2 (Variant)

• Regional Services Company

• 8 sites on MPLS with ISR routers deployed

• Broadband Internet being added for DMVPN backup and DIA

• Simple Complete filter to protect the new Internet link

BRKSEC-1020

Firepower Virtual – VMware / KVM

Internet based WAN

• Lower cost alternative to MPLS

• Dictates VPN for routing and privacy

• Balance complexity with features and functionality

• Typically no need for inbound access directly from Internet

• Direct Internet Access (DIA) adds security risk

BRKSEC-1020 35

Use Case #3

• Data Center upgrade

• Adding security to new design

• No L3 hop for security to reduce convergence time

• N+1 redundancy

• Multi 10 Gbps throughput

BRKSEC-1020 36

Data CenterA/S or Clustering for Performance and Scale

Firepower 9300 with SM-24, SM-36 or SM-44

Firepower 4110, 4120, 4140 or 4150

Firepower 2110, 2120, 2130*, 2140*

*10 Gig Interfaces

Data CenterSpecifications

Reference

*Note 2100 models do not support clustering.

Only 2130 and 2140 support 10 Gbpsinterfaces and optional network module.

Firepower 2100 Series

FPR 2110 16x 1G Port

FPR 2120 16x 1G Port

FPR 2140 12x 1G 12x 10G Port

High Performance, Purpose Built Hardware for Cisco NGFW

Available in 4 Platforms

Higher Port Density in 1 Rack Unit

10 Gbps Support (2130 and 2140)

Firepower

FPR 2130 12x-1G 12x 10G Port

Firepower

Data CenterClustering for Performance and Scale

Handles asymmetric traffic associated with VPC/VSS

N+1 redundancy

Keeps DC design intact

Scale to 16 firewalls

Data CenterACI Deployments

Automation Scale and Performance SecuritySimplicity OpenAgility and

Visibility

Use Case #4

• Cloud expansion / Cloud First

• AWS and/or Azure

• Need to replicate security / inspection policy for cloud traffic

BRKSEC-1020

Your Data Here

Cisco ASAv and Threat Defense Virtual

Cisco® ASA 9 Feature Set / Threat Defense 6

10 vNIC interfaces and VLAN tagging

Virtualization displaces multiple-context and clustering

Parity with all other Cisco ASA platform features

SDN (Cisco APIC) and traditional (Cisco ASDM and CSM)

management tools

Dynamic routing includes OSPF, EIGRP, and BGP

REST API for programmed configuration and monitoring

Cisco TrustSec® PEP with SGT-based ACLs

Failover Active/Standby HA model

• 4 vNIC default

• 8 GB RAM, 4 vCPU

VMware, KVM, Hyper V (ASA only), AWS, Azure (features can differ

for cloud)

BRKSEC-1020 43

* Lab Edition license is built in with 100-Kbps throughput and 100 total

connections allowed

Cisco ASAv Platforms

100 Mbps

1 Gbps

2 Gbps

Cisco®

ASAv10

Cisco®

ASAv30

BRKSEC-1020 44

Cisco ASAv Platforms

10 GbpsCisco®

ASAv50

BRKSEC-1020 45

• Introduced with ASA release 9.8(1)

• Supported on KVM or ESXi

• Uses IXGBE-VF vNIC

• Does not support Transparent mode (promiscuous restriction on IXGBE-VF)

• Not supported in Amazon Web Services, Microsoft Azure or Hyper-V

ASAv and/or NGFW

• Supported in both AWS and Azure

• *Note restrictions based on cloud deployment

Meraki Virtual MX for AWS (vMX100)

• Appears in the dashboard

• 500 Mbps VPN throughput

• Bring Your Own License (BYOL)

Use Case #5

• Typical Internet Edge designs

• Outbound Internet (Web, Email, FTP, etc)

• Inbound traffic to DMZ and/or eCommerce

• VPN for Remote Access, L2L, business partners

BRKSEC-1020 48

Edge With DMZ

• Similar to a basic edge design with the addition of inbound traffic

• Traffic inbound from the DMZ to the trusted network may or may not pass the firewall.

BRKSEC-1020 49

Edge With DMZ - VPN

• Multiple path options for VPN with trusted and untrusted packets.

• VPN Concentrator may be connected outside the firewall

• Trusted traffic path usually depends on source. Employee or Vendor, B2B, etc.

*Best Practices – Remember that controlling access from a VPN to an internal resource is not a dead end! Jump box scenario.

Hide your firewall with private IP space on the outside.

BRKSEC-1020 50

Tiered DMZs

• Typically seen in multi-tiered hosting for e-commerce

• Forces all traffic between tiers to pass firewall rules

• Can help mitigate risk and contain exploits and/or breaches within a DMZ

BRKSEC-1020 51

Bridge across your DMZs

• Sometimes referred to as clean and dirty DMZs

• VPN, Video, etc.

• Avoids hair-pinning

*Best Practice – Use destination NAT with a block of unused private IPs for outbound L2L VPN instead of routing individual remote IPs.

BRKSEC-1020 52

Split Firewalls

• Layer 3 hop between firewalls

• Avoids hair-pinning within a firewall

• Simplifies policy

• May still have an optional trusted connection

BRKSEC-1020 53

Quick Hardware Snapshot

Portfolio

ASA 5515-X

ASA 5512-X

ASA 5555-X

ASA 5545-X

ASA 5525-X

Branch Internet EdgeSMB/SOHO

ASA 5585-X SSP60

ASA 5585-X SSP40

ASA 5585-X SSP20

ASA 5585-X SSP10

Data Center

ASA 5505

FPR 4110

FPR 4120

FPR 4140

FPR 4150

ASA 5506-X

ASA 5508-X

ASA 5516-X

FPR 9300 -SM-24

FPR 9300 -SM-36

FPR 9300 -SM-44

FPR 2110

FPR 2120

FPR 2130

FPR 2140

Service Provider

EOS Aug 2017EOS Aug 2017

Latest Additions to the 5500 Portfolio5506X with Firepower Services

• Max 250 Mbps AVC throughput

• Max 125 Mbps AVC and NGIPS

• 90 Mbps AVC or IPS with 440 byte HTTP

• ASDM 7.3.x or CSM and Firepower Management Center

• Available in hardened and wireless configurations

BRKSEC-1020

Reference

Latest Additions to the 5500 Portfolio5508X with FirePOWER Services

• ASDM 7.3.x or CSM, Firepower Management Center, On-box, CDO

BRKSEC-1020

Reference

Latest Additions to the 5500 Portfolio5516X with FirePOWER Services

• ASDM 7.3.x or CSM, Firepower Management Center, On-box, CDO

BRKSEC-1020

Reference

Over, Through or Around The Wall

Things Change

BRKSEC-1020 60

If you knew you were going to be

compromised, would you do

security differently?

The package

BRKSEC-1020

Reputation?

Sender Receiver

Content

(deep packet inspection)

Chicken Pox Virus

Vaccine

Tracking history

The Threat-Centric Firewall

• Integrating defense layers helps organizations

get the best visibility

• Enable dynamic controls

to automatically adapt

• Protect against advanced threats

across the entire attack continuum

Proven Cisco ASA firewalling

Industry leading NGIPS and AMP

Cisco ASA with FirePOWER Services

BRKSEC-1020 63

Indications of Compromise (IoCs)

IPS Events

Malware Backdoors

Exploit Kits

Web App Attacks

CnC Connections

Admin Privilege Escalations

SI Events

Connections

to Known CnC IPs

Malware Events

Malware Detections

Office/PDF/Java Compromises

Malware Executions

Dropper Infections

BRKSEC-1020 64

Application Visibility and Control

BRKSEC-1020 65

IPS with Snort

BRKSEC-1020 66

Host Profiles

• What OS?

• What Services?

• What Applications?

• What Vulnerabilities?

BRKSEC-1020 67

Impact Assessment

Impact FlagAdministrator

ActionWhy

1 Act immediately,

vulnerable

Event corresponds

to vulnerability

mapped to host

2 Investigate,

potentially vulnerable

Relevant port open

or protocol in use,

but no vuln mapped

3Good to know,

currently not

vulnerable

Relevant port not

open or protocol

not in use

4 Good to know,

unknown target

Monitored network,

but unknown host

0 Good to know,

unknown networkUnmonitored network

BRKSEC-1020 68

Advanced Malware Analysis

BRKSEC-1020 69

Network File Trajectory – Where Has It Been Seen?

BRKSEC-1020 70

SSL Inspection issues? - AMP for Endpoints

BRKSEC-1020 71

Firepower NGFW

Fully Integrated Threat Focused Unified Management

• FW / applications / IPS

• Cisco® AMP – network /

endpoint

• Analysis and remediation

• Cisco security solutions

• Application-aware DDoS

• Networkwide visibility

• Industry-best threat

protection

• Known and unknown threats

• Track / contain / recover

• Across attack continuum

• Manage, control, and

investigate

• Automatically prioritize

• Automatically protect

Introducing Cisco Firepower NGFW

BRKSEC-1020 73

Firepower 6.x on ASA – Upgrade vs Re-ImageChoose Firepower Services or Firepower Threat Defense

Firepower Software on ASA Platforms

Firepower

Services 5.4

ASA 9.5.x

Upgrade

Firepower

Services 6.0

ASA 9.5.x*

Re-Image

Firepower

Threat Defensevs

*Firepower Services 6.x compatible ASA Version Required

BRKSEC-1020 74

Firepower 9300 – ASA or TD

Firepower 4100 – ASA or TD

Firepower 2100 – TD Only

Firepower 6.x Virtual – Upgrade vs MigrateChoose NGIPSv + ASAv or Firepower Threat Defense

Firepower

NGIPSv 6.0

Upgrade

Firepower

Threat Defense

Virtual 6.0

Migrate

Firepower

NGIPSv 5.4

Upgrade

BRKSEC-1020 75

FXOSChassis Operating System

FXOSChassis Operating System - Continued

Advanced Use Cases

ASA Policy Enforcement with MDM

Web Server

ISE MDM

Leverage security groups to authorize endpoints based on MDM compliance.

Compliance check

Create Security Groups on ISE

1 Compliant

2 Non-Compliant

Policy on ASA by Security Group

BRKSEC-1020

Security Group Query

TrustSec Demo

TrustSec (WLC, ISE, ASA, Firepower)Reference

Correlation

Custom Security Intelligence

• Correlate an action(s) with a remediation (in this case, create a custom security intelligence block list)

• In this example we are looking for blocking events based on geolocation and dropping the source IP into the custom security intelligence list.

• Monitor the events in Firepower Manager for a match against a rule.

• The remediation runs a perl script on the Firepower Manager, which leverages the remediation framework to parse event information.

103BRKSEC-1020

Reference Material

Support Tools

http://www.cisco.com/c/en/us/support/web/tools-catalog.html

BRKSEC-1020 116

Security Threats and Notifications

http://www.cisco.com/security

Current News

Proactive Notifications

BRKSEC-1020 117

www.talosintel.com

BRKSEC-1020 118

SAFE Architecture

www.cisco.com/go/safe

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card.

• Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions

BRKSEC-1020 121

Thank you

Cybersecurity Cisco Education OfferingsCourse Description Cisco Certification

Understanding Cisco Cybersecurity

Fundamentals (SFUND)

The SECFND course provides understanding of

cybersecurity’s basic principles, foundational knowledge, and

core skills needed to build a foundation for understanding

more advanced cybersecurity material & skills.

CCNA® Cyber Ops

Implementing Cisco Cybersecurity

Operations (SECOPS)

This course prepares candidates to begin a career within a

Security Operations Center (SOC), working with

Cybersecurity Analysts at the associate level.

CCNA® Cyber Ops

Securing Cisco Networks with Threat

Detection and Analysis (SCYBER)

Designed for security analysts who work in a Security

Operations Center, the course covers essential areas of

security operations competency, including SIEM, Event

monitoring, security event/alarm/traffic analysis (detection),

and incident response

Cisco Cybersecurity

Specialist

Cisco Security Product Training Courses Official deep-dive, hands-on product training on Cisco’s

latest security products, including NGFW, ASA, NGIPS,

AMP, Identity Services Engine, Email and Web Security

Appliances, and more.

For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth

BRKSEC-1020 124

Cybersecurity Cisco Education OfferingsCourse Description Cisco Certification

New! CCIE Security 5.0 CCIE® Security

Implementing Cisco Edge Network Security

Solutions (SENSS)

Implementing Cisco Threat Control

Solutions (SITCS) v1.5

Implementing Cisco Secure Access

Solutions (SISAS)

Implementing Cisco Secure Mobility

Solutions (SIMOS)

Configure Cisco perimeter edge security solutions utilizing Cisco

Switches, Cisco Routers, and Cisco Adaptive Security Appliance

(ASA) Firewalls

Implement Cisco’s Next Generation Firewall (NGFW), FirePOWER

NGIPS (Next Generation IPS), Cisco AMP (Advanced Malware

Protection), as well as Web Security, Email Security and Cloud

Web Security

Deploy Cisco’s Identity Services Engine and 802.1X secure

network access

Protect data traversing a public or shared infrastructure such as the

Internet by implementing and maintaining Cisco VPN solutions

CCNP® Security

Implementing Cisco Network Security

(IINS 3.0)

Focuses on the design, implementation, and monitoring of a

comprehensive security policy, using Cisco IOS security features

CCNA® Security

For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth

BRKSEC-1020 125

Cisco Firewall Basics -...

Documents

Detecting Adversarial Threats - d2zmdbbm9feqrf.cloudfront.netd2zmdbbm9feqrf.cloudfront.net/2014/usa/pdf/BRKSEC-3010.pdf · Detecting Adversarial Threats: Tools, Techniques, and Infrastructure

Tongan 1020

DDoS Attacks - d2zmdbbm9feqrf.cloudfront.netd2zmdbbm9feqrf.cloudfront.net/2016/anz/pdf/BRKSEC-2766.pdf · • Distributed Denial of Service (DDoS) is a very lucrative activity for

Math 1020/FA 1020 Math In Art - University of …home.cc.umanitoba.ca/~davidsom/2016.3/MATH1020/Outline_F...Math 1020/FA 1020 Math In Art Additional Information Material covered (refer

Network Impacts of HTTPS Transport Encryptiond2zmdbbm9feqrf.cloudfront.net/2015/eur/pdf/BRKSEC-2525.pdf · Network Impacts of HTTPS Transport Encryption BRKSEC-2525 Dan Wing, Distinguished

Firewall Architecturesd2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/BRKSEC-2021.pdf · Firewall Architectures BRKSEC-2021 Mason Harris CCIE#5916 ... firewall transparent hostname ciscoasa

Firewall Architectures - d2zmdbbm9feqrf.cloudfront.netd2zmdbbm9feqrf.cloudfront.net/2015/usa/pdf/BRKSEC-2021.pdf · Firewall Architectures Mason Harris CCIE # 5916 ... • Specific

Brksec 2101 deploying web security

Secure Access Sessionsd2zmdbbm9feqrf.cloudfront.net/2015/anz/pdf/BRKSEC-2691.pdf · Cisco Public Secure Access Sessions BRKSEC-2690 - Deploying Security Group Tags ... Icons to Cisco

IOS XR - d2zmdbbm9feqrf.cloudfront.netd2zmdbbm9feqrf.cloudfront.net/2012/usa/pdf/BRKSEC-3172.pdf · How IOS XR implements protection for control, data, and management planes How to

Troubleshooting GETVPN Deploymentsd2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/BRKSEC-3051.pdf · Troubleshooting GETVPN Deployments BRKSEC-3051 Wen Zhang - Technical Leader, Services

Firewall Deployment - d2zmdbbm9feqrf.cloudfront.netd2zmdbbm9feqrf.cloudfront.net/2013/anz/pdf/BRKSEC-2020.pdf · Know of common firewall deployment scenarios including Multi-

BRKSEC-2020 Firewall Deployment

BRKSEC-3020 Advanced Firewalls

Firewall Deployment - d2zmdbbm9feqrf.cloudfront.netd2zmdbbm9feqrf.cloudfront.net/2016/anz/pdf/BRKSEC-2020.pdf · Firewall Deployment Eric Kostlan –Technical Marketing Engineer BRKSEC-2020

BRKSEC-3007 - Advanced Cisco IOS Security Features (2010 Las Vegas)

Introduction to the Cisco Sourcefire NGIPSd2zmdbbm9feqrf.cloudfront.net/2014/usa/pdf/BRKSEC-1030.pdf · Introduction to the Cisco Sourcefire NGIPS BRKSEC-1030 ... NSS Labs, “Network

Dissecting Firepower-d2zmdbbm9feqrf.cloudfront.net/2017/usa/pdf/BRKSEC-3455.pdf · Dissecting Firepower-NGFW(FTD) “Installation & Troubleshooting” Veronika Klauzova BRKSEC-3455

Brksec-8614 - Dmvpn - 15 Mins

Cisco Firewall Basics - d2zmdbbm9feqrf.cloudfront.netd2zmdbbm9feqrf.cloudfront.net/2014/usa/pdf/BRKSEC-1020.pdf · Cisco Firewall Basics BRKSEC – 1020 ... Src IP – 10.10.10.10