cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

SD-WAN Security - FAQ

1974
Views
5
Helpful
2
Comments

Ent. Firewall App Aware

1. Does App Aware FW use OpenAppID or NBAR?
ANS: AppFW uses NBAR/SD-AVC for application detection.

 

2. Will TLS1.3 impact FW and App Aware policies?
ANS: TLS1.3 will impact App Aware policy. SD-AVC can help to some extent to identify certain applications.

 

3. Where/how is logging being handled?
ANS: Logging today is through Syslog server and vManage notifcation.

 

Intrusion Prevention

1. When will vEdge devices have IDS/IPS and URL-F?

ANS: They will not.

 

2. Do you manage the IPS with FMC or how is that IPS managed or is that managed by Cisco?
ANS: vManage is used to manage SD-WAN security. 

 

3. Will the ips capability support custom signatures and nested policies?
ANS: No custom signature or nested policies for Dec release. We will plan it for future releases.

 

URL-Filtering

1. Is the url filtering for http and tls or just http?
ANS: Since we do not support SSL decryption, for tls (< 1.3) certificates are examined for domain name and filtering is based on domain name.

 

2. Does it support time-based URL rules?
ANS: No.

 

3. When configuring a URL Filtering Policy, what does "Web Reputation" do exactly?

ANS: Each URL has a reputation score associated with it. The reputation score range is from 0-100, and it is categorized as: high-risk (reputation score (0-20), suspicious (0-40), moderate-risk (0-60), low-risk(0-80), and trustworthy(0-100). Based on the reputation score of a URL and the configuration, a URL is either blocked or allowed.
If the user defines a reputation threshold, all the URLs, with a reputation score lower than the user-defined threshold will be blocked.

 

DNS/web-layer Security

1. Are you redirecting the traffic through Umbrella like a proxy or just redirecting the query?  Almost all of my customers do not want to tunnel through traffic through Cisco Umbrella.
ANS: Like a proxy, not tunnel.

 

2. For Umbrella security, once the network device is sending DNS traffic can you apply policies to that site based on the internal subnet?
ANS: You need to map them to VPNs and apply DNS/web-layer security to VPNs.

 

3. Umbrella scrutinizes EVERY dns query?
ANS: There is an option to skip certain domains using "Local Domain Bypass"

 

 

 

 

 

 

Comments

Is there any documentation and training available for SDWAN with security?

Cisco Employee

Gaurav,

Ton of content will be made available once the code goes FCS end of this month.  Stay tuned.

 

- Kureli

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards