Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
4167
Views
10
Helpful
3
Comments

SD-WAN Security - FAQ

Kureli Sankar
Cisco Employee
Cisco Employee

‎11-06-2018 12:14 PM - edited ‎12-05-2018 05:57 AM

Ent. Firewall App Aware

1. Does App Aware FW use OpenAppID or NBAR?
ANS: AppFW uses NBAR/SD-AVC for application detection.

 

2. Will TLS1.3 impact FW and App Aware policies?
ANS: TLS1.3 will impact App Aware policy. SD-AVC can help to some extent to identify certain applications.

 

3. Where/how is logging being handled?
ANS: Logging today is through Syslog server and vManage notifcation.

 

Intrusion Prevention

1. When will vEdge devices have IDS/IPS and URL-F?

ANS: They will not.

 

2. Do you manage the IPS with FMC or how is that IPS managed or is that managed by Cisco?
ANS: vManage is used to manage SD-WAN security. 

 

3. Will the ips capability support custom signatures and nested policies?
ANS: No custom signature or nested policies for Dec release. We will plan it for future releases.

 

URL-Filtering

1. Is the url filtering for http and tls or just http?
ANS: Since we do not support SSL decryption, for tls (< 1.3) certificates are examined for domain name and filtering is based on domain name.

 

2. Does it support time-based URL rules?
ANS: No.

 

3. When configuring a URL Filtering Policy, what does "Web Reputation" do exactly?

ANS: Each URL has a reputation score associated with it. The reputation score range is from 0-100, and it is categorized as: high-risk (reputation score (0-20), suspicious (0-40), moderate-risk (0-60), low-risk(0-80), and trustworthy(0-100). Based on the reputation score of a URL and the configuration, a URL is either blocked or allowed.
If the user defines a reputation threshold, all the URLs, with a reputation score lower than the user-defined threshold will be blocked.

 

DNS/web-layer Security

1. Are you redirecting the traffic through Umbrella like a proxy or just redirecting the query?  Almost all of my customers do not want to tunnel through traffic through Cisco Umbrella.
ANS: Like a proxy, not tunnel.

 

2. For Umbrella security, once the network device is sending DNS traffic can you apply policies to that site based on the internal subnet?
ANS: You need to map them to VPNs and apply DNS/web-layer security to VPNs.

 

3. Umbrella scrutinizes EVERY dns query?
ANS: There is an option to skip certain domains using "Local Domain Bypass"

 

 

 

 

 

 

Labels:
Comments
gaurav.thapar@intl.verizon.com
Level 1
Level 1
‎12-05-2018 02:31 AM

Is there any documentation and training available for SDWAN with security?

Kureli Sankar
Cisco Employee
Cisco Employee
‎12-05-2018 05:21 AM

Gaurav,

Ton of content will be made available once the code goes FCS end of this month.  Stay tuned.

 

- Kureli

sam1981
Level 1
Level 1
‎02-15-2024 12:33 PM

do we have any updated contents related to this topic - SD-WAN Security

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card