Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
0
Helpful
5
Replies

Cisco 2911 doubts

Go to solution
surajgovindan1
Level 1
Level 1

‎02-15-2011 03:46 AM - edited ‎03-05-2019 06:44 AM

Dear all,

Please provide your valuable feedback on my below query.

I'm planning to connect 2 offices, and due to security reasons i need to have content security also. I'm planning to have 2911 Security bundle in both the offices. Link will be E1.

I dont want to have a seperate router and firewall, need to have it in one box. If i install 2911 Sec K9 bundle, is there any sort of content security available in this?

a,  is there a seperate module i need to buy for this? or is it part of IOS?

b,  will it function like a CSC module in ASA 5500's?

c,  is it possible to use Content security and IPS at the same time?

d,  what are the suggestions to the above scenario?

Warm Regards,

B

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jweather
Cisco Employee
Cisco Employee
In response to surajgovindan1

‎02-15-2011 11:30 AM

Data security is a many layered approach. We'd use encryption to make sure the data is secure in transit, Zone Based Firewall (ZBF) to segment the traffic and users into various security zones. IOS IPS or the NME-IPS can be used for threat defense in depth, protection against worms and local attacks.

If the traffic is going directly to and from the internet, you can use a cloud-based service like ScanSafe to secure the transaction. The service provides email scanning, web filtering, etc.

If you need local AV, Anti-spam, etc, you'll have to look at an ASA with the appropriate blades.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
jweather
Cisco Employee
Cisco Employee

‎02-15-2011 07:08 AM

It really depends on what you mean by Content security.  IOS Firewall provides a stateful firewall capability and is an IOS feature available in the security technology package.  IOS IPS is also available in this feature package.

There isn't a firewall blade for the ISRs.

james

0 Helpful

Go to solution
surajgovindan1
Level 1
Level 1
In response to jweather

‎02-15-2011 09:21 AM

thanks james,

content security like anti virus,anti spam,instant messaging blocks etc..

if you check the cisco configurator there is a seperate module for IPS, is there anything for content security also.

0 Helpful

Go to solution
jweather
Cisco Employee
Cisco Employee
In response to surajgovindan1

‎02-15-2011 09:38 AM

We have a subscription service through Trend Micro you can use for url filtering, etc. We don't see a lot fo requests for email security, etc at the branch office and don't have a module or SW feature for that. We're seeing most customers deliver that at the head end using Ironport, ASA or a similar device.

0 Helpful

Go to solution
surajgovindan1
Level 1
Level 1
In response to jweather

‎02-15-2011 11:21 AM

Hi james,

In such a branch scenario, what is that you really recommed to monitor and secure the data.

0 Helpful

Go to solution
jweather
Cisco Employee
Cisco Employee
In response to surajgovindan1

‎02-15-2011 11:30 AM

Data security is a many layered approach. We'd use encryption to make sure the data is secure in transit, Zone Based Firewall (ZBF) to segment the traffic and users into various security zones. IOS IPS or the NME-IPS can be used for threat defense in depth, protection against worms and local attacks.

If the traffic is going directly to and from the internet, you can use a cloud-based service like ScanSafe to secure the transaction. The service provides email scanning, web filtering, etc.

If you need local AV, Anti-spam, etc, you'll have to look at an ASA with the appropriate blades.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card