Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
506
Views
0
Helpful
0
Comments

Cisco Secure Firewall for Protecting Industrial Networks

Blue_Bird
VIP
VIP

‎09-25-2024 06:37 AM - edited ‎12-04-2024 02:40 AM

                                                  Cisco Secure Firewall for Protecting Industrial Networks

Introduction

Cisco Secure Firewall

Firewall Management

Agumenting Existing Infrastructure

Cisco Secure Firewall use cases

Cisco Secure Firewall Licensing Models

Introduction

The Cisco Secure Firewall portfolio delivers greater protection for your network against an increasingly evolving and complex set of threats. You can protect your business with confidence, now and into the future, with superior performance and stronger security that maximize uptime and protect your investment.

 Investing in Cisco Secure Firewall today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

Cisco Secure Firewall

Cisco Secure Firewall started as an integration between the Cisco Adaptive Security Appliance (ASA) Firewall (LINA) software and the legacy Cisco Firepower (Snort) software. This software integration is important to understand so that you know how the firewall processes traffic and you can better understand which part of the firewall code handles specific operations.

Gopinath_Pigili_1-1727256070681.png

The ASA LINA engine is responsible for several functions: Static and dynamic routing, including Layer 2 resolution using Address Resolution Protocol (ARP), Global Layer 3 and Layer 4 ACLs, TCP state checking, VPN operation (IPsec and SSL), NAT and Prefilter policy

The other primary component that makes up Cisco Secure Firewall is the Snort engine from Secure Firewall Threat Defense. The Snort engine is responsible for several functions relating to access control and advanced inspection: Access control, Advanced inspection (IP, URL, and DNS Security Intelligence, URL categories and reputation, File and malware, IPS), Application Visibility and Control (AVC) and SSL or Transport Layer Security (TLS) decryption.

To know more about Cisco Secure Firewall features and capabilities, please go through following link:

https://www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/at-a-glance-c45-736624.html

Cisco Secure Firewall come in many shapes and sizes, but they all provide a similar set of features. Typically, smaller model numbers represent smaller capacity for throughput. The Cisco Secure Firewall available as physical appliance and also comes in a virtual form.

Firewall Management

Gopinath_Pigili_2-1727256286744.png

Cisco FDM: The Cisco Firepower Device Manager (FDM) is a on-box manager and is used to configure small Cisco FTD deployments. To access the Cisco FDM, you just need to point your browser at the firewall in order to configure and manage the device.

 

Gopinath_Pigili_3-1727256374364.png

Cisco FMC: Cisco FTD devices, Cisco Firepower devices, and the Cisco ASA FirePOWER modules can be managed centrally by the Firewall Management Center (FMC), formerly known as the Firepower Management Center. The Cisco Firepower Management Center now it is called Cisco Secure Firewall Management Center.

Management center can be deployed as a hardware deployment with the 1600, 2600, or 4600 appliances and allowing us to maintain from 50 to 750 threat defense devices, or in the cloud with management center virtual with the  v2, v10, v25 and v300. The name of the management center virtual that you are deploying indicates the number of devices it is capable of managing.

 

Gopinath_Pigili_4-1727256415079.png

CDO: Cisco Defense Orchestrator (CDO) is a solution that allows you to manage your firewalls from the cloud. It is good for to manage both on-premises physical appliances and virtual appliances from the cloud. You can write a policy once and enforce it consistently across multiple Cisco ASA and Cisco FTD devices. In addition, you can compare, filter, edit, and create new policies, all from a central point (the cloud). The Cisco Defense Orchestrator allows you to analyze access control policies and objects to identify errors and inconsistencies.

Cisco Defense Orchestrator also allows us to centrally maintain other devices like Adaptive Security Virtual Appliance (ASAv),Next-Generation Firewall Virtual (NGFWv), Cisco Umbrella, Meraki MX Series, Cisco SecureX, Security Analytics and Logging and Cloud firewalls of Amazon Web Services (AWS).

 

Gopinath_Pigili_5-1727256447970.png

Managing Cisco Secure Firewall using CLI:  The Firepower eXtensible Operating System (FXOS) is the underlying operating system on Firepower or Secure Firewall platforms. Depending on the platforms FXOS is used to configure features, monitoring chassis status, and accessing advanced troubleshooting features.

FXOS on Firepower 4100/9300 and Firepower 2100 with the Adaptive Secure Appliance software in platform mode allow configuration changes, while in other plaftforms with the exception of specific features it is read only.

Augmenting Existing Infrastructure: ASA With FirePOWER Services

Gopinath_Pigili_6-1727256474183.png

Cisco Secure Firewall Use Cases:

Gopinath_Pigili_7-1727256513068.png

Secure Firewall Appliance Selection

This Firewall Appliance choice will depend on the load requirements for the intended purpose—small office, home office (SOHO) versus VPN concentrator versus data center—in different geographic locations within the corporate network.

Several parameters, such as overall throughput, IPS, and VPN performance, will determine which Secure Firewall platform should be selected for a network deployment.

 

Gopinath_Pigili_8-1727256542038.png

Secure Firewall Virtual Appliance Selection

When securing private and public clouds, the security and protection level must ensure that the applications and data are protected. Cisco Secure virtual firewalls are designed to handle applications and data in the private cloud, virtual data center, software-defined networking (SDN), and the Cisco Application Centric Infrastructure (ACI).

Gopinath_Pigili_9-1727256562418.png

ISA3000: IoT and OT Appliance

As a foundational component of your IoT/OT security journey, the ISA3000 is the ideal ruggedized firewall to segment industrial networks, protect OT assets from potential threats, and build compliance with a variety of industrial standards, regulations. The ISA3000 provides the macrosegmentation of the network in the Cisco Full Spectrum security design for industrial automation networks.

Gopinath_Pigili_10-1727256592806.png

Cisco Secure Firewall Licensing Models:

There are two distinct licensing models available for the Secure Firewall Management Center: Classic and Smart Licensing.

Gopinath_Pigili_11-1727256638331.png

Cisco Secure Firewall Licensing Types:

Cisco Secure Firewall licensing is based on both perpetual and term-based feature licensing.

  • Base license is included with all Cisco Secure Firewalls and Firewall Management Centers and does not need to be renewed.
  • Additional term-based feature licenses are available and must be renewed.
Gopinath_Pigili_12-1727256682350.png

Performance Tier Licensing

Performance Tier Licensing allows setting the number of cores and amount of ram used by the virtual firewall device.

Gopinath_Pigili_13-1727256709686.png

To find the ideal firewall for your business, use the following link:

https://www.cisco.com/site/in/en/products/security/firewalls/index.html

To See, Try or Buy a Cisco Secure Firewall, use the following link:

https://www.cisco.com/c/en_in/products/security/firewalls/get-started.html?ccid=cc000155&dtid=odicdc000509&oid=trlsc027054

 

Thank you very much..!!

 

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents