Download presentation
Presentation is loading. Please wait.
Published byToby McKinney Modified over 8 years ago
1
Security Platforms Past, Present and Future May 3, 2012 Aaron Robel
2
Agenda Past Present Future Questions
3
Anyone Remember the Checkpoint Firewall 1,2,3 days? Well Defined Policy Control Integrated Logging and reporting GUI driven Platform Checkpoint Management GUI Simple architecture Reduced change risk Physical Firewalls
4
Only Physical separation Only a Global Policy Built for the Enterprise Many DMZ’s Large segments Huge policies Policy control No logical partitioning No delegation capability Multi- Tenancy Scalability through physical addition Challenges between OS and software Platform Old Checkpoint Platform Challenges
5
Enter: The Cisco Firewall Services Module Enter: The Cisco Firewall Services Module Consolidated Hardware and Software Robust Throughput Tightly Integrated with Network Core The Platform Distinct Logical firewalls Compartmentalized Policies Granular Service separation Quick scalability for new services Multi- Context Mode
6
Firewall Service Module Challenges Limited to 1 gig flows Limited visibility in backplane HA traffic coupled with data traffic Tightly integrated with Network Core The Platform Limited to stateful firewalling Firewall proliferation Inefficient packet flows Multi- Context Mode No log monitoring or reporting Still have to implement firewalls in CLI Not ready for multi-tenancy Cisco Security Manager
7
Tenants of a New Solution Delegated Service ModelSimplify Firewall ArchitecturePerformance LeapBeyond Stateful FirewallingManagement Single Pane of GlassProvider Grade ScalabilityReduce Operational Cost
8
After 6 successful years and long service life it’s now time to replace the FWSM… The RFP process was started to find the next generation security platform. Gathered RequirementsWent out for a RFIVendor Interviews/DemosWent out for RFPEvaluation, evaluation, evaluation…
9
The ASV is…
10
What drove this decision?? PerformanceFeaturesSupportPotential
11
Performance 480 Gig of stateful firewalling 71 Gig for IPS 32 Gig for Anti-Virus/Malware Throughput 132 million concurrent connections 1.1 million new connections per second Connections Up to 3000 individual VDOM’s or virtual firewalls Capacity
12
Primary Features Stateful firewallIDS/IPSApplication policy controlFQDN policy enforcementActive directory IntegrationURL filteringVPNScalability and HAL2 and L3 capabilityUnified MGMT GUI
13
Features VDOM 1 FirewallingRouting tableIPSIPSec VPNClient SSLVPN VDOM 2 FirewallingLayer 2 bridgeIPS VDOM 3 FirewallingRouting TableURL FilteringIPS Application ID Integrated with AD
14
Support Technical Account MGR Resident Engineer Training Lab Equipment
15
Potential Data Loss PreventionAnti-Virus/Malware InspectionIntegrated Wireless ControllerWAN OptimizationWEB CachingVoIP SupportIPv6 Support
16
Platform Challenges No proven track record with the State The Unknown Migration from vendor to vendor is always tough 6 years with FWSM Data flows may introduce challenges New datacenter infrastructure Datacenter deployment
17
Some Architectural Thoughts… Next Generation Architecture Re-Think SGN Cloud Scalability Hypervisor Firewalls
18
Lets get the 2 most frequently asked questions out of the way…
19
I love to talk so, OTHER questions?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.