Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Introduction ASAc Firewall on Cisco Catalyst 9300 Series

Jan, 10, 2024 Hi-network.com

Network security involves implementing measures to safeguard the accuracy, secrecy, and accessibility of data and resources within a network. Cisco ASA firewalls, for instance, play a crucial role in network security by acting as a barrier between trusted and untrusted networks. They help prevent unauthorized entry, filter out harmful traffic, and enforce security rules to counter threats.


Cisco ASA Firewalls are designed to offer comprehensive security solutions for organizations of all sizes, ranging from small businesses to large enterprises. These firewalls carry out stateful packet inspection, meaning they keep track of active connections and apply security policies accordingly. This enables them to make informed decisions based on the context, thereby enhancing security.


Running Cisco ASAc Firewall on Catalyst 9300 Platforms with Containers


The acceleration of the digital transformation and smart manufacturing has led to IT and OT domains coming together more in the process industry. IoT is also becoming more common in IT networks, where systems like HVAC, lighting, alarms, and security merge into one network managed by IT. This helps create smarter and safer workspaces.


To ensure the examination of traffic within the enterprise network, including lateral movement, it's important to position the Firewall closer to the IT/OT convergence point. Currently, Cisco Catalyst switches offer ACL capabilities, but these are stateless and inspect each packet individually. Meeting compliance requirements requires security devices that can generate and log security events.


Introduction ASAc Firewall on Cisco Catalyst 9300 Series


Positioning the ASAc Firewall closer to the endpoints is a cost-effective and efficient way to secure IT/OT converged networks. It also reduces latency for time-sensitive applications and saves bandwidth to the centralized firewall. With IOS-XE 17.12.2, the Cisco Catalyst 9300 series can now host a containerized ASAc Firewall, providing enhanced security and simplified network deployment.


Advantages of running containerized Cisco ASAc on Catalyst 9300 switches.


Hosting the containerized ASAc Firewall on Catalyst 9300 access switches not only simplifies the traffic flow to centralized firewalls but also eliminates the need for extra hardware. The main purpose of this solution is to inspect traffic across IT/OT domains. ASAc allows for detailed access controls, secure remote management, IPsec tunnels, and more.


ASAc and ASAv have different formats, with ASAc using a lightweight Docker format and ASAv utilizing KVM format. Despite this difference, ASAc has the same features as ASAv. Additionally, organizations can use their current ASAv license for ASAc instances on Catalyst 9300 switches. This protects their investment and allows for a smooth migration from existing ASAv instances hosted on servers to Catalyst 9300 switches.


Introduction ASAc Firewall on Cisco Catalyst 9300 Series


The ASAc container supports up to 10 logical interfaces for different segments and can be used in routed mode with different subnets for inside and outside interfaces. ASAc high availability is also supported on 9300 stack switches. When ASAc is running on the active switch, the standby switch automatically syncs application data in the background. If the active switch goes down or during a switchover, the standby switch takes control and brings up the ASAc container.


For ASAc application management, Cisco Catalyst Center offers an automated workflow for managing the lifecycle and network configurations. Multiple ASAc firewalls can be deployed using a single Catalyst Center workflow for large deployments where the firewall functionality is distributed across the network.


Once the ASAc firewall is deployed on Catalyst 9300 platforms, it can be managed and logged through Cisco Defense Orchestrator (CDO) for security policy management. CDO is a cloud-based platform that streamlines policy management for various Cisco security products, including the containerized ASAv firewall. It excels in policy analysis and simplifies configuration and management processes, making it ideal for maintaining uniform security policies across extensive networks.


For smaller deployments, the ASAc firewall application can be deployed on Catalyst 9300 switches using the Command Line Interface (CLI) or programmatically using RESTCONF/NETCONF. Cisco Adaptive Security Device Manager (ASDM) is a web-based management and monitoring software integrated into a Secure Firewall ASA image. ASDM provides a user-friendly interface for configuring, monitoring, and troubleshooting the firewall in smaller deployments.


Iii. Выводы и рекомендации


Using Cisco Catalyst 9300 switches to install a containerized ASAc firewall offers a flexible and effective way to incorporate firewall services into business networks. This approach allows for thorough examination of traffic within specific areas, reduces vulnerability by dividing the network logically, enforces precise access controls, and securely connects isolated OT/IoT clusters for remote management. Essentially, it acts as a proactive step to minimize risks associated with IT/OT integration, guaranteeing the protection of crucial infrastructure from potential threats.

tag-icon Горячие метки: Компания < < сиско > > Межсетевой экран (Firewall)

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.