CISCO logoCISCO SD-WAN Catalyst Security Configuration

Mataupu lalafi
1 Saogalemu Ata Vaavaaia
2 Faʻapipiʻi ma faʻapipiʻi IPS/IDS, URL-F, poʻo AMP Faiga Fa'avae Puipuiga
3 Fa'ailoa le Fa'atonuga Puipuiga Fa'atonu Ata Fa'atusa Version
4 Tuʻu le Cisco Security Virtual Image i Cisco SD-WAN Pule
5 Fa'alelei se Ata Va'aiga Fa'apitoa
6 Pepa / Punaoa
6.1 Fa'asinomaga

Saogalemu Ata Vaavaaia

CISCO SD-WAN Catalyst Security Configuration - icon 1Ina ia ausia le faafaigofieina ma le tumau, o le Cisco SD-WAN solution ua toe faʻaigoaina o Cisco Catalyst SD-WAN. E le gata i lea, mai le Cisco IOS XE SD-WAN Release 17.12.1a ma Cisco Catalyst SD-WAN Release 20.12.1, o suiga o vaega nei e talafeagai: Cisco vManage i Cisco Catalyst SD-WAN Pule, Cisco vAnalytics i Cisco Catalyst SD-WAN Iloiloga, Cisco vBond i Cisco Catalyst SD-WAN Validator, ma Cisco vSmart i Cisco Catalyst SD-WAN Pule. Va'ai i Fa'amatalaga Fa'amatalaga lata mai mo se lisi atoa o suiga uma o igoa o le vaega. A'o matou fesuia'i i igoa fou, e ono iai ni fa'aletonu i totonu o fa'amaumauga o lo'o fa'atulagaina ona o se fa'agasologa fa'asolosolo i fa'afouga fa'afouga o le fa'aoga o le polokalama.

Cisco SD-WAN Pule e faʻaaogaina se Ata Faʻamatalaga Puipuia e mafai ai ona faʻaogaina foliga saogalemu e pei ole Intrusion Prevention System (IPS), Intrusion Detection System (IDS), URL Filifiliga (URL-F), ma le Puipuiga Malware Maualuga (AMP) i Cisco IOS XE Catalyst SD-WAN Devices. O nei foliga e mafai ai ona faʻafeiloaʻi talosaga, suʻesuʻega o fefaʻatauaiga i taimi moni, ma faʻapipiʻi pepa i luga o fesoʻotaiga IP. A uma loa le ata file ua uploaded i le Cisco SD-WAN Manager Software Repository, e mafai ona e faia faiga faavae, profile, ma fa'ata'ita'iga masini e otometi ona tuleia faiga fa'avae ma fa'afouga i masini sa'o.
Ae e te leʻi faʻaogaina nei foliga, e tatau ona e faʻapipiʻi muamua ma faʻapipiʻi IPS / IDS, URL-F, poʻo AMP faiga faʻavae saogalemu, ona tuʻuina atu lea o le Saogalemu Ata Faʻamatalaga talafeagai i Cisco SD-WAN Pule. A maeʻa ona faʻaleleia le polokalama i luga o le masini, e tatau foi ona e faʻaleleia le Ata Faʻamatalaga Puipuiga.
O lenei mataupu o loʻo faʻamatalaina pe faʻapefea ona faia ia galuega.

  • Faʻapipiʻi ma faʻapipiʻi IPS/IDS, URL-F, poʻo AMP Tulafono mo Saogalemu, i le itulau 1
  • Faailoa le Fautuaina o le Puipuiga o Ata Ata Fa'atusa, i le itulau e 4
  • Tu'u le Cisco Security Virtual Image i le Cisco SD-WAN Manager, i le itulau 4
  • Fa'alelei se Ata Fa'apitoa mo Saogalemu, i le itulau 5

Faʻapipiʻi ma faʻapipiʻi IPS/IDS, URL-F, poʻo AMP Faiga Fa'avae Puipuiga

Faʻapipiʻi ma faʻatulagaina IPS/IDS, URL-F, poʻo AMP faiga fa'avae saogalemu e mana'omia le fa'asologa o galuega nei:
Galuega 1: Fausia se Faiga Fa'avae Saogalemu mo IPS/IDS, URL-F, poʻo AMP Filifiliga
Galuega 2: Fausia se Fa'ata'ita'iga Fa'ata'ita'i mo le Puipuiga o le App Hosting
Galuega 3: Fausia se Fa'ata'ita'iga Masini

Galuega 4: Fa'apipi'i Mea Fa'atonu i le Fa'ata'ita'iga Fa'atonu
Fausia se Faiga Fa'avae mo Saogalemu

  1. Mai le Cisco SD-WAN Manager lisi, filifili Configuration> Security.
  2. Kiliki Fa'aopoopo Faiga Fa'avae Puipuiga.
  3. I le Add Security Policy window, filifili lau tulaga saogalemu mai le lisi o filifiliga.
  4. Kiliki Fa'agasolo.

Fausia se Fa'ata'ita'iga Fa'ata'ita'i mo le Puipuiga o le App Hosting
Le vaega profile mamanu configures galuega tauave e lua:

  • NAT: Fa'aagaoi pe fa'agata Network Address Translation (NAT), e puipuia ai tuatusi IP i totonu pe a i fafo atu o le pa puipui.
  • Punaoa Profile: Fa'asoa le fa'aletonu po'o le maualuga o puna'oa i so'o laiti po'o masini eseese.

CISCO SD-WAN Catalyst Security Configuration - icon 1O se vaega profile mamanu, e ui e le matua manaomia, e fautuaina.

Le faia o se vaega profile mamanu, mulimuli i laasaga nei:

  1. Mai le Cisco SD-WAN Manager lisi, filifili Fa'atonu> Fa'ata'ita'iga.
  2. Kiliki Feature Templates ona kiliki lea Add Template.
    CISCO SD-WAN Catalyst Security Configuration - icon 1 I Cisco vManage Release 20.7.1 ma faʻasalalauga muamua, Faʻailoga Faʻailoga e taʻua o Faʻaaliga.
  3. Mai le lisi Filifilia Meafaigaluega, filifili masini e te manaʻo e faʻafesoʻotaʻi ma le mamanu.
  4. I lalo o Faʻamatalaga Faʻamatalaga, kiliki le Puipuiga o le Faʻasalalauga Faʻasalalauga.
  5. Ulufale Igoa Fa'atusa ma Fa'amatalaga.
  6. I lalo o Faiga Fa'avae Saogalemu, fa'avasega le fa'atonuga o le puipuiga pe a mana'omia.
    • Fa'aaga po'o le fa'agata le fa'aliliuga o tuatusi o feso'ota'iga (NAT), fa'atatau i lau fa'aoga tulaga. Ona o le faaletonu, o loo ola le NAT.
    • Kiliki le aū pa'ū i lalo e seti ai tuaoi mo le faiga fa'avae. O le faaletonu ole Default.
    Global: Fa'atagaina le NAT mo masini uma o lo'o fa'apipi'i i le fa'ata'ita'iga.
    Mea Fa'apitoa: Fa'aagaina le NAT mo na'o masini fa'apitoa. Afai e te filifilia Mea Fa'apitoa, fa'aofi le igoa o se ki masini.
    Fa'aletonu: Fa'aagaaga le faiga fa'avae NAT mo masini fa'apipi'i i le fa'ata'ita'iga.
    • Seti Punaoa Profile. Ole filifiliga lea e fa'atulaga ai le numera o fa'ata'ita'iga e fa'aoga ile router. O le faaletonu o le Low e fa'ailoa mai ai se fa'ata'ita'iga snort e tasi. O le Medium e faʻaalia ai ni faʻataʻitaʻiga se lua ma le maualuga e faʻaalia ai faʻataʻitaʻiga tolu.
    • Kiliki le aū pa'ū i lalo e seti ai tuaoi mo le punaoa profile. O le faaletonu ole Global.
    Global: Fa'aagaioi le fa'apolofesa o puna'oa filifiliafile mo masini uma o loʻo faʻapipiʻi i le mamanu.
    Mea Fa'apitoa: Fa'aagaoi le profile na'o masini fa'apitoa. Afai e te filifilia Mea Fa'apitoa, fa'aofi le igoa o se ki masini.
    Fa'agata: Fa'aagaoioi le fa'aagaaga fa'apolofesa profile mo masini fa'apipi'i i le fa'ata'ita'iga.
  7. Seti download URL Fa'amaumauga i luga ole masini ile Ioe pe a e mana'o e sii mai le URL-F faʻamaumauga i luga o le masini. I lenei tulaga, o le masini e suʻe i luga o faʻamaumauga faʻapitonuʻu aʻo leʻi taumafai le suʻega ao.
  8. Kiliki Save.

Fausia se Fa'ata'ita'iga Masini
Ina ia faʻagaoioia faiga faʻavae e te manaʻo e faʻaoga, e mafai ona e fatuina se faʻataʻitaʻiga masini e tuleia ai faiga faʻavae i masini e manaʻomia. O avanoa avanoa e eseese ma le ituaiga masini. Mo example, Cisco SD-WAN Pule masini manaʻomia se vaega sili atu ona faatapulaaina o le mamanu masini tele. O le a e va'aia na'o filifiliga aoga mo lena fa'ata'ita'iga masini.
Ina ia faia se mamanu masini saogalemu, mulimuli i le example mo vEdge 2000 faʻataʻitaʻiga routers:

  1. Mai le Cisco SD-WAN Manager lisi, filifili Fa'atonu> Fa'ata'ita'iga.
  2. Kiliki Device Templates, ona filifili lea o le Create Template > From Feature Template.
    CISCO SD-WAN Catalyst Security Configuration - icon 1 I le Cisco vManage Release 20.7.1 ma faʻasalalauga muamua, ua taʻua o Faʻataʻitaʻiga Faʻatonu.
  3. Mai le Fa'ata'ita'iga Fa'ata'ita'i Fa'ata'ita'iga lisi tu'u i lalo, filifili le fa'ata'ita'iga masini.
  4. Mai le Matāgaluega Matafaigaluega lisi pa'ū-i lalo, filifili le matafaioi masini.
  5. Ulufale Igoa Fa'atusa ma Fa'amatalaga.
  6. Fa'asolo i lalo le itulau i le submenus fetuutuuna'i e fa'atagaina oe e filifili se fa'ata'ita'iga o lo'o iai, fai se fa'ata'ita'iga fou, po'o view le mamanu o iai. Mo example, e fatu ai se faiga fou System, kiliki Create Template.

Fa'apipi'i Mea Fa'atonu i le Fa'ata'ita'iga Fa'atonu

  1. Mai le Cisco SD-WAN Manager lisi, filifili Fa'atonu> Fa'ata'ita'iga.
  2. Kiliki Device Templates, ona filifili lea o le Create Template > From Feature Template.
    CISCO SD-WAN Catalyst Security Configuration - icon 1 I le Cisco vManage Release 20.7.1 ma faʻasalalauga muamua, ua taʻua o Faʻataʻitaʻiga Faʻatonu.
  3. I le laina o le mamanu masini e manaʻomia, kiliki ... ma filifili Faʻapipiʻi masini.
  4. I le faʻamalama o Mea Faʻapipiʻi, filifili masini e manaʻomia mai le lisi o Meafaigaluega Avanoa, ma kiliki le aū faʻasino i le taumatau e faʻanofo ai i latou i le lisi o Mea Filifilia.
  5. Kiliki Fa'apipi'i.

Fa'ailoa le Fa'atonuga Puipuiga Fa'atonu Ata Fa'atusa Version

E i ai taimi, atonu e te mana'o e siaki le numera fa'asa'o o le Puipuiga Fa'atonu (SVI) mo se masini tu'uina atu. Ina ia siaki lenei mea ile Cisco SD-WAN Manager:
Laasaga 1
Mai le Cisco SD-WAN Pule lisi, filifili Mataitu> masini.
Cisco vManage Release 20.6.x ma muamua: Mai le Cisco SD-WAN Pule lisi, filifili Mataitu> Network.
Laasaga 2
Filifili WAN - Edge.
Laasaga 3
Filifili le masini e faʻatautaia le SVI.
O lo'o fa'aalia le itulau o le System Status.
Laasaga 4
Fa'asolo i le pito o le lisi o masini, ma kiliki Taimi Moni.
O le Faʻamatalaga Faʻamatalaga itulau faʻaalia.
Laasaga 5
Kiliki le masini Filifiliga fanua, ma filifili Security App Version Tulaga mai le lisi.
Laasaga 6
O le igoa ata o lo'o fa'aalia i le koluma Fa'atonu Fa'aliliuga. E tatau ona fetaui ma le SVI avanoa mo lau router mai Cisco downloads webnofoaga.

Tuʻu le Cisco Security Virtual Image i Cisco SD-WAN Pule

O ata ta'avale ta'itasi e lagolagoina se vaega fa'apitoa o fa'aliliuga mo se fa'aoga talimalo. Mo IPS/IDs ma URL-Filtering, e mafai ona e mauaina le tele o lomiga lagolago (ma le lomiga fautuaina) mo se masini i luga o lona itulau Filifiliga Meafaitino.
Pe a aveesea se faiga faavae saogalemu mai Cisco IOS XE Catalyst SD-WAN masini, o le Ata Ata po o Snort afi aveesea foi mai masini.

Laasaga 1 Mai le Software Download itulau mo lau router, suʻe le ata UTD Engine mo IOS XE SD-WAN.
Laasaga 2 Kiliki download e sii mai ai le ata file.
Laasaga 3 Mai le Cisco SD-WAN Manager lisi, filifili Tausiga> Faʻamaumauga Faʻatonu
Laasaga 4 Filifili Ata Ata.
Laasaga 5 Kiliki Faʻapipiʻi Ata Faʻapitoa, ma filifili vManage poʻo le Server Mamao - vManage. Ua matala le faamalama o le Upload Virtual Image i le vManage.
Laasaga 6 Toso ma faapa'u, pe su'e ile ata file.
Laasaga 7 Kiliki Upload. A maeʻa le faʻapipiʻiina, e faʻaalia se feʻau faʻamaonia. O le ata fou faʻaaliga faʻaalia i le Virtual Images Software Repository.

Fa'alelei se Ata Va'aiga Fa'apitoa

Pe a faʻaleleia se masini Cisco IOS XE Catalyst SD-WAN i se ata fou faʻapipiʻi, e tatau foi ona faʻaleleia le ata o le saogalemu ina ia fetaui. Afai e i ai se le fetaui i ata faakomepiuta, o le a le manuia se faʻataʻitaʻiga VPN i le masini.
CISCO SD-WAN Catalyst Security Configuration - icon 1 Afai e mafai le IPS Signature Update filifiliga, o le IPS saini saini afifi e otometi ona faʻafouina o se vaega o le faʻaleleia. E mafai ona e faʻatagaina le faʻatulagaina mai le Pulega> Faʻatonu> Faʻafouina IPS Signature.
Ina ia faʻaleleia le talosaga o loʻo faʻafeiloaʻi ata mataʻutia mo se masini, mulimuli i laasaga nei:

Laasaga 1 Mulimuli i laʻasaga i le Uploaded the Correct Cisco Security Virtual Image to vManage e sii maia le lomiga fautuaina o le SVI mo lau router. Matau le igoa o le lomiga.
Laasaga 2 Mai le Cisco SD-WAN Manager lisi, filifili Maintenance> Software Repository> Virtual Images e faʻamaonia ai o le ata o loʻo lisiina i lalo o le koluma Fautuaina Fautuaga e fetaui ma se ata faʻataʻitaʻi o loʻo lisiina i le laulau Ata Ata.
Laasaga 3 Mai le Cisco SD-WAN Manager lisi, filifili Tausiga> Faʻaleleia le Polokalama. O le WAN Edge Software fa'aleleia itulau fa'aalia.
Laasaga 4 Filifili masini e te manaʻo e faʻaleleia, ma siaki pusa siaki i le itu tauagavale pito i luga. A e filifilia se tasi pe sili atu masini, o se laina o filifiliga e faʻaalia, faʻapea foʻi ma le numera o laina na e filifilia.
Laasaga 5 A e faʻamalieina i au filifiliga, filifili Faʻaleleia Ata Ata mai le lisi o filifiliga. O lo'o fa'aali mai le pusa talatala Fa'alelei Ata Fa'asolo.
Laasaga 6 Mo masini taʻitasi ua e filifilia, filifili le faʻaleleia saʻo faʻalelei mai le Faʻaleleia i le Faʻaliliuga faʻalalo-lalo lisi.
Laasaga 7 A e filifilia se faʻafouga faʻaleleia mo masini taʻitasi, kiliki Faʻaleleia. A maeʻa le faʻafouga, e faʻaalia se feʻau faʻamaonia.

Pepa / Punaoa

CISCO SD-WAN Catalyst Security Configuration [pdf] Taiala mo Tagata Fa'aoga
SD-WAN, SD-WAN Catalyst Security Configuration, Catalyst Security Configuration, Security Configuration, Configuration

Fa'asinomaga

Tuu se faamatalaga

E le fa'asalalauina lau tuatusi imeli. Fa'ailogaina fanua mana'omia *