36 ([email protected]) cisco systems korea · 2008-07-11 · highly effective netflow event...
TRANSCRIPT
![Page 2: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/2.jpg)
10G10G
(UTM)
© 2008 Cisco Systems, Inc. All rights reserved. 2
![Page 3: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/3.jpg)
10G10G
© 2008 Cisco Systems, Inc. All rights reserved. 3
![Page 4: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/4.jpg)
The Human NetworkChanging the Way We Live, Work, Play, and Learn
S/W
Rich MediaRich Media
WiKi
Social NetworkingWiKi Networking
© 2008 Cisco Systems, Inc. All rights reserved. 42.0
![Page 5: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/5.jpg)
syslog 302013 TCP connection creation
syslog 302015 UDP connection creation
syslog 302017 GRE connection creation
syslog 302020 ICMP connection creation
L4L4
syslog 302015 UDP connection creation
----
----
L4 L4
© 2008 Cisco Systems, Inc. All rights reserved. 5
![Page 6: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/6.jpg)
High-End
But Now Still…10G
Firewall Internet Internet
IDCInternet
ISP,
L4 L4 ACLACL ACL
L4 L4ACL
L4 L4
• 1~2Gbps •Multi-Giga
LB BW
• 4~10Gbps, Multi-Giga
BW
• Access-list • Deny All
© 2008 Cisco Systems, Inc. All rights reserved. 6
LB•LB Switch
BW • BW , Connection Rate
LB
• Deny, All Permit• ,
![Page 7: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/7.jpg)
Cisco ASA 5580 Series Overview
• Connection ThroughputD t t Ult L L t
Highest Performance and Speed
N• Data center Ultra Low Latency
Highly Flexible Deployment
New
•
• NetFlow Security Event Monitoring
Highly Effective NetFlow Event
Cisco Cisco 10G10G !!!!!!
© 2008 Cisco Systems, Inc. All rights reserved. 7
![Page 8: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/8.jpg)
Highest Performance and Speed
5~7Connection Rate
75
hput
Thro
ugh
Firewall Rules
© 2008 Cisco Systems, Inc. All rights reserved. 8
![Page 9: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/9.jpg)
Highly Flexible Deployment
OS Quality of Service
V V VV V V
D DD D D D
Active-Active Failover L2
© 2008 Cisco Systems, Inc. All rights reserved. 9
![Page 10: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/10.jpg)
Highly Effective NetFlow Event
Typical firewall syslog Cisco ASA5580 Netflow
g y
= Flow creation event
syslog 302013 TCP connection creation
syslog 302015 UDP connection creationsyslog 302013
syslog 302015
syslog 302017
syslog 302017 GRE connection creation
syslog 302020 ICMP connection creation
syslog 302017
syslog 302020
CiscoASA 5500
CiscoASA 5500
Netflow v9Netflow v9
CS-MARS 3rd PartyNetFlowCollector
CS-MARS 3rd PartyNetFlowCollector
© 2008 Cisco Systems, Inc. All rights reserved. 10
![Page 11: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/11.jpg)
Remote Access VPN
Any PolicyAny Application Any Endpoint
IPSec SSL VPN
What’s New?• 10,000
© 2008 Cisco Systems, Inc. All rights reserved. 11
• 100,000
![Page 12: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/12.jpg)
Cisco ASA 5580 H/W
총 8개의 Hard drive Bay총 8개의 Hard drive Bay Power Button과 상태 LEDPower Button과 상태 LED총 8개의 Hard drive Bay총 8개의 Hard drive Bay총 8개의 Hard drive Bay총 8개의 Hard drive Bay총 8개의 Hard drive Bay총 8개의 Hard drive Bay Power Button과 상태 LEDPower Button과 상태 LEDPower Button과 상태 LEDPower Button과 상태 LEDPower Button과 상태 LEDPower Button과 상태 LED총 8개의 Hard drive Bay총 8개의 Hard drive Bay Power Button과 상태 LEDPower Button과 상태 LED총 8개의 Hard drive Bay총 8개의 Hard drive Bay총 8개의 Hard drive Bay총 8개의 Hard drive Bay총 8개의 Hard drive Bay총 8개의 Hard drive Bay Power Button과 상태 LEDPower Button과 상태 LEDPower Button과 상태 LEDPower Button과 상태 LEDPower Button과 상태 LEDPower Button과 상태 LED
4RU Rack Mount Form Factor26.5” Chassis Depth
4RU Rack Mount Form Factor26.5” Chassis Depth
내부 Compact Flash- 소프트웨어와 config 저장
내부 Compact Flash- 소프트웨어와 config 저장
4RU Rack Mount Form Factor26.5” Chassis Depth
4RU Rack Mount Form Factor26.5” Chassis Depth
4RU Rack Mount Form Factor26.5” Chassis Depth
4RU Rack Mount Form Factor26.5” Chassis Depth
4RU Rack Mount Form Factor26.5” Chassis Depth
4RU Rack Mount Form Factor26.5” Chassis Depth
내부 Compact Flash- 소프트웨어와 config 저장
내부 Compact Flash- 소프트웨어와 config 저장
내부 Compact Flash- 소프트웨어와 config 저장
내부 Compact Flash- 소프트웨어와 config 저장
내부 Compact Flash- 소프트웨어와 config 저장
내부 Compact Flash- 소프트웨어와 config 저장
© 2008 Cisco Systems, Inc. All rights reserved. 12
Mounted on Rails for EasyAccess to Front and BackMounted on Rails for EasyAccess to Front and Back
Processing Engine- 20~40개의 Upgrade Kit 계획
Processing Engine- 20~40개의 Upgrade Kit 계획
Mounted on Rails for EasyAccess to Front and BackMounted on Rails for EasyAccess to Front and BackMounted on Rails for EasyAccess to Front and BackMounted on Rails for EasyAccess to Front and BackMounted on Rails for EasyAccess to Front and BackMounted on Rails for EasyAccess to Front and Back
Processing Engine- 20~40개의 Upgrade Kit 계획
Processing Engine- 20~40개의 Upgrade Kit 계획
Processing Engine- 20~40개의 Upgrade Kit 계획
Processing Engine- 20~40개의 Upgrade Kit 계획
Processing Engine- 20~40개의 Upgrade Kit 계획
Processing Engine- 20~40개의 Upgrade Kit 계획
![Page 13: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/13.jpg)
© 2008 Cisco Systems, Inc. All rights reserved. 13
24 Giga Port 12 10GE
![Page 14: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/14.jpg)
IDC Cisco 10G Firewall
Layer Typical Solution Cisco Solution DescriptionTypical Solution
Front End Network
Layer Typical Solution Cisco Solution Description
•DCReal 10G Firewall ASA5580 40
Typical Solution
•Security Net•Data Center Switch
L4 L4
L4 L4
10G
10G ASA5580-40 • Layer 1
•
N Ti A
L4 L4 10G
10G
•Application
N-Tier App•SLB network•Web,App,DB,MainFrame
L4L4 L4 L4 L4
•C6K FWSM, ACE
•
Storage
•
© 2008 Cisco Systems, Inc. All rights reserved. 14
Storage network
![Page 15: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/15.jpg)
VPN Gateway Service
WANCisco ASA 5580
Cisco ASA
(IPsec & SSLVPN)
Cisco ASA withInternetwith VPNASA with
VPN
Remote VPN Users
© 2008 Cisco Systems, Inc. All rights reserved. 15
e ote Use s(IPsec & SSLVPN)
![Page 16: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/16.jpg)
DEMO10G Firewall
© 2008 Cisco Systems, Inc. All rights reserved. 16
![Page 17: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/17.jpg)
10Gbps
© 2008 Cisco Systems, Inc. All rights reserved. 17
![Page 18: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/18.jpg)
© 2008 Cisco Systems, Inc. All rights reserved. 18
![Page 19: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/19.jpg)
200M NAT
© 2008 Cisco Systems, Inc. All rights reserved. 19
![Page 20: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/20.jpg)
© 2008 Cisco Systems, Inc. All rights reserved. 20
![Page 21: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/21.jpg)
(UTM)(UTM)
© 2008 Cisco Systems, Inc. All rights reserved. 21
![Page 22: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/22.jpg)
UTM ?
Spam, PhishingSpyware, Hackers
p , g
Unwelcome Visitors
Cisco Cisco ASAASA 5500 5500 S iS iInappropriateViruses
SerieseSerieseRemote Access
Inappropriate Web Browsing
Viruses
UTM = Unified Threat Management,
© 2008 Cisco Systems, Inc. All rights reserved. 22
![Page 23: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/23.jpg)
UTM Cisco UTM
Cisco UTMCisco UTM
SP-1
ASA 5500
SP 2
ASA 5500 Firewall
IDS/IPS IPSec VPN
SSL VPN
SP-2
?
© 2008 Cisco Systems, Inc. All rights reserved. 23
![Page 24: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/24.jpg)
UTM Traffic Flow
Cisco ASA 5500 Series
© 2008 Cisco Systems, Inc. All rights reserved. 24
![Page 25: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/25.jpg)
( )
Cisco ASA 5500 Series Cisco ASA 5500 Series Cisco ASA 5500 SeriesCisco ASA 5500 SeriesAdvanced Inspection and Prevention Module (AIP SSM)
Cisco ASA 5500 SeriesContent Security and Control Module (CSC SSM)
Cisco ASA 5500 Series4-Port GE Services Module (4GE SSM)
© 2008 Cisco Systems, Inc. All rights reserved. 25
![Page 26: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/26.jpg)
Cisco ASDM v6.1
Security Dashboards
Packet Tracer
Packet Capture WizardPacket Capture Wizard
© 2008 Cisco Systems, Inc. All rights reserved. 26
![Page 27: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/27.jpg)
© 2008 Cisco Systems, Inc. All rights reserved. 27
![Page 28: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/28.jpg)
10G ……
New
NewASA 5580-40 (10 20 Gbm
s
ASA 5550ASA 5580-20 (5-10 Gbps,
(10-20 Gbps, 150K conn/s)
Plat
form
ASA 5550 (1.2 Gbps, 36K conn/s)
ASA 5540 (650 Mbps, 2 K / )
( p ,90K conn/s)
5500
P
25K conn/s)ASA 5520 (450 Mbps, 12K conn/s)
ASA 5510ASA
5
ASA 5505 (150 Mbps, 4K conn/s)
ASA 5510 (300 Mbps, 9K conn/s)
Cis
co
© 2008 Cisco Systems, Inc. All rights reserved. 28
Teleworker Branch Office
InternetEdge Data CenterCampus
![Page 29: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/29.jpg)
Why Cisco 10G Firewall?
Cisco 10G New
• Connection Rate
•Real 10GReal 10G
• OS
•Netflow
© 2008 Cisco Systems, Inc. All rights reserved. 29
10G
![Page 30: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/30.jpg)
Why Cisco UTM?
/ASA 5500
D t C t
RemoteSite
ASA 5580-20A/S 5G
FW+IPSec VPN +Anti-X
Data Center
Corporate LANEnterprise Network
A/S 5G Firewall
ASA
Public Internet
Wireless LANDMZ
Network ASA 5580-40 A/A 10G Firewall
Business Partners
ASA 5580-20 Firewall + SSL/IPSec
VPN
ASA 5500FW+SSL/
IPSec VPNVPN+IPS
© 2008 Cisco Systems, Inc. All rights reserved. 30
![Page 31: 36 (yonghkim@cisco.com) Cisco Systems Korea · 2008-07-11 · Highly Effective NetFlow Event Typical firewall syslog Cisco ASA5580 Netflow gy = Flow creation event syslog 302013 TCP](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af2787e708231d42e1f58/html5/thumbnails/31.jpg)