SlideShare une entreprise Scribd logo

Cat6500 Praesentation

S
Sophan_Pheng

6500 series Sec Services Modules - Data Centers, Enterprise, Risk management

1  sur  32
Télécharger pour lire hors ligne
Cisco Catalyst 6500 Security Services Modules May 2007 Donovan Williams , Product Manager FWSM EBC Presentatl © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1
Agenda Market Drivers Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Management Certifications EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2
Why is Data Center Security important Enterprise data centers contain the assets, applications, and data that are often targeted by electronic attacks Endpoints such as data center servers are key objectives of malicious attacks and must be protected. Attacks against server farms can result in lost business for e-commerce and business-to- business applications, and the theft of confidential or proprietary information. More people have authorization to access specific services either remotely or on site (for example, consultants, temporary workers, partners, etc.) which makes data center server farms more accessible / vulnerable Hackers can use several currently available tools to inspect networks and to launch intrusion and denial of service (DoS) attacks to data center servers System Si Under Si Attack Si Core Si Aggregation Data Center Access EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 3
Who to protect applications from? External threats from the Internet Internal threats from the Intranet From Partner’s networks originating attacks What to protect applications from? Intrusion Denial of service Worms Remote Site Systems Under Attack Data Center Wireless LAN Enterprise Network Corporate LAN Business Partners Public Internet DMZ EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 4
Cisco Catalyst 6500 Delivering Security in the Enterprise TRUST AND THREAT SECURE IDENTITY DEFENSE CONNECTIVITY Cisco Security Application Remote Agent Security Site Data Center Encrypted LAN / WAN Network Admission Communications IPSec Control VPN Wireless LAN Enterprise Network Identity-Based Firewalls, Intrusion Networking prevention, and Corporate LAN Anomaly Detection Business DDoS Security Partners Event Public Catalyst Integrated Mitigation Monitoring Internet Security Toolkit DMZ Analysis Mitigation Comprehensive security protection from campus LAN access, distribution, core to data center and Internet edge EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 5
Facilities Constraints & Growth You Will Effectively Lose 20% of Your IT Budget Availability of quality data center space and power facilities is decreasing - 50% of Enterprise Class DC’s will be technologically obsolete within 24 months - 12/05, Michael Bell, Gartner Storage growth is 40-70 % CAGR Server growth was 12% in 2005 and is expected to increase Energy bill will grow from 10% of IT budget to over 30% Over the next three years 50% of large organizations will face an annual energy bill higher than their annual server budget Source: Gartner, 2006 EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 6
What Can Be Done To Reduce Power of Consumed by Network Services? Action Benefit/Implication Fewer Networks = Less Cost Consolidate Networks Reduce Storage Power Draw Specialized appliances are not Avoid Gateways and power efficient due to redundant Consolidate Functions internal cooling, switching and power conversion elements 1 Network or Network Element per customer is power and space inefficient Virtualized Network Elements Consider technologies such as MPLS to enable future virtualization View Power Requirements Prioritize efforts based upon Holistically reducing overall power consumption EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 7
Reduce Power and Space Consumption Through Integrated Services Design Design Efficiency Catalyst 6500 power supply efficiency has improved 70-80% since 1999 Cisco ACE with FWSM reduces power by 85%~ 11kW Rack space saved with virtualized, integrated modules ~30R Additional savings from reduced cabling, port consumption and support costs BONUS: Reduce complexity, increase manageability, reduce latency, and eliminate single points of failure EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 8 8
Agenda Market Drivers Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Management Certifications EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 9
Cisco Catalyst 6500 and 7600 Series Firewall Services Module (FWSM) Product Overview EBC Presentatl © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 10
Firewall Services Module Industry’s Highest Performance Firewall Transparent (L2) and Routed (L3) firewalls in the same service module Resource Manager: Assign Service Classes, Resource Limits 256 VLANs per context with maximum of 1000 VLANs LAN failover active/standby (both intra/inter Performance chassis) and active/active Dynamic Routing: OSPF and RIP (2 OSPF PIX base Feature Set virtual routers) in non-virtual FW mode High Performance Firewall: Support multiple blades in the chassis, up to 5.5Gbps bandwidth (best case – 4 for 20Gbps large packets!) 80K access-lists enforced in hardware – 2.8 Million pps throughput maximum best-case figure Supported on Native IOS 12.1(13E) and 1 million concurrent connections CatOS 7.5(1) onwards 100K new connections/sec 250 Virtual firewalls/contexts FWSM v3.1 EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Scaling Switch Integrated FW Services to 20 Gbps EBC Presentatl © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 12
FWSM Clustering Scaling to16 Gbps using 2 ACE Modules Using the Application Control Engine (ACE) service module to deliver a high-performance server load balancing solution Delivers upto 16 Gbps of performance Visibility into SSL encrypted traffic EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 13
FWSM Clustering VLAN & PBR Techniques to scale to 20 Gbps EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 14
FWSMCatalyst Switch Security - Key Value Proposition Silver Bullets Cisco Advantages Multiple 10-20 Gbps FWSM Offers multiple 10 Gigs Solutions throughput by load- Solutions balancing with ACE, clustering using VLANs & PBRs Low Power Service Modules have significantly lowered their power Consumption consumption. Industry’s Highest Ability to aggregate multiple data feeds into a single high Port Density performance firewall blade Catalyst Firewall Switching Module supports both inter High Availability chassis and intra chassis high availability. Switch Integration Redundant Power, DC Power, NEBS Compliant Chassis L2/L3/Mixed Mode Ability to work in both transparent and routed modes Deployment increasing deployment flexibility. Multiple media Addressing wide area of uplink requirements including types copper, fiber and 10 GE. EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Agenda Market Drivers Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Management Certifications EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 16
6500 / 7600 Firewall Services Module Overview and Pricing Performance 5.5Gbps bandwidth 2.8 Million pps throughput 1 million concurrent connections 100K new connections/sec Advanced Features Firewall Services Module Product ID: WS-SVC-FWM-1= 250 Virtual firewalls/contexts US List Price: $34,995 Transparent (L2) and Routed (L3) firewalls in the same service module Resource Manager: Assign Service Classes, Resource Limits Available : Now 256 VLANs per context with maximum of 1000 VLANs LAN failover active/standby (both intra/inter chassis) and active/active Dynamic Routing: OSPF and RIP (2 OSPF virtual routers) in non-virtual FW mode Support multiple blades in the chassis, up to 4 for 20Gbps 80K access-lists enforced in hardware – maximum best-case figure All rights reserved. EBC Overview © 2006 Cisco Systems, Inc. Cisco Public 17
Catalyst 6500 / Cisco 7600 Firewall Systems Sup720-3B Bundles WS-C6503-E-FWM-K9 $59,995 WS-C6506-E-FWM-K9 $64,995 WS-C6509-E-FWM-K9 $69,995 WS-C6513-FWM-K9 $74,995 Available : Now Value - Increased Advanced Technology revenue and Partner VIP rebate Proposition - Ease of ordering / configuration - Upgraded technology - Enhanced chassis and Sup 720-3B - Additional discount - ensure competitiveness Chassis - Catalyst 6500 E-series and Fan Trays and - Supervisor 720 with PFC3B Supervisor - Firewall Module and IOS 12.2(18)SXF or 12.2(18)SF2 - Power Supply not included EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 18
NEW Catalyst 6500 / Cisco 7600 Firewall Systems Sup720-3BXL Bundles WS-6506-EXL-FWM-K9 $80,990 WS-6509-EXL-FWM-K9 $84,990 WS-C6513-XL-FWM-K9 $90,990 Available : Now Value - Increased Advanced Technology revenue and Partner VIP rebate Proposition - Ease of ordering / configuration - Upgraded technology - Enhanced chassis and Sup 720-3BXL - Additional discount - ensure competitiveness Chassis - Catalyst 6500 E-series and Fan Trays and - Supervisor 720 with PFC3BXL Supervisor - Firewall Module and IOS 12.2(18)SXF or 12.2(18)SF2 - Power Supply not included EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 19
NEW Catalyst 6500 / Cisco 7600 Firewall Systems with TWO Firewall Serives Modules Sup720-3BXL Bundles WS-C6509-EXL-2FWM-K9 $113,000 WS-C6513XL-2FWM-K9 $118,000 Available : Now Value - Increased Advanced Technology revenue and Partner VIP rebate Proposition - Ease of ordering / configuration - Upgraded technology - Enhanced chassis and Sup 720-3BXL - Additional discount - ensure competitiveness Chassis - Catalyst 6500 E-series and Fan Trays and - Supervisor 720 with PFC3BXL Supervisor - 2 Firewall Modules and IOS 12.2(18)SXF or 12.2(18)SF2 - Power Supply not included EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 20
Agenda Market Drivers Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Management Certifications EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 21
Management Overview EBC Presentatl © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 22
Single Module Management ASDM.F ASDM.F (5.2 current) Either Java applet (https://...) or Java Webstart program that runs on your PC Understands all FWSM features Manages virtual firewalls Real-time logging Monitoring Can run in admin context mode or per-context basis self- adapts accordingly Free EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 23
Multi-device manager: Cisco Security Manager Superior Usability VPN Administration VPN Wizard setup Site-to-Site, hub-spoke Administer policies and full mesh VPN’s visually on tables or with a few mouse clicks topology map Configure remote-access Policy Administration VPN, DMVPN, and Easy Jumpstart help: an extensive animated learning tool VPN devices Firewall Administration Centrally provision Flexible management views policies for firewalls , VPN’s and IPS Client/Server architecture IPS Administration Configure policies for ASA, Very scalable PIX, FW SM and IOS Single rule table for all Automatic updates to the Policy Inheritance platforms IPS Sensors feature enables consistent policies Intelligent analysis of policies Support for Outbreak across enterprise Prevention Services Sophisticated rule table Powerful device grouping editing options Compresses the number of access rules required EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 24
CS-M Device support Products Supported Pix: 6.3.x, 7.0.x, 7.1.x, ASA: 7.0.x, 7.1.x, FWSM 2.2, 2.3 and 3.1 IOS Routers: 12.3.x and 12.4.x, with and without IOSFW feature IOS Routers need to be able to talk SSH / SSL (standard in 12.4) Catalyst 65xx series for router ACL’s VPN Service Module, VPN SPA Module All IPS devices with versions 4.x and 5.x Technologies Supported FWSM: Near full feature coverage CS-M 3.1 coming out in March 07 supports FWSM 3.2 Pix 7.0/7.1 and ASA 7.0/7.1: Near full feature coverage except SSL VPN IPS devices: Near full feature coverage IOS: Only security related features and features that have a direct relation with VPN such as: routing, Qos, dial backup etc EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 25
Agenda Market Drivers Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Management Certifications EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 26
FWSM Testing / Certifications Common Criteria – 3.1(3.17) is EAL4 Certified!! FWSM is SafeHarbor Certified - 3.1(4.X) is going through testing right now; next SH will test 3.2(2) Internal validation of Performance Metric - Measuring current metrics and deltas with previous releases Internal testing for FWSM Clustering up to 20 Gbps FWSM testing in Voice environments in progress by VTG Testing in progress for FWSM in bursty Multicast environments to mimic traffic streams for Global Financial trading sector K8 (image without strong crypto) available Q4FY07 with 3.1.5 Testing FWSM with Telepresence deployments EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 27
Agenda Market Drivers Customer Case Study Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Firewall Services Module Key Features EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 28
FWSM 4.0 Roadmap Update SUP32+PISA + FWSM Interoperability Programmable Intelligent Services Accelerator EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 29
FWSM 4.0 Roadmap Update SUP32+PISA + FWSM Interoperability EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 30
References Firewall Services Module Web Site http://www.cisco.com/go/fwsm Firewall Services Module (FWSM) Configuration Guide: http://www.cisco.com/en/US/partner/products/hw/switches/ps708/p roducts_module_configuration_guide_book09186a0080579a1e.ht ml Cisco Conversion Tool http://www.cisco.com/web/partners/sell/technology/security/resources.html#technical Information on PISA http://www.cisco.com/en/US/products/ps7209/index.html EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 31
EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 32

Recommandé

Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network SecurityDjadja Sardjana
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Amazon Web Services
 
IT Security for Oil and Gas Companies
IT Security for Oil and Gas CompaniesIT Security for Oil and Gas Companies
IT Security for Oil and Gas CompaniesRichard Cole
 
Regulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionRegulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionApani Enterprise Security Software
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 

Recommandé

Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network SecurityDjadja Sardjana
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Amazon Web Services
 
IT Security for Oil and Gas Companies
IT Security for Oil and Gas CompaniesIT Security for Oil and Gas Companies
IT Security for Oil and Gas CompaniesRichard Cole
 
Regulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionRegulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionApani Enterprise Security Software
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceIBMGovernmentCA
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesBulent Buyukkahraman
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Arrow ECS UK
 
Ultima - Mobile Data Security
Ultima - Mobile Data SecurityUltima - Mobile Data Security
Ultima - Mobile Data Securitytrickey270
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
Sophos Complete Security
Sophos Complete SecuritySophos Complete Security
Sophos Complete SecurityCTI Group
 
FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010Andris Soroka
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identity Defined Security Alliance
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santossantosomar
 
TrendMicro
TrendMicroTrendMicro
TrendMicro1CloudRoad.com
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeTUESDAY Business Network
 
Personal identity information protection
Personal identity information protectionPersonal identity information protection
Personal identity information protectionApani Enterprise Security Software
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Cisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco Public Relations
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco Public Relations
 

Contenu connexe

Tendances

Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesBulent Buyukkahraman
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Arrow ECS UK
 
Ultima - Mobile Data Security
Ultima - Mobile Data SecurityUltima - Mobile Data Security
Ultima - Mobile Data Securitytrickey270
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
Sophos Complete Security
Sophos Complete SecuritySophos Complete Security
Sophos Complete SecurityCTI Group
 
FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010Andris Soroka
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santossantosomar
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 

Tendances (20)

Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUG
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing Services
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
 
Ultima - Mobile Data Security
Ultima - Mobile Data SecurityUltima - Mobile Data Security
Ultima - Mobile Data Security
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
Sophos Complete Security
Sophos Complete SecuritySophos Complete Security
Sophos Complete Security
 
FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic Workforce
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santos
 
TrendMicro
TrendMicroTrendMicro
TrendMicro
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi Verze
 
Personal identity information protection
Personal identity information protectionPersonal identity information protection
Personal identity information protection
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud Environment
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
 

Similaire à Cat6500 Praesentation

Cisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco Public Relations
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco Public Relations
 
Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Arrow ECS UK
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBMUndgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBMIBM Danmark
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4guest66dc5f
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 
Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa Data
 
Bridging the wired wireless
Bridging the wired wirelessBridging the wired wireless
Bridging the wired wirelessInterop
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technicalImranD1
 
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...Khazret Sapenov
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
 
CNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pksCNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pkslucpaquin
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn securityJack Melson
 

Similaire à Cat6500 Praesentation (20)

Cisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networking
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
 
Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBMUndgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
S series presentation
S series presentationS series presentation
S series presentation
 
ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
 
Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013
 
Bridging the wired wireless
Bridging the wired wirelessBridging the wired wireless
Bridging the wired wireless
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technical
 
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011
 
CNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pksCNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pks
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
 

Cat6500 Praesentation

  • 1. Cisco Catalyst 6500 Security Services Modules May 2007 Donovan Williams , Product Manager FWSM EBC Presentatl © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1
  • 2. Agenda Market Drivers Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Management Certifications EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2
  • 3. Why is Data Center Security important Enterprise data centers contain the assets, applications, and data that are often targeted by electronic attacks Endpoints such as data center servers are key objectives of malicious attacks and must be protected. Attacks against server farms can result in lost business for e-commerce and business-to- business applications, and the theft of confidential or proprietary information. More people have authorization to access specific services either remotely or on site (for example, consultants, temporary workers, partners, etc.) which makes data center server farms more accessible / vulnerable Hackers can use several currently available tools to inspect networks and to launch intrusion and denial of service (DoS) attacks to data center servers System Si Under Si Attack Si Core Si Aggregation Data Center Access EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 3
  • 4. Who to protect applications from? External threats from the Internet Internal threats from the Intranet From Partner’s networks originating attacks What to protect applications from? Intrusion Denial of service Worms Remote Site Systems Under Attack Data Center Wireless LAN Enterprise Network Corporate LAN Business Partners Public Internet DMZ EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 4
  • 5. Cisco Catalyst 6500 Delivering Security in the Enterprise TRUST AND THREAT SECURE IDENTITY DEFENSE CONNECTIVITY Cisco Security Application Remote Agent Security Site Data Center Encrypted LAN / WAN Network Admission Communications IPSec Control VPN Wireless LAN Enterprise Network Identity-Based Firewalls, Intrusion Networking prevention, and Corporate LAN Anomaly Detection Business DDoS Security Partners Event Public Catalyst Integrated Mitigation Monitoring Internet Security Toolkit DMZ Analysis Mitigation Comprehensive security protection from campus LAN access, distribution, core to data center and Internet edge EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 5
  • 6. Facilities Constraints & Growth You Will Effectively Lose 20% of Your IT Budget Availability of quality data center space and power facilities is decreasing - 50% of Enterprise Class DC’s will be technologically obsolete within 24 months - 12/05, Michael Bell, Gartner Storage growth is 40-70 % CAGR Server growth was 12% in 2005 and is expected to increase Energy bill will grow from 10% of IT budget to over 30% Over the next three years 50% of large organizations will face an annual energy bill higher than their annual server budget Source: Gartner, 2006 EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 6
  • 7. What Can Be Done To Reduce Power of Consumed by Network Services? Action Benefit/Implication Fewer Networks = Less Cost Consolidate Networks Reduce Storage Power Draw Specialized appliances are not Avoid Gateways and power efficient due to redundant Consolidate Functions internal cooling, switching and power conversion elements 1 Network or Network Element per customer is power and space inefficient Virtualized Network Elements Consider technologies such as MPLS to enable future virtualization View Power Requirements Prioritize efforts based upon Holistically reducing overall power consumption EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 7
  • 8. Reduce Power and Space Consumption Through Integrated Services Design Design Efficiency Catalyst 6500 power supply efficiency has improved 70-80% since 1999 Cisco ACE with FWSM reduces power by 85%~ 11kW Rack space saved with virtualized, integrated modules ~30R Additional savings from reduced cabling, port consumption and support costs BONUS: Reduce complexity, increase manageability, reduce latency, and eliminate single points of failure EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 8 8
  • 9. Agenda Market Drivers Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Management Certifications EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 9
  • 10. Cisco Catalyst 6500 and 7600 Series Firewall Services Module (FWSM) Product Overview EBC Presentatl © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 10
  • 11. Firewall Services Module Industry’s Highest Performance Firewall Transparent (L2) and Routed (L3) firewalls in the same service module Resource Manager: Assign Service Classes, Resource Limits 256 VLANs per context with maximum of 1000 VLANs LAN failover active/standby (both intra/inter Performance chassis) and active/active Dynamic Routing: OSPF and RIP (2 OSPF PIX base Feature Set virtual routers) in non-virtual FW mode High Performance Firewall: Support multiple blades in the chassis, up to 5.5Gbps bandwidth (best case – 4 for 20Gbps large packets!) 80K access-lists enforced in hardware – 2.8 Million pps throughput maximum best-case figure Supported on Native IOS 12.1(13E) and 1 million concurrent connections CatOS 7.5(1) onwards 100K new connections/sec 250 Virtual firewalls/contexts FWSM v3.1 EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 11
  • 12. Scaling Switch Integrated FW Services to 20 Gbps EBC Presentatl © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 12
  • 13. FWSM Clustering Scaling to16 Gbps using 2 ACE Modules Using the Application Control Engine (ACE) service module to deliver a high-performance server load balancing solution Delivers upto 16 Gbps of performance Visibility into SSL encrypted traffic EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 13
  • 14. FWSM Clustering VLAN & PBR Techniques to scale to 20 Gbps EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 14
  • 15. FWSMCatalyst Switch Security - Key Value Proposition Silver Bullets Cisco Advantages Multiple 10-20 Gbps FWSM Offers multiple 10 Gigs Solutions throughput by load- Solutions balancing with ACE, clustering using VLANs & PBRs Low Power Service Modules have significantly lowered their power Consumption consumption. Industry’s Highest Ability to aggregate multiple data feeds into a single high Port Density performance firewall blade Catalyst Firewall Switching Module supports both inter High Availability chassis and intra chassis high availability. Switch Integration Redundant Power, DC Power, NEBS Compliant Chassis L2/L3/Mixed Mode Ability to work in both transparent and routed modes Deployment increasing deployment flexibility. Multiple media Addressing wide area of uplink requirements including types copper, fiber and 10 GE. EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 15
  • 16. Agenda Market Drivers Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Management Certifications EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 16
  • 17. 6500 / 7600 Firewall Services Module Overview and Pricing Performance 5.5Gbps bandwidth 2.8 Million pps throughput 1 million concurrent connections 100K new connections/sec Advanced Features Firewall Services Module Product ID: WS-SVC-FWM-1= 250 Virtual firewalls/contexts US List Price: $34,995 Transparent (L2) and Routed (L3) firewalls in the same service module Resource Manager: Assign Service Classes, Resource Limits Available : Now 256 VLANs per context with maximum of 1000 VLANs LAN failover active/standby (both intra/inter chassis) and active/active Dynamic Routing: OSPF and RIP (2 OSPF virtual routers) in non-virtual FW mode Support multiple blades in the chassis, up to 4 for 20Gbps 80K access-lists enforced in hardware – maximum best-case figure All rights reserved. EBC Overview © 2006 Cisco Systems, Inc. Cisco Public 17
  • 18. Catalyst 6500 / Cisco 7600 Firewall Systems Sup720-3B Bundles WS-C6503-E-FWM-K9 $59,995 WS-C6506-E-FWM-K9 $64,995 WS-C6509-E-FWM-K9 $69,995 WS-C6513-FWM-K9 $74,995 Available : Now Value - Increased Advanced Technology revenue and Partner VIP rebate Proposition - Ease of ordering / configuration - Upgraded technology - Enhanced chassis and Sup 720-3B - Additional discount - ensure competitiveness Chassis - Catalyst 6500 E-series and Fan Trays and - Supervisor 720 with PFC3B Supervisor - Firewall Module and IOS 12.2(18)SXF or 12.2(18)SF2 - Power Supply not included EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 18
  • 19. NEW Catalyst 6500 / Cisco 7600 Firewall Systems Sup720-3BXL Bundles WS-6506-EXL-FWM-K9 $80,990 WS-6509-EXL-FWM-K9 $84,990 WS-C6513-XL-FWM-K9 $90,990 Available : Now Value - Increased Advanced Technology revenue and Partner VIP rebate Proposition - Ease of ordering / configuration - Upgraded technology - Enhanced chassis and Sup 720-3BXL - Additional discount - ensure competitiveness Chassis - Catalyst 6500 E-series and Fan Trays and - Supervisor 720 with PFC3BXL Supervisor - Firewall Module and IOS 12.2(18)SXF or 12.2(18)SF2 - Power Supply not included EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 19
  • 20. NEW Catalyst 6500 / Cisco 7600 Firewall Systems with TWO Firewall Serives Modules Sup720-3BXL Bundles WS-C6509-EXL-2FWM-K9 $113,000 WS-C6513XL-2FWM-K9 $118,000 Available : Now Value - Increased Advanced Technology revenue and Partner VIP rebate Proposition - Ease of ordering / configuration - Upgraded technology - Enhanced chassis and Sup 720-3BXL - Additional discount - ensure competitiveness Chassis - Catalyst 6500 E-series and Fan Trays and - Supervisor 720 with PFC3BXL Supervisor - 2 Firewall Modules and IOS 12.2(18)SXF or 12.2(18)SF2 - Power Supply not included EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 20
  • 21. Agenda Market Drivers Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Management Certifications EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 21
  • 22. Management Overview EBC Presentatl © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 22
  • 23. Single Module Management ASDM.F ASDM.F (5.2 current) Either Java applet (https://...) or Java Webstart program that runs on your PC Understands all FWSM features Manages virtual firewalls Real-time logging Monitoring Can run in admin context mode or per-context basis self- adapts accordingly Free EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 23
  • 24. Multi-device manager: Cisco Security Manager Superior Usability VPN Administration VPN Wizard setup Site-to-Site, hub-spoke Administer policies and full mesh VPN’s visually on tables or with a few mouse clicks topology map Configure remote-access Policy Administration VPN, DMVPN, and Easy Jumpstart help: an extensive animated learning tool VPN devices Firewall Administration Centrally provision Flexible management views policies for firewalls , VPN’s and IPS Client/Server architecture IPS Administration Configure policies for ASA, Very scalable PIX, FW SM and IOS Single rule table for all Automatic updates to the Policy Inheritance platforms IPS Sensors feature enables consistent policies Intelligent analysis of policies Support for Outbreak across enterprise Prevention Services Sophisticated rule table Powerful device grouping editing options Compresses the number of access rules required EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 24
  • 25. CS-M Device support Products Supported Pix: 6.3.x, 7.0.x, 7.1.x, ASA: 7.0.x, 7.1.x, FWSM 2.2, 2.3 and 3.1 IOS Routers: 12.3.x and 12.4.x, with and without IOSFW feature IOS Routers need to be able to talk SSH / SSL (standard in 12.4) Catalyst 65xx series for router ACL’s VPN Service Module, VPN SPA Module All IPS devices with versions 4.x and 5.x Technologies Supported FWSM: Near full feature coverage CS-M 3.1 coming out in March 07 supports FWSM 3.2 Pix 7.0/7.1 and ASA 7.0/7.1: Near full feature coverage except SSL VPN IPS devices: Near full feature coverage IOS: Only security related features and features that have a direct relation with VPN such as: routing, Qos, dial backup etc EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 25
  • 26. Agenda Market Drivers Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Management Certifications EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 26
  • 27. FWSM Testing / Certifications Common Criteria – 3.1(3.17) is EAL4 Certified!! FWSM is SafeHarbor Certified - 3.1(4.X) is going through testing right now; next SH will test 3.2(2) Internal validation of Performance Metric - Measuring current metrics and deltas with previous releases Internal testing for FWSM Clustering up to 20 Gbps FWSM testing in Voice environments in progress by VTG Testing in progress for FWSM in bursty Multicast environments to mimic traffic streams for Global Financial trading sector K8 (image without strong crypto) available Q4FY07 with 3.1.5 Testing FWSM with Telepresence deployments EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 27
  • 28. Agenda Market Drivers Customer Case Study Cisco 6500/7600 FireWall Services Module (FWSM) Pricing and Bundles Firewall Services Module Key Features EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 28
  • 29. FWSM 4.0 Roadmap Update SUP32+PISA + FWSM Interoperability Programmable Intelligent Services Accelerator EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 29
  • 30. FWSM 4.0 Roadmap Update SUP32+PISA + FWSM Interoperability EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 30
  • 31. References Firewall Services Module Web Site http://www.cisco.com/go/fwsm Firewall Services Module (FWSM) Configuration Guide: http://www.cisco.com/en/US/partner/products/hw/switches/ps708/p roducts_module_configuration_guide_book09186a0080579a1e.ht ml Cisco Conversion Tool http://www.cisco.com/web/partners/sell/technology/security/resources.html#technical Information on PISA http://www.cisco.com/en/US/products/ps7209/index.html EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 31
  • 32. EBC Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 32