cisco virtual update cisco firewalls i azure og amazon web ... · -hvshu 5dwkvdfk ²mudwkvdf#flvfr frp &rqvxowlqj f\ehuvhfxulw\ v\vwhpv hqjlqhhu &lvfr 6\vwhpv wk $xjxvw $pd]rq :he

$Page 1: cisco virtual update cisco firewalls i azure og amazon web ... · -hvshu 5dwkvdfk ²mudwkvdf#flvfr frp &rqvxowlqj f\ehuvhfxulw\ v\vwhpv hqjlqhhu &lvfr 6\vwhpv wk $xjxvw $pd]rq :he$
Jesper Rathsach – [email protected]

Consulting cybersecurity systems engineer, Cisco Systems

29th August 2018

Amazon Web Services (AWS) and Azure

NGFWv and ASAv in Public Cloud

Dagens Agenda

• Introduktion til public cloud

• Overblik over NGFWv, FMCv og ASAv

• NGFWv & ASAv I Azure med use-cases

• NGFWv & ASAv I AWS med use-cases

• Licensing og diverse

• Tak for I dag

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Public cloud has great benefits

5Public Cloud Security

Customers

Employees

Partners

Data Center

Applications Or

Workload

PublicCloud

Application agility

Cost effectivenessPer-hour, per-minute and per-second billing options

ScalabilityScale-up and scale-down

High availabilityRegions and Availability zones

Applications or Workload


Public cloud comes with challenges


L2 abstraction

Connection to Data Center(IPSEC, DX or Express Route)

Security

New Services/Environment

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7Public Cloud Security

Shared security model in Public Cloud

Physical Infrastructure

Network Infrastructure

VirtualizationLayer

Network Security

NSG SG NACL

NGFWv

ASAv

Firewall, AVC, Threat-Centric

URL filtering, AMP & VPN

Firewall & VPN

Customer

Responsibility

AWS components


AWS components Overview


Code Name

us-east-1 US East (N. Virginia)

us-east-2 US East (Ohio)

us-west-1 US West (N. California)

us-west-2 US West (Oregon)

ca-central-1 Canada (Central)

eu-central-1 EU (Frankfurt)

eu-west-1 EU (Ireland)

eu-west-2 EU (London)

eu-west-3 EU (Paris)

ap-northeast-1 Asia Pacific (Tokyo)

ap-northeast-2 Asia Pacific (Seoul)

ap-northeast-3 Asia Pacific (Osaka-Local)

ap-southeast-1

Asia Pacific (Singapore)

ap-southeast-2

Asia Pacific (Sydney)

ap-south-1 Asia Pacific (Mumbai)

sa-east-1 South America (São Paulo)


LB

IGW

Route Table: RT

destination next-hop

0.0.0.0 IGW

Elastic IPinside-1c

outside-1cworkload1

us-east-1c

mgmt-1c

inside-2c

outside-2cworkload2

us-east-2c

mgmt-2c

AWS components Overview


VPC

Virtual Private Cloud

Availability Zone

Subnet

EC2 InstanceWorkload

Elastic IP

Load BalancerNLB, CLB and ALB

Internet Gateway

Route Table

VGW & Direct Connect

Direct Connect

Virtual Private Gateway


Route Table and VPCLimitations


VPC

CIDR - 192.168.0.0/16

192.168.1.0/24

192.168.2.0/24

Route Table

destination subnet next-hop

192.168.0.0/16 local

0.0.0.0/0 IGW

192.168.2.0/24 x.x.x.x

Security Group

EC2 instance

Network ACL

IGW

More specific route is not permitted in route table

Route Table

• Route table is associated to a subnet

• User defined route can be added

• More specific routes are not permit

Network limitation

• No link local multicast or broadcast

• No IGPs

• No Proxy ARP and Gratuitous ARP

• Complex environment for native HA support but workarounds are available for resilient and scalable design

Reference: AWS RT


Workload security in AWS

Security Group

• SG acts as a virtual firewall for instance to control inbound and outbound traffic, only L4 rules

• Security groups are can only have allow action not deny

• SGs are stateful

• SG limit per region 50

• Maximum rule per SG 100

Network ACL

• Same as SG but applied to subnet

• L4 visibility

• Action – Allow or Deny

Security Groups (SG) and Network ACL (NACL)


VPC

192.168.1.0/24

192.168.2.0/24

Security Group

EC2 instance

Network ACL

Reference: AWS Service Limits

Azure components


Azure components

Public Cloud Security 27

Region and Availability Zone


vNET

WEB

APP

DB

NGFWv ASAv

Network Virtual Appliance (NVA)

Gateway Subnet

AzureExpress Route

Virtual Network Gateway

LB

Availability Set

Azure components

Resource Group

Virtual Network vNET

Subnet

WorkloadVM

User Defined Route UDR

Network Virtual Appliance NVA

Availability Set

Load BalancerInternal and External

Express Route

WEB-UDR

Destination Next Hop

x.x.x.x NVA (Internal)

APP-UDR



DB-UDR




New: Availability Zone


Workload security in Azure

• NSG restricts traffic to resources in a virtual network

• Action – Allow or Deny

• Direction – Inbound and outbound

• L4 rules

• Source IP

• Destination IP

• Port

• Protocol

• NSG limit – 5000 (per region per subscription)

• NSG rule limit – 1000 (per NSG)

Network Security Group (NSG)


vNET

10.0.1.0/24

10.0.2.0/24

NSG

NSG

eth0

eth1

NSG

Reference: Azure Limits and Quotas


Azure componentsRoute Table and vNET


vNET- 10.0.0.0/16Route Table

• Route table is associated to subnet

• User defined route can be added in RT

• UDRs takes precedence over system routes

• API integration with UDR

Network limitation

• No link local multicast or broadcast

• No IGPs

• No Proxy ARP and Gratuitous ARP

• No native high availability support for NVA

• ASAv HA is available

• ERSPAN is not support because GRE is blocked

Web10.0.1.0/24

App10.0.2.0/24

Db10.0.3.0/24

WEB-UDR



APP-UDR



DB-UDR




Security

Azure and AWS components are similar


Virtual NetworkvNET

Availability Set

Subnet

Azure Virtual MachineVM

User Defined RouteUDR

ARM Template

Load BalancerInternal, external and ILB Standard

ExpressRoute

Public IP

Virtual Private CloudVPC

Availability ZoneAZ

Subnet

EC2 Instance

Route TableRT

CloudFormation TemplateCF template

Load BalancerNLB, CLB, ALB, Internal and External

Direct Connect

Elastic IPEIP

Security Group

NACL

Network Security Group

NGFWv and ASAvOverview


Let’s begin journey towards secured cloud environment

Why are we here?



Security model in public cloud is not enough


Cloud Providers

Physical Infrastructure

Network Infrastructure

Virtualization Layer

Customer

Network and Workload Security

NSG SG NACL

Layer 4 Visibility

ASAvNGFWv

Firewall, AVC, NGIPS, AMP VPN and URL Filtering

(L4-L7 visibility)

Stateful firewall, NAT, Routing, ACL and VPN

Cisco Security for Public Cloud


NGFWv/FTDv overview


Managed by Firepower Management Center (FMC)

Firewall

NGFWvFTD Appliance

AVC

NGIPS

AMP

URL

VPN(IPSEC and SSL)AVC - Application Visibility and Control

NGIPS – Next-Generation Intrusion Prevention System AMP – Advanced Malware ProtectionVPN – Virtual Private NetworkURL – URL filtering


Firepower Management Center


NGFWvFMC Appliance

Centralized Management

Total Visibility

Real-time threat management

Security Automation


ASAv overview


ASAv9.9.xASAv9.9.x

ASA Appliance

Stateful F/W, NAT, Routing and ACL

VPNIPSEC and SSL

REST API

Route based VPNVTI


ASAv Management options

For easy on-box management of common security and

policy tasks and CLI based configuration

Helps administrators enforce consistent access policies,

rapidly troubleshoot security events, and view summarized reports across the deployment

For centralized cloud-based policy management of multiple

deployments*only for ASA

Cisco ASDM(on-box manager) Cisco Security Manager

(Centralized Manager)

Cisco DefenseOrchestrator(Cloud Based)


NGFWv and ASAvIn public cloud


NGFWv, FMCv and ASAv in Public CloudInstance types


NGFWv Instance (Marketplace)

c3.xlarge, c4.xlarge

FMCv Instance (Marketplace)

c3.xlarge, c3.2xlarge

c4.xlarge, c4.2xlarge

ASA instance (Marketplace)

c3.large, c3.xlarge

c4. large, c4.xlarge

m4.large, m4.xlarge

SSD storage on c3 instance and EBS storage on c4 or m4 instance

large instance is ASAv10, xlarge instance is ASAv30

NGFWv Instance (Marketplace)

Standard D3 and Dv2

ASAv Instance (Marketplace)

Standard D3 and D3v2

D3 and D3v2 instance is ASAv30


NGFWv in AWS


Deploy NGFWv in routed or passive mode

• Provides Networking, firewalling, threat-centric protection, URL

filtering & AMP capabilities

• An elastic IP (static persistent public IP) is required for either

NGFWv or Cisco Firepower™ Management Centre Virtual

remote admin access.

• AWS Security Group Access control must permit SSH/HTTPs

access to your instances and 8305 for SF tunnel

• Two management interfaces required for AWS NGFWv

eth0

eth1

eth2

eth3

Interface eth0 and eth1 are mgmt. interfaces

Interface eth2 and eth3 are data interfaces

NGFWv

Instance Type Interfaces Number of vCPUs RAM (GB)

FMCv & NGFWvc3.xlarge

c4.xlarge2 + 2* 4 7.5

FMCvc3.2xlarge

c4.2xlarge8 4 15


NGFWv in Azure


Deploy NGFWv in Routed Mode

• NGFWv supports Routed mode

• Provides Networking, firewalling, threat-centric protection, URL

filtering & AMP capabilities

• NSG should allow SSH/HTTPs and TCP 8305 (SF-Tunnel)

access to your instances on eth0 interface for management

access.

• Two management interfaces required for NGFWv in Azure

• North/South, East/West traffic inspection and Micro-

segmentation

eth0

eth1

eth2

eth3

Interface eth0 and eth1 are mgmt. interfaces

Interface eth2 and eth3 are data interfaces

NGFWv

* Management interface

NGFWv Supported Machine Size

Number of Interfaces (Subnets)

NGFW PlatformNumber of

vCPUsRAM (GB)

Standard D3 & D3v2 4 (2+2*) NGFWv 4 14


NGFWv & ASAv Datasheet Numbers


* Management interface

AWS

Instance Instance type Throughput Interfaces VPN endpoint

NGFWv c3.xlarge, c4.xlarge 1 Gbps 2 + 2* 250

FMCvc3.xlarge, c4.xlarge

(-) Management (-)c3.2xlarge, c4.2xlarge

ASAvc3/c4/m4.large (ASAv10) 1 Gbps 2 + 1* 250

c3/c4/m4.xlarge (ASAv30) 1 Gbps 3 + 1* 750

Azure

Instance Instance type Throughput Interfaces VPN endpoint

NGFWv Standard D3, D3v2 1 Gbps 2 + 2* 250

ASAvStandard D3, D3v2

(ASAv30)

100 Mbps (ASAv5)

1 Gbps (ASAv10, ASAv30)3 + 1* 50, 250 or 750

Note: Maximum throughput is measured with traffic under ideal conditionsStandard D3, D3v2 supports ASAv5, ASAv10 and ASAv30 license entitlement

Deployment modes


NGFWv Deployment Modes in Public Cloud


Routed mode (NGFWv) - AWS Passive mode (NGFWv) - AWS Routed mode (NGFWv) - Azure

• Passive mode is only applicable to NGFWv in AWS


ASAv Deployment Modes in Public Cloud


Routed mode (ASAv) - AWS Routed mode (ASAv) - Azure


NGFWv in Azure – Routed Mode


Deployment

• Deploy NGFWv in routed mode (L3)

• NGFWv available in Azure marketplace

• Next hop for workloads in Azure

Management

• Managed by FMC or FMCv

• Public or private IP for Management

Use cases

• VPN (S2S and RA VPN)

• Firewall, NGIPS, URL-filtering & AMP integration

Internal

NGFWv

FMCInternet

External

eth3

eth2

eth1

(diagnostic interface)

vNET

Internet & RA users


ASAv in Azure – Routed Mode


Deployment


• ASAv is available in Azure marketplace (ASAv30)

• Next hop for workloads in AWS

• ASAv HA (Active/Standby)

Management

• Management interface can be used as a data interface

Use cases

• VPN (S2S and RA VPN) and Firewall

• Option of installing license for 250 or 750 VPN endpoint

Inside

Internet

Management

DMZ2DMZ2ASAv

Internet &

RA users

vNET


NGFWv in AWS – Routed Mode


Deployment


• NGFWv and FMCv available in AWS marketplace


Management


• Elastic or private IP for Management

Use cases


• Firewall, IPS, URL & AMP integration

NGFWv

Internal

FMC

External

Mgmt

Internet &

RA users

VPC

IGW


NGFWv in AWS – Passive Mode


Deployment

• Deploy NGFWv in Passive Mode

Management



Passive mode requirement

• Cisco Cloud Services Router forward copy of the traffic to NGFWv

• NGFWv passively inspects traffic sent over ERSPAN session

• NGFWv sets interface type as ERSPAN and sets MTU 1600 and assigns IP address

NGFWv

Internal

External

CSRv

Internet &

RA users

VPC

IGW


ASAv in AWS – Routed Mode


Deployment

• Deploy ASAv in routed mode (L3)


Management


• Managed using CLI, Cisco Security Manager, ASDM, REST-API and Cisco Defense Orchestrator (CDO)

Use cases


• Inter-subnet filteringInternet

& RA users

Inside

DMZ2

Management/Outside

DMZ1

ASAv

DMZ2

IGW

VPC

Management access


Management access – NGFWv


vNET

Data Center

FMC

Gateway Subnet


NGFWv

AzureExpress Route

Internet

Data Center

FMC

NGFWv

Internet

Manage using public IP(Internet)

Manage using public IP(Internet)

Manage using private IP(Azure Express Route)Manage using private IP

(AWS Direct Connect – DX)

Direct Connect

AWS Azure

IGW

Use cases (Azure)


Azure User defined route (UDR)


vNET

WEB – 192.168.1.0/24

Default gateway on WebServer01 is 192.168.1.1

WebServer01

WEB-UDR


Default routeASAv

Inside

APP, DBASAv

Inside

APP DBASAv

Traffic is forwarded based on the routes in the UDR

UDR overrides system routes

Associated to a subnet

Next-hop option (virtual appliance, VNG, vNET, Internet and none)

API integration to modify routesInternet


E/W traffic inspection - NGFWv


vNET

WEB

APP

DB

Internal

Internet & RAVPNusers

Data Center

FMC

External InternetNGFWv

Gateway Subnet

AzureExpress Route


SF tunnel between FMC and NGFWv (management)

DB-UDR


Internet, WEB, APP & DC NGFWv (Internal)

DB NGFWv (Internal)

GW-Subnet-UDR


WEB, APP & DB NGFWv (Internal)

APP-UDR


Internet, WEB, DB & DC NGFWv (Internal)

APP NGFWv (Internal)

WEB-UDR


Internet, WEB, DB & DC NGFWv (Internal)

WEB NGFWv (Internal)

Highlighted routes are required for Micro Segmentation

Youtube: Demo


E/W traffic inspection - ASAv


vNET

WEB

APP

DB

Inside

Internet & RAVPNusers

Data Center

Outside Internet

Gateway Subnet

AzureExpress Route


DB-UDR


Internet, WEB, APP & DC ASAv (Inside)

DB ASAv (Inside)

GW-Subnet-UDR


WEB, APP & DB ASAv (Inside)

APP-UDR


Internet, WEB, DB & DC ASAv (Inside)

DB ASAv (Inside)

WEB-UDR


Internet, WEB, DB & DC ASAv (Inside)

DB ASAv (Inside)

Highlighted routes are required for Micro

Segmentation

ASAv

“same-security-traffic permit intra-interface” command is required on ASA for hairpinning


NGFWv/ASAv scalable designusing Azure ILB with HA ports


FWv01ilb-ha-fw1

FWv04ilb-ha-fw4

10.82.1.50

WEB10.82.1.0/24

10.82.0.50

APP10.82.0.0/24

Azure ILB with HA ports10.82.2.100Nva-subnet

10.82.2.0/24

10.82.2.10 10.82.2.11 10.82.2.12 10.82.2.13

Default route on FWs 10.82.2.1

APP-UDR


WEB ILB VIP

WEB-UDR


APP ILB VIP

FWv02ilb-ha-fw2

FWv03ilb-ha-fw3

• Azure ILB standard with HA• ILB is next hop in UDR• ILB load balances complete

IP traffic• ILB is design to provide

traffic symmetry


Service vNET – NGFWv and ASAvScalable design


vNET01 vNET02


Gateway Subnet

ILB HA10.82.2.100

Nva-Subnet10.82.2.0/24FWv02

ilb-ha-fw2

Default route on FWs 10.82.2.1

Hub

service vNET

All-Subnets-UDR


All-Subnets ILB VIP

All-Subnets-UDR


All-Subnets ILB VIP

Multiple SubnetMultiple Subnet Spoke

FWv01ilb-ha-fw1

FWv03ilb-ha-fw3

FWv04ilb-ha-fw4


Interconnecting vNET NGFWv UDR detail


FMC

NGFWv

InternalvNET1

Internal

NGFWvNGFWv

External External

Internal-UDR


Internet NGFWv (Inside)

vNET2 subnets NGFWv (Inside)

Internal-UDR



vNET1 subnets NGFWv (Inside)

vNET2

Site to Site VPN Tunnel


Site-to-site and RAVPNNGFWv – UDR detail


NGFWv

Internal

ASAv

vNET

NGFW

External

RA VPNUsers

Internet

Internal-UDR



RAVPN Pool NGFWv (Inside)

Datacenter (DC) NGFWv (Inside)

USE cases

Network Address Translation (NAT)

Site to Site Tunnel

Access Control Policy, IPS Policy and AMP policy

Networking, Firewalling and AVCData Centre

Site to Site VPN Tunnel

Internet and RAVPN


Inter subnet filtering – NGFWv


Internet users

APP

WEB

vNET

InternetNGFWv NGFWv

USE cases

Network Address Translation (NAT)

Site to Site Tunnel

Access Control Policy, IPS Policy and AMP policy

Networking, Firewalling and AVC

APP-UDR



WEB NGFWv (Inside)

WEB-UDR


Internet NGFWv-edge(Inside)

WEB NGFWv-Internal(Outside)


NGFWv and ASAv scalable designAzure internal load balancer (ILB) standard & external load balancer

x

vNET

WEB

APP

DBData Center

FMC

Gateway Subnet

AzureExpress Route


DB-UDR


Default/Internet ILB VIP

APP, WEB & DC ILB VIP

APP-UDR



DB, WEB and DC ILB VIP

WEB-UDR



DB, APP and DC ILB VIP

Internet

ILB Standard

(VIP)HA Port

GW-UDR


WEB, APP & DB ILB VIP

FW01

FW02

FW..n

NGFWv

NGFWv

NGFWv

NVA Subnet (inside)

ExternalLB

Internet Users

Stateless Switchover


Firewalls in Availability Set

Youtube: overview

ARM template deployment


Azure Resource Manager (ARM) Template


ASAv NGFWv

ASAv

ASAv

ASAv

NGFWv

NGFWv

NGFWv

• JSON based template for deploying NGFWv and ASAv

• Multiple/repeated deployments• Add firewall to exiting resource group• Add additional attributes for scalable

deployment i.e. Availability Set• Publish tested templates • Deploy multiple Azure resources using

single ARM template • Create following resources before

deploying ASA or NGFWv using template

• Resource group, availability set, vnet, subnet and storage account


Azure Resource Manager TemplateARM templates and demo videos


• NGFWv ARM Template: http://cs.co/NGFWvARMTemplate

• Youtube: Demo

• ASAv ARM Template: http://cs.co/ASAvARMTemplate

• Youtube: Demo

• NGFWv ARM Template (LB Sandwich): coming soon

• Youtube: coming soon

Use cases (AWS)


CloudFormation Template


CF template deploys resources in AWS

• Group of resources in template are called stack

• Resources are added using JSON object

• Publish CF template using S3 bucket

Advantage of using CF template

• Simplified infrastructure management

• Repeated or multiple deployment

• Reduced human errors

• Version control using template

• Update stack and track changes


Intersubnet filteringNGFWv


NGFWv

DB – 192.168.100.0/24

External

VPC

IGW

RT-DB


192.168.0.0/16 local

0.0.0.0/0 eni-ngfwv(internal)

CIDR - 192.168.0.0/16

ASAv

WEB- 192.168.2.0

RT-WEB


192.168.0.0/16 local

0.0.0.0/0 eni-asav(inside)

• CIDR has a local route for VPC

• Specific route is not allowed in route table

• Default route will not cover local network

• Host routes are required to enable Intersubnet filtering


Secure Transit VPC - NGFWv


CSRvCSRv

NGFWvInternet

VPC A VPC B

AZ1 AZ2

Transit

VPC

Spoke

VPC

NGFWvRT

Scalable design


NGFWv scalable design using AWS NLBNetwork Load Balancer (NLB)


inside-1c

NLB

outside-1c

inside-1d

management-1c

Route Table: RT

subnet next-hop

0.0.0.0 IGW

FMCv

WebServer01

NGFWv

management-1d

us-east-1c

us-east-1d

Elastic IP

NGFWv

outside-1d

NGFWv

Stateless switchover

WebServer02

Youtube: Demo

VPC

IGW


NGFWv scalable design using AWS NLBNetwork Load Balancer (NLB)


inside-1c

NLB

outside-1c

inside-1d

management-1c

Route Table: RT

subnet next-hop

0.0.0.0 IGW

FMCv

WebServer01

NGFWv

management-1d

us-east-1c

us-east-1d

Elastic IP

NGFWv

outside-1d

NGFWv

Stateless switchover

WebServer02

NGFWv

NGFWv

Multiple firewalls can be added per Availability Zone to provide AZ level scalability

Youtube: Demo

VPC

IGW

Advanced Malware protection in Azure and AWS


NGFWv integration with AMPAWS and Azure


DB – 192.168.100.0/24VPC

CIDR - 192.168.0.0/16

WEB- 192.168.2.0

IGW

NGFWv

NGFWv integrates with AMP solution and provide following features

• AMP for network• Continuous analysis• Retrospective security• Reduce event notifications• Integrated malware analysis

File capture allows you to store and retrieve files for further analysis. The integration of Threat Grid allows you to examine unknown and suspicious files in a safe, highly secure sandbox environment, either in the cloud or locally

Malware is detected and dropped by NGFWv

Licensing


Licensing


Azu

re Cisco Smart Licensing• Bring your own license (BYOL)

Base License(Firewall and AVC)

Term based(Threat, URL and AMP)

NGFW

Standard License(Firewall and throughput)

AnyconnectApex License

(SSL and IPSEC)

ASAASA

AW

S

Cisco Smart Licensing• Bring your own license (BYOL)

Pay as you go model• Hourly and annual license

Note: No Cisco TAC support from AWS pay-as-you-go model license model but you can purchase one year TAC support from listed partner: https://aws.amazon.com/marketplace/pp/B01HQPRQMQ?qid=1522335115947&sr=0-7&ref_=srh_res_product_title

Important Resources


YouTube ChannelYoutube Channel: http://cs.co/DCandCloudSecurity



NGFWv and ASAv Marketplace Listings


AWS

Product Marketplace Listing

NGFWv Marketplace listing – BYOL http://cs.co/CiscoNGFWvBYOL

NGFWv Marketplace listing – Hourly & Annual http://cs.co/CiscoNGFWvHourlyAnnual

FMCv Marketplace listing – BYOL http://cs.co/CiscoFMCvBYOL

ASAv Marketplace listing – BYOL, Hourly & Annual http://cs.co/CiscoASAvBYOLHourlyAnnual

Azure

Product Marketplace Listing

NGFWv Marketplace listing – BYOL http://cs.co/CiscoNGFWv

ASAv Marketplace listing – BYOL http://cs.co/CiscoASAv

ASAv HA Marketplace listing - BYOL http://cs.co/AzureASAvHA


Importance Links

Security in public cloud Youtube channelhttp://cs.co/DCandCloudSecurity

Cisco NGFWv, ASAv and FMC Chalk talk in Public Cloudhttp://cs.co/PublicCloudSecChalkTalk

Public Cloud Technical Decision Maker Deck (TDM) – (Partner level access required)http://cs.co/Azure-AWS-PublicCloudTDMs

Cisco ASAv licensing (BYOL)http://cs.co/ASAvLicensing

Cisco NGFWv licensing (BYOL)http://cs.co/CiscoNGFWvLicensing

NGFWv ARM Templatehttp://cs.co/NGFWvARMTemplate

ASAv ARM Templatehttp://cs.co/ASAvARMTemplate



Documents

cisco virtual update cisco firewalls i azure og amazon web ... · -hvshu 5dwkvdfk ²mudwkvdf#flvfr frp &rqvxowlqj f\ehuvhfxulw\ v\vwhpv hqjlqhhu &lvfr 6\vwhpv wk $xjxvw $pd]rq :he