Your Time Is Now: Putting Firepower into the Next Generation Firewall

Cisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 1
Your Time
Is Now
Putting Firepower into the
Next Generation Firewall
Jason Maynard
Consulting Systems Engineer Cybersecurity
CCIE, CC[N|I|D]P, SFCE, C|EH, RCSS, GICSP, GPEN
#FE80CC1E
http://cs.co/Jason_Maynard_YouTube_Channel

Firepower Threat Defense

ASA (L2-L4)
• L2-L4 Stateful Firewall
• Scalable CGNAT, ACL, routing
• Application inspection
Firepower (L7)
• Threat-Centric NGIPS
• AVC, URL Filtering for NGFW
• Advanced Malware Protection
Full Feature Set
Continuous Feature
Migration
Single Converged OS
Firewall URL Visibility Threats
Firepower Management
Center (FMC)*
ASA with Firepower
Services

What are the Firepower Deployment Options?
Firepower Appliances Firepower Threat Defense
ASA with Firepower
Services
FirePOWER
Services
ASA 9.5.x
Firepower
Threat Defense
Firepower
Appliances
7000/7100/8000/Virtual ASA 5500X (all models) ASA 5500X / Virtual
Firepower 2100 / 4100 / 9300
5585 cannot run FTD Image!
All Managed by Firepower Management Center

Feature Comparison: ASA with Firepower Services and Firepower Threat Defense
Features Firepower Threat Defense Firepower Services for ASA
SIMILARITIES
Routing +NAT
✔
(OSPF, BGP, Static, RIP, Multicast, EIGRP/PBR
via FlexConfig)
✔
(OSPF, BGP, EIGRP, static, RIP,
Multicast)
OnBox Management ✔ ✔
HA (Active/Passive) ✔ ✔
Clustering (Active/Active) ✔ ✔
Site to Site VPN ✔ ✔
Policy based on SGT tags ✔ ✔
DIFFERENCES
Unified ASA and Firepower rules and
objects
✔ ✘
Hypervisor Support ✔
(AWS, VMware, KVM, Azure 6.2)
✘
Smart Licensing Support ✔ ✘
Multi-Context Support ✘(Coming Soon!) ✔
Remote Access VPN ✔ (6.2.1 – 2100, 6.2.2 - Virtual, 5500-x
midrange, 4100, 9300)
✔
Note: Not an exhaustive feature list

OpenAppID
Next-generation visibility with OpenAppID
Application Visibility & Control
See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps
Cisco database
• 4,000+ apps
• 180,000+ Micro-apps Network & users







1
2
Prioritize traffic

Web acceptable use controls and threat prevention
URL Filtering – Security Intelligence Feeds – DNS Sinkhole capability
Classify 280M+ URLs Filter sites using 80+ categories Manage “allow/block” lists easily Block latest malicious URLs
Category-based
Policy Creation
Allow Block
Admin
Cisco URL Database
DNS Sinkhole
01001010100
00100101101
Security feeds
URL | IP | DNS
NGFW
Filtering
BlockAllow
Safe Search
…………
 

Decrypt 3.5 Gbps traffic over
five million simultaneous flows
Granular SSL Decryption Capabilities
SSL TLS handshake certificate inspection and TLS decryption engine
Log
SSL
decryption engine
Enforcement
decisions
Encrypted Traffic
AVC
http://www.%$&^*#$@#$.com
http://www.%$&^*#$@#$.com
Inspect deciphered packets Track and log all SSL sessions
NGIPS
gambling
elicit
http://www.%$*#$@#$.com











Upcoming Webinar!
Firepower Threat Defense: SSL Decryption
Discover 3 Ways to Solve the Encrypted Traffic Dilemma
Encrypted traffic still giving you security headaches? Tired of policies that don’t address encrypted traffic?
If you're looking for an answer to these issues, Cisco Security has the solution for you.
Join Jason Maynard, Security Consulting Systems Engineer, in the upcoming webinar, Discover 3 Ways to Solve the
Encrypted Traffic Dilemma, by using Cisco’s SSL Inspection feature built into Firepower Threat Defense.
• Block selected encrypted traffic without inspecting it
• Inspect selected encrypted traffic with access control
• Decrypt selected encrypted traffic with access control
Seeing a hands on demo deploying the solution form start to finish
Register today!

Application and Context aware Intrusion Prevention
Next-Generation Intrusion Prevention System (NGIPS)
Communications
App & Device Data
01011101001
010
010001101
010010 10 10
Data packets
Prioritize
response
Blended threats
• Network
profiling
• Phishing
attacks
• Innocuous
payloads
• Infrequent
callouts
3
1
2
Accept
Block
Automate
policies
ISE
Scan network traffic Correlate data Detect stealthy threats Respond based on priority

c
File Reputation
Malware and ransomware detection and blocking
Cisco AMP Threat Grid (Advanced Malware Protection and cloud sandboxing)
• Known Signatures
• Fuzzy Fingerprinting
• Indications of compromise

Block known malware Investigate files safely Detect new threats Respond to alerts
File & Device Trajectory
AMP for
Network Log

Threat Grid Sandboxing
• Advanced Analytics
• Dynamic analysis
• Threat intelligence
?
AMP for
Endpoint Log
Threat Disposition
Enforcement across
all endpoints
RiskySafeUncertain
Sandbox Analysis

FlexConfig
• Provides a way to configure ASA features not exposed directly by Firepower
Management Center
• EIGRP Routing
• PBR
• ISIS Routing
• NetFlow (NSEL) export
• VXLAN
• ALG inspections
• IPv6 header inspection
• BFD
• Platform Sysopt commands
• WCCP

Cisco ASA 5500-X
5506 / 5508 / 5516
Performance
Unified Management
• 1-Gbp interfaces
• Up to 1.2 Gbps throughput
• 5545 / 5555 Redundant
Power Supply and SSD
option
• Firepower Threat Defense or
ASA Software Options
• 1-Gbp interfaces
• Up to 450 Mbps throughput
• Wireless Option for 5506-X
• Software Switching capability
• Firepower Threat Defense or
ASA Software Options
• Firepower Management Center
(Enterprise Management)
• Firepower Device Manager
(On Box Manager)
• Cisco Defense Orchestrator
(Cloud Management)
SMB and Enterprise Branch NGFW
5525 / 5545 / 5555
Performance

Cisco Firepower 2100 Series
Performance and
Density Optimization
Unified ManagementPurpose Built NGFW
• Integrated inspection engines
for FW, NGIPS, Application
Visibility and Control (AVC),
URL, Cisco Advanced
Malware Protection (AMP)
• 1-Gbp and 10-Gbps interfaces
• Up to 8.5-Gbps throughput
• 1-rack-unit (RU) form factor
• Dual SSD slots
• 12x RJ45 ports, 4xSFP(+)
• 2130 / 2140 Models
• 1x Network Module
• Fail to Wire Option
• DC & Dual PSU support
(On Box Manager)
(Cloud Management)
Introducing four high-performance models

FPR 2110 FPR 2120 FPR 2130 FPR 2140
Throughput
NGFW 1.9 Gbps 3 Gbps 4.75 Gbps 8.5 Gbps
Throughput
NGFW + IPS 1.9 Gbps 3 Gbps 4.75 Gbps 8.5 Gbps
Maximum
concurrent
sessions 1 M 1.2 M 2 M 3.5 M
Maximum new
connections per
second 12000 16000 24000 40000
Note: Early Performance Numbers
NO DROP IN
PERFORMACE!
Firepower 2100 Series Performance

Cisco Firepower 4100 Series
High performance campus and data center
Performance and
Density Optimization
Unified Management
Multiservice
Security
• Integrated inspection engines
for FW, NGIPS, Application
Visibility and Control (AVC),
URL, Cisco Advanced
Malware Protection (AMP)
• Radware DefensePro DDoS
• ASA and other future
third party
• 10-Gb and 40-Gb interfaces
• Up to 24-Gbps throughput
• 1-rack-unit (RU) form factor
• Low latency
(On Box Manager)
(Cloud Management)

Cisco Firepower 9300
Platform
Benefits
• Integration of best-in-class security
• Dynamic service stitching
Features*
• ASA container option
• Firepower™ Threat Defense:
• NGIPS, AMP, URL, AVC
• Third-party containers:
• Radware DDoS
Benefits
• Standards and interoperability
• Flexible architecture
Features
• Template-driven security
• Secure containerization for
customer apps
• RESTful/JSON API
• Third-party orchestration and
management
Features
• Compact, 3RU form factor
• 10-Gbps/40-Gbps I/O; 100-Gbps
ready
• Terabit backplane
• Low latency, intelligent fast path
• Network Equipment-Building
System (NEBS) ready
* Contact Cisco for services availability
Modular Carrier Class
Multiservice
Security
High performance data center

Cisco NGFW Platforms
NGFW capabilities all managed by Firepower Management Center
250 Mb -> 1.75 Gb
(NGFW + IPS Throughput)
Firepower Threat Defense for
ASA 5500-X
2 Gb -> 8 GB
(NGFW + IPS Throughput)
Firepower 2100 Series
41xx = 10 Gb -> 24 Gb
93xx = 24 Gb -> 53Gb
Firepower 4100 Series
and Firepower 9300
Up to 6x with clustering!

Software Support – Physical Platforms
ASA
Firepower
NGIPS
ASA with
FirePOWER
Services
Firepower
Threat
Defense
ASA 5506X -> 5555X (all models) ✓ ✓ ✓
Firepower 2100 (all models) Future ✓
Firepower 4100 (all models) ✓ ✓
Firepower 9300 (all models) ✓ ✓
ASA 5585 (With SSP blade) ✓ ✓
Firepower 7000 / 8000 (IPS
appliances)
✓

Software Support - Virtual Platforms
ASA
Firepower
NGIPS
Firepower Threat
Defense
ASAv (vSphere, AWS, Azure, Hyper-V, KVM) ✓
Firepower NGIPSv (vSphere + ISR UCSE) ✓
Firepower NGFWv (vSphere, AWS, Azure, KVM) ✓

Firepower Device
Manager
Enables easy on-box
management of
common security and
policy tasks
Enables comprehensive
security administration
and automation of
multiple appliances
Center
Cisco Defense
Orchestrator
Enables centralized
cloud-based policy
management of
multiple
deployments
On-box Centralized Cloud-based
Management Options

• On-box manager for
managing a single
device
• Targeted for SMB market
• Designed for Networking
Security Administrator
• Simple & Intuitive
• Mutually Exclusive from
FMC
• CLI for troubleshooting
Firepower Device Manager

Enables easy on-box
management of
common security and
policy tasks
and automation of
multiple appliances
Center
Enables centralized
cloud-based policy
management of
multiple
deployments
Management Options

Firepower Management Center
• Single manager for Firepower Threat Defense
• Can also manage Firepower appliance and “Services” deployments
• Broadest set of security capabilities for Firepower platforms!

Enables easy on-box
management of
common security and
policy tasks
and automation of
multiple appliances
Center
Cisco Defense
Orchestrator
Enables centralized
cloud-based policy
management of
multiple
deployments
Management Options

Enables easy on-box
management of
common security and
policy tasks
and automation of
multiple appliances
Center
Cisco Defense
Orchestrator
Enables centralized
cloud-based policy
management of
multiple
deployments
Management Options
CDO

On-box vs Off-box
Firepower Management Center (Off-box) Firepower Device Manager (On-box)
NAT & Routing
Access Control
Intrusion & Malware
Device & Events Monitoring
VPN - Site to Site & RA
Security Intelligence
Other Policies: SSL, Identity, Rate Limiting (QoS) etc.
Active/Passive Authentications
Firewall Mode Router / Transparent Routed
Threat Intelligence & Analytics
Correlation & Remediation
Risk Reports
Device Setup Wizard
Interface Port-Channel
High Availability

Troubleshooting: Packet Tracer
• Displays logs for a single simulated (virtual) packet
• Tracing data will include information from Snort & preprocessors about
verdicts and actions taken while processing a packet

Troubleshooting: Packet Capture with Trace
• Captures and displays packets from live traffic
• Allows PCAP file download of the capture buffer

Lookup features – Geolocation & WHOIS

Lookup Feature: URL

ISE remediation in using pxGrid

Cisco Threat Intelligence Director (CTID)
• Uses customer threat intelligence to
identify threats
• Automatically blocks supported
indicators on Cisco NGFW
• Provides a single integration point for all
STIX and CSV intelligence sources

Cisco Threat Intelligence Director Overview
Cisco Threat
Intelligence
Director

Hail a TAXII !!
• Free source of TAXII feeds
• Website URL: http://hailataxii.com
• Multiple feeds
• To configure the TAXII intelligence source
• URL: http://hailataxii.com/taxii-discovery-service
• USERNAME: guest
• PASSWORD: guest

Use Case
Internet Edge Firewall
Requirement
Connectivity and Availability Requirement:
• High Availability ROUTED mode
• Firewall should support Router or Transparent Mode
Routing Requirements:
• Static and BGP Routing
• Dynamic NAT/PAT and Static NAT
Security Requirements:
• Application Control + URL Acceptable Use enforcement
• IPS and Malware protection
• SSL Decryption
Authentication Requirements:
• User authentication and device identity
Solution
Security Application: Firepower Threat Defense application with
FMC
ISP
FW in HA
Private Network
Service
Provider
Campus/Priv
ate Network
DMZ Network
Port-
Channel
Internet Edge

10.1.1.0/24
192.168.1.0/24
192.168.1.1
10.1.1.1
IP:192.168.1.100
GW: 192.168.1.1
NAT
DRP
Firewall Design: Modes of Operation
• Routed Mode is the traditional mode of the firewall. Two or
more interfaces that separate L3 domains – Firewall is the
Router and Gateway for local hosts.
• Transparent Mode is where the firewall acts as a bridge
functioning at L2.
• Transparent mode firewall offers some unique benefits in the DC.
• Transparent deployment is tightly integrated with our ‘best practice’
data center designs.

Link Redundancy
Resiliency
with link
failures
Link and Platform Redundancy Capabilities
Firewall Link Aggregation – High Availability - Clustering
Inter-chassis Clustering
Combine up to
6
9300 blades or
4100 chasses
Active / Standby HA
LACP Link
Redundancy
LACP Link
Aggregation
Control
Protocol

Dynamic NAT for Direct Internet Access
Automatic and Manual (complex) NAT Support for FTD including IPv6

Routing Protocol support
• OSPF and OSPFv3 (IPv6)
• BGP (IPv4 & IPv6)
• Static Route
• Tunneled Route support for VPNs
• Reverse Route Injection for VPNs
• Multicast Routing
• IGMP
• PIM
• EIGRP via FlexConfig

Rate limiting Cloud File Sharing Traffic
• QOS Policy is a new policy type with separate policy table
• Not associated with an Access Control Policy – directly associated with devices

FlexConfig for Internet Edge Use Case:
Prepend FlexConfig:
• Disables DNS Inspection to allow
Umbrella DNSCrypt Traffic
Append FlexConfig:
• Enables ICMP and ICMP Error ASA
Inspection Engines in Firepower
• Edit FlexConfig Text Object as below
Enable ICMP Inspection & Disable DNS Inspection

FlexConfig for Internet Edge Use Case:
Prepend FlexConfig:
• Clears IPv6-PD on each deployment
Append FlexConfig:
• Enables outside interface (recipient of
delegated prefix) for IPv6 prefix delegation
• Assigns one or more inside interfaces with
a subnet and address from delegated prefix
• Trust IPv6 default route from IPv6 DHCP
Server (Neighbor Advertisement)
IPv6 Prefix Delegation (IPv6-PD)

Access Control Policy blocking inappropriate content

Granular SSL Decrypt
Can specify by application, certificate fields / status, ciphers, etc.

Custom IPS Policy

Malware and File Analysis
Attached to Access Policy

URL-Based Security Intelligence
• Extension of IP-based SI
• TALOS dynamic feed, 3rd party feeds and
lists
• Multiple categories: Malware, Phishing,
CnC,…
• Multiple Actions: Allow, Monitor, Block,
Interactive Block,…
• Policy configured via Access Rules or black-
list
• IoC tags for CnC and Malware URLs
• New Dashboard widget for URL SI
• Black/White-list URL with one click URL-SI
Categories

DNS Inspection
• Security Intelligence support for
domains
• Addresses challenges with fast-flux
domains
• Cisco provided and user defined
DNS lists: CnC, Spam, Malware,
Phishing
• Multiple Actions: Block, Domain Not
Found, Sinkhole, Monitor
• Indications of Compromise extended
with DNS Security Intelligence DNS List Action

Identity Policy based on Passive Authentication
Attaches to Access Control Policy

Access Control Policy Identity Control
Can Mix and Match AD & ISE Identity Groups (Guest, BYOD, etc.)

Active Directory “Realm” Configuration
• Multiple Entries
• LDAP / LDAPS
• Assigned to Identity
Policy for Active or
Passive Authentication

ISE Integration
• pxGrid feed to retrieve from ISE:
• AD Username (Group lookup via AD Realm)
• Device type profile & location
• TrustSec Security Group Tag (SGT)
• Ability to exert control based on the above in rules
• i.e. block HR users from using personal iPads
• Reduces ACL size and complexity

Identity Services Engine pxGrid Integration
• MUST install ROOT
certificate (chain) on FMC
that signed ISE pxGrid
Cert
• MUST install ROOT
certificate (chain) on ISE
that signed FMC Cert
• Private keys not needed
(of course!)

TrustSec Security Group Tag based identity from ISE
Can also reference Identity Services Engine identified Device Profiles

External Authentication
for Administration
• LDAP / AD or RADIUS
• Example allows “External Users” to
be defined that exist in Active-
Directory for FMC or shell login
• Can stack multiple methods

Common and Recommended Practices

“DDoS Remains Biggest Threat of all Cyber-Attacks“
DDoS is increasingly moving away from Denial and into Ransom as a Motive or a
smokescreen
Cyber criminals now maintain, and rent out botnets to mount DDoS attacks
70
No One Immune,
Few Prepared
0%
20%
40%
60%
DDoS continues to remain a top concern
* Source Radware ERT Report 2016

In-Line: Protects against 75% of DDoS Attacks
DDoS Attack Surface – Hybrid mitigation strategy
Where
DDoS
Strikes:
Cloud: For volumetric DDoS
attack mitigation
In-Line: Protects against both network and application attacks
23% Firewall 7% IDS/IPS 6% Load
Balancer
35% Server
Under Attack
Cloud: Protects
against 25% of DDoS
attacks
4% SQL Server
25% Internet Pipe

• Cisco Firepower is a scalable, carrier &
enterprise -grade, multi-service security
appliance featuring:
• Radware DDoS Decorator App (OEM)
• Cisco ASA firewall
• Cisco NGIPS (Sourcefire – Threat Defense)
• What is required?
• Firepower Chassis (FXOS 1.1.4+)
• DDoS License (Virtual DefensePro)
• Vision Management Software
• Cloud DDoS *CSCO FY18 Q1 (Oct 15, 2017)
• Hybrid, Always on & On Demand
Firepower DDoS Solution Components
DDoS FW NGIPS
Firepower 4100/9300

Site 2 Site VPN

Remote Access VPN

Cisco Threat Intelligence Director

Abbreviation Key!
ASA = Adaptive Security Appliance
FTD = Firepower Threat Defense
FPS = Firepower Services
FMC = Firepower Management Center
FDM = Firepower Device Manager
NGFW = Next Generation Firewall
NGIPS = Next Generation Intrusion
Prevention System
AMP = Advanced Malware Protection
API = Application Programming Interface
ISE = Identity Services Engine
IoC = Indicator of Compromise
PAN = Place to cook your eggs

Crypto-Card and Fail-to-Wire
Crypto-Acceleration
Fail-to-Wire
Firepower 2100/4100/9300
*FTW – 2100 coming soon

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 80
Flow Offload
Cisco Security Chalk Talk – Flow Offload
https://www.youtube.com/watch?v=2qnqILWhUuU&list=PLFT-
9JpKjRTANXKBmLbQ611TPYLXbUL_0&index=21
BKUP
Finance
Other
Service
Threat
Centric
x86
Smart NIC
Typical Flow
BKUP
Finance
Other
Service
FW
APP
IPS
AMP
Smart NIC
Initial Flow Offload
(has classifier if not seen then send for additional inspection)
BKUP
Finance
Other
Service
FW
APP
IPS
AMP
Smart NIC
Subsequent Flow Offload
Still provides
- TCP Sequence Randomization
- NAT/PAT
- Byte/Packet Count
(sends to x86 and can be send to NSEL (like Stealthwatch)

Firepower Threat Defense Interface Modes
Routed/Transparent
A
B
C
D
F
G
H
I
Inline Pair 1
Inline Pair 2
Inline Set
E J
Policy Tables
Passive
Interfaces
Inline Tap

Segmentation
VLAN Stitching
APP
IPS
AMP
APP
IPS
AMP
APP
IPS
AMP
Database Zone
Application Zone
Web Zone
Campus Zone
FTD
FTD
FTD
FTD
FTD
Cluster
How do I insert this into the Datacenter
without having to change the physical
infrastructure or move the routing?

Segmentation
VLAN Stitching - Before
Database Zone
Application Zone
Web Zone
FTD
FTD
FTD
FTD
FTD
Cluster
L3
High Speed
Switch
192.168.100.0/24
VLAN100 = 192.168.100.0/24
SVI = 192.168.100.1
VLAN100
Traffic never hits FW
unless you change the
routing or try to insert
into the physical path

Segmentation
VLAN Stitching - After
Database Zone
Application Zone
Web Zone
FTD
FTD
FTD
FTD
FTD
Cluster
L3
High Speed
Switch
192.168.100.0/24
VLAN100 = 192.168.100.0/24
SVI = 192.168.100.1
VLAN101 = 192.168.100.10-50
VLAN102 = 192.168.100.51-100
VLAN103 = 192.168.100.101-110
Ex: Web Zone to get to App Zone has to go
through policy on FTD. FTD stitches VLAN 101
and VLAN 102. Now I can add additional L7
Inspection. That could be the same for the default
GW or other zones.

Firepower 4100/9300
Clustering
Inside
Switch
FTD
FTD
FTD
FTD
FTD
FTD
Outside
Switch
Port-channel6
Port-channel5
Spanned EtherChannel
(recommended)
Inside
Switch
Outside
Switch
Note: L3 PBR and ECMP models are
supported
Benefits
• High Scale: NGFW
• Network Integration: Routing,
switching, inter-site DC extensions
• High Density: 40G/100G
• Clustering: Intra-chassis, Inter-
chassis, Inter-site
• Consistent Policy Management
Pay-As-You-Grow
- Traditional ASA 16 node cluster
- FTD 6 nodes today will scale to16
in the near future
Out_P02
200.1.1.1/24
In_P01
10.1.1.1/24
VSS/VPC
complianttotheIEEEstandard(802.3ad)
VSS/VPC
complianttotheIEEEstandard(802.3ad)
Cisco Security Chalk Talk - NGFW Clustering Technology
https://www.youtube.com/watch?v=yt8Cc4tS0kE&t=38s&index=3&list=PL
FT-9JpKjRTANXKBmLbQ611TPYLXbUL_0

Firepower 4100/9300
Clustering

The Firepower 4100/9300 Transforms
Security Service Integration
Limited effectiveness Increased latency Slows network Static & Manual
Unified Threat Platform w/Integrated Security
Data
Packet
1001
000101
111000
101110
SSL FW WAF NGIPSDDoS AMP
Maximum protection Highly efficient Scalable processing Dynamic
Key:
Cisco Service
3rd Party Service
• Radware vDP is our first 3rd Party component of the new Architecture
• We are adding DDoS Application Services to the ingress interfaces of the Firepower 4100/930

Security Services Architecture with
DDoS running
Supervisor
Ethernet 1/1-8 Ethernet 2/1-4
ASA Cluster
Security Module 1
Ethernet 3/1-4
Security Module 2 Security Module 3
Application
Image Storage
PortChannel1
DDoS DDoS DDoS
Ethernet1/7
(Management)
Data Inside
Logical
Device
Logical
Device Unit
Link
Decorator
Application
Connector
External
Connector
Primary
Application
Decorator
Application
On-board
8x10GE
interfaces
4x40GE NM
Slot 1
4x40GE NM
Slot 2
Logical
Packet Flow
PortChannel1
ASA ASA ASA
Data Outside

Cisco Firepower – Radware DDoS
Mitigation Module
Firepower DDoS Mitigation
Firepower DDoS Mitigation is provided by Radware Virtual DefensePro (vDP),
available and supported directly from Cisco on the following Cisco Firepower
9300 and 4100 series appliances:

Your Time Is Now: Putting Firepower into the Next Generation Firewall

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (13)

Similar a Your Time Is Now: Putting Firepower into the Next Generation Firewall

Similar a Your Time Is Now: Putting Firepower into the Next Generation Firewall (20)

Más de Cisco Canada

Más de Cisco Canada (20)

Último

Último (20)

Your Time Is Now: Putting Firepower into the Next Generation Firewall