Cisco Secure Firewalls in ACI Lab v1.3

August 2023

Overview

Cisco Secure Firewalls in ACI Lab offers a deep dive into L4-L7 service integration of third-party devices (such as load-balancers and firewalls). Showcase ESG (Endpoint Security Group), Secure Firewalls in ACI, using PBR (policy-based redirect) service graph, malware protections, automatic intrusion policy tuning, elephant flow and portscan detection, and EPG/ESG learning. Most tedious tasks have been scripted using automation frameworks. As an alternative to using APIC and Firewall Management Center GUIs, we offer Terraform plan and Postman collections to install Threat Defense and ACI configurations. Using a single firewall device (HA pair), we can support multiple contracts by using firewall VRFs dedicated to each service graph. Firewall VRFs enable separation of traffic into their unique routing domains. Inside the ACI fabric, Cisco Secure Firewall Threat Defense is used to inspect Nourth/South and East/West traffic within a user Tenant. Firewall interfaces are attached to ACI service Bridge Domains (BDs).

What's New?

• Configure APIC: ESGs(Endpoint Security Groups) through APIC GUI
• .Configure APIC: Service BDs, L3 PBR Device and Service Graph through terraform scripts
• Intrusion Prevention policy auto-tuning with Snort Recommendations
• Protecting Data Center against Port-Scan attacks
• Elephant Flow Detection

Back to top

Get Started & Resources

• View the demo at: Cisco Secure Firewalls in ACI Lab v1.3
• Visit the dCloud help page.
• View all available demos at Cisco dCloud.
• Questions? Contact the dCloud technical lead for the corresponding practice here.

Back to top