Cisco has recently introduced a groundbreaking containerized firewall package for its renowned Catalyst switch family. The aim of this innovative solution is to assist enterprise customers with mixed IT and OT systems, providing them with improved capabilities to segment network resources and consolidate network and security deployments. By leveraging the power of containerization, Cisco is empowering organizations to streamline their operations, save costs, and enhance network security.
Containerized Firewall ASA on Catalyst 9300
In a significant development, Cisco has successfully built a Docker-based container specifically designed for its Secure Firewall Adaptive Security Appliance (ASA). This state-of-the-art container can be conveniently hosted on Cisco’s Catalyst 9300 access switches. By combining the flexibility and efficiency of containers with the robust functionality of the ASA, Cisco is revolutionizing the way enterprises manage their network security.
Segmentation and Logical Interfaces
The containerized firewall offers support for up to 10 logical interfaces, enabling effortless segmentation of network resources. This feature empowers organizations to allocate and manage network assets efficiently, reducing complexity and enhancing overall network performance. With the ability to assign logical interfaces, organizations gain granular control over their network resources, promoting secure connectivity and optimized operations.
Simplified Traffic Steering
One of the key advantages of hosting the containerized Secure Firewall ASA on Catalyst 9300 switches is the significant reduction in complexities related to traffic steering. Traditionally, organizations face challenges when trying to route network traffic to centralized firewalls, often resorting to intricate tunnel configurations. However, the implementation of this solution eliminates the need for complex tunnels, simplifying traffic management and enhancing network efficiency.
Stateful Connection Table
The containerized Secure Firewall ASA features a stateful connection table, a powerful capability that tracks the state and context of network connections passing through it. With this feature, organizations can ensure that only legitimate and authorized connections are established, while blocking malicious attempts. The context-based access control provided by this capability enhances network security, offering organizations peace of mind and proactive threat mitigation.
Access Control in the IT/OT Network
To maintain secure access control within the IT/OT network, the containerized Secure Firewall ASA employs access control lists (ACLs) and security group tags (SGTs). These measures enable organizations to define and enforce access policies, ensuring that only authorized users and devices can access critical network resources. By implementing robust access control mechanisms, organizations can protect sensitive data, prevent unauthorized access, and reduce the risk of cybersecurity threats.
Management and Configuration
The ASA package is conveniently managed through Cisco’s Enterprise DNA Center (DNAC), a comprehensive platform that supports efficient management and network connectivity configurations. With DNAC, organizations have a centralized and user-friendly interface to monitor and control their firewall applications seamlessly. Additionally, DNAC ensures that the firewall application remains up-to-date and secure, offering organizations peace of mind in the constantly evolving cybersecurity landscape. Furthermore, Cisco Defense Orchestrator supports the system, enabling the creation and deployment of consistent security policies across large networks.
Docker Container Support on Catalyst 9300
While this deployment marks the first time Cisco has hosted a firewall on the Catalyst 9300 switch, it is important to note that the switch has already included Docker container support for a couple of years. This experience and expertise in containerization further strengthen the reliability and performance of the containerized Secure Firewall ASA, ensuring seamless integration with the Catalyst switch family. The eagerly anticipated containerized Secure Firewall ASA will become available on the Catalyst 9300 Switch in October. Organizations can take advantage of this groundbreaking solution by upgrading to the IOS EX 17.12.2 release, which incorporates this innovative firewall package. By embracing this technology, enterprises can enjoy enhanced network security, simplified management, and optimized resource allocation.
As organizations grapple with the challenges posed by mixed IT and OT systems, Cisco’s containerized firewall package for the Catalyst switch family emerges as a game-changing solution. By seamlessly integrating the Secure Firewall ASA within the Catalyst 9300 switches, Cisco empowers enterprises to easily segment network resources and consolidate network and security deployments. With advanced features such as logical interfaces, stateful connection tables, and access control mechanisms, organizations can now build robust and secure network infrastructures. As technology advances and threats evolve, Cisco continues to pave the way for innovative solutions that enhance network security and efficiency.