Cisco Catalyst SD-WAN Security
Learning Objectives
- Memahami security architecture dalam SD-WAN
- Mengkonfigurasi Enterprise Firewall di edge
- Mengimplementasikan IPS (Intrusion Prevention System)
- Menggunakan URL Filtering dan DNS Security
Gambar 11.1 - Fitur keamanan terintegrasi SD-WAN: Firewall, IPS, URL Filtering, DNS Security
Security Architecture
Cisco Catalyst SD-WAN menyediakan security features terintegrasi yang dapat di-enable di edge devices.
Firewall
Zone-based stateful firewall
IPS/IDS
Intrusion detection & prevention
URL Filtering
Web content categorization
DNS Security
Malicious domain blocking
Enterprise Firewall
Zone-Based Firewall:
Traffic dikelompokkan berdasarkan security zones untuk policy enforcement.
| Zone | Description | Typical Policy |
|---|---|---|
| VPN Zone | Internal corporate traffic | Permit internal |
| Internet Zone | Direct Internet Access | Inspect outbound |
| DMZ | Demilitarized zone | Limited access |
Firewall Policy Actions:
- Pass: Allow without inspection
- Drop: Silently discard
- Inspect: Stateful inspection dan logging
Intrusion Prevention System (IPS)
IPS menggunakan Snort signature engine untuk mendeteksi dan memblokir threats.
🔍 Detection Methods
- Signature-based detection
- Protocol anomaly detection
- Threat intelligence feeds
⚡ Actions
- Alert: Log tanpa blocking
- Drop: Block dan log
- Reset: Send TCP reset
IPS inspection membutuhkan resource. Pastikan edge device sizing adequate untuk throughput requirements.
URL Filtering
URL Filtering mengkategorisasi dan mengontrol akses web berdasarkan content categories.
Categories:
- Gambling, Adult Content (Block)
- Social Media, Streaming (Allow/Limit)
- Business, Education (Allow)
- Malware, Phishing (Block)
Untuk advanced URL filtering dan threat intelligence, integrate dengan Cisco Umbrella cloud security.