I'm working in the bank and our equipment is mostly based on Cisco for the moment. This integration was done by a combination of our Cisco partner and in-house, because we did this at the time of setting up the infrastructure in 2016. We also have Cisco switches deployed in our environment. The whole idea is to make sure that any machines that are not on our domain should not be able to connect to the network. By integrating the ASA with Cisco ISE, that is what we are trying to achieve. That's when they recommended that we should put in network access control. We had VAPT (vulnerability assessment and pen testing) done by external people to see our level of security from inside and outside and they managed to find some deficiencies inside.
And we've got a number of servers, a Hyper-V virtual environment, and we've got a disaster recovery site. We have internet banking services that we offer to our clients, and that also makes use of the Cisco firewall as the first line of defense. We have a network of six remote sites and we use proxy to go to the internet, and from the internet Cisco is the first line of defense. We also use it for basic network layer filtering for our internal service, because we have a number of services that we offer out to clients, so that is the first device that they come across when they get into the network. We use the Cisco firewall for a number of things.
It would be better for the application layer, not the platform layer. In such cases, I cannot just go by dynamic classification blindly. If I stop some surveys, my production will stop. I might get a false positive with the VMware operator and platform layer. I may use the tabs for dynamic policy implementation in cloud environments depending on the clients' needs, but not typically VMware. Firepower is integrated to address these next-gen requirements. When I talk about a next-gen firewall, the basics include malware protection, instruction prevention, URL filtering, etc. If the customer only needs a plain firewall, Cisco ASA is sufficient. Large enterprises use Cisco and other products like Palo Alto or Check Point, especially for managing cloud architectures like GCP and AWS. Small businesses often pick Sophos or FortiGate because of the pricing. I work with businesses of all sizes, but I see Cisco more often in medium-sized companies or large enterprises. If it's a large enterprise, I may use the 4000 Series, or an ISR router integrated with a firewall for a branch office, and maybe an ISR router, which is integrated with the firewall. I may use an entry-level solution for smaller businesses, like the Cisco 555 Series or 5500. I've developed solutions with various Cisco Firewall models. I create solutions for clients using Cisco and other products. I'm a solution architect specializing in IT infrastructure designs.
0 kommentar(er)
