-
- Monitoring Devices
- Monitoring Wireless Devices
- Creating Monitoring Policies and Thresholds
- Monitoring Alarms
- Monitoring Clients and Users
- Performance Routing Version 3 Based Network Monitoring
- Monitoring Wireless Technologies
- Using Monitoring Tools
- Viewing Performance Graphs
- Troubleshooting
- Monitoring Multiple Prime Infrastructure Instances
-
- Securing Network Services
- Configuring and Monitoring IWAN
- Using Converged Access Workflow
- Configuring Branch Threat Defense
- Configuring and Monitoring Cisco Catalyst Instant Access
- Access Network Workflow
- Configuring Application Visibility and Control
- Ensuring Consistent Application Experiences
- Troubleshooting Applications
- Monitoring Microsoft Lync Traffic
- Using Mediatrace
- Cisco Mobility Services Engine and Services
- Configuring the Cisco AppNav Solution
- Configuring WAAS Container
- Working with Wireless Mobility
- System Time Zones
Cisco Prime Infrastructure 3.1.4 User Guide
- Updated:
- February 7, 2018
Chapter: Configuring Branch Threat Defense
Configuring Branch Threat Defense
Cisco Branch Threat Defense is a router security technology that strengthens protection and saves time and money without having to deploy multiple-point security products. This technology mitigates security vulnerabilities in branch offices with direct Internet connections that bypass your data center, and encrypt communication between enterprise branches, headquarters, and data centers.
You can use Prime Infrastructure to configure Branch Threat Defense starting from Regulatory Compliance use cases, and configure the technologies such as Zone-Based Firewall (ZBFW), Snort Intrusion Prevention System (IPS), Cloud Web Security (CWS) and OpenDNS.
Supported IOS-XE Platforms
The Branch Threat Defense functionality is supported on Cisco 4000 series Integrated Services Routers (ISR).
Supported IOS-XE Versions
The Branch Threat Defense functionality is available in Cisco IOS-XE Release 15.5(3)S1 (16.3.1 when OpenDNS is configured) and later releases.
Prerequisites for Enabling Branch Threat Defense
- This feature is available only in Security Packages which require a security license. Contact Cisco Support to obtain the license.
- Ensure that the Cisco 4000 series ISR has at least 8 GB of RAM. For more information, see the section “Virtual Service Resource Profile” in the Security Configuration Guide for Branch Threat Defense in the Related Topics.
- Each router to be provisioned should already have a Snort IPS OVA present in the same location on its file-system. Use the “Copy OVA to Device” CLI template to distribute a Snort IPS OVA to each device to be provisioned before proceeding.
Using the Branch Threat Defense Wizard
Step 1 Choose Services > Network Services > Branch Threat Defense .
Step 2 Click Next to choose the configuration.
Step 3 Read the description in the Choose Configuration page and choose the required use case from the Select a Use Case drop-down list.
The configuration options vary according to the selected use case.
Step 4 Choose the required configuration options and click Next .
Step 5 Choose the devices you want to configure and click Next .
Step 6 Enter the configuration values or use the import/export icon to configure the ZBFW , Snort IPS CLI , CWS and OpenDNS depending on the chosen use case .
Step 7 Click Apply and click Next to goto CLI Summary tab where you can confirm the device and template configuration values.
Step 8 Schedule the deployment job using Prepare and Schedule tab.
Step 9 Click Next and click Deploy in the Confirmation tab to deploy the Branch Threat Defense.
Step 10 Click Job Status to view the job details in the Job Dashboard .
Feedback