Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Prime Infrastructure 3.1.4 User Guide

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco Prime Infrastructure 3.1.4 User Guide

Chapter Title

Configuring Branch Threat Defense

Results

Updated:
February 7, 2018

Chapter: Configuring Branch Threat Defense

Configuring Branch Threat Defense

Cisco Branch Threat Defense is a router security technology that strengthens protection and saves time and money without having to deploy multiple-point security products. This technology mitigates security vulnerabilities in branch offices with direct Internet connections that bypass your data center, and encrypt communication between enterprise branches, headquarters, and data centers.

You can use Prime Infrastructure to configure Branch Threat Defense starting from Regulatory Compliance use cases, and configure the technologies such as Zone-Based Firewall (ZBFW), Snort Intrusion Prevention System (IPS), Cloud Web Security (CWS) and OpenDNS.

Related Topics

Supported IOS-XE Platforms

The Branch Threat Defense functionality is supported on Cisco 4000 series Integrated Services Routers (ISR).

Supported IOS-XE Versions

The Branch Threat Defense functionality is available in Cisco IOS-XE Release 15.5(3)S1 (16.3.1 when OpenDNS is configured) and later releases.

Prerequisites for Enabling Branch Threat Defense

  • This feature is available only in Security Packages which require a security license. Contact Cisco Support to obtain the license.
  • Ensure that the Cisco 4000 series ISR has at least 8 GB of RAM. For more information, see the section “Virtual Service Resource Profile” in the Security Configuration Guide for Branch Threat Defense in the Related Topics.
  • Each router to be provisioned should already have a Snort IPS OVA present in the same location on its file-system. Use the “Copy OVA to Device” CLI template to distribute a Snort IPS OVA to each device to be provisioned before proceeding.

Related Topics

Using the Branch Threat Defense Wizard

Step 1 Choose Services > Network Services > Branch Threat Defense .

Step 2 Click Next to choose the configuration.

Step 3 Read the description in the Choose Configuration page and choose the required use case from the Select a Use Case drop-down list.

The configuration options vary according to the selected use case.

Step 4 Choose the required configuration options and click Next .

Step 5 Choose the devices you want to configure and click Next .

Step 6 Enter the configuration values or use the import/export icon to configure the ZBFW , Snort IPS CLI , CWS and OpenDNS depending on the chosen use case .

Step 7 Click Apply and click Next to goto CLI Summary tab where you can confirm the device and template configuration values.

Step 8 Schedule the deployment job using Prepare and Schedule tab.

Step 9 Click Next and click Deploy in the Confirmation tab to deploy the Branch Threat Defense.

Step 10 Click Job Status to view the job details in the Job Dashboard .

 

Related Topics

 

Was this Document Helpful?

FeedbackFeedback

Contact Cisco