Cisco Catalyst SD-WAN Solution Integrations Guide, Releases 26.x and Later

PDF

Cisco cyber vision integration

Want to summarize with AI?

Log in

Describes the integration capabilities between Cisco Cyber Vision and Cisco Catalyst SD-WAN.


Cisco Cyber Vision integration is a network security solution that

  • provides visibility into the security status of your global network

  • indicates when devices in the network require attention to maintain a secure posture

  • helps you to configure security policies, and

  • enables Cisco SD-WAN Manager to configure devices in the network to operate as software-based sensors.

Integration value

The integration enables you to use Cisco SD-WAN Manager to configure devices in the network to operate as software-based sensors. Acting as a sensor is a functional value add to devices such as routers or switches. Sensors are an integral part of what enables Cisco Cyber Vision to manage security threats in the network.

You can configure devices acting as sensors to monitor and inspect traffic on one or more interfaces, and to send traffic metadata to Cisco Cyber Vision Center to analyze it for security concerns. Alternatively, you can send a copy of your network traffic to Cyber Vision Center for centralized monitoring and inspection. Note that sending a copy of your network traffic uses more network resources than sending only metadata.

The browser-based manager is called Cisco Cyber Vision Center. Documentation for Cisco Cyber Vision is available here.

Cisco Catalyst SD-WAN support for Cyber Vision includes

  • monitoring L3 interfaces on all supported platforms, and

  • monitoring L2 and L3 interfaces individually or simultaneously, on IR8340 platforms.

Configure the interfaces to monitor in a configuration group, using the Other profile and the Cyber Vision feature.

Depending on the interface types, SD-WAN Manager adds these configurations in the background:

Table 1. Interface monitoring configurations

Monitor

SD-WAN Manager adds these configurations for sending monitored traffic to Cyber Vision Center

L2 interfaces

VLAN 2340

Monitor session

L3 interfaces

Monitor session