This guide details the primary use cases that uses the SD-WAN capabilities supported on Cisco Secure Firewall.

The approaches do not address all of the possible network needs; instead, they provide models on which you can pattern your network. You can choose not to use features presented in the examples, or you can add or substitute features that better suit your needs.

This guide assumes you are familiar with Cisco Secure Firewall. For more information on configurations, see Cisco Secure Firewall Management Center Administration Guide, 7.3 and Cisco Secure Firewall Management Center Device Configuration Guide, 7.3.

Cisco Secure Firewall is an exceptionally robust firewall solution with cutting-edge features such as Snort IPS, URL filtering, and malware defense.

This comprehensive offering greatly simplifies threat protection by enforcing consistent security policies across physical, private, and public cloud environments.

Furthermore, it grants extensive visibility into your network infrastructure, swiftly identifying the origin and activity of potential threats. Armed with this knowledge, you can promptly take action to stop attacks before they have a chance to disrupt your operations.

In addition to traditional firewall capabilities, it provides features as:

1. Application visibility and control

2. User identity awareness and control

3. Intrusion prevention and intrusion detection

4. SSL/TLS decryption

5. Reputation based blocking

6. File and malware protection

7. Virtual Private Network (VPN)

As organizations expand their operations across multiple branch locations, ensuring secure and streamlined connectivity becomes paramount. Deploying a secure branch network infrastructure involves complex configuration and management processes, which can be time-consuming and prone to security vulnerabilities if not handled properly. However, organizations can overcome these challenges by leveraging a secure firewall solution for simplified and secure branch deployment.

In this guide, we explore the concept of simplifying secure branch deployment using a robust firewall solution. By integrating a secure firewall as a foundational component of the branch network architecture, organizations can establish a strong security baseline while simplifying the deployment process. This approach enables organizations to enforce unified security policies, optimize traffic routing, and ensure resilient connectivity.

Some of the SD-WAN capabilities supported on the Cisco Secure Firewall are:

• Secure Elastic Connectivity:

  • Route-based (VTI) VPN tunnels between headquarters (hub) and branches (spokes)

  • IPv4 and IPv6 BGP, IPv4 and IPv6 OSPFv2/v3, and IPv4 EIGRP over VTI

  • DVTI support for spokes with static or dynamic IP

• High availability with near zero network downtime:

  • Dual ISP configuration

  • Optimal path selection based on application based interface monitoring

• Increased usable bandwidth:

  • ECMP support for load balancing across multiple ISPs

  • ECMP support for SVTI

  • Application based load balancing using PBR

• Direct Internet Access for public cloud and guest user:

  • Policy based routing using applications as a match criteria

  • Local tunnel ID support for Umbrella

• Simplified management:

  • SASE: Umbrella auto tunnel deployment

  • DVTI hub spoke topology simplification

This table list some commonly used WAN features