Cisco ProtectLink Endpoint

Transkript

Cisco Small Business
Security, routery a wifi
Tomas Chott
[email protected]
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
Novinky
Cisco Confidential
2
Cisco 500 Series
Stackable Switches
Cisco Confidential
3
One portfolio – a spectrum of choices
Functionality
500 Series
Stackable
Managed
300 Series
Managed
200 Series
Smart
100 Series
Unmanaged
Plug & Play
Basic Security,
QoS, Mgmt
Fully Managed
Feature rich
Stackable –
Higher Resilience
Price
Cisco Confidential
4
True Stacking
Yes
Yes
Performance
1Gbps Stacking
5/10Gbps Stacking
802.3af
Legacy Cisco PoE/802.3af/802.3at
Static
Static (500) /Dynamic (RIP)*; VRRP*
(500X)
OnPlus
N/A
Basic
IPv6
IPv6
Gold IPv6 and USGv6
Energy Efficient
No EEE
Supports EEE
Additional Gig ports (Gig models)
Standard
4 additional Gig ports
English only
7 languages—GUI, docs, suppt
Network-wide Auto Voice + Auto
Smartports + CDP
No
Yes
Text View/CLI Mgmt
No
Yes
Limited Lifetime
Limited Lifetime with NBD
FE Price Range
SFE2000 ($328 WPL ASP)
SFE2010P ($1071)
SF500-24 ($372)
SF500-48P ($1299)
GE Price Range
SGE2000 ($594)
SGE2010P ($1616)
SG500-28 ($633)
SG500-52P ($1728)
SG500X-48P ($3500)
PoE
L3 Routing
Localization / Globalization
Warranty
* SG5xxx only
Cisco Confidential
5
Model Overview
1/5 Gig Stack Links
Fast Ethernet
Gigabit Ethernet
SF500-24
SG500-28
24 10/100 ports
4 Gig ports (2x5G SFP)
24 10/100/1000 ports
SF500-24P
SG500-28P
24 10/100 PoE ports
24 10/100/1000 PoE ports
SF500-48
SG500-52
48 10/100 ports
48 10/100/1000 ports
SF500-48P
SG500-52P
48 10/100 PoE ports
48 10/100/1000 PoE ports
SG500X-24
10 Gig Stack & Uplinks
24 10/100/1000 ports
Four 10 Gig SFPs
SG500X-24P
24 10/100/1000 PoE ports
Four 10 Gig SFPs
SG500X-48
48 10/100/1000 ports
Four 10 Gig SFPs
SG500X-48P
48 10/100/1000 PoE ports
Four 10 Gig SFPs
Cisco Confidential
6
Product Transition Matrix
SFE2000
$521
SF500-24
SF500-24-K9
$590
SFE2000P
$832
SF500-24P
SF500-24P-K9
$932
SFE2010
$945
SF500-48
SF500-48-K9
$1006
SFE2010P
$1700
SF500-48P
SF500-48P-K9
$2062
SGE2000
$943
SG500-28
SG500-28-K9
$1005
SGE2000P
$1265
SG500-28P
SG500-28P-K9
$1360
SGE2010
$1885
SG500-52
SG500-52-K9
$1911
SGE2010P
$2565
SG500-52P
SG500-52P-K9
$2743
New
N/A
SG500X-24
SG500X-24-K9
$1905
New
N/A
SG500X-24P
SG500X-24P-K9
$3175
New
N/A
SG500X-48
SG500X-48-K9
$3175
New
N/A
SG500X-48P
SG500X-48P-K9
$5556
500 Series and SxE switches will be available in the market at the same time
Cisco Confidential
7
New
•
Cisco Configuration Assistant (CCA) for
system-wide deployments
•
Cisco Discovery Protocol and Cisco SmartPorts
for easy management
•
CLI for text-based configuration for mass
deployment
•
Cisco FindIT/Small Business Toolbar Application
•
Full integration with OnPlus
•
True stacking to manage multiple switches as
a single unit
•
Standalone configuration using the embedded
Web GUI
•
Remote monitoring support using SNMP
•
Menu-based access through console for
disaster recovery
Web
GUI
CCA
SNMP Mgmt
Platform
CLI
FindIT
Cisco Confidential
8
DHCP
Auto-Configuration
• A way to deploy switches en-masse
• Uses DHCP Options 66 and 67
• Switch automatically loads its config from a TFTP Server
• LLDP—standards-based discovery mechanism similar to CDP
LLDP-MED + CDP
• Switch learns devices attached to specific ports
• Switch notifies endpoint which Voice VLAN to use, QoS parameters
to set, etc
• Smartports—pre-created macros to speed up deployments
Auto Smartports
• Auto Smartports—Apply appropriate Smartports role to port based on
discovered device
Network-Wide
Auto Voice VLAN
• Dynamic creation and propagation of Voice VLAN and QoS across
TextView CLI
• Text-based Command Line Interface to ease mass deployment
the network
Cisco Confidential
9
Manual Config
Automatic setup
Call Control
UC or HSB
Switch 1
A
Create Voice VLAN
B
Setup QoS parameters
C
Config LLDP-MED Network Policy
A
Activate OUI Auto Voice VLAN
D
Add Voice VLAN to port
B
Create Voice VLAN on Switch
C
Populate OUI table
D
Add Voice VLAN to port
Switch 2
1
2
Recognize
phone—
LLDP-MED
Instruct phone
which Voice
VLAN and QoS
to use—LLDPMED
1
2
Recognize
phone—OUI
Apply appropriate
QoS and assign
to Voice VLAN
Additional Manual Config:
•
•
•
•
•
LLDP Approach | AUTO
When Voice VLAN changes
When QoS rules in network changes
If Voice VLAN on switch 2 not set same
as switch 1
If QoS on Switch 2 not set same as
switch 1
If OUI table not correctly populated
OUI Approach | AUTO
Cisco Confidential
10
Supported Only with Cisco 500, 300, and 200 Switches
Automatic setup
Call Control UC or HSB
5
Switch Configures port
Fa1 with optimal parameters
for IP Phone
1
CDP Advertises Voice VLAN 100
2
Gi4
4
Instruct phone which
Voice VLAN and
QoS to use—LLDPMED or CDP
Switch 1
Gi5
Fa1
VLAN 100 created on switch—
assigned to port Gi4 and Gi5
No ManualConfig
Network Adapts
Automatically To:
Advertizes Voice VLAN 100 and QoS
parameters via VSDP to switch 2
6
•
•
3
7
Recognize phone—
CDP/LLDP-MED
Instruct phone which
Voice VLAN and QoS
to use—LLDP-MED or
CDP
•
Fa1
Switch 2
10
8
Recognize phone—
CDP/LLDP-MED
•
Gi1
9
True Zero Touch Deployment | AUTO
VLAN 100 created on switch—
assigned to port Gi1 and Fa1
Switch Configures port Fa1
with optimal parameters for
IP Phone
•
Voice VLAN changes
QoS rule changes
in network
If Voice VLAN on switch 2
not set same as switch 1
If QoS on Switch 2 not set
same as switch 1
Even when different call
control devices
advertizing different
Voice VLANs connected
to the network
Working on Patent Application
Cisco Confidential
11
Sx500—5G Resilient Stacking
•
Low cost stackable switches
•
Gigabit and 10/100 versions
•
High power PoE (802.3at » 30W vs. 15W)
Cisco SF500-48P
SG500X—10G Resilient Stacking
•
SG500 features with 10G stacking/uplink
SFP+ ports (Gigabit only)
•
Supports stacking or connections
to server with 10G interfaces
•
SG500X adds:
Dynamic Layer 3 switching
10 Gig Interfaces for stacking or Device connectivity
VRRP—Virtual Router Redundancy Protocol (HSRP)
Cisco SG500X-48
Cisco Confidential
12
•
Single IP management
•
Troubleshoot, configure, and manage
entire stack as single entity
Spanning Tree, Port/VLAN mirror, LAGs,
ACLs, QoS, etc.
•
Stack-plane Dual Ring Architecture
High throughput
Sx500 » 10 Gbps
SG500X » 20 Gbps
Stacking Resiliency—switch can be
removed with minimal affect to rest of
the stack
Cisco Confidential
13
SG500X-24
36.5W
30.6W
16.2%
SG500X-24P
57.2W
53.3W
6.8%
SG500X-48
60.3W
45.8W
24.0%
SG500X-48P
74.4W
61.7W
17.1%
SG500-28
23.2W
15.8W
31.9%
SG500-28P
35W
27.3W
22.0%
SG500-52
47W
30.1W
36.0%
63.7W
50.7W
20.4%
SG500-52P
Table based on typical network scenario—all ports active with 10% traffic
Cisco Confidential
14
10G/5G SFP+ Modules
10G Ethernet Fiber Transceivers
SFP-10G-SR | 10G SFP+ transceiver
• 850-nm wavelength for multimode fiber
• For distances up to 300 meters
5G/10G Copper Transceivers
SFP-H10GB-CU1M
10G/5G SFP+ transceiver
• Twinax cable, passive, 30 AWG
cable assembly
• One meter
SFP-10G-LR | 10G SFP+ transceiver
• 1310-nm wavelength for single-mode fiber
• For distances up to 10 kilometers
SFP-H10GB-CU3M
cable assembly
• Three meters
SFP-10G-LRM | 10G SFP+ transceiver
• 1310-nm wavelength for single-mode and
multimode fiber
• For distances up to 300 meters
SFP-H10GB-CU5M
cable assembly
• Five meters
Cisco Confidential
15
Introduction to
SA500 – security appliance
Cisco Confidential
16
Security Appliances SA5xx
Security řešení All-in-one pro malé podniky
Kombinuje v jednom zařízení funkce:
- Brány firewall
- Zabezpečení e-mailu a webu
- IPS (Systém prevence průniku)
- Zabezpečený bezdrátový a vzdálený přístup
Cisco Confidential
17
Cisco SA 500 Series Security Appliances
Bezpečnost “vše v jednom“ pro segment Small Business
Firewall, emailová bezpečnost, ochrana před webovými hrozbami,
filtrování URL, VPN mezi lokalitami a IPsec a SSL VPN pro vzdálený
přístup, zabezpečení bezdrátového připojení 802.11n
Maximální ochrana Emailu & Webu při plné rychlosti
Emailová a webová bezpečnost řešena v cloudu nabízí maximální
ochranu bez ovlivnění rychlosti připojení tím, že zastaví hrozby ještě před
průnikem do podnikové sítě
Vylepšení profitabilita partnera
Roční předplatné nabízí opakovanou možnost přijmu, předkonfigurace s
Smart Defaults zjednodušuje instalaci, podpora Cisco Configuration
Cisco Confidential
18
• Podporuje data, hlas,
SECURITY DATA
video, wireless, řešení..
• Každý produkt používaný
v sadě Cisco Small
Business Pro lze
jednoduše integrovat s
ostatními produkty v sadě
do celkového řešení, které
se lépe aktualizuje,
přidávají nové funkce a
kapacita
SA 500
ESW 500
Internet
WIRELESS
• Jednoduchá konfigurace
celého řešení díky Cisco
Configuration Assistant
SA 500
ESW 500
Cisco Confidential
19
Licensed
Feature
IPS pro Cisco SA 500 Series
Inspekce paketů
Zkoumá pakety
a zastavuje nežádoucí
aktivity
Cisco® SA 500 Series
Internet
IPS
Identifikuje a blokuje útoky a průniky
Blokace Peer-to-peer
Zabraňuje datovým
únikům
 IPS: identifikuje možné průniky a automaticky je zastavuje, diky
čemuž omezuje budoucí rizika
 Blokace Peer-to-peer: blokuje instant messaging a další peer-topeer provoz
 Inspekce paketů: vykonává inspekci protokolů pro zastavení
nechtěných aktivit
Cisco Confidential
20
Licensed
Feature
Ochrana emailů díky Cisco ProtectLink Gateway
Internet
Cisco ProtectLink
Gateway Service
•
Ochrana emailů: Emaily poslány do váší společnosti jsou skanovány proti spamu, virům, malware, spyware a phishingovým útokům. Ochrana je založena na mnohonásobně oceňené technologii Trend Micro Interscan Hosted Messaging Security (IMHS) .
•
Unikátní cloudové řešení:
Nabízí mohutnou ochranu – více než 3 milióny antivirových a 400 tisíc anti-spyware vzorům, 8 rozdílných technik na identifikaci spamu, zahrnující metodu, která zkoumá jak IP adresu odesílatele tak obsah emailu.
Inspekční mechanismy nejsou nikdy zastaralé a vždy nabízejí ochranu před nejnovějšími hrozbami.
Hrozby jsou zastaveny ještě předtím než proniknou do podnikové sítě.
Propustnost je stejná i při zapnutých bezpečnostních službách.
Cisco Confidential
21
ProtectLink Gateway – Emailový portál
Cisco Confidential
22
Licensed
Feature
Ochrana webu díky Cisco ProtectLink Gateway
Malicious
Websites
http://dangerous-website.com
http://inappropriate-website.com
Internet
Cisco ProtectLink
Gateway Service
• Prevence webových hrozeb: Blokace URL typu reputation-based ochraňuje
uživatele před přístupem na nebezpečné webové stránky, které obsahují
malware, phishing, atd..
• Filtrování URL: Přes 80 kategorií webových stránek kontroluje surfování
zaměstnanců , pomáhá zvyšovat jejich produktivitu a snižuje právní ohrožení
Cisco Confidential
23
Licensed
Feature
Cisco ProtectLink Endpoint
Internet
Cisco ProtectLink
Endpoint Service
 Cisco ProtectLink Endpoint: Antivirus, POP email spamový filtr a ochrana před
webovými hrozbami pro Windows PC a servery
 Vynucení politiky (pravidel) na gatewayi: Není zapotřebí žádného
bezpečnostního serveru a není třeba cokoliv instalovat na jednotlivé počítače
 Roční předplatné licencí: Nabízejí možnost opakovaného zisku pro partnery
díky ročním obnovám. Může být přidáno kdykoliv za pomocí objednávky
licenčního klíče.
Cisco Confidential
24
ProtectLink Endpoint portál
Cisco Confidential
25
SA 520
SA 520W
SA 540
Firewall Performance
200 Mbps
200 Mbps
300 Mbps
Email/Web
Performance
200 Mbps
200 Mbps
300 Mbps
VPN Performance
65 Mbps
65 Mbps
85 Mbps
Connections
15,000
15,000
40,000
Ports
1 WAN, 1 Optional,
1 WAN, 1 Optional,
1 WAN, 1 Optional,
4 LAN
4 LAN
8 LAN
10/100/1000
10/100/1000
10/100/1000
Wireless (802.11b/g/n)
No
Yes
No
IPsec Site-Site
Yes
Yes
Yes
IPsec Remote Access
50 seats
50 seats
100 seats
SSL Remote Access
2 seats included,
License upgrade to 25
seats
2 seats included,
License upgrade to 25
seats
50 seats included
Kompletní specifikaci naleznete na:
http://www.cisco.com/go/sa500
Cisco Confidential
26
Introduction to
Cisco RV180 & RV180W
Cisco Confidential
27
• New 100 series VPN routers
The Cisco RV180/RV180W routers provide simple,
affordable, secure business-class connectivity and
remote access to small businesses
• Replaces RVS4000 and WRVS4400N
• Two versions: wired, wireless-N
Cisco Confidential
28
RV Series Routing Portfolio
Model Overview
Wireless
Wired
RV016
RV220W
High Availability Multi-WAN
IPSec & SSL VPN Router
(13) Ethernet LAN Ports
Dual Band Selectable Wireless N
(7) Ethernet WAN ports
(4) GE LAN + (1) GE WAN
RV082
High Availability Dual WAN
(8) Ethernet Ports
(2) Ethernet WAN ports
RV042
New
RV180W
Small Office, Higher Performance
Multi-Function Wireless-N
(4) GE LAN + (1) GE WAN
RV120W
Small Office All-in-One
High Availability Dual WAN
Wireless N
(4) Ethernet LAN Ports
(4) FE LAN + (1) FE WAN
(2) Ethernet WAN Ports
New
RV180
RV110W
Small Office, Higher Performance
Teleworker All-in-One
(4) Gigabit Ethernet LAN Ports
Wireless N
(1) Gigabit Ethernet WAN port
(4) FE LAN + (1) FE WAN
Cisco Confidential
29
• High Speed Connectivity
Gigabit Ethernet WAN
Four Gigabit Ethernet LAN ports
Support for VLAN and QoS
• Intuitive, browser-based configuration
• Virtual Private Network (VPN)
Remote access for Windows, Mac, and Mobile devices
10 gateway-gateway IPSec tunnels
10 Quick VPN tunnels using Cisco QuickVPN client
10 PPTP tunnels for remote client access
• Packaging Type: Brown box, no color retail packaging available
Cisco Confidential
30
* RV180W & RV180 will replace WRVS4400N & RVS4000 respectively
RVS4000 /
WRVS4400N
RV180 / RV180W
Concurrent Connections
10,000
12,000
NAT Throughput (mbps)
800
800
VPN Throughput (mbps)
2
50
# of IPSec VPN tunnels
5
10
# of PPTP VPN tunnels
0
10
# of IPSec site to site VPN
tunnels
5
10
Cisco Confidential
31
• RV180W supports multi-function wireless
• Repurpose as your network needs grow or change
• Partners can standardize on single HW platform and delivery
solutions based on customer needs
• Unit can we used in any of the following modes:
Wireless Router
Wireless Access Point with WDS
Point-Point Bridge mode with WDS
Point-Multipoint Bridge mode with WDS
Repeater mode with WDS
Cisco Confidential
32
RV220W
Physical interfaces
1 x GbE WAN
4 x GbE LAN
Wireless
802.11n
2.4GHz+5.GHz
(Selectable)
Housing
Metal Housing
Wireless Operating
Modes
RV180W
1 x GbE WAN
4 x GbE LAN
802.11n
2.4GHz
Metal Housing
RV120W
RV110W
1 x FE WAN
4 x FE LAN
1 x FE WAN
4 x FE LAN
802.11n
2.4GHz
802.11n
2.4GHz
Plastic Housing
Plastic Housing
Router
Router/AP/Repeater
/Bridge
Router
Router
WAN-to-LAN
throughput (NAT)
800 Mbps
800 Mbps
100 Mbps
80 Mbps
IPsec / SSL VPN
connections
25 / 5
10/0
10 / 0
5/0
IPsec VPN throughput
90 Mbps
50 Mbps
25 Mbps
5 Mbps
SSL VPN throughput
25 Mbps
—
—
—
Cisco ProtectLink
Web
—
—
—
$363
$246
$189
$114
Cloud based Web
Protection
List
RV180W is ideal for Small Business users that need basic wired and wireless connectivity,
flexible remote connectivity
Cisco Confidential
33
Cisco Confidential
34
Cisco Confidential
35
Wireless Access Point
Cisco Confidential
36
New 100 & 300 Series Wireless Access Points
The all new Cisco WAP121 & WAP321 Wireless
Access Points provide simple, affordable, secure
business-class wireless connectivity for small
businesses.
• WAP121 Replaces WAP200, WAP2000, & WET200
• WAP321 is the recommended alternative to the WAP4410N
Cisco Confidential
37
WAP121
WAP321
Cisco Confidential
38
Cisco Confidential
39
 Cisco FindIT Network Discovery
AP Device Manager
Browser Toolbar
 Standalone configuration using
the embedded web GUI device
Manager
 Embedded setup wizard
 OnPlus for Partners
 Online device emulators
availablility TBD
Cisco FindIT
Cisco Confidential
40
Internet
WAP321
Business SSID & VLAN
Autheticated Guest
Guest SSID & VLAN
Guest accessing WiFi
Network
Configurable Landing
Page
Cisco Confidential
41
Thank you.

Cisco ProtectLink Endpoint

Transkript

Podobné dokumenty

Cisco SPA500S Expansion Module

Cisco ESW 500 Series Switch Warranty

CISCO Networking Academy a vzdělávání v oblasti

BUILDING A SMART, SIMPLE, AND SECURE NETWORK

Cisco Unified SIP Phone 3905

ITaaS a technologické trendy

Linksys EA6500 I Dual-Band AC Router with Gigabit and

allnettools

Cisco 2500 Series Wireless Controller Data Sheet

cisco 1841 router - ESC Electronic Service Center

802.11ad

Cisco 880 Series Integrated Services Routers