Market place: State organization
Project: Ensuring secure remote access
Task description: The customer has deployed new services access to which should be allowed only to certain users. The number of simultaneous connections can reach 10,000. It is necessary to have secure access to services and secure communication between site-to-site and remote users as well as different devices.
Realization: The internet perimeter solution is built based on FirePower 4100 (Firepower Threat Defense) and provides the
total network visibility at the boundary of the network, detects attacks at the early stages and provides high bandwidth for the VPN, both for Remote Access and Site-to-Site connection.
Firepower Management Center (FMC) provides a complete and unified firewall management, which includes application traffic management, intrusion prevention, URL filtering, and advanced malware protection.
Network management user access to the network (dot1x, MAB) was installed and configured Based on Cisco ISE. It includes dynamic destination access rules assigning using the AD groups membership.
The centralized access control to network devices has been implemented, which allows authentication, authorization, and accounting of all executed commands from a single console.
Seamless integration with other Cisco network security products based on pxGrid and AMP Unity has been provided.
Result. After deploying this solution, the customer has been able to provide secure remote access for numerous users. Firepower’s mechanisms and policy rules help minimize the risk for servers in the local area network. FMC monitoring capabilities have provided the customer with the full information about who, where from, when, and how accesses the services.