I started at a new company and they have ISRs at their 50+ branch offices running basic zone based firewall but they don't have any web filtering in place. There is a mix of 2900 and 4300 series routers.
I'm trying to cut though the Cisco jargon and determine what the best approach is for basic web filtering. I want to be able to to filter out known malicious sites and bad actors.
So far I have found a few options...
- "Cisco Snort IPS for 4000 Series ISR" and "Cisco IOS-based IPS for G2"
- 4k: https://www.cisco.com/c/en/us/products/collateral/security/router-security/datasheet-c78-736114.html
- 2k: https://www.cisco.com/c/en/us/products/collateral/security/ios-intrusion-prevention-system-ips/product_data_sheet0900aecd803137cf.html
- These seem like they would do the job but I'm not sure how I feel about managing two different security configurations depending on if it's a 2000 series router or a 4000 series router.
- Cisco Umbrella aka Open DNS
- https://docs.umbrella.com/hardware-integrations/docs/cisco-integrated-services-router-g2-isr-solution-guide-for-umbrella
- Basically we would just force DNS to Open DNS and filter based on that. This is far from perfect but would still be an improvement over nothing.
- Cisco Firepower Threat Defense for ISR
- https://www.cisco.com/c/en/us/products/collateral/security/router-security/datasheet-c78-735410.html
- This would require installing UCS blades in all of our ISRs and running FTD virtually. It just sounds expensive and a pain in the ass. We do already have an Firepower Management Center VM running to support our data center firewall so centralized management may be a plus.
I know I have a lot of research a head of me but any advice on what pathway I should concentrate on would be greatly appreciated.
No comments:
Post a Comment