radware_9300_qsg.pdf - Radware DefensePro Service Chain for ASA Quick Start Guide First Published Last Updated 1 About Radware DefensePro Service

radware_9300_qsg.pdf - Radware DefensePro Service Chain for...

This preview shows page 1 - 3 out of 8 pages.

Cisco Systems, Inc. 1 Radware DefensePro Service Chain for ASA Quick Start Guide First Published: January 27, 2016 Last Updated: June 14, 2018 1. About Radware DefensePro Service Chaining for ASA The Cisco FXOS chassis can support multiple services (for example, an ASA firewall, and a third-party DDoS application) on a single blade. These applications can be linked together to form a Service Chain. In Firepower eXtensible Operating System (FXOS) 1.1.4 and later on the Firepower 4120, 4140, 4150, and 9300 security appliances, the third-party Radware DefensePro virtual platform can be installed to run in front of the ASA firewall. Radware DefensePro is a KVM-based virtual platform that provides distributed denial-of-service (DDoS) detection and mitigation capabilities on the FXOS chassis. When Service Chaining is enabled on your FXOS chassis, ingress traffic from the network must first pass through the DefensePro virtual platform before reaching the ASA firewall. You can deploy Radware DefensePro with the ASA in the following modes: Standalone Intra-chassis cluster Active/Standby failover Note: Service Chaining is not supported in an inter-chassis cluster or Active/Active failover configuration. However, the Radware DefensePro (vDP) application can be deployed in a standalone configuration in an inter-chassis cluster scenario. The DefensePro application can run as separate instances on up to three security modules. Note: The Radware DefensePro virtual platform may be referred to as Radware vDP (virtual DefensePro), or simply vDP. The Radware DefensePro application may occasionally be referred to as a Link Decorator for the ASA firewall. Licensing Requirements for the Radware DefensePro Service Chain Licensing for the Radware Virtual DefensePro application on the Firepower 4100 and 9300 series devices is handled through the Radware APSolute Vision Manager. Go to the Cisco Commerce Workspace (CCW) to order a throughput license for your device. After submitting this request, you will receive a login and link to the Radware Portal, where you can then request a license. For more information and documentation on Radware’s APSolute Vision Manager and throughput licensing requirements, see the documentation on Radware’s site ( htttps://portals.radware.com/Customer/Home/Downloads/Management-Monitoring/?Product=APSolute-Vision ). Note that you must be registered with Radware to access this portal.
Image of page 1
Radware DefensePro Service Chain for ASA Quick Start Guide 2. Deploy and Configure Radware vDP in a Service Chain 2 Timezone Sync Requirements Prior to deploying Radware vDP on your Firepower security appliance, you must ensure that your Chassis Manager is set to use an NTP Server, with the etc/UTC Time Zone. Procedure 1. In the Firepower Chassis Manager, choose Platform Settings to open the NTP area in the Platform Settings page.
Image of page 2
Image of page 3

You've reached the end of your free preview.

Want to read all 8 pages?

  • Spring '17
  • IP address, Radware DefensePro Service Chain

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture