DocsYouTube ChannelDevNetCisco Defense Orchestrator DocsFirewall How To Community
Guides

Software Defined Wide Area Network (SD-WAN) - Overview

Cisco Internal Use Only for Secure Firewall Roadshow Ignite Event

Suggest Edits

Introduction

As organizations expand their operations across multiple branch locations, ensuring secure and streamlined connectivity becomes paramount. Deploying a secure branch network infrastructure involves complex configuration and management processes. However, organizations can overcome these challenges by leveraging a secure firewall solution for simplified and secure branch deployment.

In this lab, we explore the concept of simplifying secure branch deployment using a robust firewall solution. By integrating a secure firewall as a foundational component of the branch network architecture, organizations can establish a strong security baseline while simplifying the deployment process. This approach enables organizations to enforce unified security policies, optimize traffic routing, and ensure resilient connectivity.

Overview of SD-WAN Capabilities

Some of the core SD-WAN capabilities supported on the Cisco Secure Firewall are:

Secure Elastic Connectivity

  1. Route-based (VTI) VPN tunnels between headquarters (hub) and branches (spokes)
  2. IPv4 and IPv6 BGP, IPv4 and IPv6 OSPFv2/v3, and IPv4 EIGRP over VTI
  3. DVTI support for spokes with static or dynamic IP

High availability with near zero network downtime:

  1. Dual ISP configuration
  2. Optimal path selection based on application based interface monitoring

Increased usable bandwidth

  1. ECMP support for load balancing across multiple ISPs and VTIs
  2. Application based load balancing using PBR

Direct Internet Access for public cloud and guest users

  1. Policy based routing using applications as a match criteria
  2. Local tunnel ID support for Umbrella

Simplified Management

  1. SASE: Umbrella auto tunnel deployment
  2. DVTI hub spoke topology simplification

Learning Objectives

Upon completion of this lab, you will be able to:

  • For Simplified Branch to Hub lab:
    • Configure site to site (S2S) VPN from the cdFMC.
    • Understand EIGRP routing between two internal networks shared over a VPN tunnel.
  • For Policy Based Routing for Direct Internet Access lab:
    • Configure Direct Internet Access (DIA) with Policy Based Routing on Cisco Secure Firewall for various applications.
    • Verify that application traffic is routed to the desired path based on configured application aware routing rules.
    • Validate path monitoring feature to ensure the traffic is sent via optimum path using real time metrics of monitored interface

📘

Lab Tasks

This guide consists of the two labs below. If you are familiar with the Secure Firewall you may do these on your own, or for step-by-step instructions see below.

Lab 1

Simplified Branch to Hub tunnel using Virtual Tunnel Interface (VTI)

Lab 2

Configure Policy Based Routing for Direct Internet Access

Conclusion

This concludes the Software Defined Wide Area Network (SD-WAN) lab on Cisco Secure Firewall.

Updated 9 months ago

What’s Next
© 2024 Cisco Systems, Inc.
Title of the document The current suggested release is 7.4.2 Check out our new 7.6 Release Overview video.