Activation - NGFW - Multicloud Defense – Cisco Activation as a Service

Onboarding Implement Use Engage Adopt

Onboarding

Steps:

Step 1: Confirm you have access to the Cisco Defense Orchestrator (CDO) portal and Multicloud Defense (MCD) dashboard
- Task 1: Navigate to CDO and launch MCD from the dashboard
- Log in Here for AMER
- Log in here for EU
- Log in Here for APJC
- Check CDO status
- Request CDO Tenant
Step 2: Learn about Multicloud Defense design considerations
- Task 2: Familiarize yourself with the implementation phases: Discovery, Deploy and Defend
- Get Started
- Link
- Register

Implement

Steps

Step 1: Learn about the Multicloud Defense architecture and solution components
- Task 1: Understand Multicloud Defense Controller and gateway functions, as well as the strategies for egress, ingress, and segmentation security
- Link
- Link
Step 2: Prepare to integrate one or more cloud service provider (CSP) accounts such as AWS, Azure, GCP, or OCI
- Task 2: Verify the prerequisites on one of the below cloud accounts
- AWS Account
- Azure Account
- GCP Account
- OCI Account
Step 3: Activate the monitoring of DNS and flow logs to ensure traffic visibility across one or several CSP accounts
- Task 3: Enable VPC and NSG flow logs, as well as DNS logs (where available), using either the "easy setup" option or the manually, and verify their visibility on the MCD dashboard
- Link
Step 4: Learn how to deploy a gateway to secure your connected account
- Task 4: Learn about appropriate security gateway distribution model—centralized or distributed—to safeguard your CSP account
- Secure with Centralized Model
- Secure with Distributed Model
Step 5: Secure your account by deploying gateway
- Task 5: Add a service (VPC, VNet, and/or VCN), deploy ingress, east-west, and/or egress gateways, create a test, and make a link or connection
- Create a Service, VPC, or VNet
- Add Gateway
- Secure Spoke VPC/VNet
Step 6: Create security policy components for the segmentation policy
- Task 6: Create the required service objects
- Reverse Proxy Service Object
- Forward Proxy Service Object
- Forwarding Service Object
- Task 7: Create the required address objects for the policies
- Link
- Task 8: Generate the necessary certificates and keys, please note this step is only applicable in scenarios involving a proxy, such as reverse proxy and forward proxy configurations
- Link
Step 7: Add a new rule set rule to the default ingress or egress policy to allow and log the required traffic
- Task 9: Establish a new rule set for the default ingress or egress policy rule set to allow and log the traffic
- Link
- Edit Rules

Use

Steps: 3 Steps / 13Tasks

Step 1: amiliarize with basic reports
- Task 1: Analyze and learn about the information available in following reports: Traffic Summary, Discovery Summary, and Discovery Inventory
- Link
- Link
Step 2: Validate and test policy by generating traffic
- Task 2: Test policy by verifying generated traffic by looking at the traffic summary report and logs
- Link
Step 3: Learn, plan, and implement your security settings and profiles for the required policy
- Task 3: Plan which security profiles are going to be used for the ingress, egress, or segmentation policy
- Link
- Task 4: Plan the security settings and profiles for the ingress gateway, including WAF, IDS/IPS, Geo-IP filtering, malicious IP blocking, and antivirus protocols
- Link
- Create the Malicious IP Profile
- Task 5: Develop and establish security measures for the egress gateway
- FQDN Filtering
- URL Filtering
- Network Threats
- Task 6: Plan the security settings and profiles for the segmentation gateway policies, including cloud-native identity, IPS/IDS, and antivirus
- Link
Step 4: Verify the security settings for the implemented policy and test the profiles
- Task 7: Confirm the functionality of the applied security profiles by reviewing the traffic summary report and logs, and executing any additional required tests to ensure they are operating correctly
- Link
Step 5: Leverage Multicloud Defense for security analysis
- Task 8: Examine the following reports to detect any potential suspicious or malicious activities within your CSP
- User Guide

Engage

Steps

Step 1: Learn and utilize cloud visibility reports to obtain valuable statistical information about the network
- Task 1: Generate a discovery report
- Link
- Task 2: Create a threat indicator snapshot report
- Link
Step 2: Learn about the available alerting integrations with third parties
- Task 3: Set up the desired alerting service
- Link
- Task 4: Configure specific alerting services
- Link
Step 3: Configure additional settings
- Task 5: Create a log forwarding profile compatible with any of the supported Security Information Event Management (SIEM) systems
- Link
Step 4: Establish various administrative roles within Multicloud Defense
- Task 6: Assign user roles in Cisco Defense Orchestrator (CDO)
- Link

Adopt

Steps

Step 1: Learn about new features and functionalities available in newer releases
- Task 1: Check the release notes page to check the latest updates
- Review release notes
Step 2: Learn about automation capabilities and their use within your deployment
- Task 2: Check documentation on how automation functions, including understanding terraform and its use within MCD deployments
- User Guide

Reference Guided Resources

Related articles