Professional Documents
Culture Documents
FY22 - Q4 - Heroes Secure SD - WAN
FY22 - Q4 - Heroes Secure SD - WAN
Secure SD-WAN
relevant to you
SD-WAN Appliance
NGFW Appliance
LTE WAN backup
LAN
LAN
Wi-Fi AP
Director
CAPABILITIES
Interne
MPLS
t
Analytics
Scale to 1000’s of branches.
WAN, LAN & Security Analytics
Scale to millions of remote users.
Analytics
Director
Analytics
Director
Controller
Hub Controller
Headend
Analytics
Director
Analytics
Director
Controller
Controller
Headend
Active-Standby Director
Analytics
Cassandra Cluster
Analytics
Director
Controller
Control Plane
Hi, I’m Branch1. I’m a HUB.
▪ Signaling between branches I have IP X on interface MPLS
My encryption method is Y
▪ Topology creation I have subnets 10.0.0.0/24 and
192.168.0.0/24
▪ Key exchange between branches
▪ Must be protected fil
e
Branch1 Branch3
Management Plane
▪ Centralized configuration of devices Ok. Message accepted.
I’m a Spoke, so I need to establish
▪ Provides visibility into what’s happening with your SDWAN Branch2 connection to the HUB.
I will use encryption Y and establish a
data-plane tunnel to the IP X on MPLS
▪ Examples: telnet, GUI, ssh, REST API, etc. network.
Also, I will add subnets 10.0.0.0/24 and
192.168.0.0/24 to my routing table with
the next-hop Branch1.
Versa Multi-Tenancy
Master Tenant
▪ Each tenant will see both devices and their ▪ Each tenant will only be able
CPU/memory/HDD utilization to configure its own policies
but will not be able to see
▪ Each tenant will only see traffic that belongs to his configuration/statistics of
ports and networks other tenants on the same
INTERNET devices
Tellers network
ATM network
Versa SDWAN overview VRFs
Computer A Computer C
IP: 10.2.1.3/24 IP: 172.16.10.5/24
Router
Virtual routing table 1: Virtual routing table 2:
- 10.2.1.0/24 - 172.16.10.0/24
- 192.168.1.0/24 - 192.168.1.0/24
Computer B Computer D
IP: 192.168.1.2/24 IP: 192.168.1.2/24
Versa SDWAN overview Data plane multitenancy
▪ Each tenant will have its own independently encrypted ipsec tunnels between SDWAN
devices. If any of the ipsec tunnels gets compromised other tenants are not affected
▪ Each tenant will only see traffic that belongs to his ports and networks
▪ Each tenant will only see his own ports and not the ports of other tenants on the device
▪ Each tenant can configure only its own routing protocols, firewall rules and SDWAN policies
ATM
network
Versa SDWAN overview Control Plane multitenancy
Controller
SDWAN SDWAN
Engine 1 Engine 1 DC SDWAN device
Branch SDWAN device encrypted data tunnel 2
ATM
network
Versa SDWAN overview How can it be used
VRF A VRF B
VRF B
VRF B
VRF A Branch-2
Branch-1 Branch-3
Underlay Cloud
Branch-6
Branch-4
VRF A
Branch-5
VRF A
VRF B VRF A
Versa SDWAN overview Summary
➢ Versa hosted
• Dedicated
• Shared
➢ Customer hosted
• On premises in your own DC
• Co-location
• Cloud deployments
- AWS
- MS Azure
- GCP
- Alibaba
- Oracle
Versa SDWAN overview What if the license expire?
HQ
DC
HQ HO/Private DC
Branch Branch
Cloud Leisure
SaaS
PRIVATE DC
VERSA CLOUD
GATEWAYS(VCG)
SDWAN (VCG)
FABRIC
(VCG)
VSA VSA
VSA
Isolate applications to specific gateways User Authentication with preferred identity mgt system
Segment critical applications/gateways from users Per user policy controls access to each application
who don’t need to access
Network Services
Versa Cloud • User/User Group based Policy
Gateway
Routing & Posture App FW & • Integration with Enterprise Authentication
CGNAT Check DOS
Network SAML/AD
• Application Firewall
ZTNA
Obfuscation
• Network Obfuscation and Hiding
Auth
End-User Devices
with Corporate
Certificates
Mobile devices,
laptops, desktops, Internet, MPLS,
Internet
SD-WAN routers Direct Connect Corporate HQ
IPSec Backhaul or Data Center
Secure Tunnel Secure Tunnel Versa SWG Gateway
Enterprise Router/
SD-WAN Gateway
DATA LEAK PREVENTION (DLP)
Data Security Data Format Compliance Data Leak
Prevention
• Detect mis-configuration • Protocol Supports: HTTP, • Recognize 100s of • Context, ID, Content
• Encryption and SMTP, FTP Etc Identifiable Info based policy
Tokenization • Document Format • Compliancy and • Redaction & Encryption
• BYOD Policy Support: XLS, DOC, PDF Certification • Watermarking
• Support for OCR and etc Requirement • Quarantine
document formats • Proxy: SSL/TLS, Email • Scanning and Auto- • 3rd Party Integration
Proxy etc Remediation