Professional Documents
Culture Documents
Meraki - MX SD-WAN SASE
Meraki - MX SD-WAN SASE
Meraki MX - SASE
Welcome to the world’s most trusted secure
SD-WAN fabric.
Empowered with Secure Access Service Edge (SASE) converge networking and
security to deliver seamless, secure access—anywhere people work.
Meraki MX SD-WAN
Umbrella SIG - SASE
1 The LAB
1.1 Solution: Meraki MX
Deliver best-in-class network security and experiences for any workload, from anywhere.
- Network complexity is at odds with business agility and IT teams need more dynamic
solutions to get fast, flexible connectivity
- Without centralized control over policy, access, and identity, security teams can’t deliver
trusted, secure experiences at scale
- Unified SASE solutions provide rich visibility, proactive insight, and comprehensive control
for seamless IT management
Page |1
Meraki MX SD-WAN
Umbrella SIG - SASE
Join us in this lab where we will empower your branch with security.
Furthermore, we will make sure your team can connect securely at home, in the office, anywhere.
Page |2
Meraki MX SD-WAN
Umbrella SIG - SASE
Contents
1 The LAB ........................................................................................................................................................................................................................ 1
1.1 Solution: Meraki MX............................................................................................................................................................................................ 1
1.2 Solution: SASE ......................................................................................................................................................................................................... 1
1.3 LAB: Meraki MX + SASE................................................................................................................................................................................... 2
2 Your playground .................................................................................................................................................................................................. 5
2.1 Webex - Your playground: Webex App ............................................................................................................................................. 5
EX -- Log in on Webex ....................................................................................................................... 5
2.2 Meraki - Your playground: Meraki Dashboard............................................................................................................................. 6
EX -- Log in on Meraki Dashboard .................................................................................................... 6
2.3 PC - Your playground: Take control over your test PC .......................................................................................................... 8
EX -- Log in on your test pc ............................................................................................................... 8
2.4 Umbrella - Your playground: Umbrella Dashboard ................................................................................................................ 9
EX -- Log in on Umbrella Dashboard................................................................................................. 9
3 Prep your lab ........................................................................................................................................................................................................ 10
3.1 WAN Setup: Route traffic through WAN Emulator ............................................................................................................... 10
EX – Enable your WAN emulator .................................................................................................... 10
3.2 WLAN Setup........................................................................................................................................................................................................... 12
EX – Update WLAN : Bridging ......................................................................................................... 12
4 MX SD-WAN .......................................................................................................................................................................................................... 14
4.1 Establish VPN ....................................................................................................................................................................................................... 14
EX – Establish VPN .......................................................................................................................... 14
4.2 Dynamic WAN fail-over .................................................................................................................................................................................17
EX – Establish WAN Failover ........................................................................................................... 17
EX – Voice & Video SLA ................................................................................................................... 18
4.3 SD-WAN Traffic control & shaping ......................................................................................................................................................22
EX – HQ traffic: Low priority file downloads .................................................................................. 22
EX – SaaS traffic: Low priority file downloads ............................................................................... 24
4.4 Insight ....................................................................................................................................................................................................................... 26
4.5 Web App Health ................................................................................................................................................................................................27
EX – Investigate Web applications ................................................................................................. 27
4.6 WAN Health.......................................................................................................................................................................................................... 28
EX – Investigate Your WAN connections ........................................................................................ 28
5 MX Security ........................................................................................................................................................................................................... 29
EX – Configure Split Tunnel VPN .................................................................................................... 29
5.1 (Layer 7) Firewall rules .................................................................................................................................................................................. 30
EX – Define layer 7 firewall rules .................................................................................................... 30
5.2 Content Filtering ................................................................................................................................................................................................ 31
Page |3
Meraki MX SD-WAN
Umbrella SIG - SASE
Page |4
Meraki MX SD-WAN
Umbrella SIG - SASE
2 Your playground
We have prepared 2 dashboards for you. One to control your on-prem network, the other to
control your cloud security policies.
The first one, Cisco Meraki dashboard is a powerful cloud dashboard to monitor and manage
your network devices.
The security dashboard for today is Umbrella Dashboard. We will use this dashboard
throughout the course to regulate and secure web and cloud applications for our users.
Create a live connection to your trainer so you can rely on real-time support.
Therefore, the first step is to create an account (if you don’t have any yet) and participate
during the training.
EX -- Log in on Webex
• Go to https://web.webex.com
• Login (or create an account) – Using the web version or the app version.
• Communicate your login email to the trainer (so you can be added to the team)
Page |5
Meraki MX SD-WAN
Umbrella SIG - SASE
This dashboard is built for Managed Services providers and can support
most of the core services needed by MSPs.
For this training we will only use the dashboard to configure our network
components.
IMPORTANT: Make sure you clicked on YES. If not, go back to the email and click again on the URL.
Page |6
Meraki MX SD-WAN
Umbrella SIG - SASE
You have read rights in multiple networks in this lab but only 1 belongs to you.
Click on the dropdown arrow on the left to locate your network.
You can only save changes in your own network! All the
others are read-only.
Locate the topology overview in the ‘Network-wide’ settings. Make sure all 3 devices
are online.
Can you log in into the dashboard? Click on your button to confirm.
POD1 POD2 POD3 POD4 POD5 POD6 POD7 POD8 POD9 POD10
Page |7
Meraki MX SD-WAN
Umbrella SIG - SASE
Login
Are you on the test pc? – Can you read you station number on the desktop?
POD1 POD2 POD3 POD4 POD5 POD6 POD7 POD8 POD9 POD10
Page |8
Meraki MX SD-WAN
Umbrella SIG - SASE
The second part of the lab is all about secure DNS and WEB policies.
These actions will be performed on the Umbrella dashboard.
Go to https://dashboard.umbrella.com
• Username: comstor.labs@gmail.com
• Password: <ASK TRAINER>
Page |9
Meraki MX SD-WAN
Umbrella SIG - SASE
By routing traffic through a WAN emulator, we can control aspects like delay, jitter, packet loss,
and more.
Route traffic over the emulator by changing the Default GW of your WAN1.
P a g e | 10
Meraki MX SD-WAN
Umbrella SIG - SASE
WAN 1 FAILED?
It can happen that the emulator malfunctions. When this happens: Don’t panic, this has
no influence over the course of the lab. Only a few tests cannot be performed.
P a g e | 11
Meraki MX SD-WAN
Umbrella SIG - SASE
Your test client needs to receive an IP address of your internal switches network. Therefore, set
your wireless to bridging.
Update IP assignment.
Wireless > Access Control
Under Block IPs and ports > Outbound rules: Set Allow for Local Lan
Save changes
P a g e | 12
Meraki MX SD-WAN
Umbrella SIG - SASE
P a g e | 13
Meraki MX SD-WAN
Umbrella SIG - SASE
4 MX SD-WAN
SD-WAN?
SD-WAN lets you control how traffic is directed and prioritized across multiple uplinks, and
enables your network to immediately and intelligently adapt to changing performance
conditions — ensuring latency-sensitive traffic like VoIP or point-of-sale services have the
throughput and optimization they need.
In this section we will learn to build a ‘traditional’ full tunnel VPN from our branch to the HQ.
FULL TUNNEL?
Traditionally this was the way to go when building site-to-site VPN connections.
A full tunnel allows you to send all traffic to 1 location where all your security power sits, the HQ.
After filtering and inspecting the traffic, the door to the WWW would open.
A full tunnel is not always needed in an SD-WAN design and we gradually learn to shift from a
full tunnel to a full SD-WAN design, where we will apply the needed security on the branch
and/or in the cloud.
This section proofs how easy it is to scale your network with a new branch MX.
• Setup VPN using AutoVPN as SPOKE to HQ in a Full tunnel
• Let your local LAN participate in the VPN
P a g e | 14
Meraki MX SD-WAN
Umbrella SIG - SASE
Type: Spoke
• This defines your branch site on a point of a star topology
Hub: HQ
• This defines your HQ as the center of our star topology
• All internal data of other sites will be sent through HQ
IPv4 default route: Enable
• You will route all traffic through HQ (also web traffic)
VPN Settings > Local Networks: Enabled
• The local subnet will participate in the VPN
On this page you can also build a VPN connection to non-Meraki products. This is only
recommended when just VPN are required. VPN peers in this section do not participate in
the SD-WAN optimisation and control.
P a g e | 15
Meraki MX SD-WAN
Umbrella SIG - SASE
Test VPN
Log in with your test client and try to reach the HQ site.
Test this out by accessing a web server on the HQ site.
P a g e | 16
Meraki MX SD-WAN
Umbrella SIG - SASE
Constant measurements are being performed over these connections and we will create SLAs
per application that we detect over the WAN.
The 4G Failover is our 3th connection, that activates only when the primary 2 connections fail.
Set DSL as your primary WAN for general traffic & build VPNs over all your WAN
connections.
Security & SD-WAN > SD-WAN & traffic shaping | Uplink selection
Make sure that:
• Primary uplink: WAN 1
Use DSL as default for all general traffic over our WAN
• Load balancing: Disabled
We only use the expensive 2nd connection when SLA is not met.
Note: you can load balance traffic if this is needed.
• Active-Active AutoVPN: Enabled
In a normal MPLS network, VPN is not required. We keep it active today.
Note: even when WAN1 and WAN2 fail we can opt for a cellular backup. Changing the
outbound rules that will apply when this happens can be found under ‘Firewall’. For now, all
backup traffic is allowed over 4G.
P a g e | 17
Meraki MX SD-WAN
Umbrella SIG - SASE
Luckily, our MX is constantly monitoring the state and performance of all the WAN
connections.
Security & SD-WAN > SD-WAN & traffic shaping | SD-WAN policies
Create a Custom performance classes:
• Name: Voice Video
• Max Latency: 300 ms
• Max Jitter: 30 ms
• Mas loss: 1%
Save
Security & SD-WAN > SD-WAN & traffic shaping | VPN traffic
Add a preference:
• Traffic filter: All Voice & Video
• Traffic filter: Custom expression: ICMP
We will use ping for our test
• Preferred uplink: WAN 1
• Fail over if: Poor performance
• Performance clas: Voice Video
This is our created performance class.
P a g e | 18
Meraki MX SD-WAN
Umbrella SIG - SASE
WAN
Emulator Test your Voice SLA rule.
P a g e | 19
Meraki MX SD-WAN
Umbrella SIG - SASE
We face an acceptable delay for voice and video. This means that WAN 1 will be
chosen.
WAN
Emulator Increase delay on WAN 1 with 300 ms
Go back to your test PC and increase delay on eth0 & eth2 with 300 ms.
We will notice:
- A short increase in delay (instant)
- Delay is restored to acceptable values (after a few seconds)
P a g e | 20
Meraki MX SD-WAN
Umbrella SIG - SASE
WAN
Stop WANemulation and notice that traffic is restored to WAN 1
Emulator
Check the uplink decisions on the dashboard to confirm that ICMP & Voice traffic
over WAN 1 has restored.
P a g e | 21
Meraki MX SD-WAN
Umbrella SIG - SASE
Security & SD-WAN > SD-WAN & traffic shaping | Traffic shaping rules
Create a new rule:
• Custom expressions: 10.50.0.100
Click add expression
• Bandwidth limit: 100 Kbps
We keep it low for testing purposes. In production you want to increase
this value.
• Priority: Low
Define bandwidth priority
• DSCP Tag: 0
Define WAN Priority: MX, will maintain the DSCP tags in the tunnel and
also copy to the IPSec header which can be read, for example, by the ISP
Priority:
Specifying a traffic shaping rule as High, Normal, Low guarantees a certain fraction of the
uplink to each priority level. The ratios are as follows:
o High 4/7
o Normal 2/7
o Low 1/7
P a g e | 22
Meraki MX SD-WAN
Umbrella SIG - SASE
Notice:
- Around 12,7 KB/Sec = 100 Kbps
P a g e | 23
Meraki MX SD-WAN
Umbrella SIG - SASE
Security & SD-WAN > SD-WAN & traffic shaping | Traffic shaping rules
Create new rules for:
• Allow 2Mbps to the host ‘speedof.me’ & port 443
• For Netflix & YouTube, shape traffic to 1024 K down, 512 K up. Ensure this kind of traffic is
also handled as low priority
• For all voice and video conferencing, remove all bandwidth restrictions and ensure they
are high priority
• Limit all software and AV updates to 100 kbps with priority ‘Low’
P a g e | 24
Meraki MX SD-WAN
Umbrella SIG - SASE
P a g e | 25
Meraki MX SD-WAN
Umbrella SIG - SASE
4.4 Insight
You beloved collaboration tool doesn’t work as expected?
Applications that use resources on the internet ‘SaaS’, leverage the local network AND the
public internet-network. When such an application works slow or has connection problems,
we have absolutely no idea where to start troubleshooting. With Insight you have a break-
down of all the elements in between and a report on each, allowing you to pinpoint where the
problem might lay.
P a g e | 26
Meraki MX SD-WAN
Umbrella SIG - SASE
Scroll to the bottom and click on ‘Configure Web Applications’ to discover the apps that can be
monitored. Close window afterwards and scroll back up.
Select a SaaS applications that has already been used in your network.
In one overview you can detect where web applications are underperforming and where the
issue might be ( LAN | WAN | SaaS SERVER )
If enough software download has been generated, you should see your network in the list.
If not, select another network from the list.
Click on the one of the icons to start investigating the network performance of every section.
WAN & LAN: get an idea of the application performance over these networks.
Application: displays information about the Application-Layer performance that has been
gathered from traffic flows matching the selected Web Application. Can you identify the average
response time of the application?
P a g e | 27
Meraki MX SD-WAN
Umbrella SIG - SASE
Clients: displays information about each client that has used the specified Web Application
during the selected time period. The information includes the average Performance Score for a
given client and the current application, the number of requests the client has made, and the
average HTTP Response Time.
Servers: displays information about the remote Web Servers that have been utilized by the
Tracked Web Application during the chosen time period. This can be useful to help identify if
there is a specific Web Server that could be contributing to application issues.
Domains: displays information about different Web Domains that have been contacted by the
selected Web Application. Similar to the Servers tab, this can be useful to determine if there is a
specific domain that could be contributing to application performance issues.
P a g e | 28
Meraki MX SD-WAN
Umbrella SIG - SASE
5 MX Security
It makes sense to enable security on our MX. One of the benefits would be to build a direct
internet breakout, instead of tunnelling all traffic over HQ.
P a g e | 29
Meraki MX SD-WAN
Umbrella SIG - SASE
P a g e | 30
Meraki MX SD-WAN
Umbrella SIG - SASE
Block Shopping and Gambling websites. Click on the full category list link to understand the
other categories
Above this setting, make sure to set URL category list size to Full list
Your employees are required to follow the live technology update sessions to be up-to-date
with what they well and work with. But please prevent them from entering all other sub
domains like the recordings on demand sites to stimulate the employees to attend the life
sessions.
Curious if your adjustments have an impact on the clients in your network? Test it out! Note
that you will have a different block behaviour between HTTP and HTTPS. With HTTP we can
feed a block page in the conversation, HTTPS does not allow us to get in the tunnel. In this case
we will force a timeout.
P a g e | 31
Meraki MX SD-WAN
Umbrella SIG - SASE
o Open ‘Youtube’ and notice that safe search is on. This cannot be reactivated.
The same is active for Google.
P a g e | 32
Meraki MX SD-WAN
Umbrella SIG - SASE
Set the Intrusion detection and prevention to Prevention with a Security ruleset.
Wait until the configuration is synched to the MX before running your tests.
P a g e | 33
Meraki MX SD-WAN
Umbrella SIG - SASE
Open Firefox and paste this link in the address bar, and click on the EICAR test.
https://www.wicar.org/test-malware.html
It is likely that FireFox also detects malware and refuses a connections. This is obviously a good
thing. To ignore FireFox to test Umbrella, click on Ignore the risk
P a g e | 34
Meraki MX SD-WAN
Umbrella SIG - SASE
If this file is blocked your malware engine works. Check security center
Security & SD-WAN > Security Center
P a g e | 35
Meraki MX SD-WAN
Umbrella SIG - SASE
Navigate to ‘Security Center’ and find out where the attacks came from.
Notice that from here you can block the IP or the complete region.
Switch to ‘Event View’ investigate the Malware events and locate the Rule ID of an EXPLOID-
KIT (if present) or FILE-OTHER (if present).
If present, Identify the SNORT Summary of the EXPLOID-KIT/FILE-OTHER via ‘Rule details’ and
inspect this packet.
If not present, investigate a blocked file and investigate this on Virus Total
P a g e | 36
Meraki MX SD-WAN
Umbrella SIG - SASE
FYI
Below is a test by us from newly created malware; Download on our TEST PC. This will not be
discovered at first by AMP.
We selected ‘Unknown Disposition’ in Security Center. And found the malware files that got
through.
The file will be allowed to pass through but after Cisco understands this is a threat it will update
all UTMs out there and retrospectively alert you to clean up the threat.
The reason for the delay here is that we have to hear back from the ThreatGrid API after the file
has detonated; this can take up to 3 hours to show.
After the result comes back and it is found to be malware, it will show up like this. This will take
several hours.
P a g e | 37
Meraki MX SD-WAN
Umbrella SIG - SASE
FYI
No
exercises
P a g e | 38
Meraki MX SD-WAN
Umbrella SIG - SASE
FYI
First, the alert will only arrive if the appropriate alerting setting is enabled. To ensure it is,
navigate to ‘Network-wide->Configure->Alerts’ on most standard dashboards or ‘Network-
wide->Configure->General’. You will be presented with the following:
This will result in an email being receive at the configured alerting email address. It looks like the
following:
P a g e | 39
Meraki MX SD-WAN
Umbrella SIG - SASE
FYI
Read-only The purpose of this email is to make users/administrators log back into dashboard to
pages; investigate. Clicking on the ‘investigate the impact here’ section of the email takes the user to
Security Center (Security & SD-WAN ->Monitor-> Security Center). Which will look like this:
No
exercises
If we drill into the content by clicking on the link under ‘Threat Name’ we get the following
additional information:
If we then move to ‘Event’ view (by clicking on ‘Events’) and click on the file in question and
select ‘Show this file only’, it then shows the file deposition changed event and when the file
was originally analysed.
P a g e | 40
Meraki MX SD-WAN
Umbrella SIG - SASE
6 SASE
In this exercise we learn how to roll out cloud security to enforce a secure online behaviour for
all our employees.
All our sites are fully protected by a redundant cloud security SASE solution.
Important to note: Your Umbrella nodes are fully operating in your SD-WAN.
Requirements:
o Umbrella SIG Essential or SIG Advantage
o Meraki MX 14.00+ firmware versions
The UMB-SIG device does not require any additional licensing and is included as part of your
MX licensing purchase (as long as you have SIG licensing on the Umbrella dashboard).
Meraki MX SDWAN Plus Licensing is required for exclusion of Layer 7 Application traffic from
the Auto VPN to Umbrella SIG.
P a g e | 41
Meraki MX SD-WAN
Umbrella SIG - SASE
In production you can leave both on, or choose one of both solutions to protect your branch.
EX – Disable MX configuration
Disable AMP.
Security & SD-WAN > Threat protection
• Amp: Disabled
• IPS: Disabled
Remove:
• Category blocking
• URL filtering
• Search filtering: Disabled
• Restricted YouTube content: Disabled
P a g e | 42
Meraki MX SD-WAN
Umbrella SIG - SASE
Deployment of the Umbrella connectors has to be done once for the entire organisation.
For this reason, this has al been performed.
The steps below are the steps that have been done, feel free to review them.
An Umbrella connector is a Meraki vMX that is deployed in the Umbrella cloud and
connected to your SD-WAN.
2 connectors will automatically be deployed to provide fail-over reduncancy.
P a g e | 43
Meraki MX SD-WAN
Umbrella SIG - SASE
If you have already had a MR-ADV integration, you won't be able to enable Meraki
Umbrella SD-WAN Connector. A new Meraki Org is needed.
If you have already linked your Meraki Org to an Umbrella SIG Org, you will need to use
that Umbrella Org and won't be able to link your Meraki Org to a different Umbrella SIG
Org.
Meraki Umbrella SD-WAN Connector is available with the MR and MX DNS integrations.
Choose the Data Center (DC) location pair where the Connectors will be deployed
FYI
-
Input a name for the Connector network and choose the DC locations. This will create 2
No
networks, with a connector in each located at the chosen locations.
exercises
P a g e | 44
Meraki MX SD-WAN
Umbrella SIG - SASE
The branch MX needs to be configured as a Spoke on the Site-to-site VPN page, and the
deployed connectors need to be configured as Hubs.
DO NOT select the 'Default route' option, as Connector Hubs advertises default routes to
Umbrella SIG for all spokes connecting
P a g e | 45
Meraki MX SD-WAN
Umbrella SIG - SASE
Test traffic flowing over the WAN and Umbrella to the internet.
Initiate a ping on your test pc and confirm that the route of traffic flows through the Umbrella
connectors. Remember that ICMP takes the same route as Voice and video calls
(ref. SD-WAN section in this lab guide).
P a g e | 46
Meraki MX SD-WAN
Umbrella SIG - SASE
With the deployment of the Umbrella connector, comes a Network Tunnel Identity.
In our topology, we therefore have 2 Tunnels.
Outgoing traffic
Traffic to the internet will take one of the 2 tunnels. These tunnels will run through our MX-
SASE policy and our Firewall policy
MX-SASE
This WEB policy is refined in the Umbrella dashboard, and contains:
- Block Unwanted (unwanted content is blocked, like gaming)
- Block News (News sites are blocked, like theguardian.com)
- DNS Security is applied (like Malware, CnC, Phishing)
Firewall Policy:
- Block communication over port: 333, 777, 888
- Block communication to 157.240.22.35
- Block Torrent applications
Incoming traffic
IPS is enabled:
- In Protection mode
- Sensitivity: Security over connectivity – deep inspection of traffic
P a g e | 47
Meraki MX SD-WAN
Umbrella SIG - SASE
Notice that game sites are being blocked as part of our content ruleset
Test this out with your test PC
P a g e | 48
Meraki MX SD-WAN
Umbrella SIG - SASE
Notice that connections to 157.240.22.35 are being blocked as part of our Firewall ruleset
Test this out with your test PC – start a ping to 157.240.22.35
P a g e | 49
Meraki MX SD-WAN
Umbrella SIG - SASE
Here you can review the HIT Count when a rule has been triggered.
P a g e | 50
Meraki MX SD-WAN
Umbrella SIG - SASE
TEST Malware Imitate an employee and try to download malware in his PC.
Open Firefox and paste this link in the address bar, and click on the EICAR test.
https://www.wicar.org/test-malware.html
It is likely that FireFox also detects malware and refuses a connections. This is obviously a good
thing. To ignore FireFox to test Umbrella, click on Ignore the risk
P a g e | 51
Meraki MX SD-WAN
Umbrella SIG - SASE
You can review the threats in your network that tried to brake out of you site.
Umbrella dashboard > Reporting > Security Activity
P a g e | 52
Meraki MX SD-WAN
Umbrella SIG - SASE
This is an easy way to extend all DNS Policies we have seen this far, to all work stations.
Resulting in DNS-based security wherever we work from.
Side-Note:
How efficient is Cisco Umbrella with blocking these security categories?
The below results are published by AVTest (https://www.av-test.org/en/), an
independent IT Security Institute. The test released 3682 attacks on a systems
protected by different Cloud Security vendors. The results of this test indicate that
Cisco Umbrella outperformed the other vendors’ detection rates.
Scroll further to Option 2 and let us show you how we can increase security for our users.
P a g e | 53
Meraki MX SD-WAN
Umbrella SIG - SASE
Side-Note:
More protection is to be expected using the Cisco Secure Client. Below is another test
performed by AVTest over Cisco Umbrella but this time with the client.
P a g e | 54
Meraki MX SD-WAN
Umbrella SIG - SASE
The situation
After the this session, the off-network policy becomes active and you will not be able to access
gambling.com no more.
P a g e | 55
Meraki MX SD-WAN
Umbrella SIG - SASE
Open the folder LAB Programs (on the desktop) and install Cisco Secure Client > open setup.
P a g e | 56
Meraki MX SD-WAN
Umbrella SIG - SASE
Open Cisco Secure Client and note that the correct profile is missing.
Copy OrgInfo.json from the LAB Progams folder to the following umbrella folder:
%ProgramData%\Cisco\Cisco Secure Client\Umbrella\
P a g e | 57
Meraki MX SD-WAN
Umbrella SIG - SASE
TIP: Open the Off-network Policy – Home/Remote and notice the following
• All roaming computers are mapped to this policy.
• Gambling is not allowed for all roaming computers
All roaming computers, regardless of where they connect, will use the home/remote
policy.
P a g e | 58
Meraki MX SD-WAN
Umbrella SIG - SASE
Check the activity search and notice that your roaming computer is now displayed instead of
our Umbrella connector as an identity.
Disconnect from the office network and connect to API Lab (an unprotected network).
And try again to download malware using the eicar or wicar websites
https://www.wicar.org/test-malware.html
Reconnecto to Wi-Fi
The station you are working on will be reverted after the training. Feel free to try and break the
Umbrella DNS + WEB security.
P a g e | 59
Meraki MX SD-WAN
Umbrella SIG - SASE
Duo’s MFA (multi-factor authentication) and 2FA (two-factor authentication) app and access
tools can help make security resilience easy for your organization, with user-friendly features
for secure access, strong authentication, and device monitoring.
Use the below examples to learn the basic principles of MFA and see it in action.
P a g e | 60
Meraki MX SD-WAN
Umbrella SIG - SASE
• Interested to understand how Lee registered the application for the first time?
Click HERE to simulate the experience of Lee
P a g e | 61
Meraki MX SD-WAN
Umbrella SIG - SASE
We understand that every business is unique and has different requirements, but every
business requires a secure authentication process for their employees and users.
Below you can find a large set of demos to help you understand many ways to provide secure
access to your customer networks.
https://demo.duo.com/
P a g e | 62
Meraki MX SD-WAN
Umbrella SIG - SASE
Connect to the demo dashboard using your own Cisco CCO ID.
https://dcloud2-lon.cisco.com/content/instantdemo/cisco-duo-admin-panel-v1-instant-
demo?returnPathTitleKey=content-view
P a g e | 63
Meraki MX SD-WAN
Umbrella SIG - SASE
P a g e | 64
Meraki MX SD-WAN
Umbrella SIG - SASE
Only allow confirmations from up-to-date systems. Less possible that they are hacked
P a g e | 65
Meraki MX SD-WAN
Umbrella SIG - SASE
DUO Editions
https://duo.com/editions-and-pricing
P a g e | 66