Cisco CCW - Learn how to build estimates (English)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone and welcome to a fresh view on cisco commerce workspace or ccw my name is joshua scarborough i'm a security systems engineer at cisco within the partner space to start it off i'm going to show you how to build an estimate for probably one of our harder products firepower and its associated aspects it's always fun to hit the ground running so we're going to be starting from scratch i'm going to be assuming that we don't have a lot of experience building a quote for firewalls or how to find that information when it comes to quoting on a firewall i have one rule and this is let's make sure that we have the correct firewall for the project that we are building how are we going to do this data sheets how do we find these data sheets well every good engineer will have to tell you that they have a backup my backup is always google so what i'm going to do is i'm going to go to google and i'm going to put in cisco firepower datasheets nothing specific and i'm simply just going to do a quick search and you can see right off the bat we have the cisco firepower 1000 the 4100 2100 and we also have the firepower 9300 which is not visible on this page all of these data sheets are broken up by the series or the product that we're going to be working with they're all firepower devices but many of them will fit in different categories what i'm going to work with is the firepower 2100 series here these data sheets will give you all the information related to what we need to know some of the questions like do we need vpn enabled if so how many sessions are we going to need do we need the ability to have ssl decryption what kind of bandwidth are we going to be working with and what are the expectations of this firewall are we doing application visibility you'll get all the detailed performance specifications right here and this will help us make an informed decision of what we need to know it's important to note that we test our bandwidth using 10 24 bit tcp packets the higher the number the bit the harder it is to reassemble that packet once we have an idea of the firewall that we want to use in my instance i want to use the firepower 2120. it fits my needs and i know that i'm going to need to have ssl decryption enabled the one issue that we're going to run into though for these data sheets is there are no skus on this specific data sheet so what i'm going to do is i'm going to keep in mind that i know it's a firepower device it's a 2120 is the one i want so i'm going to go back to ccw and i'm simply just going to type in firepower 2120. and you see a few skus pop up here we have the firepower 2120 asa sku we have the firepower 2120 bundle we have the firepower threat defense ha bundle and we also have the firepower next generation firewall skew the primary difference between the next generation firewall skew and the asa sku is going to be what the base software ships with for that product our firepower devices can run the asa code but it can also run firepower threat defense so depending on what the customer's needs are choose your sku accordingly so if they are specifically looking for the asa code we'll get an asa sku we also have a few other bundles that you'll see here so we have the firepower 2120 bundle as well as the ftd bundle with these bundles you'll be able to choose what software you want within it but also the licensing will be built into those skus as well firepower threat defense aj bundle will automatically add two devices to the bundle itself if you're looking specifically for high availability so what i'm going to do is i'm going to choose this master bundle to start it off with and i'm going to add that to our estimate but let's take a step back for just a moment and realize that maybe we didn't find the exact right product that we're looking for maybe we're looking for another sku maybe we were specifically looking for a license what i'm going to show you is my number one tip for using ccw and using it effectively before i validate it or select any options for this bundle i'm going to click recommended content and when i click that you'll notice that a bar populates on the right and it has everything related to what i need to do with this product what do i need to validate it do i need additional skus are there things to be aware of do i need design assistance i'm looking for those skus though so what i'm going to do is i'm going to go to that ordering guide and i'm going to click view and once this populates you'll notice that we land on the network security ordering guide this is the primary reason of why none of those skews are on those data sheets we try to consolidate all of our source of truth into a singular ordering guide to make it as easy as possible to find what we're looking for so as we scroll down through this you can see all of our appliances and all of their skus are on this document everything related to our firewalls whether it's an asa whether it's the firepower threat defense or if we're looking for management options all of our skus will be related here as well as their licensing ability one of the first things that you'll come up to though is how do you want to manage your firewalls we have three primary options that's going to be cdo cisco defense orchestrator which is a cloud-based management platform that will allow you to manage and configure your devices worldwide from a cloud-based management platform we also have the on box management software firepower device manager this is absolutely free and it does ship with firepower threat defense there's no extra licensing sku that you'll need for this we also have the firepower management console or the fmc the fmc is an additional purchase it can be deployed virtually but it can also be deployed within hardware so it's important to know what you're looking for and what your expectations are when you need a management platform if you have multiple devices that need deep customization and you're looking for very granular reporting the firepower management center will be right up your alley if you're looking for cloud-based deployment if you're looking for cloud options cisco defense orchestrator will be your next best bet if you only have one device and you only have intentions to have one device you can simply use the firepower device manager as we start to scroll down a little bit more we can see that there's a lot of extra additional information as well but i know that i'm looking for the firepower 2120 and i want more information about it so what i'm going to do is a quick search for the 2100 series and i'm going to find where i can see the first title so here we have skus and ordering guidance for firepower next generation firewall that includes the 1000 the 2100 the 4100 and the 9300 first up is it's going to give you a physical view of what these devices look like and what you have the ability to do with them what the interfaces look like and if they have sfp slots and if they have net mod bays but i'm still looking for those skus so i'm going to scroll down and i'm going to find my skus and the ordering guidance for my devices that i'm looking for so here we have ordering guidance for the cisco firepower platform and i'm going to scroll down until i find the 2100 series as again it starts off with the firepower 1010 i'm going to skip past it and you can see all the skus that are related to that specific product and you'll notice our naming convention is going to be very similar between all of our products so here we have the order and guidance for the firepower 2100 series and as i mentioned before there's quite a few different skus and few bundles as well this will give you a good description of what you're looking for this will give you an idea of what you're going to be putting into ccw as well so if you remember i specifically chose the firepower 2120 bundle and i know that that's the master bundle here so i'm aware that i need to have a few other things as well like i mentioned that management appliance or if i decide not to have a management appliance and i just want to use firepower device manager we also have the singular skus as i mentioned firepower 2120 next generation firewall firepower 2120 asa code that simply dictates what that software is going to ship with originally you can also see as i mentioned before if you want to add any net mods or if there's any bays available to add net mods for that specific device now here's everybody's favorite parts licensing it's important to know that firepower threat defense is going to use smart licensing and therefore we're going to have to have a smart account to register firepower threat defense 2. so now i'm up to the licensing standards here and this is what i'm gonna need to pay attention to we have three primary base licensing apologies not based licensing we have three licenses that we need to be aware of we have threat we have malware and we have content or url to order all three it will simply be the tmc license this is going to be threat malware and url now to give you a brief highlight of what they do the threat defense license will actually give you point and update or timing update for all of your snort codes your security intelligence rules this is considered to be the base license of the device it is highly encouraged to always have a threat license as you will get the day zero updates for all of the new attacks that are out there the malware license is our file scanning this is what enables the advanced malware protection engine to run on the firepower threat defense device so with any files coming through the network we will have the ability to scan them at an edge or at a perimeter or as the file goes through the firepower threat defense device we'll give you the indication of whether it's good or bad and if it's unknown we will send it to threatgrid to virtualize that file give you the disposition and then send your report and the url license is what gives you the ability to create content categorization rules and block urls based off of content so we can absolutely separate and sell all three you can sell each one or you can have none of them but again as i highly encourage you to always have a threat license this is what gives you that day zero protection for our security intelligence from talos so we have these hues here and this is what i'm going to need to pay attention to right for the most part all i need to be aware of is the first lines that so i'm going to go back to ccw and i'm going to highlight this here and i'm going to do select options as you remember i chose the master bundle so it's already going to have the licensing built into it but also the fact if we need any services i know that i want the next generation firewall code so i'll go ahead and add that and i'll have to edit the options for that as well and i'll choose the north american power cables and i'll click done and i have validated the hardware portion of that and actually i'm going to take a step back and i'm going to edit options and i'm going to go through this again i should have mentioned that you can absolutely add any hardware services that you need here or if you need any sfp modules you can add them here as well if you're looking for any kind of cable management platform or any brackets you can add them here as well and this is all because we chose that firepower 2120 master bundle so i'm going to click done again i don't want to make any changes right there so we have that next generation firewall code and as i mentioned before the subscriptions and this is another way to find out what the skus are for the licensing or if there's anything that i need to be aware of it's going to be included within that subscription standards i'm going to select firepower 2120 and i'm going to select the tmc method or the tmc license for all three once i have that selected i'll click done and i will have that ready to go now as i mentioned before there are also things to be aware of such as the management platform but also let's try to add a firepower sku for a license that we didn't have here so i'm gonna go back and edit and i'm going to go to subscriptions and i'm simply just going to choose tm so i'm going to be missing out on that url license you can click the plus button right there and you can expand all of the base lines that are included within that specific firewall so i can see we have the firepower 2120 tm license here and i want to go ahead and add the content license as well or the url license and you can see that i just did a simple search for the url license and i will be able to add that as a singular line item as well now i could have just went over to my ordering guide and i could have just found that it was firepower 2110 or sorry firepower2120 t url now as i mentioned before we have the on box management appliance or firepower device manager built into the firepower threat defense code but what if i want a five power management center so we're going to be ordering a few devices and this new firepower 2120 is going to be the addition or the next layer for managing all of my devices at once this is what i need to be aware of well i can deploy the firepower management center virtually or i can deploy in the cloud or i can have the hardware for it all of our skus for our firepower management system is right here it's important to note the main difference between the firepower management centers their excuse the higher the sku is that we have here the more memory the more beefier the components are within the firepower management center so if we're looking for more logging and we have a lot of bandwidth coming through our firewalls it's important to annotate and see how much logging we need to hold on to the 4600 would net you the most logging and storage room within the firepower management center but we also have the ability to do them virtually as well whenever we are talking about virtual firepower management centers it's important to know how many devices we want to manage at once as you can see here within description for vmware we can do a specific amount of devices 2 10 or 25 but we also have our new skus as well so this is going to be the firepower management center vmw-300 which is built for 300 devices the newer skus will actually have a higher system requirements as well so if you want to be able to add a lot more resources to your firepower management center you absolutely have the ability to do that as well but i'm going to add this specific ski right here because i know i need a big virtual firepower management center and i'm going to go ahead and edit services and subscriptions for the firepower management center and you'll notice here there's truthfully nothing to select you just simply select what kind of software you support you would want and the generation you want and there is no licensing for the firepower management center since the firepower 2120 devices are all smart licensing the firepower management center will handle handle the license for those specific firewall devices with that being said that is how you would generate an order for a firepower device generate an order for firepower management center as well and that concludes this session thank you all and please feel free to ask any questions
Info
Channel: Unknown Chronicles - Cisco Security
Views: 918
Rating: undefined out of 5
Keywords: partner ccw, cisco ccw, cisco partner training, cisco estimates, cisco firewpower estimates, building estimates
Id: LWIYF6E6qv8
Channel Id: undefined
Length: 18min 22sec (1102 seconds)
Published: Thu Aug 20 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.