Edge security stack on Citrix SD-WAN Advanced Edition

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Estevan it security citrix system and provides robust built-in valid security while ensuring Wanderlei ability and always-on connectivity on top of existing standard and premium editions we now have Advanced Edition in order to achieve its security functionalities this Advanced Edition is one of the new edition that we are getting introduced in order to get at security capabilities here is the topology that I'll be using for today's demonstration well I have a branch and a data center both of them are managed using Citrix Estevan Orchestrator and on branch appliance we have this edge security capabilities achieved using Advanced Edition Plaisance so now when we are trying to access any of the internet traffic from the branch hosts that particular traffic will be inspecting using the Advanced Edition capabilities and will be applying its security capabilities on that Internet traffic that we are trying to access this includes web filtering anti-malware and intrusion prevention let's now go through the live demo before going through the demo here are the demo steps that I will be demonstrating as part of today's demo where I'll be enabling advanced edition license in order to get this edge security capabilities on the branch site and we'll be adding a security profile using which we can configure all the capabilities related to its security web filtering anti-malware and intrusion prevention and this security profile it will be used in firewall policy definition with action as inspect often which will try to start sending traffic that matches the firewall policy that we have created and try to see how this edge security capabilities are applied on that Internet traffic that we are trying to access through the branch of plants all the configurations related to it security or managed using Estevan Orchestrator now to start with let's try to see how to enable its security on 1100 platform for that here is the remote site it's one of the branch appliance on my test setup where by by going to site basic site configuration we'll be able to see a new edition called Advanced Edition which got introduced here device Edition advanced edition so once we select the platform on which we support edge security capabilities we will be able to select device addition as Advanced Edition and that said with respect to enabling it security capabilities once after enabling the device type or device addition as Advanced Edition the edge security capabilities will be applied on the appliance on performing staging and activation using this configuration that is with respect to enabling edge security subsystem on the branch appliance now let's try to see how we are going to enable or configure its security capabilities for that we need to go to all sites and security and first thing we need to do is we'll be configuring security profile where we'll be able to define the pet security capabilities that we wanted to enable here I have a test profile define where I have a web filtering anti-malware and intrusion prevention got enabled but if by default nothing will be there we can go ahead and configure a new security profile by clicking one new security profile over here for example let's see what's configured here in my test profile so once of the giving the profile name and description we can directly go ahead and enable this option by using enable and disable toggle over here and if all these taps over here that we can see web filtering intrusion prevention and anti-malware we can just enable or disable using the toggle over here so let's see what's configured on web filtering here in web filtering we have different categories that that can be blocked and within each category if we want we can block or flag a specific site and we have an option to bypass sites which means if we have a category that got blocked within that category if we wanted to allow a specific site we can specify that as part of bypass sites similarly bypass client IPS as well and there are a few advanced options where we can specify some of the configuration options over here for example block quick protocol this is basically it's it will be running on unity for 443 in general it will be used by google chrome and Google based applications so by default our web filtering will not be able to categorize quick protocol which is running on UDP port 443 which can if we are blocking that quick protocol the actual client applications will be reverting back to TCP based transport so our web filtering will be able to identify and categorize the applications appropriately similarly other Advanced Options can be enabled here one important thing here we can see we can define a custom URL for block blocked sites here I have a custom URL page which got defined where any of the site that got blocked will be redirected to this specific URL block page that I have defined over here so for this demonstration I have a block category I have blocked one of the category which is social networking which will be falling into productivity here we can see that social networking got blocked which which means all the web sites that that are part of social networking will be blocked for sample Facebook Twitter Linkedin all those websites will be blocked because they'll be falling into social networking category so now I have blocked a specific site as well here let us see how what is that site here I have blocked a specific site geek in tribute calm and yeah here is the description block interview preparation so we can block a specific URL as well by using block or flag sites option over here and also I have configured to allow a specific site linking calm and this link pin it will be falling into social networking category and in in the first option we have blocked social networking which means even though we have blocked social networking I wanted to allow LinkedIn website by using this bypass sites option configuration option over here so with that it will try to access some of the social networking applications along with LinkedIn and we should be able to access LinkedIn website but not other social networking websites will try to see how that's been achieved that that's about web filtering configuration and intrusion prevention by default if we just enable this toggle we'll be able to get all intrusion prevention capabilities this is the default configuration options that are available so if we wanted to define user defined intrusion prevention policies that also can be defined we see that in a while similarly we can configure handy malware functionality just by enabling this toggle we'll be able to enable anti-malware capabilities on this 11-hundred platform using the security profile that we are defining so by default all our anti-male will be able to scan all the file types that are defined over here we support up to 41 file types we'll be able to scan and report if there are any virus infected files we can enable or disable few of the file types if we don't want it to process or scan those file types if we think that it is coming from a trusted source and similarly we we have an option to define our scan mind types it's up to ten mine types will be able to scan over here we can if we want we can enable by default or we can disable by default and selectively also we'll be able to select certain mime types that we wanted to scan and here we can see that there is by default we'll be able to scan HTTP FTP and SMTP files that are downloaded using these protocols will be scanned and it will be reported if there are any virus detected in in those files that we have stand that is with respect to profile definition where we'll be able to define and configure all the edge security capabilities that we wanted to apply on the traffic that we wanted to process through the branch of lands so now let's go ahead and see few other options as we have discussed earlier there is an option to define user-defined intrusion prevention policy so here we can directly go ahead and create by default we have four predefined intrusion prevention rules and now if we wanted to we can go ahead and define by creating a new intuition prevention rule by selecting appropriate class and class type and category that we wanted to apply so we have defined a single security profile over here in this particular example if we wanted if we can define different security profile for each category for example if you wanted to define a separate security profile for web filtering separate security profile for anti-malware and intrusion prevention that can also be done and we can define as many security profiles that we wanted to define as per the network or Enterprise requirements so now what are we going to do with this security profile so using our stateful firewall functionality by default we'll be able to configure security firewall policies that we wanted to so we'll be using our existing stateful firewall functionality in order to get this edge security capabilities with some additional configuration options so we can we can select the max type as IP protocol and we can create the firewall policy with different max criteria that we wanted to for that an enterprise admin wanted to so once after defining the filter criteria we we can go ahead and select the action as inspect which is only for IP protocols once we select the action as inspect we'll be getting an option to define the security profile that we have configured so in our earlier step we have configured a security profile by the name test profile and we are seeing that in the drop-down over here if you are defining more number of security profiles we'll be getting that in the drop-down that we are seeing on the screen once we select the action as inspect and associate the security profile and activate the configuration using this firewall policy that we have configured we'll be able to apply this on the on the sites on which we wanted to get this edge security capabilities once after activating the configuration we are now enabled with its security capabilities along with a firewall filter policy using which we'll be able to filter the traffic and apply the edge security capabilities now let's go ahead and try sending some traffic so here here are the reports that where we can see the edge security capabilities so we're filtering anti-malware and intrusion prevention let's try to select for last ten minutes you so here now I'll try to access some of the websites and we'll try to see how the traffic is being reported over here I have a Windows host machine and a Linux first machine which is sitting behind Estevan 1100 platform which is enabled with its security capabilities I try to access the Windows machine here is the Windows machine with data IPS 1 172 1614 dot 11 now let me try to access some of the websites and see how it's been I mean functioning as per the security capabilities that we have configured so first thing as per the configuration I have blocked a specific URL geek interview comm let's see that in the configuration before accessing the traffic so if we go to the configuration security profile here we have blocked a specific URL geek interview comm will try to access this website and see what's going to happen so here is the website that I have accessed geek interviewed comm and it's been redirected to a custom block paste that we have configured in while defining the security profile there it it's providing us the information as per the description that we have provided while defining the security profile where we can see here it's it says block interview preparation this is the description that was provided while defining the security profile and while adding to block geek interviewed comm we can see that by going to the configuration here you can see that it says block into a preparation this is the information that we can see on the custom block page and this custom block page can be customized as per the enterprise requirement it's not I mean redefined so for this example we have a custom block paste which will be providing us an information about the description related to the blocked sites that we are that we are trying to access so other example is we have blocked social networking category and within that category we have bypassed a specific site link bing.com so now let's try to access some of the social networking websites and try to see what's going to happen so now I will try to access Facebook problem which which will be falling into social networking category and we are not able to access this website because it's part of the blocked category as per the firewall policy definition so now let us try to access linkedin.com so now so we are able to access link dinkum because it's even though it is part of the social networking category since we have configured our security profile to bypass ling-ling comm we are now able to access link income even though it is part of the block category now let's try to go ahead and change the reports how it's been reported with respect to the blocked sites that we have accessed here we have introduced new report section security we're filtering here we can see that the blocked sites mean the stats related to the blocked sites are getting updated as we have selected for last ten minutes we can go up to a maximum of one month reports so we can select whatever the time film that we wanted to monitor here will be reporting total web requests processed by the Bansha plans and number of or the percentage of the requests allowed flagged and blocked here we have tried to access the websites linking congi contributor comm and other social networking websites which are blocked so here we can see that the stats related to the blocked sites are getting incremented and here on the bottom we can see that top web the web event section where we can see top site names it will be providing a stop Tensei that are processing the web requests as per the web filtering configuration if we click on this we'll be able to get the graphical view of the total number of requests processed flagged and blocked as well simple we'll be able to see the details related to the security profile as well it will be providing us the top security profiles and within that security profiles it will be providing us the graphical view as well that's about web filtering demonstration now let's try to see what's going to happen with anti-malware so here we are saying for last 10 minutes nothing is being processed which got infected now we will try to access some of the infected file Ike are calm and try to see how it's been reported in anti-malware security reports for this I'll be trying to download icon file using the land host machine Linux host machine through the branch appliance and we can see that the icon file got got blocked and and we'll be able to see this in the reports as well and in the reports we can see that the number of scanned file got incremented and we can also see that the file infected starts getting incremented over here and in the graphical view also we can see that we have scanned a file which got infected and the similar similar to web filtering we can also see the graphical view of the top sites as well which will be providing us details about the total number of scanned files and the number of infected files as well now let's try to test or evaluate into some prevention functionality so here we can see that total number of intuition events or 8 and will be logging each and every intuition event over here and the block intuition events or 0 person now let us try to perform a sin flag attack singlets in flag using head spin 3 and try to see how it's been process by our intuition prevention functionality for this I'll be using head spin with which we'll be performing a syn flood simulation where I'll be trying to send continuous syn packets so we are now trying to see that some of the packets are being processed by the appliance once after detecting that we our branch appliance is being attacked kind of a syn flood attack we'll be able to see that the traffic is being blocked so here we can see the stats also we are trying to send some ten packets only four packets are processed after which the branch of plants has detected this as a syn flood attack and we'll be able to see this getting reported in our intuition prevention reports as well here is the report related to intrusion prevention where we can see that the block percentage got incremented because we have tried to perform sin fled and it's been detected by our intrusion prevention engine and will be will be logging this intrusion prevention events along with blocking any of the flat attack or anything related to I mean any attack related to interest in prevention will be blocked by our intuition prevention engine for example if there is any vulnerable software and if someone someone tries to attack that our intrusion prevention will be able to identify and block that particular access so that's about the head security functionalities web filtering anti-malware an intrusion prevention which got introduced in Citrix Estevan Levin dot to release and we will be getting SSL inspection as well coming in our upcoming software release thank you

Info

Channel: Citrix SD-WAN Solution

Views: 182

Rating: undefined out of 5

Keywords:

Id: OxCw2oYEYm8

Channel Id: undefined

Length: 21min 53sec (1313 seconds)

Published: Thu Jul 09 2020