0% found this document useful (0 votes)

376 views125 pages

Safe Architecture Toolkit

Toolkit to practise SAFE architecture

Uploaded by

Shady Burns

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

376 views125 pages

Safe Architecture Toolkit

Toolkit to practise SAFE architecture

Uploaded by

Shady Burns

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 125

Cisco

SAFE
Security
Architecture
Toolkit
June 2021

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Proven Cisco Security with SAFE
A Security-Centric methodology and model
for an effective Security Architecture
• Focuses on addressing Risks and Threats
1. Capability
by identifying required Capabilities through
gap analysis and aligning business priorities
to IT initiatives
• Architectural guidance for using Capabilities 2. Architecture
when building your Places In the Network
• Solution guidance across your organization
using a simplified layered approach which Cisco FP2110
FW-B4123-G

includes best practice deployments tested in 3. Design

Cisco Validated Designs
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public cisco.com/go/safe
Cisco SAFE Security Architecture Toolkit
Table of Contents
• SAFE Security Architecture Toolkit Overview
• Capabilities Flows and Endpoints
• SAFE Workshop Sample Slides
• Architectures
• Designs
• SAFE Icon Library
• Tools, Rules and Techniques
• Feedback

Cisco SAFE simplifies security so your conversations can focus on the

needs of a business. By mapping the flows of the business, specific threats
can be addressed with corresponding security capabilities, architectures,
and designs.
The SAFE Toolkit includes the elements required to facilitate security
discussions. You can use the items on these slides to build presentations
using SAFE best-practice illustrations and diagrams. And you can
customize the diagrams to suit your business.
This toolkit complements the SAFE Overview, Architecture and Design
Guides which can be found at www.cisco.com/go/safe

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
SAFE Security Architecture Toolkit for LucidCharts!

EXA
• Reference Security M PL
E
Architecture
• Cyber BluePrint
Templates
• Customize to your
environments

SAFE Toolkit for Lucidchart:

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/safe-lucidchart-toolkit.pdf

• Reference Security
Architecture EXA
M PL
• Cyber BluePrint E
Templates
• Customize to your
environments

SAFE Toolkit for Visio:

https://www.cisco.com/c/dam/assets/prod/visio/visio/safe-visio-toolkit.zip

The following slides contain

graphics that you can use to
introduce SAFE and explain
SAFE concepts and
components.

1
First, identify the capabilities your customer needs
their network to provide to the business.
Next, you can use the endpoints and capabilities
icons to map the business flows.
Mapping the threats the customer faces onto the
capabilities is the key to SAFE.

Capabilities for Threats

• Secure Access SAFE identifies common business

flows across all industries. Mapping
• Secure Applications threats to the business illustrates
• Secure Communications required security capabilities.
• Secure Web Access Refer to “SAFE Overview Guide” for
more information on business flows,
• Secure Guest Access threats, and how to use capability
• Secure Remote Access maps.

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
SAFE Master Capabilities Flows
Internal Business Flows:
Secure communications for email: CEO sending email to shareholder

Client- Identity Posture Firewall Intrusion Flow Threat Anti- Tagging Application Email Server-
Based Assessment Prevention Analytics Intelligence Malware Visibility Security Based
CEO Security Control Security Shareholder

Secure applications for PCI: Clerk processing credit card transaction

Client- Identity Posture Firewall Intrusion Flow Threat Anti- Tagging Application Web Server-
Based Assessment Prevention Analytics Intelligence Malware Visibility Application Based
Clerk Security Control Firewall Security Payment Application

Secure web access for employees: Employee researching product information

\
Client- Identity Posture Firewall Intrusion Flow Threat Anti- Tagging Application Web
Based Assessment Prevention Analytics Intelligence Malware Visibility Security
Employee Security Control Website

Secure communications for collaboration: Subject matter expert consultation

Client- Identity Posture Firewall Intrusion Flow Threat Anti- Tagging Posture Identity Client-
Based Assessment Prevention Analytics Intelligence Malware Assessment Based
Expert Security Security Colleague

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
SAFE Master Capabilities Flows
Third-Party Business Flows:

Secure remote access for third party: Connected device with remote vendor support

DNS Identity Firewall Intrusion Flow Threat Anti- Tagging Virtual Posture Identity Client-
Security Prevention Analytics Intelligence Malware Private Assessment Based
Thermostat Network Security Remote Technician

Secure remote access for employees: Field engineer updating work order

Client- Identity Posture Virtual Firewall Intrusion Flow Threat Anti- Tagging Distributed Web Server-
Based Assessment Private Prevention Analytics Intelligence Malware Denial Application Based
Engineer Security Network of Service Firewall Security Workflow Application
Protection

Secure east-west traffic for compliance: PCI compliance for financial transactions

Server- Firewall Intrusion Flow Threat Anti- Tagging Server-

Based Prevention Analytics Intelligence Malware Based
Database Security Security Payment Application

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
SAFE Master Capabilities Flows
Customer Business Flows:
Secure web access for guests: Guest accessing the Internet for comparative shopping

DNS Wireless Wireless Firewall Intrusion Flow Threat Anti- Tagging

Security Intrusion Rogue Prevention Analytics Intelligence Malware
Guest Prevention Detection Website

Secure web access for guests: Guest accessing the Internet to watch hosted video

DNS Wireless Wireless Firewall Intrusion Flow Threat Anti- Tagging Distributed Application Web Server-
Security Intrusion Rogue Prevention Analytics Intelligence Malware Denial Visibility Application Based
Guest Prevention Detection of Service Control Firewall Security Website
Protection

Secure applications for PCI: Customer making purchase

Identity Firewall Intrusion Flow Threat Anti- Tagging Distributed Application Web Server-
Prevention Analytics Intelligence Malware Denial Visibility Application Based
Customer of Service Control Firewall Security E-commerce
Protection

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
SAFE Master Endpoints
•Use these endpoints to further customize your SAFE capabilities flows.
Industry-specific endpoints are provided on the following slides.

CEO Shareholder Guest Server Customer Guest Salesperson Shareholder Server Server Automated
Process

Manager Manager Salesperson Technician Server Clerk Server Customer Technician Remote Server Building
Employee Controls

Subject Matter Remote Remote Video Server Video CEO Shareholder Customer Manager Clerk Guest Subject
Expert Colleague Employee Surveillance Camera Matter Expert

Technician Automated Server Building Building Remote Secure Server Server Building Building
Remote
Technician Process Controls Controls Employee Partner Controls Controls

Anti-Virus Anti- DNS Personal Posture Identity Access Threat

Employee Malware Security Firewall Assessment Control Intelligence
Using
TrustSec

Logging Network Geo Application Intrusion Firewall SSL

Reporting Anti-Malware Filtering Visibility Prevention Decryption
Control (AVC)

SIEM Web Data Loss Flow Cloud DNS Website

Security Prevention Analytics Access Security
(DLP) Security
Broker

Anti-Virus Anti- DNS Personal Posture Identity Access Threat

Employee Malware Security Firewall Assessment Control Intelligence
Using
TrustSec

Logging Network Geo Application Intrusion Firewall SSL

Reporting Anti-Malware Filtering Visibility Prevention Decryption
Control (AVC)

SIEM Web Data Loss Flow Cloud DNS Website

Security Prevention Analytics Access Security
(DLP) Security
Broker

Addressed Partially addressed Not addressed

Anti-Virus Anti- DNS Personal Posture Identity Access Threat

Employee Malware Security Firewall Assessment Control Intelligence
Using
TrustSec
Cisco AMP for Endpoints Cisco Umbrella System OS Cisco Identity Services Engine

Logging Network Geo Application Intrusion Firewall SSL

Reporting Anti-Malware Filtering Visibility Prevention Decryption
Control (AVC)
Splunk Cisco ASA Cisco
Cisco Firepower Threat Defense
Firepower

SIEM Web Data Loss Flow Cloud Access DNS Website

Security Prevention Analytics Security Security
(DLP) Broker
Splunk Cisco Firepower, Cisco Cisco Cisco
Umbrella, Stealthwatch CloudLock Umbrella
or WSA

Cisco Solution Non-Cisco

If interested in scheduling a SAFE Workshop to assess your security

posture and identify where your security gaps are, please submit a request
at the link below with your contact information.

https://cisco-safe.ideas.aha.io

2
SAFE architecture diagrams
convey the network structure at
a high level without naming
specific products. Architectures
can also reference capabilities.

Architectures for Business

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Building SAFE Architectures
Architecture Diagram Components

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
The following architecture diagrams
are best-practice references for each
Place in the Network (PIN).

HUMAN DEVICES NETWORK APPLICATIONS

Secure Web

Branch Manager Corporate

browsing Wi-Fi Device
information
Product Information
Website
Guest Wireless

Customer
browsing prices Mobile Wireless
Device Access Point Comparative
Shopping Website

Secure Applications

Clerk processing Corporate Payment Processing

credit card Access Switch Router
Device

Secure Communications
Remote Colleague

Subject Matter Employee

Expert Phone

Third-party Technician
Secure Third Parties accessing logs

Building Environmental Server

Controls Controls

Business Endpoints Access Services

Use Cases
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Medium Branch Architecture

HUMAN DEVICES NETWORK APPLICATIONS

Secure Web

Branch Manager Corporate

browsing Wi-Fi Device Wireless Controller
information
Product Information
Website
Guest Wireless

Customer Mobile Wireless

browsing prices Device Access Point
Comparative
Shopping Website

Secure Applications

Clerk processing Corporate Access Switch Distribution Router Payment Processing

credit card Device Switch

Secure Communications
Remote Colleague

Subject Matter Employee

Expert Phone

Third-party Technician
Secure Third Parties accessing logs

Building Environmental Server

Controls Controls

Business Endpoints Access Services

Use Cases
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Large Branch Architecture

HUMAN DEVICES NETWORK APPLICATIONS

Secure Web

Branch Manager Corporate

browsing Wireless
Wi-Fi Device Controller
information

Product Information
Website
Guest Wireless

Customer Mobile Wireless Switch Web Security

browsing prices
Device Access Point
Comparative
Shopping Website

Secure Applications

Clerk processing Corporate Switch Distribution Firewall Switch Router Payment Processing
credit card Device Switch

Secure Communications
Remote Colleague
Subject Matter
Expert Employee Switch Communications
Phone Manager

Third-party Technician
Secure Third Parties accessing logs

Building Environmental Server

Controls Controls

Business Endpoints Access Collapsed Core Services

Use Cases & Distribution
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Campus Architecture

HUMAN DEVICES NETWORK APPLICATIONS

Secure Email

CEO sending Corporate Web Security Guest Wireless

email to Wi-Fi Device
Shareholders

Shareholder receiving
email from CEO
Guest Wireless

Guest Mobile Wireless Wireless Switch

browsing Device Access Point Controller
Comparative
Shopping Website

Secure Web

Employee Corporate Switch Distribution Core Switch Firewall Switch Router Wholesaler Website
browsing Device Switch

Secure Communications
Remote Colleague

Subject Matter Employee Firewall Switch

Expert Phone

Third-party Technician
accessing logs
Secure Third Parties

Building
Controls Environmental Blade Server Communications
Controls Manager

Business Endpoints Access Distribution Core Services

Use Cases

BUILDING BLOCK CORE BLOCK

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Employee Guest CEO sending email Building Clerk processing Payment Third-party Shareholder Comparative Wholesaler
browsing browsing to Shareholders Controls credit card Processing Technician receiving email Shopping Website Website
accessing logs from CEO

WAN Architecture

NETWORK

Router Switch Firewall Switch

TO CAMPUS/ TO DATA
BRANCH CENTER
Services

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Third-party
Technician
Field Engineer
submitting
Wholesaler
Website
Shareholder
receiving Email
Comparative
Shopping
Data Center Architecture
accessing logs work order from CEO Website

NETWORK SERVERS APPLICATIONS

East/West
Traffic
Wireless Firewall Controller Load Balancer Secure Server Database
TO EDGE Controller Appliance

Payment
Processing
Communications Firewall Leaf Switch Spine Switch Leaf Switch Secure Server Payment
Manager Application

Software-defined

Distribution Core Switch

Switch
Clerk processing
credit card
Workflow
Automation
Building Management Distribution Switch Fabric Switch Secure Server Workflow
Firewall Application
Controls Console

Shareholder
CEO sending
email to
Emails
Shareholders
Identity Firewall Load Balancer Secure Server Communication
Server Appliance Services

Guest
browsing
Services Core Distribution Access Endpoints Business
TO WAN
Use Cases
Employee
browsing
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Edge Architecture

NETWORK
TO INTERNET TO ENTERPRISE
CORE

Comparative Email Security Switch Wireless

Shopping Website Controller
Perimeter Services
Corporate Guest
accessing Internet

Shareholder receiving
email from CEO
Web Security Switch Firewall Internal
External CEO sending
Enterprise email to Shareholders

Wholesaler
Website

Payment Employee
Router Switch Firewall Switch Load Balancer Switch Secure Server Application Switch browsing
Appliance

Customer DMZ
making purchase

Workflow
Application

Firewall
Field engineer
submitting work order
VPN
Building
Controls

Third-party Technician
accessing logs VPN Switch SD WAN
Concentrator

SERVICES NETWORK APPLICATIONS SERVICES

East/West
Traffic
Anti-Malware Identity
Database Authorization
Firewall vSwitch Storage Server
Virtual Appliance Zone

Threat Payment DNS Security

Intelligence
Processing
Firewall Load vSwitch Secure Server Payment
Virtual Appliance Balancer Application
Distributed
Web Reputation/
Denial of
Filtering/DCS Service
Protection

vRouter vSwitch
Anomaly
Detection

Workflow
Automation
TO INTERNET Application
Visibility Workflow
Firewall vSwitch Secure Server Application
Control (AVC) Virtual Appliance

Customer
making purchase Shareholder
Emails
Hosted
Firewall Load vSwitch Secure Server E-Commerce
Virtual Appliance Balancer
Technician
submitting task

Services Business
Use Cases
Guest browsing

SAFE design diagrams show the specific

products and flow/ structure needed to satisfy

3
the desired security capabilities of a particular
network.
The following design diagrams are best-
practice references for selected Places in the
Network (PINs).

Designs for Security

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Design Diagrams
Standardized notation, identification and tagging for network diagrams.
Network Title

Area
Represents an area
Design Icon within the network
CRITICAL
for
Device Name &
Network Flow Line Model
• Breach Defense IP Address
Device Port

• Troubleshooting
• Compliance HA Annotation

Network Border
Border is used to group
a complete network or a
collection of areas within
a network.

Area Title

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
The following design diagrams
are best-practice references for
each Place in the Network
(PIN).

SJC LT3 SJC AP5

Corporate Laptop AIR-CAP3702E-A-K9
DHCP: 10.2.3.5/24 IP: 10.2.1.213-5/24
FP-AMP-LC
Secure Web UMBRELLA-SUB
Host Firewall Wireless SSID: Employee
G0/1

TRUNK
MGMT VLAN
SJC GD7 WDATA VLAN G0/1 - Gateway Trunk
Guest Device VOICE VLAN
DHCP: 172.16.1.5/24 GUEST VLAN
MANAGEMENT VLAN
IP: 10.2.1.3/24
Guest Wireless UMBRELLA-SUB DATA VLAN
SJC FP1 SJC UCS1
Wireless SSID: Guest IP: 10.2.2.3/24
L-FPR4351-TAMC UCS-E160S-M3
IP: 10.2.10.5/24/24 IP: 10.2.11.5/24 WDATA VLAN
IP: 10.2.3.3/24
PCI VLAN
SJC PoS2 SJC WS1 IP: 10.2.4.3/24
UCS-E 2/0/0 UCS-E 1/0/0
Branch Point of Sale WS-C3650-48PQ-S VOICE VLAN
G1/11
STATIC: 10.2.4.5/24 IP: 10.2.1.11/24 IP: 10.2.5.3/24
FP-AMP-LC VENDOR VLAN
Secure Applications UMBRELLA-SUB P0 G1/5 G1/48 G0/1 G3/0/1
Host Firewall PCI VLAN TRUNK IP: 10.2.6.3/24
WAN
IP: 198.51.100.91/24 GUEST VLAN
G1/2 SJC ISR1 IP: 172.16.1.3/16
ISR4351-K9

HSRP (.1)
IP: 10.2.255.7/32

SJC DT4 SJC PH2 SJC WS2 SJC ISR2

ISR4351-K9 G0/1 - Gateway Trunk
Corporate Computer CP-9951-C-K9 WS-C3650-48PQ-S G1/2
DHCP: 10.2.2.5/24 DHCP: 10.2.5.5/24 IP: 10.2.2.11/24
IP: 10.2.255.6/32 MANAGEMENT VLAN
FP-AMP-LC IP: 10.2.1.2/24
Secure Communications UMBRELLA-SUB P1 P0 G1/6 G1/48 G0/1 G3/0/2 DATA VLAN
Host Firewall TRUNK TRUNK WAN IP: 10.2.2.2/24
Data VLAN
IP: 198.51.100.92/24
Voice VLAN G1/11-13 WDATA VLAN
UCS-E 2/0/0 UCS-E 1/0/0
G1/10 IP: 10.2.3.2/24
PCI VLAN
IP: 10.2.4.2/24
SJC CTRL8 VOICE VLAN
Building Controls
SJC FP2 SJC UCS2
STATIC: 10.2.6.5/24 L-FPR4351-TAMC UCS-E160S-M3 IP: 10.2.5.2/24
IP: 10.2.12.5/24 IP: 10.2.13.5/24 VENDOR VLAN
To More APs
Secure Third Parties IP: 10.2.6.2/24
Vendor VLAN GUEST VLAN
IP: 172.16.1.2/16

Business Endpoints Access Services

Use Cases
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Large Branch Design

SJC LT3 SJC AP5

Corporate Laptop AIR-CAP3702E-A-K9
DHCP: 10.3.3.5/24 IP: 10.3.1.213-5/24
FP-AMP-LC
Secure Web UMBRELLA-SUB G0/1
Host Firewall Wireless SSID: Employee

TRUNK
MGMT VLAN
SJC GD7 WDATA VLAN G0/1 - Gateway Trunk
Guest Device VOICE VLAN
DHCP: 172.16.1.5/16 GUEST VLAN
MANAGEMENT VLAN
IP: 192.168.1.3/24
Guest Wireless UMBRELLA-SUB DATA VLAN
Wireless SSID: Guest IP: 192.168.2.3/24
WDATA VLAN
IP: 192.168.3.3/24
SJC FP1 PCI VLAN
L-FPR4451-TAMC IP: 192.168.4.3/24
SJC PoS2 SJC WS5 SJC WS1 IP: 10.3.1.41/24
Branch Point of Sale WS-C3650-48PQ-S WS-C3650-48PQ-S VOICE VLAN
G1/11 G3/41 E1/7
STATIC: 10.3.4.5/24 IP: 10.3.1.21/24 IP: 10.3.1.11/24 IP: 192.168.5.3/24
FP-AMP-LC VENDOR VLAN
Secure Applications UMBRELLA-SUB P0 E1/2 G1/1 G1/5 G1/48 E1/2 E1/1 G0/1 G3/0/1
Host Firewall PCI VLAN TRUNK IP: 192.168.6.3/24
WAN
TRUNK
IP: 198.51.100.91/24
GUEST VLAN
T1/1-4 T1/5-7 E1/8 SJC ISR1 IP: 172.16.1.3/16
ISR4351-K9

HSRP (.1)
IP: 192.168.255.11/32
SJC FP2
L-FPR4451-TAMC
SJC DT4 SJC PH2 SJC WS4 SJC WS2 SJC ISR2
WS-C3650-48PQ-S
IP: 10.3.1.42/24
ISR4351-K9 G0/1 - Gateway Trunk
Corporate Computer CP-9951-C-K9 WS-C3650-48PQ-S T1/1-4 E1/8
DHCP: 10.3.2.5/24 DHCP: IP: 10.3.5.5/24 IP: 10.3.1.22/24 IP: 10.3.1.12/24 IP: 192.168.255.12/32 MANAGEMENT VLAN
FP-AMP-LC IP: 192.168.1.2/24
Secure Communications UMBRELLA-SUB P1 P0 E1/2 G1/1 G1/6 G1/48 E1/2 E1/1 G0/1 G3/0/2 DATA VLAN
Host Firewall TRUNK TRUNK TRUNK WAN IP: 192.168.2.2/24
Data VLAN
G3/41 E1/7 IP: 198.51.100.92/24
Voice VLAN G1/10 T1/5-7 WDATA VLAN
AIR-CTVM-K9 Web Security
E1/1
IP: 10.3.1.51/24 IP: 10.3.1.61/24 IP: 192.168.3.2/24
PCI VLAN
E1/0 IP: 192.168.4.2/24
SJC CTRL8 SJC WS3 VOICE VLAN
Building Controls WS-C3650-48PQ-S SJC UCS: 1-3 Unified
IP: 192.168.5.2/24
STATIC: 10.3.6.5/24 IP: 10.3.1.23/24 UCS-E160S-M3 Communications
IP: 10.3.11.5/24 Manager VENDOR VLAN
Secure Third Parties E1/2 G1/1 IP: 10.3.11.6/24 IP: 10.3.5.51/24 IP: 192.168.6.2/24
IP: 10.3.11.7/24
Vendor VLAN GUEST VLAN
IP: 172.16.1.2/16

Business Endpoints Access Collapsed Core Services

Use Cases and Distribution
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Campus Design
VOICE VLAN
MANAGEMENT VLAN
IP: 10.10.5.3/24
IP: 10.10.1.3/24
VENDOR VLAN
SJC LT3 SJC AP3-5 DATA VLAN
C9120AXE-A IP: 10.10.6.3/24 WSA-S390-K9 AIR-CT5520-K9
Corporate Laptop IP: 10.10.2.3/24 IP: 10.10.1.61/24 || 10.10.1.62/24 IP: 10.10.1.51/24 || 10.10.1.52/24
DHCP: 10.10.3.5/24 IP: 10.10.1.213-5/24 GUEST VLAN
WDATA VLAN SJC WSec1 SJC WSec2 SJC WC2 SJC WC3
Secure FP-AMP-LC
UMBRELLA-SUB
Wireless SSID: Employee
IP: 10.10.3.3/24
IP:
Email 172.16.1.3/16
Host Firewall PCI VLAN
Wireless SSID: Guest
G0 IP: 10.10.4.3/24
E0 E0 E0 E1 E0 E1

SJC SW3 G1/2 G2/2 G1/5 G2/5 G1/6 G2/6

SJC GD7 C9407R
Guest Device
SJC SW5 IP: 10.10.1.21/24
DHCP: 172.16.1.5/16 C9300-UX-A G11-13 T1/5
IP: 10.10.1.23/24
Guest UMBRELLA-SUB G0/1 G2/11 G2/3 SJC SSW2
Wireless SJC G1/1 C9300-24UX-A
G0/2 G2/12 T1/1-4 G2/1 FP1 G2/1 IP: 10.10.1.9/24
G21-44
T1/7 FP4150-X
IP: 10.10.1.41/24 E1/4

SJC SW1
C9404R T1/5 E1/1 E1/2 G3/0/1 G3/0/1
SJC PoS2 IP: 10.10.1.11/24
Branch Point of Sale WAN
STATIC: 10.10.2.5/24 E0 G0/1 T1/1-4 E1/3 SJC ISR1 IP: 198.51.100.91/24
SJC
Secure FP-AMP-LC
UMBRELLA-SUB P0 FPR3 E1/8
G1/4 G1/1 ISR4431-K9
IP: 10.10.255.21/32
Web Host Firewall DATA VLAN SJC WC3 FP2130-X
IP: 10.10.1.43/24
AIR-CT5520-K9 E1/8
IP: 10.10.1.53/24 E1 G0/2 SJC ISR2
G2/4 G2/1 ISR4431-K9
T1/1-4 E1/4
IP: 10.10.255.22/32
SJC SW2 SJC SSW1
C9404R T1/5 E1/1 E1/2 C9300-24U-A G3/0/1 G3/0/2
SJC DT4 SJC PH2 SJC SW6 IP: 10.10.1.12/24 IP: 10.10.1.8/24
Corporate Computer CP-9951-C-K9 C9300-24UX-A G0/1 G2/1 SJC WAN
IP: 10.10.1.24/24 G2/11 T1/1-4 E1/3 IP: 198.51.100.92/24
DHCP: 10.10.2.6/24 DHCP: 10.10.5.5/24 T1/7
FP2
Secure FP-AMP-LC
UMBRELLA-SUB P1 P0 G0/21-24 G0/2 G2/12 G2/3
FP4150-X
IP: 10.10.1.42/24
Communication Host Firewall
TRUNK
E1/6 E1/6

Data VLAN G0/3 T1/5

Voice VLAN
SJC SW4 SJC FI-1 E1/4 SJC FI-2
C9407R UCS-FI-6248UP UCS-FI-6248UP
IP: 10.10.1.22/24 IP: 10.10.1.81/24 IP: 10.10.1.82/24
E1/1-8 E1/1-8
VOICE VLAN
MANAGEMENT VLAN
SJC CTRL8 IP: 10.10.5.2/24
IP: 10.10.1.2/24 E1/1-8 E1/1-8 VM1 VM3
Building Controls VENDOR VLAN IP: 10.10.11.51/24 IP: 10.10.11.53/24
STATIC: 10.10.6.5/24 DATA VLAN
IP: 10.10.6.2/24
IP: 10.10.2.2/24
Secure GUEST VLAN
WDATA VLAN
Third Parties Vendor VLAN IP:
IP: 10.10.3.2/24
172.16.1.2/16 SJC SV-1 SJC SV-2 VM2
PCI VLAN IP: 10.10.11.52/24
UCSB-5108-AC2 UCSB-5108-AC2
IP: 10.10.4.2/24 IP: 10.10.1.83/24 IP: 10.10.1.84/24

Business Endpoints Access Distribution Core Services

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Use Cases
Building 2 Building 3
Campus Design: Floor [X] Floor [X]
Additional Floors and
Buildings

Building 1 Building 2 Building 3

Floor [X] Bottom Bottom
Floor Floor

Building 1
Bottom
Floor

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public *Diagrams available on LucidCharts
Campus Design: Additional Floor and Building
SJC LT3 SJC AP3-5
C9120AXE-A WSA-S390-K9 AIR-CT5520-K9
Corporate Laptop
DHCP: 10.11.3.5/24 IP: 10.11.1.203-205/24 IP: 10.10.1.61/24 || 10.10.1.62/24 IP: 10.10.1.51/24 || 10.10.1.52/24
SJC WSec1 SJC WSec2 SJC WC2 SJC WC3
Secure FP-AMP-LC
UMBRELLA-SUB
Wireless SSID: Employee

Email Host Firewall

Wireless SSID: Guest
G0
E0 E0 E0 E1 E0 E1

SJC SW3 G1/2 G2/2 G1/5 G2/5 G1/6 G2/6

SJC GD7 C9407R
Guest Device
SJC SW5 IP: 10.11.1.21/24
DHCP: 172.16.1.5/16 C9300-24UX-A G11-13 G2/10 T1/5
IP: 10.11.1.23/24
Guest
UMBRELLA-SUB G0/1 G2/11 G2/3 SJC SSW2
Wireless SJC G1/1 C9300-24UX-A
G0/2 G2/12 T1/1-4 G2/1 FP1 G2/1 IP: 10.10.1.9/24
G21-44
T1/7 FP4110-X
IP: 10.10.1.41/24 E1/4

SJC SW1
C9407R T1/5 E1/1 E1/2 G3/0/1 G3/0/1
SJC DT3 IP: 10.10.1.11/24
Corporate Computer WAN
STATIC: 10.11.2.5/24 E0 G0/1 E1/3 IP: 198.51.100.91/24
SJC
T1/1-4 T1/8 SJC ISR1
Secure FP-AMP-LC
UMBRELLA-SUB P0 FPR3 E1/8 G1/4 G1/1 ISR4431-K9
L0 IP: 10.10.255.21/32
Web Host Firewall DATA VLAN FP2130-X
IP: 10.11.1.41/24
SJC WC3 E1/8
AIR-CT5520-K9 E1 G0/2 SJC ISR2
G2/4 G2/1 ISR4431-K9
IP: 10.11.1.51/24 T1/1-4 E1/4
L0 IP: 10.10.255.22/32
SJC SW2 SJC SSW1
C9407R T1/5 E1/1 E1/2 C9300-24UX-A G3/0/1 G3/0/2
SJC DT4 SJC PH2 SJC SW6 IP: 10.10.1.12/24 IP: 10.10.1.8/24
Corporate Computer CP-9951-C-K9 C9300-24UX-A SJC WAN
G0/1 G2/11 T1/1-4 G2/1 IP: 198.51.100.92/24
DHCP: 10.11.2.6/24 DHCP: 10.11.5.5/24 IP: 10.11.1.24/24 T1/7 T1/8 E1/3
FP2
Secure FP-AMP-LC
UMBRELLA-SUB P1 P0 G0/21-24 G0/2 G2/12 G2/3
FP4110-X
IP: 10.10.1.42/24
Communication Host Firewall
TRUNK
E1/6 E1/6

Data VLAN G0/3 G2/10 T1/5

Voice VLAN
SJC SW4 SJC FI-1 E1/4 SJC FI-2
C9407R UCS-FI-6248UP UCS-FI-6248UP
IP: 10.11.1.22/24 IP: 10.10.1.81/24 IP: 10.10.1.82/24
E1/1-8 E1/1-8

SJC CTRL8 VM1 VM3

E1/1-8 E1/1-8
Building Controls IP: 10.10.11.51/24 IP: 10.10.11.53/24
STATIC: 10.11.6.5/24
Secure
Third Parties Vendor VLAN
SJC SV-1 SJC SV-2 VM2
IP: 10.10.11.52/24
UCSB-5108-AC2 UCSB-5108-AC2
IP: 10.10.1.83/24 IP: 10.10.1.84/24

Business Endpoints Access Distribution Core Services

Use Cases

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
To Additional Floor: Next Slide To Additional Building: Next Slide
Campus Design: Additional Campus Design: Additional From Additional Building
From Additional Floor
Floor Building
SJC LT13 SJC AP6-8
Corporate Laptop C9120AXE-A SJC AP25-28
DHCP: 10.11.3.13/24 IP: 10.11.1.206-208/24
SJC LT23
Corporate Laptop C9120AXE-A
Secure FP-AMP-LC Wireless SSID: Employee DHCP: 10.12.3.23/24 IP: 10.12.1.225-8/24
UMBRELLA-SUB
Email Host Firewall
Secure FP-AMP-LC Wireless SSID: Employee
UMBRELLA-SUB
Wireless SSID: Guest
G0
Email Host Firewall
Wireless SSID: Guest
G0

SJC GD11 SJC

Guest Device
SJC SW7
C9300-24UX-A G11-13 SJC GD27 SW21
DHCP: 172.16.1.11/16
IP: 10.11.1.27/24 Guest Device
SJC SW23 C9407R
Guest DHCP: 172.16.1.27/16 C9300-24UX-A
IP: 10.12.1.23/24
G11-13 IP: 10.12.1.21/24
T1/5
G2/10
Wireless
UMBRELLA-SUB G0/3 G0/1
Guest
UMBRELLA-SUB G0/1 G2/11 G2/3
G0/4 G0/5 G0/2 Wireless
G21-44 G0/2 G2/12 T1/1-4 G2/1

SJC DT13 SJC WC21

Corporate Computer AIR-CT5520-K9
STATIC: 10.11.2.13/24
SJC DT23 IP: 10.12.1.51/24
Corporate Computer
Secure FP-AMP-LC STATIC: 10.12.2.23/24 E0 G0/1
UMBRELLA-SUB P0
Web Host Firewall DATA VLAN
Secure FP-AMP-LC
UMBRELLA-SUB P0
Web Host Firewall DATA VLAN

E1 G0/2
SJC FPR21
FP2130-X
SJC DT14 IP: 10.12.1.51/24
Corporate Computer SJC DT24 SJC PH2 SJC SW24
DHCP: 10.11.2.14/24
Corporate Computer CP-9951-C-K9 C9300-24UX-A
Secure FP-AMP-LC DHCP: 10.12.2.24/24 DHCP: 10.12.5.12/24 IP: 10.12.1.24/24
G0/1 G2/11 T1/1-4 G2/1
UMBRELLA-SUB P1
Communication Host Firewall TRUNK Secure FP-AMP-LC
UMBRELLA-SUB P1 P0 G0/21-24 G0/2 G2/12 G2/3
Data VLAN Communication Host Firewall
Voice VLAN TRUNK
Data VLAN G0/3 G2/10 SJC T1/5
Voice VLAN SW22
C9407R
IP: 10.12.1.22/24
SJC CTRL18
Building Controls SJC CTRL28
STATIC: 10.11.6.18/24 Building Controls
Secure STATIC: 10.12.6.28/24
Third Parties Vendor VLAN
Secure
Third Parties Vendor VLAN

To Additional Floor: This Building

Business Endpoints Access Business Endpoints Access Distribution

Use Cases
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Use Cases
WAN

WAN WAN WAN WAN WAN WAN

IP: 198.51.100.91/24 IP: 198.51.100.92/24 IP: 198.51.100.93/24 IP: 198.51.100.94/24 IP: 198.51.100.95/24 IP: 198.51.100.96/24

G1/0/1 G1/0/1 G1/0/1 G1/0/1 G1/0/1 G1/0/1

WAN-R-1 WAN-R-2 WAN-R-3 WAN-R-4 WAN-R-5 WAN-R-6
ASR-1002-X ASR-1002-X ASR-1002-X ASR-1002-X ASR-1002-X ASR-1002-X
IP: 10.16.9.111 IP: 10.16.9.112 IP: 10.16.9.113 IP: 10.16.9.114 IP: 10.16.9.115 IP: 10.16.9.116

G3/0/1 G3/0/1 G3/0/1 G3/0/1 G3/0/1 G3/0/1

E1/1 E1/2 E1/3 E1/1 E1/2 E1/3

WAN-S-1 Virtual Switch Stack SFO-FS-22

C9300-24-A/2 E1/7 E0 ST-FS4210-K9
IP: 10.16.200.31/24
IP: 10.16.99.22/24

E1/7 E1/8 E1/9 E1/7 E1/8 E1/9

VLAN 401 VLAN 402 VLAN 403

HA IP 10.16.201.21/24 HA IP 10.16.202.21/24 HA IP 10.16.203.21/24

E1/1 E1/1 WAN-FW-2 E1/1 E1/1 WAN-FW-4 E1/1 E1/1

FPR-4145 FPR-4145
WAN-FW-1 M0: 10.16.99.222 M0: 10.16.99.224 WAN-FW-6
FPR-4145 E1/8 E1/8 E1/8 E1/8 E1/8 E1/8 FPR-4145
M0: 10.16.99.221 WAN-FW-3 WAN-FW-5 M0: 10.16.99.226
FPR-4145 FPR-4145
E1/2 E1/2 M0: 10.16.99.223 E1/2 E1/2 M0: 10.16.99.225 E1/2 E1/2
HA IP 10.16.30.21/24 HA IP 10.16.30.22/24
HA IP 10.16.30.23/24
VLAN 30 VLAN 30
VLAN 30

E1/1 E1/2 E1/3 E1/1 E1/2 E1/3

WAN-S-3 SFO-FS-23
Virtual Switch Stack E1/7 E0 ST-FS4210-K9
C9300-24-A/2 IP: 10.16.200.41/24 IP: 10.16.99.23/24

E1/9 E1/8 E1/9 E1/8

TO THE TO THE
ENTERPRISE ENTERPRISE
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
CORE
Services CORE
Data Center Design
SFO SIEM-
SFO NF-EP-1 SFO NF-UDP-1
L-SW-EL-XY-S8 L-ST-UDP-VE-K9 1 SFO FTD-C1a-m
IP: 10.16.41.23/24 IP: 10.16.41.24/24 L-SIEM
IP: 10.16.41.91/24 FPR9K-SM48-FTD-BUN
SFO A-SW-5
SFO A-SW-3 IP: 10.16.67.11-22/24 N9K-C93240YC-FX2
N9K-C93240YC-FX2 IP: 10.16.68.25/24 E1/1-4
IP: 10.16.68.23/24 E1/20-21 E1-2 SFO LB-1 E1-2 E1/20-21 E1/5-8
10.16.11.10/3 RW-NG6420 E1/9-12 E1/1-4 SFO B-SRV-1a-h
E1/22-23 E3-4 E3-4 E1/22-23
0
IP: 10.16.69.11/24 E1/13-16 UCSB-5108-AC2
SFO C-SRV-9 SFO C-SRV-11 E1/45-46 E1/24-25 E1/24-25 E2/1-4 IP: 10.16.61.111-118/24
UCSC-C240-M5 UCSC-C240-M5 E1/47-48 E1/26-27 E1/26-27 E1/20-21
IP: 10.16.42.109/24 IP: 10.16.42.111/24 10.16.12.10/3 E1-2 SFO LB-2 E1-2 E1/31-34
E0 E1 E0 E1
0 E1/41-42
E3-4 RW-NG6420 E3-4
E1/41-42 E1/1-4 SFO B-SRV-2a-h
E1/43-44 E1/43-44 E1/35-37
IP: 10.16.69.12/24 E2/1-4 UCSB-5108-AC2
IP: 10.16.61.121-128/24
SFO WLC-G1 SFO NS-1 E1-2 SFO TLS-1 E1-2 SFO B-SRV-3a-h
UCSC-C240-M5 UV-APP4000 E1/1-4 E1/1-4
U9800-80-K9 E3-4 E3-4 UCSB-5108-AC2
IP: 10.16.41.81/24 IP: 10.16.1.1/24 E1/20-21 IP: 10.16.69.21/24 E1/20-21 E1/5-8 E2/1-4
10.16.11.14/3
E1/22-23 E1/9-12 SFO A-SW-6 IP: 10.16.61.131-138/24
E1/22-23
SFO LOG-1 E0 E0 SFO NF-CON-1 SFO FS-3
0
E1/45-46 E1/24-25 E1-2 SFO TLS-2 E1-2 E1/13-16
UCSC-C240-M5 ST-SMC2210-K9 ST-FS4210-K9 UV-APP4000
E1/24-25 N9K-C93240YC-FX2
E1/1-4 SFO B-SRV-4a-h
E1/47-48 E1/26-27 E3-4 E3-4 E1/26-27 E1/20-21 IP: 10.16.68.26/24
IP: 10.16.41.51/24 IP: 10.16.41.31/24 IP: 10.16.99.113/24 10.16.12.14/3 IP: 10.16.69.22/24 E2/1-4 UCSB-5108-AC2
SFO NF-FC- E0 E0
0 E1/41-42 E1/41-42 E1/31-34 IP: 10.16.61.141-148/24
1 SFO ISE-1 SFO A-SW-4 E1/43-44 E1/43-44 E1/35-37
SNS-3655-K9 N9K-C93240YC-FX2 SFO C-SRV-13
ST-FC5210-K9
IP: 10.16.41.21/24 IP: 10.16.41.61/24 E1-2
IP: 10.16.68.24/24 UCSC-C240-M5
E0 E0 E1 E1/41-42 E1/41-42 E3-4
IP: 10.16.61.213/24
E1/43-44 E1/43-44 E0 E1
SFO CORE-1 SFO A-SW-2 SFO SAN-1
SFO DSW-1 E1/45-46 E1/45-46 E1-4
E2/11
E2/12
E2/10

E2/13
E2/14
E2/15
E2/16
E2/9

N9K-C9504-10GE N9K-C9504 NAP-FAS8020

N9K-C9504-10GE 10.16.11.9/3 E1/47-48 E1/47-48 E5-8
IP: 10.0.0.1/32 E3/1
E2/3-4 0 SFO A-SW-1 IP: 10.16.68.12/24 IP: 10.16.62.101/24
IP: 10.16.99.21/24 10.16.11.2/3
0
10.16.11.1/3 10.16.11.13/3
E1/40 N9K-C9504 E1/40 SFO DC-APIC-
0
E2/2-3 E4/3-4 0
E3/2-3
Softw 1
10.16.11.17/3 10.16.11.26/3 10.16.12.26/3
E1/5-6 E2/1-2 0 0
IP: 10.16.68.11/24 0
E3/4-5 E4/4-5 10.16.11.21/3
10.16.11.6/3 10.16.11.5/3 E4/1-2 010.16.11.25/3 IP: APIC-CLUSTER-M3
10.16.68.101-103/24
TO THE E2/8
E2/7
E1/1-4 0 0
E3/40 0 are
Multi-Site
ENTERPRISE E2/7 10.16.12.25/3 IPN Defin
E1/1-4
EDGE E2/8 10.16.12.2/3
0
10.16.12.1/3
0
E3/40 10.16.12.9/3
0

E4/3-4 010.16.12.13/3 ed
E3/4-5 E4/4-5
E1/5-6 E2/3-4 010.16.12.17/3
E2/2-3 E3/2-3
10.16.12.6/3 10.16.12.5/3
SFO DSW-2 0 0
E3/1
E2/1-2 010.16.12.21/3 SFO LB-3 SFO FSW-1 SFO FTD-C-2a-c
SFO CORE-2 E4/1-2 0
E2/11
E2/12
E2/10

E2/13
E2/14
E2/15
E2/16

RW-NG6420 FPR9K-SM48-FTD-BUN
E2/9

N9K-C9504-10GE N9K-C93240YC-FX2
IP: 10.16.99.22/24 N9K-C9504-10GE IP: 10.16.89.11/24 IP: 10.16.88.11/24 IP: 10.16.87.11-13/24
IP: 10.0.0.1/32 SFO B-SRV-5a-h
E1-2 E1-2 E1/1-4
E3-4 E3-4 E2/1-4 UCSB-5108-AC2
E0 E0 E1 SFO FSW-3 IP: 10.16.81.151-158/24
SFO NF-FC- SFO ISE-2 APP1 VLAN UCS-FI-6332-16UP
IP: 10.16.2.1/24 IP: 10.16.88.13/24 E1/1-4
E1/1-4
SFO B-SRV-6a-h
2 E0 E0
SNS-3655-K9 10.16.11.18/3 E1/1-2 E1/5-6 APP2 VLAN E1/5-8 UCSB-5108-AC2
ST-FC5210-K9 IP: 10.16.41.61/24 E2/1-4
IP: 10.16.41.22/24 0 E1/45-46 E1/41-42 IP: 10.16.3.1/24 E1/41-42 E1/9-12 IP: 10.16.81.161-168/24
SFO FS-4 10.16.12.18/3
0 E1/47-48 E1/43-44 PCI VLAN E1/43-44 E1/13-16
SFO LOG-2 SFO NF-CON-2 ST-FS4210-K9 E1/7-8
IP: 10.16.4.1/24
E1/20-21 SFO B-SRV-7a-h
IP: 10.16.99.114/24 E1/3-4 HIPAA VLAN E1/1-4
UCSC-C240-M5 E0 E0 ST-SMC2210-K9 T1/1-4 UCSB-5108-AC2
IP: 10.16.41.52/24 IP: 10.16.5.1/24 FC1-4 E2/1-4
IP: 10.16.41.32/24 L1-L2 IP: 10.16.81.171-178/24
VM2 VLAN
SFO WLC-G2 SFO NS-2 IP: 10.16.81.1/24
SFO B-SRV-8a-h
U9800-80-K9 UCSC-C240-M5 SAN2 VLAN
L1-L2 E1/1-4
IP: 10.16.41.82/24 IP: 10.16.1.2/24 IP: 10.16.82.1/24 E2/1-4 UCSB-5108-AC2
T1/1-4 E1/1-4
LB2 VLAN IP: 10.16.81.181-188/24
10.16.11.22/3 E1/1-2 E1/5-6 IP: 10.16.89.1/24 E1/5-8
E0 E1 E0 E1 0 E1/45-46 E1/43-44 E1/43-44 E1/9-12
SFO C-SRV-10 SFO C-SRV-12 10.16.12.22/3
0 E1/47-48 E1/41-42
FP2 VLAN
IP: 10.16.87.1/24 E1/41-42 E1/13-16
SFO C-SRV-14
UCSC-C240-M5 UCSC-C240-M5 E1/1-4 UCSC-C240-M5
E1/3-4 E1/7-8 MGMT VLAN E1/20-21
IP: 10.16.42.110/24 IP: 10.16.42.112/24 IP: 10.16.81.214/24
IP: 10.16.88.1/24
SFO FSW-4 FC1-4
UCS-FI-6332-16UP
E1-2 E1-2 IP: 10.16.88.14/24 FC1-4 SFO SAN-2
E3-4 E3-4 FC5-8 NAP-FAS8020
SFO SIEM- IP: 10.16.82.102/24
SFO FMC-1 SFO MSO-1a-c SFO LB-4 SFO FSW-2
FS-VMW-SW-K9 ACI-MSITE-VAPPL=
2 SFO FTD-C-2d-f
L-SIEM RW-NG6420 N9K-C93240YC-FX2 FPR9K-SM48-FTD-BUN
IP: 10.16.41.9/24 IP: 10.16.41.11-13/24 IP: 10.16.41.92/24
IP: 10.16.89.12/24 IP: 10.16.88.12/24 IP: 10.16.87.14-16/24

Distri
Servi All rights reserved. Cisco Public
© 2021 Cisco and/or its affiliates. Acce Endp
Core butio
ces ss oints
DMZ ESA-1
IP:
ESA-C690
DMZ ESA-2
IP:
ESA-C690
DMZ WSA-1
IP:
WSA-C690
DMZ WSA-2
WSA-C690
IP:
DMZ WC-1
AIR-CT5520
IP:
DMZ WC-2
AIR-CT5520
IP:
Edge Design
192.168.99.151/24 192.168.99.152/24 192.168.99.161/24 192.168.99.162/24 192.168.99.171/24 192.168.99.172/24

E1 E0 E1 E0 E0 E0 E1 E0 E1 E0
VLAN 103 VLAN 101 VLAN 104
VLAN 102 VLAN 105

E1/10 E1/9 E1/8 E1/7 E1/6 E1/10 E1/9 E1/8 E1/7 E1/6 DMZ UCSB-1 DMZ UCSB-2
5108 w/UCS-FI-M-6324 5108 w/UCS-FI-M-6324
IP: IP:
192.168.99.81/24 192.168.99.82/24
DMZ SW-8 Peer Link DMZ SW-7
N3K-C3172PQ-10GE
IP:
N3K-C3172PQ-10GE
IP:
192.168.99.108/24 E1/5 E1/1-4 E1/1-4 E1/5 192.168.99.107/24
Peri
mete TRUNK
HA 192.168.101.1/24|.102.1/24|.103.1/24|.104.1/24|.105.1/24
r E1/2 E1/2
SJC FPR- SFO FS-1
Servi 1 E1/8 E1/8
DMZ FPR-2
FP-9300-24
Web Server-1 Web Server-2 Web Server-2
ST-FS4210-K9
ces FP-9300-24
M0: 192.168.99.21/24 M0: 192.168.99.22/24
IP:
10.16.99.111/24
E1/1 E1/3 E1/1 E1/3 E0
HA IP 192.168.200.51/24

DMZ ASR-1 SFO DSW-1

HA IP 203.0.113.51/24 DMZ FPR-3 DMZ FPR-4 E1/7 N9K-C9504-10GE
ASR-9904-K9
WAN FP-9300-24 FP-9300-24
E1/5
IP:
203.0.113.11/2 M0: 192.168.99.23/24 M0: 192.168.99.24/24 VLAN 22 10.16.99.21/24
IP: 198.51.100.91/24 4
G3/0/1
DMZ SW-6 DMZ SW-5 E1/8
N3K-C3172PQ-10GE N3K-C3172PQ-10GE E1/6
M0 IP:
E1/5 E1/7 192.168.99.106/24 E1/7 E1/5 E1/2 E1/11-18 E1/11-18
192.168.99.105/24
E1/1-4

VLAN 21
IP 203.0.113.1/24

TO THE

HSRP
TO THE
ENTERPRISE
HSRP

E1/1-4 E1/1-4 E1/8 E1/8 E1/2 E1/1 E1/1-4 E1/1-4 E1/1

INTERNET DMZ ASR-2
ASR-9904-K9 Peer Link E1/1-4 CORE
203.0.113.12/2 E1/9 E1/8 E1/6 E1/9 E1/8 E1/6 E1/6 E1/5 E1/6 E1/5
E1/1 E1/1

N3K-C3172PQ-10GE
N3K-C3172PQ-10GE
4 E1/5

192.168.99.103/24
IP:
192.168.99.104/24
IP:

DMZ SW-3
DMZ SW-4
G3/0/1 HA IP 203.0.113.41/24 E1/8
WAN VLAN 21 E1/6
IP: 198.51.100.92/24 VLAN 22 SFO DSW-2
E1/7 N9K-C9504-10GE
IP:
10.16.99.22/24
E0 E1 E0 E1

HA IP 203.0.113.21/24 HA IP 203.0.113.31/24
DMZ-WAN-3 DMZ-WAN-4
HA IP 192.168.200.31/24 E0
DMZ RA-1 DMZ RA-2 IP:
vSDWAN IP:
vSDWAN
FP-4145 E1/1 E1/1 FP-4145 E1/1 E1/3 E1/1 E1/3 192.168.2.11/24 192.168.2.11/24 SFO FS-2
M0: 192.168.99.31/24 M0: 192.168.99.32/24 ST-FS4210-K9
IP:
E1/8 E1/8 E1/8 E1/8 10.16.99.112/24
DMZ FPR-5 DMZ FPR-6
FP-9300-40 FP-9300-40 G1/0/2 G1/0/1 G1/0/2 G1/0/1
E1/2 E1/2 M0: 192.168.99.25/24 E1/2 E1/2 M0: 192.168.99.26/24 SSL-VIP-1 WebAppFW-1 Loadbalancer-1
VLAN 301
HA IP 192.168.30.21/24 HA IP 192.168.30.1/24 | 192.168.32.1/24 HSRP
VLAN 300 TRUNK VLAN 302
HSRP
DMZ RAD-1 DMZ RAD-2
RW-ALT-5412 RW-ALT-5412
IP: IP:
VPN 192.168.99.51/24 192.168.99.52/24 DMZ
DMZ SW-10 E1/8 E1/7 E1/6 DMZ SW-9
E1/9 E1/8 E1/7
N3K-C3172PQ-10GE Peer Link N3K-C3172PQ-10GE
M0: 192.168.99.110/24 M0: 192.168.99.109/24
E1/9 E1/1-4 E1/1-4 E1/6

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Design Diagrams
Cloud Provider Standardized notation is used in combination with SAFE iconography

Cloud Provider
Resource Segment

SAFE Design Icon

Network Flow Line

Provider Design Icon

Domain Address

Network Border
Border is used to group
a complete network or a
collection of areas within
a network.

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Service provider cloud icons can be found in the LucidCharts shapes library, as well as the providers websites (links in footnote).
AWS Cloud AWS
Availability Zone: us-west-2a
Cloud
Virtual Private Cloud
10.20.15.11\24 10.20.17.11\24
10.20.11.11\24 10.20.11.21\2 10.20.11.11\24 Auto Auto
4
Scaling Scaling Read
Left:
Amazon Web Services
Tetration AM
Replica
Web
P

Application
Firewall IaaS Design with 3-Tier Web Application
wp.cisco.com
wp-lb-123456789.us-west-2.elb.amazonaws.com

Application
Load
Balancer Enterprise Enterprise Enterprise
Load Load Load
Balancer Balancer Balancer
Master

10.20.12.11\24 10.20.12.21\24 10.20.14.11\24 10.20.16.11\24 10.20.18.11\24

DDOS SD-WAN Web Server App Server RDS DB
RW-vDOS-M5 vEdge or vMX EC2-M5 EC2-M5 Instance Below:
Availability Zone: us-west-2b Amazon Web Services
Amazon
Private
AWS
Direct
AWS General
Internet
IaaS with Virtual Firewall Design and
Link Connect Gateway 3-Tier Web Application

AWS Cloud
Availability Zone: us-west-2a

Virtual Private Cloud

Auto 10.20.15.11\24 10.20.17.11\24
10.20.11.11\24 10.20.11.21\2
4
10.20.13.11\24 10.20.13.21\24 10.20.13.31\24 Auto
Scaling Scaling Read
Tetration AM
P Replica

wp.cisco.com
wp-lb-123456789.us-west-2.elb.amazonaws.com

Application
Load
Balancer Enterprise Enterprise Enterprise
Load Load Load
Balancer Balancer Balancer
Master

10.20.12.11\24 10.20.12.21\24 10.20.14.11\24 10.20.14.21\24 10.20.14.31\24 10.20.16.11\24 10.20.18.11\24

DDOS SD-WAN NG FW Web App FW Web Server App Server RDS DB
RW-vDOS-M5 vEdge or vMX FTDv or ASAv EC2-M5 EC2-M5 EC2-M5 Instance

Availability Zone: us-west-2b

Amazon AWS AWS General
Private Direct Internet
Link and/orConnect
© 2021 Cisco Gateway
its affiliates. All rights reserved. Cisco Public
Azure
Microsoft Azure
Cloud
Virtual Networks
10.21.12.11\24 10.21.12.21\2 10.21.14.11\24 10.21.16.11\24 10.21.18.11\24
4
Left:
Application
Microsoft Azure
Tetration AM
P

Gateway
WAF IaaS Design with 3-Tier Web Application

Load Load
Traffic Balancers Balancers
Manager L7 LB
Profiles

10.21.12.12\24 10.21.12.22\24 10.21.14.12\24 10.21.16.12\24 10.21.18.12\24

DDOS SD-WAN Web Server App Server Data Base
RW-vDOS-M5 vEdge or vMX Standard_D16s_v3 Standard_D16s_v3 SQL Server Below:
Microsoft Azure
Virtual
Network
Express
Route
Internet
Gateways
IaaS with Virtual Firewall Design and
Gateways Circuits 3-Tier Web Application

Microsoft Azure

Virtual Networks
10.21.12.11\24 10.21.12.21\2 10.21.14.21\24 10.21.14.31\24 10.21.14.11\24 10.21.16.11\24 10.21.18.11\24
4

Tetration AM
P

Application
Load Load Load Load
Balancer Balancers Balancers Balancers

10.21.12.22\24 10.21.14.22\24
10.21.12.12\24
NG 10.21.14.32\24 10.21.14.12\24 10.21.16.12\24 10.21.18.12\24
DDOS SD-WAN Web App FW Web Server App Server RDS DB
RW-vDOS-M5 vEdge or vMX FW Standard_D16s_v3 Standard_D16s_v3 EC2-M5 Instance
FTDv

Virtual Express Internet

Network Route Gateways
© 2021 Gateways
Cisco and/or Circuits
its affiliates. All rights reserved. Cisco Public
Google Cloud Platform
Google Cloud
Virtual Private Cloud
Region: us-central1
Platform
Zone: us-central1a
Subnet 1 Subnet 2 Subnet 3 Subnet 4
10.22.12.11\24 10.22.12.21\2 10.22.14.11\24 10.22.16.11\24 10.22.18.11\24
4

Tetration AM
Left:
Google Cloud Platform
P

Cloud
Cloud
Router
Armor
IaaS Design with 3-Tier Web Application

Cloud Cloud Cloud

Load Load Load
Balancing Balancing Balancing

10.22.12.12\24 10.22.12.22\24 10.22.14.12\24 10.22.16.12\24 10.22.18.12\24

DDOS SD-WAN Web Server App Server Data Base
RW-vDOS-M5 vEdge or vMX n1-standard-16 n1-standard-16 Cloud SQL
Zone: us-central1b Below:
Google Cloud Platform
IaaS with Virtual Firewall Design and
Cloud Cloud Internet
VPN Interconnect Gateway 3-Tier Web Application
Google Cloud Platform
Virtual Private Cloud
Region: us-central1 Zone: us-central1a
Subnet 1 Subnet 2 Subnet 3 Subnet 4
10.22.12.11\24 10.22.12.21\2 10.22.14.21\24 10.22.14.31\24 10.22.14.11\24 10.22.16.11\24 10.22.18.11\24
4

Tetration AM
P

Cloud
Router

Load Cloud Cloud

Balancers Load Load
Balancing Balancing

10.22.12.22\24 10.22.14.22\24
10.22.12.12\24
NG 10.22.14.32\24 10.22.14.12\24 10.22.16.12\24 10.22.18.12\24
DDOS SD-WAN Web App FW Web Server App Server Data Base
RW-vDOS-M5 vEdge or vMX FW n1-standard-16 n1-standard-16 n1-standard-16 Cloud SQL
FTDv
Zone: us-central1b

Cloud
Cloud and/or
© 2021 Cisco InternetAll rights reserved. Cisco Public
its affiliates.
VPN Interconnect Gateway
SAFE Icon Library

1. Capability

If you need to customize the

SAFE capabilities flows,
2. Architecture architectures or designs,
you’ll find the icons on the
following slides.
Cisco FP2110
FW-B4123-G

3. Design

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Human Icons
Users: Rogue: Identity: Identity Directory • Cisco Identity Services Engine Appliance
Employees, third parties, Attackers accessing restricted Identity-based access.
customers, and administrators. information resources. • Cisco Identity Services Engine Virtual Appliance
• Cisco Duo

Identity
Identity
Directory

Rogue: Multi-Factor Authentication: • Cisco Duo

Attackers accessing restricted Identity-based access based on
information resources. something you know, something
you have, and something you
are.

Multi-Factor
Authentication

Rogue: Federation:
Attackers accessing restricted Identity-based on Federated
information resources. Identity.

Federation

CEO Clerk Customer Expert Guest Manager Remote Secure Shareholder

Employee Partner

Identity
Directory

Person People MS Active MS Active

Directory Directory

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Devices Icons
Clients: Malware: Client-Based Security: Corporate Device • Cisco Advanced Malware Protection for Endpoints
Devices such as PCs, Viruses, malware, and attacks This capability represents
laptops, that compromise systems. multiple types of security • Cisco Umbrella
smartphones, tablets. software to protect clients. • Cisco AnyConnect
• Built-in OS Firewall or Partner Products

Client-Based
Workstation Corporate Device
Security

Malware: Anti-Malware • Cisco Advanced Malware Protection for Endpoints

Viruses, malware, and attacks
that compromise systems.

Anti-Malware

Virus: Anti-Virus • Cisco Advanced Malware Protection for Endpoints (TETRA)

Viruses compromising
systems.

Anti-Virus

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Devices Icons
Clients: Exploit Redirection: Personal Firewall Corporate Device • Built-in OS Firewall
Devices such as PCs, Unauthorized access and
laptops, malformed packets connecting • Partner Products
smartphones, tablets. to client.

Firewall
Workstation Corporate Device

Phish Link: Cloud Security: • Cisco Umbrella - Secure Internet Gateway (SIG)
Redirection of user to malicious Combination icon representing
web site. several security capabilities • Cisco AnyConnect Agent
provided by the cloud. • Cisco Cloudlock
• Cisco Web Security Appliance
• Cisco Meraki MX
Cloud Security
• Cisco Firepower with URL Filtering
• Cisco Viptela SD-WAN
Botnets DDOS: Posture Assessment: • Cisco AnyConnect Agent
Compromised devices Client endpoint
connecting to infrastructure. compliance verification • Cisco Identity Services Engine
and authorization. • Cisco Meraki MDM

Posture
Assessment

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Devices Icons
Voice: Rogue: Phone • Cisco Unified Communications
Phone Attacker accessing private
information. • Cisco IP Phones

phone
Phone

Video: Rogue: Video Endpoint • Cisco Unified Communications

Displays, collaboration, Attacker accessing private
smartboards. information. • Cisco Telepresence
• Cisco WebEx Teams
• Cisco IP Phones

Video Video Endpoint

Endpoint

Autonomous Device: Rogue: Environmental Controls • Partner devices and controllers

Building controls, manufacturing Attacker accessing private
systems, automation. information.

sensor
Environmental
Controls

Server Building Server Camera Building

Controls Controls

Corporate Corporate Mobile Phone Video Endpoint Actuator Sensor Automated

Device Wireless Device System

Corporate Corporate Mobile Phone Video Endpoint Actuato Sensor Automated

Device Wireless Device r System

Phone Video Endpoint Automated

System

Standardized Infrastructur
System e
Images Redundancy

Server Building Server Camera Building

Controls Controls

Cell Tower Cell Tower Vehicle Vehicle Vehicle

Commercial Consumer Flight

Vehicle Vehicle Vehicle Flight

Commercial Consume
r

Vehicle Vehicle Vehicle IOT IOT IOT IOT IOT IOT IOT
Commercial Consume Flight Endpoint Endpoint Endpoint Endpoint Endpoint Endpoint Endpoint
r Actuator Engine Gauge Gauge HMI PLC Pump

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Icons
Wired Network: Exploit Redirection: Firewall: Firewall • Cisco Adaptive Security Appliance (ASA)
Physical network infrastructure; Unauthorized access and Stateful filtering and protocol
routers, switches, used to malformed packets connecting inspection. • Cisco Firepower Appliance
connect access, distribution, to client. • Cisco Next Generation Firewall
core, and services layers
together • Cisco Next Generation Firewall Virtual

Firewall
Firewall

L2/L3 Router
Network
Exploit Redirection: Intrusion Prevention: Intrusion Prevention • Cisco Adaptive Security Appliance (ASA)
Attacks using worms, viruses, Blocking of attacks by
or other techniques. signatures and anomaly • Cisco Firepower Appliance
analysis. • Cisco Next Generation Intrusion Prevention System
Fabric Distribution
Switch Switch • Cisco Next Generation Intrusion Prevention System Virtual

Intrusion Prevention
Intrusion
Acces Prevention
s
Switch
Unauthorized Network Access: Tagging: Switch • Cisco Adaptive Security • Cisco Aggregation Services
Lateral spread of infiltration. Policy-based, software-defined Appliance (ASA) Routers
segmentation. • Cisco Firepower Appliance • Cisco Nexus Switches
• Cisco Catalyst Switches • Cisco ACI Fabric
• Cisco Wireless Controller and • Cisco DNA Fabric
Access Points
• Cisco Tetration
• Cisco Identity Services Engine
Tagging
Switch
• Cisco Integrated Services
Routers

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Icons
Wired Network: Unauthorized Network Access: Microsegmentation Switch • Cisco Adaptive Security • Cisco Aggregation Services
Physical network infrastructure; Lateral spread of infiltration. Appliance (ASA) Routers
routers, switches, used to • Cisco Firepower Appliance • Cisco Nexus Switches
connect access, distribution,
• Cisco Catalyst Switches • Cisco ACI Fabric
core, and services layers
together • Cisco Wireless Controller and • Cisco DNA Fabric
Access Points
• Cisco Tetration
• Cisco Identity Services Engine
Microsegmentation
Switch
• Cisco Integrated Services
L2/L3 Router Routers
Network
• Cisco Adaptive Security • Cisco Aggregation Services
Appliance (ASA) Routers
• Cisco Firepower Appliance • Cisco Nexus Switches
• Cisco Catalyst Switches • Cisco ACI Fabric
Fabric Distribution
Switch Switch • Cisco Wireless Controller and • Cisco DNA Fabric
Access Points
• Cisco Tetration
• Cisco Identity Services Engine
Microsegmentation
Switch
• Cisco Integrated Services
Acces
s Routers
Switch

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Icons
Wireless Network: Malware: Mobile Device MDM Appliance • Cisco Identity Services Engine
Physical network infrastructure; Compromised devices Management (MDM):
access points and controllers connecting to infrastructure. Endpoint access control • Cisco Meraki Mobile Device Management
used to connect mobile devices based on policies.
to the access layer.

Mobile Device
Management (MDM) MDM Appliance

Wireless

Rogue: Wireless Rogue Detection: Wireless LAN Controller • Cisco Catalyst Switches with Unified Access
Unauthorized access and Detection and containment of
disruption of wireless network. malicious wireless devices not • Cisco Wireless Controller and Access Points
controlled by the company. • Cisco Mobility Services Engine

Wireless Rogue
Detection Wireless LAN
Controller

Rogue: Wireless Intrusion Prevention Wireless Access Point • Cisco Catalyst Switches with Unified Access
Attacks on the infrastructure (WIPS):
via wireless technology. Blocking of wireless attacks by • Cisco Wireless Controller and Access Points
signatures and anomaly
analysis.

Wireless Intrusion
Prevention (WIPS) Wireless
Access Point

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Icons
Analysis: Malware: Anti-Malware for Networks: Firewall • Cisco Advanced Malware Protection for Networks
Telemetry and analysis of Malware distribution across Identify, block, and analyze
traffic across the enterprise. networks or between servers malicious files and • Cisco Next Generation Firewall
and devices. transmissions. • Cisco Next Generation Firewall Virtual
• Cisco Next Generation Intrusion Prevention System
• Cisco Next Generation Intrusion Prevention System Virtual
Network
Anti-Malware Firewall

Analytic
Engine
Advanced Threat: Threat Intelligence: Threat Intelligence • Cisco Collective Security Intelligence
Zero-day malware and attacks. Contextual knowledge is a capability leveraged
of emerging hazards. by many systems and • Cisco Global Threat Analytics and Encrypted Traffic Analytics
not deployed separately; • Cisco Talos Security Intelligence
there is no dedicated
architecture icon. • Cisco Firepower Management Center
• Cisco Umbrella Investigate
Threat
Intelligence • Cisco AMP Console – Telemetry
• Cisco Stealthwatch Management Console
Exfiltration: Flow Analytics: Flow Sensor Flow Sensors and Collectors: • Cisco NetFlow Generation
Traffic, telemetry, and data Network traffic metadata Appliance
• Cisco Integrated Services
exfiltration from successful identifying security Incidents. Router • Cisco Stealthwatch Flow
attacks. Sensor
• Cisco Adaptive Security
Appliance Analysis:
• Cisco Wireless LAN Controller • Cisco Stealthwatch
Management Console
• Cisco Catalyst Switch
Flow Analytics
Flow Sensor • Cisco Stealthwatch Cloud
• Cisco Nexus Switch

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Icons
WAN: Exfiltration: VPN Concentrator: VPN Concentrator • Cisco Adaptive Security Appliance (ASA)
Public and untrusted Wide Area Traffic, telemetry, and data Encrypted remote access.
Networks that connect to the exfiltration from successful • Cisco Firepower Appliance
company, such as the Internet. attacks. • Cisco Next Generation Firewall
• Cisco Next Generation Firewall Virtual

VPN Concentrator
VPN Concentrator

WAN

Man-in-the-Middle: Virtual Private Network (VPN): SD WAN • Cisco Adaptive Security • Cisco Meraki SD-WAN
Connection of information and Encrypted communication Appliance (ASA)
• Cisco IWAN
identities. tunnels. • Cisco Aggregation Services
• Cisco Next Generation
Routers
Firewall
• Cisco Cloud Services Router
• Cisco Next Generation
• Cisco Integrated Services Firewall Virtual
Router
Virtual Private • Cisco Viptela SD-WAN vEdge
Network (VPN) SD WAN • Cisco Firepower Appliance

Botnets DDOS: DDOS Protection: DDOS Protection Appliance • Cisco Aggregation Services Routers with Radware
Massively scaled attacks that Protection against scaled
overwhelm services. attack forms. • Cisco Firepower Appliance with Radware
• Distributed Denial of Service Technology Partner

Distributed Denial
of Service Protection DDOS Protection
Appliance

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Icons
Cloud: Phish Link: Cloud Security: VPN Concentrator • Cisco Umbrella - Secure • Cisco Meraki MX
Security services from the Attacks from malware, Combination icon Internet Gateway (SIG)
• Cisco Firepower with URL
cloud. viruses, and malicious URLs. representing several security • Cisco AnyConnect Agent Filtering
capabilities provided by the
cloud. • Cisco Cloudlock • Cisco Viptela SD-WAN
• Cisco Cloud Services Router
• Cisco Web Security
Cloud Security Appliance
Cloud Security

Cloud
Phish Link: DNS Security: Secure DNS • Cisco Umbrella
Redirection of user to Name resolution filtering.
malicious website.

DNS Security
Secure DNS

Rogue: Cloud Access Security Broker • Cisco CloudLock

Unauthorized access to cloud (CASB):
SaaS services, data loss. Monitor and protect SaaS
services.

CASB

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Icons
Cloud: Redirect Link: Web Security: Web Security • Cisco Umbrella - Secure Internet Gateway (SIG)
Security services from the Infiltration and exfiltration via Internet access integrity
cloud. Web protocols. and protections. • Cisco Web Security Virtual Appliance
• Cisco Meraki URL Filtering

Web Security
Web Security

Cloud
Malware C2: Web Reputation/Filtering: Web Reputation Filtering • Cisco Umbrella - Secure Internet Gateway (SIG)
Attacks directing to a Tracking against URL-based
malicious URL. threats. • Cisco Web Security Virtual Appliance
• Cisco Meraki URL Filtering

Web Reputation/
Filtering/DCS Web Filtering

Redirect Link: Cloud-based Firewall: • Cisco Adaptive Security Virtual Appliance (ASAv)
Unauthorized access and Filter and inspect traffic via the
malformed packets connecting cloud. • Cisco Cloud Services Router
to services. • Cisco Next Generation Firewall Virtual (NGFWv)

Firewall

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Network Icons
Firewall Intrusion Router VPN Concentrator DDOS Identity Web Security Web Filtering Tetration
Prevention Protection Directory Appliance

Firewall IPS Route VPN DDOS Identity Web Security Web Filtering Tetration
r Concentrator Protectio Director Appliance
n y

Tetration
Firewall IPS Route VPN DDOS Identity Web Security Web Filtering
Agent
r Concentrator Protectio Director
n y

Adaptive Firepower
Security Appliance
Appliance

MS Active MS Active
Directory Directory

Additional Network Icons

Access Distribution Core Fabric Leaf Spine SD SD Wireless Mobile Device Wireless
Switch Switch Switch Switch Switch Switch Controller Wan Access Point Management (MDM) LAN Controller

Distribution Core Fabric Leaf Spine ACI SD WAN Access Mobile Device Wireless
Access Switch Switch Switch Switch Switch Controller Point Management LAN Controller
Switch (MDM)

ACI SD WAN Mobile Device Wireless

Access Controller Management LAN Controller
Switch (MDM)

Switch
Stack

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Network Icons
Flow Sensor Flow Endpoint UDP Management Secure Firepower
Connector Concentrator Director Console DNS Management
Center

Flow Sensor Flow Endpoint UDP Managemen Secure FMC

Connecto Concentrato Directo t DNS
r r r Console

Flow Sensor Flow Endpoint UDP Managemen Secure Virtual

Connecto Concentrato Directo t DNS FMC
r r r Console

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Icons
Applications: Redirect Link: Web Application Firewalling: Web Application Firewall • Web Application Firewall Technology Partner
Application-specific security Attacks against poorly- Advanced application
services. developed applications. inspection and monitoring.

Application Web Application

Firewall Web Application
Firewall

C2 Sites: Application Visibility Control • Cisco Aggregation Services Router

Attack tools hiding in permitted (AVC):
applications. Deep packet inspection of • Cisco Cloud Services Router
application flows. • Cisco Integrated Services Router
• Cisco Next Generation Firewall
• Cisco Next Generation Firewall Virtual
Application Visibility
Control (AVC)

Spying: TLS Encryption Offload: TLS Appliance • Cisco Next Generation Firewall
Theft of unencrypted traffic. Accelerated encryption/
decryption of data services. • Transport Layer Security Offload Technology Partner

TLS Offload
TLS Appliance

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Icons
Applications: Phishing: Email Security: Email Security • Cisco Email Security Appliance
Application-specific security Infiltration and exfiltration via Messaging integrity
services. email. and protections. • Cisco Cloud Email Security

Email
Application Email Security
Security

Malware: Malware Sandbox: Sandbox Appliance • Cisco Threatgrid

Polymorphic threats. Detonation and analysis
of file behavior.

Malware
Sandbox Sandbox
Appliance

Storage: Spying: Disk Encryption: • Disk Encryption Technology Partner

Drives, databases, media. Theft of unencrypted traffic. Encryption of data at rest.

Database Disk
Encryption

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Icons
Applications: Malware: Server-based Security: Secure Server • Cisco Advanced Malware Protection for Endpoint
Application-specific security Viruses, malware and attacks Combination icon representing
services. that compromise systems. several security capabilities to • Cisco Umbrella
secure the server. • Cisco Tetration
• Built-in OS Firewall or Partner Products

Application Server-Based
Security Secure Server

Malware: File Trajectory: • Cisco Advanced Malware Protection for Endpoints

Viruses, malware and attacks Provides file-centric visibility and
that compromise systems. propagation across the enterprise • Cisco Next Generation Firewall
in a single view. • Cisco Advanced Malware Protection for Networks

File
Trajectory

Malware: Device Trajectory: • Cisco Advanced Malware Protection for Endpoints

Viruses, malware and attacks Provides historical view of all
that compromise systems. process, network and file • Cisco Tetration
activities on the
endpoint/server.

Device
Trajectory

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Icons
Rogue:
Applications: API Interface: Application Workspace:
Attackers accessing restricted
Application-specific security
information resources.
services.

Application API Interface

Application
Workspace

Rogue:
Attackers accessing restricted
information resources.

Certificate Authority

Rogue:
Attackers accessing restricted
information resources.

Certificate Services

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Icons
Rogue:
Applications: Data Integrity:
Attackers accessing restricted
Application-specific security
information resources.
services.

Application Data Integrity

Rogue: Device Profiling:

Attackers accessing restricted
information resources.

Device Profiling

Rogue: Secure API Gateway: Application Workspace:

Attackers accessing restricted
information resources.

Secure API
Gateway Application
Workspace

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Icons
Rogue:
Applications: Secure File Share:
Attackers accessing restricted
Application-specific security
information resources.
services.

Application Secure File Share

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Applications Icons
Server Secure Blade Storage Load Wide Area TLS Appliance Application
Server Server Balancer Application Engine Workspace

Serve Secure Blade Storag Load Wide Area TLS Appliance

r Server Serve e Balancer Application Engine
r

Serve Secure Blade Storag Load Wide Area TLS Appliance

r Server Serve e Balancer Application Engine
r

Radware Cisco Cisco

Appliance AnyConnect AMP

Generic Cisco Radware

Appliance Appliance Appliance

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Management Icons
Management: Analysis/Correlation: SIEM • Cisco Stealthwatch
Infrastructure systems Security event management of
management and orchestration. real-time information. • Cisco Stealthwatch Cloud
• Cisco Visibility
• SIEM Technology Partner Products

Central Analysis/
Correlation SIEM
Management

Anomaly Detection: • Cisco Identity Services Engine

Identification of infected hosts
scanning for other vulnerable • Cisco Meraki
hosts. • Cisco Tetration
• Cisco Stealthwatch

Anomaly
Detection

Identity/Authorization: Identity Directory • Cisco Identity Services Engine

Centralized identity and
administration policy.

Identity/
Authorization Identity
Directory

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Management Icons
Management: Logging/Reporting: Log Collector • Cisco Stealthwatch
Infrastructure systems Centralized event information
management and orchestration. collection. • Logging Technology Partner Products

Central Logging/
Reporting Log Collector
Management

Monitoring: Monitoring • Cisco Stealthwatch

Network traffic inspection.
• Cisco Stealthwatch Cloud
• Cisco Tetration

Monitoring
Monitoring

Name Resolution: Secure DNS • Cisco Umbrella

Centralized DNS Services

Name
Resolution Secure
DNS

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Management Icons
Management: Policy/Configuration: Policy • Cisco Firepower • Cisco Advanced Malware
Infrastructure systems Unified infrastructure Management Center Protection Console
management and orchestration. management and compliance • Cisco Identity Services • Cisco Defense Orchestrator
verification. Engine
• Cisco Tetration
• Cisco DNA Center
• Cisco Security Manager
• Cisco ACI APIC

Policy/ • Cisco Stealthwatch

Central
Management Configuration Policy Management Console

Time Synchronization: NTP • Cisco Firewalls, Routers, and Switches

Device clock calibration for
accurate event correlation.

Time
Synchronization NTP

Vulnerability Management: Vulnerability Management • Endpoint Technology Partner

Continuous scanning,
patching, and reporting of
infrastructure.

Vulnerability Vulnerability
Management Management

SecureX
Central
Management

SOAR XDR

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Threat Response Icons
Enterprise: Quarantine: Policy • Cisco Firepower • Cisco Tetration
Infrastructure systems, devices, Limit device access to only Management Center
• Cisco Security Manager
services including management designated services. • Cisco Identity Services
and orchestration. Engine • Cisco Prime LMS

• Cisco DNA Center

• Cisco ACI APIC

Quarantine • Cisco Stealthwatch

Central
Management Management Console

Block: NTP • Cisco Firewalls, Routers, and Switches

Prevent device communication
with other devices, completely
remove or shutdown.

Block

Remediation: Vulnerability Management • Cisco AMP for Endpoints

Cleaning, repairing, updating
systems with identified • Cisco Mobile Device Management
problems. • Endpoint Technology Partner

Remediate

PNG’
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
s
Additional Management Icons
Secure DNS NTP Monitoring Vulnerability Policy Log SIEM Identity SecureX
Management Collector Directory

Secure NTP Monitorin Vulnerability Policy Log SIE Identity

DNS g Managemen Collector M Director
t y

Secure NTP Monitorin Vulnerability Policy Log SIE Identity

DNS g Managemen Collector M Director
t y

MS Active MS Active
Directory Directory

Generic
Appliance

Title Example

Area Title Example Icon Title Example

Icon Title Example

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Using Selection Pane
The Selection Pane enables you to view and access layers easily
1. Turn on the Selection Pane
2. Each object in the pane is listed in the hierarchical order (depth) that it is on the slide.
3. Click the eye to make them invisible/visible so you can access objects below them without having
to move them from their position
4. By clicking on an object or group name you can select objects that are hard to grab
5. Once selected, you can change their order via the Arrange menu, or move them with cursor keys

1 2 3 4 5

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
How to draw smooth business flows
By editing the points of a freeform shape you can create smooth consistent corners (steps 1-8).
• Make the line with square turns, click and drag to make each segment (hold shift to constrain)
• Select Edit Shape then Edit Points from the Drawing Tools menu
• Using the gridlines from the View menu, add points before and after (Ctrl+click)
• After adding the new points, then select and delete the corner point
• Stretch handles as appropriate (back to where the corner point was, and the next corner)
to create a smooth arching corner
1 2 3 4

5 6 7 8

Green Gray
R113, G190, B73 R187, G189, B190

Light Blue Orange

R143, G194, B233 R243, G117, B33

Brown Bright Orange

R157, G130, B92 R238, G172, B66

Purple Bright Green

R158, G84, B160 R190, G214, B56

• Architecture green
• Pad: RGB-192:223:173 .63”
• Core: RGB-106:189:70
• Dots: RGB-222:238:212
• Design purple is: RGB-161:83:160
• Solid inside is physical appliance or device. .33”x.38”
• White inside/purple outline is: software/VM/virtual .33”x.38”

52-63- DMZ FPR-5

72-83-91 130-130-130 40-40-40 G0/1 VLAN 300
70 FP-9300-40

Zone Wedge Virtualization Background Port VLAN System

Show all flow lines butting Don’t allow flow lines to overlap Use the elements from the toolkit Don’t alter the toolkit elements or
up to the icon. icon. as they have been provided. If create additional components. Center mini capability Don’t place the mini capability icons
elements need to be reduced or icons on the guide outside of the Mini Capability Icon
enlarged, apply the same markers per the Band or in a position that is
reduction/ enlargement over the instructions provided in inconsistent with the guidelines
entire diagram unless otherwise the Architecture Toolkit. provided in the toolkit.
noted in the toolkit.

Keep all like icons at a Don’t vary the size of the

consistent size. icons.

Maintain colors as Don’t alter or add colors to the

provided in the toolkit elements.

Keep spacing between elements Don’t vary gaps between elements

consistent as much as possible. or length of callout lines if possible.

Keep all flow rules at vertical Don’t angle the flow lines.
or horizontal alignments.
Keep space between Don’t overlap elements.
elements.

Keep elements aligned as Don’t use arbitrary placement of

Make all right angles out of a single Don’t make right angles out of much as possible. objects without alignment to other
rule, keeping corners sharp. more than one rule. objects within the diagram if possible.

• Reference
Security
Architecture

• Cyber BluePrint
Templates

• Customize to your
environments

https://cisco-safe.ideas.aha.io

Anti-Spam Botnets BYOD Empty Exploit Malicious Man-in-the-Middle Malicious Malware

DDOS Threat Threa Redirection Device Device
s t

Phishin Phishin Rogue Sniffing Web based Wireless Threat

g g Exfiltration Exploit Kit

Malicious Malicious Social Social Social Social Unwitting

Insider Insider Engineerin Engineerin Engineerin Engineerin Threat Actor
g g g g

Analysis Anomaly Anti-Malware Anti-Spam Anti-Virus Application Visibility CASB Client-Based Cloud
Correlation Detection Control (AVC) Security Security

DNS

Data Loss Disk Distributed DNS Email Email Firewal Flow Analytics Identity
Prevention Encryption Denial of Security Encryption Security l
(DLP) Service Protection

Intrusion Intrusion Load Balancer Logging/ Malware Microsegmentation Mobile Monitoring Network
Detection Preventio Reporting Sandbox Device Anti-Malware
n Management
(MDM)

Policy/ Posture Server-Based Tagging TLS Threat Time Virtual Private VPN
Configuration Assessment Security Offload Intelligence Synchronization Network (VPN) Concentrator

Vulnerability Web Web Reputation/ Web Security Wireless Wireless Wireless Rogue
Management Application Filtering/DCS Intrusion Intrusion Detection
Firewall Detection Prevention
System System
(WIDS) (WIPS)

API Certificate Certificate Data Device Device Federation File Micro

Interface Authority Services Integrity Profiling Trajectory Trajectory segmentation

Microsegmentation Multi-Factor Secure API Secure SecureX SOAR

Authentication Gateway File XDR
Share

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Mini Capability Icons
Use these icons with the architectural icons. Labels are for identification purposes only and should not appear within the architectural icon mats.

Analysis/ Anomaly Anti-Malware Anti-Spam Anti-Virus API Application CASB

Correlation Detection Interface Visibility
Control (AVC)

Certificate Certificate Client-Based Cloud Data Data Loss Device Device

Authority Services Security Security Integrity Prevention (DLP) Profiling Trajectory

DNS

Disk Distributed Denial DNS Email Email Security Firewall Flow Analytics
Federation
Encryption of Service Protection Security Encryption

Identity Intrusion Intrusion Load Balancer Logging/ Malware

File Microrosegmentation
Detection Prevention Reporting Sandbox
Trajectory

Mobile Device Monitoring Network Policy/Configuration Posture

Microsegmentation Microsegmentation Multi-Factor
Management (MDM) Anti-Malware Assessment
Authentication

Secure API Server-Based Secure SecureX SOAR Tagging TLS Offload Threat
Gateway Security File XDR Intelligence
Share

Time Virtual Private VPN Vulnerability Web Application Web Reputation/ Web Security Wireless Intrusion
Synchronization Network (VPN) Concentrator Management Firewall Filtering/DCS Detection System
(WIDS)
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Mini Capability Icons - Continued
Use these icons with the architectural icons. Labels are for identification purposes only and should not appear within the architectural icon mats.

Wireless Intrusion Wireless Rogue

Prevention System Detection
(WIPS)

Block Remediate Quarantin

Block Remediate Quarantine

Application Application Conference Database Fabric Host Context Infrastructure L2 Switching L2/L3
Optimization Bridge Switching Redundancy Network

L3 Switching Load Balancer Path Control Quality of Routin Secure Standardized Storage User
Service g Server System Images

Video Voice Wireless

Connection

IOT Endpoint IOT Endpoint IOT Endpoint IOT Endpoint IOT Endpoint IOT Endpoint IOT Endpoint
Actuator Engine Gauge Gauge HMI PLC Pump

Vehicle Vehicle Vehicle

Commercial Consumer Plane

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Mini Attack Surface Icons
Application Conference Database Host Context Infrastructure IOT Endpoint IOT Endpoint IOT Endpoint
Application Fabric Switching
Optimizatio Bridge Redundancy Actuator Engine Gauge
n

IOT Endpoint IOT Endpoint IOT Endpoint IOT Endpoint L2 Switching L2/L3 Network L3 Switching Load Balancer Path Control Quality of
Gauge HMI PLC Pump Service

Routing Secure Standardized Storage User Vehicle Vehicle Vehicle Video Voice
Server System Images Commercial Consumer Plane

Wireless

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Architectural Icons
Cut and paste mini-capabilities icons (without label copy) and center on the white dots within the icon mats. See the “how to” guide for additional
placement instructions. Use Grey background for Architectures

ACI Controller ACI Leaf ACI Spine Adaptive Security Automated Blade Server
Switch Switch Appliance System

Catalyst Cisco Corporate DDOS Protection Email Endpoint

Switch Appliance Device Appliance Security Concentrator

Fabric Switch Firepower Firepower Firewall Flow Flow

Appliance Management Center Collector Sensor
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Architectural Icons
Cut and paste mini-capabilities icons (without label copy) and center on the white dots within the icon mats. See the “how to” guide for additional
placement instructions. Use Grey background for Architectures

Generic Intrusion L3 Switch Load Balancer Management Nexus 1kv

Appliance Detection Console

Nexus Data Nexus Fabric Nexus Switch Phon Radware Router

Center Switch Switch e Appliance

Sandbox SD-WAN Secure Server Server Stacked Switch Storage

Appliance
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Architectural Icons
Cut and paste mini-capabilities icons (without label copy) and center on the white dots within the icon mats. See the “how to” guide for additional
placement instructions. Use Grey background for Architectures

Switch TLS Appliance Unified Access UDP VPN Web App

Switch Director Concentrator Firewall

Web Security Wide Area Wireless Wireless LAN

Application Engine Access Point Controller

Application Cell Tower Cell Tower Firepower Firepower

Workspace Appliance Management Center

SecureX Tetration Vehicle Vehicle Vehicle

Commercial Consumer Flight

Email Security Web Security Radware Firepower Firepower Nexus Fabric

Appliance Appliance Appliance Switch

Secure Server Secure Server Wireless Unified Access Wireless LAN Router
Access Point Switch Controller

Nexus Switch Switch Adaptive Security Switch Catalyst Corporate

Appliance Switch Device

ACI Controller ACI Leaf Switch ACI Spine Switch Adaptive Security Blade Server Catalyst Data Center
Appliance Switch

Web Security Email Fabric Switch Firepower Firewall Intrusio

Security Appliance Detection
n

L3 Switch Load Balancer Nexus 1kv Nexus Data Nexus Fabric Switch Nexus Switch
Center Switch

AccessPoint Wireless LAN Wireless Router L2 Switch Switch Stack

Controller Switch

Phon Mobile Corporate Corporate Automated Server

e Device Device System

Examples
Software / Applications / Virtual Services

VLAN201
HSRP G1/6 VLAN201

Call Manger Web Security WLAN Tetration Encryption Web

Controller Agent Offload Security Virtual
E1/8 E1/8

T1/1-4
E1/8
Peer
Link
T1/1-4 E1/8
Peer
Link

E1/1-4 E1/1-4
Cisco Cisco Cisco Cloud Cisco Virtual Virtual
AMP AMP Web Security AnyConnect Load Balancer Secure Server

Firepower Firepower SecureX Tetration Vehicle Vehicle Vehicle

Appliance Management Appliance Commercial Consumer Flight
Center

Firepower Firepower SecureX Tetration

Virtual Management Virtual Appliance
Appliance Center Virtual or Agent

Identity Corporate Corporate Mobile Phon Video Actuator Automated

Sensor
Directory Device Wireless Device e Endpoin System
t

Identity Phon
Directory e Automated
System

MS Active
Directory

Firepower
Firewall Intrusion VPN DDOS Web Application Web Security Web Filtering SD-WAN
Management
Preventio Concentrator Protection Firewall
Center
n

Adaptive Security Firepower

Appliance Appliance

NTP Monitoring Vulnerability Polic Log SIE MDM Secure

Management y Collector M DNS

DNS

Flow Flow Endpoint UDP Management

Sensor Collector Concentrator Director Console

Router Access Distribution Core Fabric Leaf Spine SD Wireless

Switch Switch Switch Switch Switch Switch Controller Access Point

Access Distribution Core Fabric ACI Leaf Switch ACI Spine Switch ACI Controller Access Point
Switch Switch Switch Switch

Switch Stack

Server Secure Server Blade Server Storage Load Balancer Wide Area TLS Appliance Wireless LAN Radware
Application Engine Controller Appliance

Firepower Firepower SecureX Tetration Vehicle Vehicle Vehicle

Appliance Management Commercial Consumer Flight
Center

NGIPS NGFW ISE IDS NBA NAC IAM AMP UTM Firewall

VulnerabilityM Log Application Patch Inspection/ Malware DDoS

anagement Management Control Virtual SIEM Antivirus Management Forensics Sandbox

Services VPN Email Web Virtual Cloud Cloud Based

Deployment Based Management

Trustsec Retrospective WAF

Security

Wi-Fi

Radio Telephony Guide Book PDF
100% (2)
Radio Telephony Guide Book PDF
275 pages
Sy0-701 - Lesson 05
No ratings yet
Sy0-701 - Lesson 05
46 pages
CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide 1st Edition - Ebook PDF Download
100% (7)
CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide 1st Edition - Ebook PDF Download
60 pages
Steering Traffic Through Netskope Security Service Edge
100% (1)
Steering Traffic Through Netskope Security Service Edge
47 pages
Zero Trust Roadmap
No ratings yet
Zero Trust Roadmap
1 page
Day 3 - MSP Bootcamp Training 201
No ratings yet
Day 3 - MSP Bootcamp Training 201
105 pages
DLP Manger Interview Question
No ratings yet
DLP Manger Interview Question
14 pages
Next DLP Data Loss Prevention Checklist
100% (2)
Next DLP Data Loss Prevention Checklist
3 pages
Lab Guide - Secure Meraki Network
No ratings yet
Lab Guide - Secure Meraki Network
53 pages
Day 2 - MSP Bootcamp Training 201
No ratings yet
Day 2 - MSP Bootcamp Training 201
71 pages
Zero Trust Solutions - IsC2 Presentations (9!26!2021) v4
No ratings yet
Zero Trust Solutions - IsC2 Presentations (9!26!2021) v4
28 pages
Authentication and Single Sign-On
100% (2)
Authentication and Single Sign-On
48 pages
GSM Rbs 2216/2116 Installation Verification: Welcome To Ericsson Education
No ratings yet
GSM Rbs 2216/2116 Installation Verification: Welcome To Ericsson Education
34 pages
Tws Wireless Bluetooth Earbuds Manual
No ratings yet
Tws Wireless Bluetooth Earbuds Manual
6 pages
The Practical Guide To Migrating Security To A Sase Model
No ratings yet
The Practical Guide To Migrating Security To A Sase Model
44 pages
SD WAN Competitive1
No ratings yet
SD WAN Competitive1
49 pages
NetPro Template Sent
100% (1)
NetPro Template Sent
186 pages
Dev Sec Ops
No ratings yet
Dev Sec Ops
4 pages
m365 Zero Trust Deployment Plan
No ratings yet
m365 Zero Trust Deployment Plan
1 page
Prabh CV PDF
100% (1)
Prabh CV PDF
7 pages
Cisco Firepower Hardening Guide
No ratings yet
Cisco Firepower Hardening Guide
36 pages
5G Security Controls and Assurance
0% (1)
5G Security Controls and Assurance
13 pages
Mar 2024 Netskope One Private Access Customer Presentation
No ratings yet
Mar 2024 Netskope One Private Access Customer Presentation
25 pages
SafeNet Trusted Access - Customer-Facing Presentation
No ratings yet
SafeNet Trusted Access - Customer-Facing Presentation
40 pages
Deploying A Layered Visibility and Cybersecurity Architecture
No ratings yet
Deploying A Layered Visibility and Cybersecurity Architecture
18 pages
A Framerwork of SOC
50% (2)
A Framerwork of SOC
11 pages
Building Your DLP Strategy & Process: Whitepaper
No ratings yet
Building Your DLP Strategy & Process: Whitepaper
7 pages
Sase Sse Ag
No ratings yet
Sase Sse Ag
51 pages
3G KPIs For Huawei
No ratings yet
3G KPIs For Huawei
90 pages
Fortigate Security: Data Leak Prevention (DLP)
No ratings yet
Fortigate Security: Data Leak Prevention (DLP)
35 pages
DLP 11 Training Deck 25 July 2018
No ratings yet
DLP 11 Training Deck 25 July 2018
151 pages
SC 200t00a Enu Powerpoint 00
No ratings yet
SC 200t00a Enu Powerpoint 00
11 pages
Cloud Security Lecture 3
No ratings yet
Cloud Security Lecture 3
37 pages
Unit 3
No ratings yet
Unit 3
45 pages
Manual Teclado Ligthsys - Risco
No ratings yet
Manual Teclado Ligthsys - Risco
32 pages
Essential 8
No ratings yet
Essential 8
8 pages
06 CPwE - ISE - CVD Enet-Td008 - En-P PDF
No ratings yet
06 CPwE - ISE - CVD Enet-Td008 - En-P PDF
111 pages
Comandos CMTS - 1
0% (1)
Comandos CMTS - 1
476 pages
Gujarat Technological University: Telecommunication Switching Systems and Networks B.E. 6 Semester
No ratings yet
Gujarat Technological University: Telecommunication Switching Systems and Networks B.E. 6 Semester
3 pages
Cybersecurity in Operational Technology: Special Report
No ratings yet
Cybersecurity in Operational Technology: Special Report
15 pages
Device Protection With Microsoft Endpoint Manager and Microsoft Defender For Endpoint - Module 06 - Endpoint Protection Alerts and Reporting
No ratings yet
Device Protection With Microsoft Endpoint Manager and Microsoft Defender For Endpoint - Module 06 - Endpoint Protection Alerts and Reporting
22 pages
CE6 Accessories - Ing
No ratings yet
CE6 Accessories - Ing
24 pages
c455hd Ip Phone For Microsoft Teams Users and Administrators Manual Ver 23
No ratings yet
c455hd Ip Phone For Microsoft Teams Users and Administrators Manual Ver 23
153 pages
Microsoft Defender For Office 365 Partner Practice Deck
No ratings yet
Microsoft Defender For Office 365 Partner Practice Deck
34 pages
IS-IS Protocol
No ratings yet
IS-IS Protocol
52 pages
Safe Architecture Toolkit
No ratings yet
Safe Architecture Toolkit
59 pages
Fireeye Email Deployment Modes
100% (1)
Fireeye Email Deployment Modes
3 pages
2023 FRSecure CISSP Mentor Program - Class Two
No ratings yet
2023 FRSecure CISSP Mentor Program - Class Two
222 pages
SRW Design Guide
No ratings yet
SRW Design Guide
34 pages
Module 4 & 5
No ratings yet
Module 4 & 5
105 pages
CISSP-2022 Exam Cram Domain 5
No ratings yet
CISSP-2022 Exam Cram Domain 5
49 pages
SOAR QRadar Integration Guide
No ratings yet
SOAR QRadar Integration Guide
38 pages
Firewall Features Overview
No ratings yet
Firewall Features Overview
8 pages
Kismet Operating Manual
No ratings yet
Kismet Operating Manual
7 pages
CISSP-2022 Exam Cram Domain 2
No ratings yet
CISSP-2022 Exam Cram Domain 2
24 pages
Ciso Workshop 3 Identity and Zero Trust User Access
No ratings yet
Ciso Workshop 3 Identity and Zero Trust User Access
26 pages
Research Paper
No ratings yet
Research Paper
14 pages
Cisco DNS Security PDF
No ratings yet
Cisco DNS Security PDF
39 pages
ITCA 24 Sep 2022
No ratings yet
ITCA 24 Sep 2022
42 pages
Guide The Modernization of Digital Technology Foundationss
No ratings yet
Guide The Modernization of Digital Technology Foundationss
13 pages
KPI NUMDENUM 4G-RSLTE-LNCEL-2-day-PM 10841-2020 01 23-10 02 22 50
No ratings yet
KPI NUMDENUM 4G-RSLTE-LNCEL-2-day-PM 10841-2020 01 23-10 02 22 50
242 pages
BCCPP Student v341 Us WMK PDF
No ratings yet
BCCPP Student v341 Us WMK PDF
334 pages
#Fastsecure: Технический Директор Fortinet В России И Странах Снг
No ratings yet
#Fastsecure: Технический Директор Fortinet В России И Странах Снг
23 pages
Timing and Synchronization in Packet Networks: White Paper
No ratings yet
Timing and Synchronization in Packet Networks: White Paper
12 pages
IT AUDIT: From Theory To Practice
No ratings yet
IT AUDIT: From Theory To Practice
17 pages
A Project Report On Development of Voip Platform For Embedded System
0% (1)
A Project Report On Development of Voip Platform For Embedded System
79 pages
71301T Avaya ASTA Practice Questions
No ratings yet
71301T Avaya ASTA Practice Questions
7 pages
Msi Ms-9103-00a
No ratings yet
Msi Ms-9103-00a
76 pages
Huawei S6300 Switcth
No ratings yet
Huawei S6300 Switcth
12 pages
CISSP
No ratings yet
CISSP
66 pages
Isaca Cisacism Dod Presentation 5-1-09
No ratings yet
Isaca Cisacism Dod Presentation 5-1-09
30 pages
Color Bar Signal
No ratings yet
Color Bar Signal
8 pages
VOP SE 2021 - Carbon Black - QRG
No ratings yet
VOP SE 2021 - Carbon Black - QRG
6 pages
VPN Presentation
No ratings yet
VPN Presentation
28 pages
VCP VC
No ratings yet
VCP VC
36 pages
Accessing The WAN
No ratings yet
Accessing The WAN
10 pages
ICT Ch3 - Networks and Digital Communication
No ratings yet
ICT Ch3 - Networks and Digital Communication
14 pages
Internet Edge Design Oct 2015
No ratings yet
Internet Edge Design Oct 2015
25 pages
Cisco CUCM - SIP Integration With Zoom
No ratings yet
Cisco CUCM - SIP Integration With Zoom
4 pages
Building Automation System IT Checklist
No ratings yet
Building Automation System IT Checklist
12 pages
Enterprise Security Architecture - SABSA White Paper 2009
100% (1)
Enterprise Security Architecture - SABSA White Paper 2009
27 pages
ODA (Oracle Database Appliance) - How To Configure Bond1 Post Deploy On V2:V3:V4 (Doc ID 1616564.1)
No ratings yet
ODA (Oracle Database Appliance) - How To Configure Bond1 Post Deploy On V2:V3:V4 (Doc ID 1616564.1)
5 pages
FortiGate Licensing Matrix
No ratings yet
FortiGate Licensing Matrix
1 page
AXIS Site Designer 2
No ratings yet
AXIS Site Designer 2
5 pages
X-Band Solid State Power Amplifier Module 9.0-10 GHZ, 40 Watts Model Bme99109-40
No ratings yet
X-Band Solid State Power Amplifier Module 9.0-10 GHZ, 40 Watts Model Bme99109-40
1 page
Frequency Conversion Table
No ratings yet
Frequency Conversion Table
16 pages
Best Practices The Blue Coat ProxySG and ProxyAV Appliances.1
No ratings yet
Best Practices The Blue Coat ProxySG and ProxyAV Appliances.1
16 pages
SECURE10LG
No ratings yet
SECURE10LG
150 pages
Beauty Plc. VPN Project Proposal
No ratings yet
Beauty Plc. VPN Project Proposal
16 pages
Kaspersky security center
From Everand
Kaspersky security center
Mohammed Haytham Khabbaz samkary
No ratings yet