This guide aims to provide you with a comprehensive steps for integrating Cisco Catalyst SD-WAN with Unified Threat Defense (UTD), a powerful combination that not only optimizes network performance but also fortifies your infrastructure against a myriad of cyber threats.
Prerequisites
• Minimum Resource Requirements: Ensure that the hosting router has sufficient resources to install the UTD engine. For example, Cisco Catalyst 8200 Series Edge Platforms and Cisco Catalyst 8300 Series Edge Platforms must meet the following minimum requirements to support UTD:
- 8 GB of DRAM
- 16 GB of M.2 USB storage
For detailed resource requirements, please refer to this link: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_utd/configuration/xe-17/sec-data-utd-xe-17-book/snort-ips.html
Integration Procedure
• Step 1. Identify the Recommended Security Virtual Image (SVI) Version
- From the Cisco vManage menu, go to Monitor > Devices. For Cisco vManage Release 20.6.x and earlier, go to Monitor > Network.
- Choose WAN – Edge and click on the device that will run the SVI to display the System Status page.
- Scroll to the end of the device menu and click on Real Time to display the System Information page.
- Click on the Device Options field and choose Security App Version Status from the menu.
- The image name is displayed in the Recommended Version column. It should match the available SVI for your router from the Cisco downloads website.
![](https://cloudnetai.com/wp-content/uploads/2023/08/UT-Integration-Image-1-1024x411.png)
• Step 2. Download the SVI and Upload it to vManage
- Go to www.software.cisco.com and download the correct version of UTD that was identified in the previous step.
![](https://cloudnetai.com/wp-content/uploads/2023/08/UT-Integration-Image-2-1-1024x411.png)
- From the Cisco vManage menu, go to Maintenance > Software Repository and choose Virtual Images.
- Click on Upload Virtual Image and choose vManage. The Upload Virtual Image to vManage window will open.
- Drag and drop or browse to the image file that has already been downloaded.
- Click on Upload. When the upload is complete, a confirmation message will be displayed. The new virtual image will appear in the Virtual Images Software Repository.
![](https://cloudnetai.com/wp-content/uploads/2023/08/UT-Integration-Image-3-1-1024x411.png)
• Step 3. Create a Security Policy Template for IPS/IDS, URL-F, AMP Filtering
- From the Cisco vManage menu, go to Configuration > Security and click on Add Security Policy.
- In the Add Security Policy window, select the applicable security policies based on customer needs from the list of options and click on Proceed.
![](https://cloudnetai.com/wp-content/uploads/2023/08/UT-Integration-Image-4-1024x411.png)
• Step 4. Create a Feature Template for Security App Hosting
The feature profile template configures two functions:
- NAT: Enables or disables Network Address Translation (NAT), which protects internal IP addresses when outside the firewall.
- Resource Profile: Allocates default or high resources to different subnets or devices.
To create a feature profile template, follow these steps:
- From the Cisco vManage menu, go to Configuration > Templates.
- Click on Feature Templates and then click on Add Template.
- From the Select Devices list, choose the devices that you want to associate with the template.
- Under Basic Information, click on Security App Hosting.
- Enter Template Name and Description.
- Under Security Policy Parameters, enable the Network Address Translation (NAT) feature globally.
- Set Resource Profile globally according to the need. It is recommended to create three different feature templates, one for each profile:
- LOW_SECURITY_APP_HOSTING
- MEDIUM_SECURITY_APP_HOSTING
- HIGH_SECURITY_APP_HOSTING
This option determines the number of snort instances to be used on a router. The default is Low, which indicates one snort instance. Medium indicates two instances, and High indicates three instances.
- Set Download URL Database on Device to Yes if you want to download the URL-F database on the device. In this case, the device will look up the local database before trying the cloud lookup.
- Click on Save.
![](https://cloudnetai.com/wp-content/uploads/2023/08/UT-Integration-Image-5-1024x411.png)
• Step 5. Create Device Template
- From the Cisco vManage menu, go to Configuration > Templates.
- Click on Device Templates, and then choose Create Template > From Feature Template.
- From the Device Model drop-down list, choose the device model.
- From the Device Role drop-down list, choose the device role.
- Enter Template Name and Description.
- Choose all the necessary sub-templates/feature templates to create this device template.
- For UTD, go to Additional Templates settings and choose the Security Policy Template created in Step 3 and the App Hosting Template created in Step 4.
![](https://cloudnetai.com/wp-content/uploads/2023/08/UT-Integration-Image-6-1024x411.png)
• Step 6. Attach Device to the Device Template
- From the Cisco vManage menu, go to Configuration > Templates.
- Click on Device Templates, and then choose Create Template > From Feature Template.
- In the row of the desired device template, click on … and choose Attach Devices.
- In the Attach Devices window, select the desired devices from the Available Devices list and click on the right-pointing arrow to move them to the Selected Devices list.
- Click on Attach.
![](https://cloudnetai.com/wp-content/uploads/2023/08/UT-Integration-Image-7-1024x411.png)
When the attached security template is removed from the device, the vManage will also remove the UTD engine from that particular device.
Verification Procedure
- Verify UTD Engine Sync with vManage:
To verify if the cEdge is in sync with vManage and the template attached, navigate to Configuration > Devices.
- Check UTD Version:
To check if the Cisco UTD version is installed, use the following command:
Router02# show utd engine standard version
The output should display the installed UTD version. Make sure the installed version is not on an UNSUPPORTED state.
- Check UTD Running State:
To check if UTD is in the running state, use the following command:
Router02# show app-hosting list
Make sure the output shows the “utd” application with a state of “RUNNING.”
- View UTD Status and Version:
To summarize the previous commands and view the current status and version of UTD, use the following command:
Router02# show app-hosting detail appid utd
The output should display the application details, including the version, description, and path.
- Check UTD Engine Health:
To check the health status of the UTD engine and the time it received the signature update, use the following command:
Router02# show utd engine standard status
The output should display the engine version, profile, system memory usage, and overall system status.
- Verify Enabled Features:
To verify the enabled features, use the following command:
Router02# show platform hardware qfp active feature utd config
The output will show the global configuration settings, including the status of various features such as NAT64, drop packets, multi-tenancy, TLS decryption policy, divert controller mode, and more.