Cisco Catalyst SD-WAN and Third-Party SSE Integrations At-a-Glance

At a Glance

Available Languages

Download Options

  • PDF
    (443.2 KB)
    View with Adobe Reader on a variety of devices
Updated:September 17, 2024

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (443.2 KB)
    View with Adobe Reader on a variety of devices
Updated:September 17, 2024
 

 

Navigating the New Digital Landscape: Enabling Secure Connectivity with SASE

In today’s digital world, applications and data reside across multiple clouds and edge locations, leaving traditional security solutions outdated and fragmented. Organizations need a solution that delivers seamless user experience while ensuring unwavering security, regardless of location. Secure Access Service Edge (SASE) offers a unified architecture that combines networking and security capabilities, providing secure and seamless connectivity for users, devices, and applications, regardless of location.

Embrace the SASE journey, your way

No two organizations today are at the same place when it comes to transitioning to SASE. Every SASE journey is unique, and customers need the flexibility to get there their way. At Cisco, we understand that everyone starts from a different place, and that’s why a flexible approach that provides incremental wins along the way is important. Today, it’s common for global/large enterprises to use multiple vendors to build their overall network and secure it. Cisco offers unparalleled choice and supports establishing an open ecosystem for Cisco Catalyst SD-WAN that gives our customers the choice to build SASE architectures tailored to their business needs.

Catalyst SD-WAN and third-party SSE integrations

Catalyst SD-WAN seamlessly integrates with a broad spectrum of third-party Secure Service Edge (SSE) vendors, including, Zscaler, Microsoft (Entra SSE), Netskope, Palo Alto Networks, Cloudflare, and Skyhigh. This allows customers to build SASE architectures that precisely align with their unique requirements, harnessing the capabilities of their preferred cloud security vendors. Furthermore, these integrations help organizations maximize their existing investments in cloud security solutions by simplifying the integration process with Catalyst SD-WAN. All the integrations are available beginning with Cisco IOS® XE Release 17.9. Zscaler integration automation has been available as part of Cisco IOS XE since Release 17.6. Zscaler sublocation configuration brings automation to our branches, seamlessly sending sublocation data to Zscaler. This automation saves customers hours of manual setup and minimizes errors. When creating the SIG template, customers can easily configure sublocations with just a few clicks. These configurations are then applied to all branches and communicated from the SD-WAN manager to the Zscaler portal. The integration between SD-WAN and Zscaler utilizes backend APIs to automatically transmit sublocation information, ensuring efficient and error-free operations. Based on this, policies can be applied accordingly to each sublocation (segment of the network).

Catalyst SD-WAN offers seamless integration with third-party SSE vendors through automation and Secure Internet Gateway (SIG) templates. This simplifies the process of connecting to these cloud security services. When using Catalyst SD-WAN, you can establish secure IPsec/Generic Routing Encapsulation (GRE) tunnels to direct data from your Catalyst SD-WAN branch router to the SSE vendor’s Point of Presence (PoP) for security inspection before reaching its destination.

When Catalyst SD-WAN is integrated with a third-party SSE vendor, traffic from SD-WAN devices is efficiently routed to the SSE vendor’s cloud security platform. Here the SSE vendor conducts rigorous security inspections and applies customized security policies. Once the security checks are successfully completed, the traffic is smoothly directed to its intended destination.

This integration has undergone comprehensive testing and validation by Cisco and our third-party SSE partners, helping ensure reliability and performance. The true advantage for customers lies in the simplicity of the setup. The template-based configuration can be easily applied across multiple sites in minutes, helping ensure consistent and efficient security.

In essence, Catalyst SD-WAN’s integration process makes it straightforward for customers to connect to cloud security solutions. The automation and use of SIG templates streamlines the configuration process, covering essential elements such as PoP availability, application health checks, load balancing, and data policy enforcement. Users have the flexibility to specify how their branch traffic is directed to the SSE’s secure cloud endpoint, and this setup can easily be replicated across multiple sites.

Catalyst SD-WAN SSE integration with third-party cloud security vendors

Figure 1.            

Catalyst SD-WAN SSE integration with third-party cloud security vendors

Benefits of Catalyst SD-WAN and third-party SSE integrations

There are several benefits to integrating Catalyst SD-WAN with third-party SSE vendors, including:

      Simplify SASE deployments: Catalyst SD-WAN’s SIG templates make it easy to configure and deploy SASE architectures with third-party SSE vendors.

      Enhanced security: Catalyst SD-WAN and third-party SSE integrations provide comprehensive security for users, devices, and applications, regardless of location.

      Reduced complexity: Catalyst SD-WAN and third-party SSE integrations eliminate the need for multiple point products, simplify management, and help you deliver a unified experience for your users. A single, integrated solution from Cisco helps you to reduce operational complexity.

      Increased agility: Catalyst SD-WAN and third-party SSE integrations enable organizations to quickly and easily deploy new applications and services.

      Reduced costs: Catalyst SD-WAN and third-party SSE integrations can help organizations reduce their IT costs by protecting their existing technology investments.

      Improved security posture: Gain end-to-end visibility into network traffic and security events by using AI/ML-powered insights and automation to detect and respond to threats more quickly.

Key use cases

SASE architecture for secure networking: Enable a seamless SASE architecture through the integration of SD-WAN and SSE solutions. This integration helps ensure the convergence of secure and efficient network connectivity with cloud security, aligning with the core tenets of SASE.

Direct internet access for enhanced user connectivity: Leverage Direct Internet Access (DIA) to connect users directly to the internet, eliminating the need to route traffic through a data center. This not only boosts performance but also reduces operational costs.

Robust traffic inspection and cloud security: Integrate Cisco® SD-WAN with SSE solutions to comprehensively inspect and secure internet-bound traffic, including robust cloud security measures. This helps ensure that data and connections remain secure in the cloud.

Intelligent traffic steering for optimized application access: Enhance user experiences by intelligently steering traffic to the best available paths. This involves using features such as Equal-Cost Multipath routing (ECMP), weighted load balancing, application-aware routing, and fallback mechanisms to help ensure optimal application availability and performance.

Catalyst SD-WAN and its third-party SSE integrations can help you accelerate your journey to SASE by providing you with flexible and comprehensive networking and security solutions that work with your existing technology and adapt to the future of secure networking. Catalyst SD-WAN provides a secure connectivity foundation, and third-party SSE integrations enable you to choose the preferred security capabilities for your needs. With this integrated SASE approach, you can:

      Deliver superior user experiences with secure, reliable access to applications and data, regardless of location or device.

      Protect your organization from evolving threats with a comprehensive SASE architecture that converges networking and security in the cloud.

      Reduce costs and simplify operations with a single, integrated SASE solution from Cisco.

Catalyst SD-WAN empowers you to build a secure and agile SASE architecture, tailored to your unique business needs. With seamless integrations with leading third-party SSE vendors, you gain the flexibility to choose the security solutions that best suit your requirements, while simplifying deployment and management. This integrated SASE approach ensures secure, reliable access to applications and data, regardless of location or device, thereby safeguarding your organization from evolving threats.

      Visit Catalyst SD-WAN Technology Alliances page to explore Catalyst SD-WAN and SSE integrations:
https://www.cisco.com/c/en/us/solutions/enterprise-networks/sd-wan/technology-alliance-partners.html.

For more information

Learn more about Catalyst SD-WAN: https://www.cisco.com/site/us/en/solutions/networking/sdwan/index.html.

 

Learn more