Customer Zero for Next-Generation Firewall 6.3
In Cisco IT’s role as Customer Zero, we have been partnering with the security business group to test-drive the new Firepower 6.3 software. Our ultimate goal is to help improve the code before it is released to our customers. To put our money where our mouth is, we deployed the code into our production environment within 24 hours of publishing on cisco.com.
This version comes with a variety of improvements to existing features and several exciting new features that help accelerate our roll-out of Next-Generation Firewall (NGFW) solutions. By consolidating security services into a more scalable Firepower platform, we expect to generate savings in rack space, power and cooling of up to $500,000 USD a year and up to 20 man-hours a week in operational cost. To learn more about how we plan to generate these savings check here.
Virtualizing the NGFW – Multi-Instance
In Cisco IT, we are most excited about the introduction of multi-instance support. “Before 6.3, we had to install dedicated hardware for each new security deployment while often only using a subset of the available hardware resources,” says Prasanth Damodaran, senior IT network engineer. “With multi-instance, we can now build multiple virtual Firepower Threat Defense (FTD) instances within a Firepower chassis and right-size each instance with dedicated resources based on actual needs.”
Multi-instance makes it simpler and faster to deploy new security services. Where it typically took several weeks to order and deploy new security services, deployments can now be done instantaneous as long as hardware resources are available. In addition, it allows us to accelerate the consolidation of legacy defence systems into the more scalable Firepower appliances.
But it is not all about multi-instance… 6.3 also contains several existing new features such as Fully-Qualified Domain-Name (FQDN), backup and restore for FTD, and rest API enhancements). Please check the 6.3 release notes for more information.
NGFW Beta Testing
Cisco IT participates in our product beta programs. We joined the 6.3 beta in July in order to provide early feedback to the development team on this release which has many features of interest to us. Beta testing is a great way to share feedback and positively impact the release. As an added benefit, all beta customers (not just Cisco IT) get all their Sev 1-3 bugs fixed in the final release which is an added benefit for us.
“We immediately upgraded our FTD and Firepower Management Center (FMC) appliances in our lab environment to the Beta software without any significant issues,” says Franck Jos-Rolland, member of technical staff. “After successfully executing our current certification process, we started testing new features and performed extensive performance and load tests using traffic generators.”
Over a period of three months, we partnered closely with the Cisco security business group to make sure the new features provided the expected value and to help improve the quality of the code so customers can deploy it with confidence at the time of release.
The Proof is in the Pudding
As Customer Zero, Cisco IT is committed to deploying new versions of code into our production network as fast as possible. A new enterprise firewall path has already been built within the Bangalore Campus network on Firepower 9300 appliances running the 6.3 FTD code.
“This new network allows us to move users between environments,” says Touseef Ahmed Gulgundi, senior IT engineer. “In the future this network will enable us to deploy new code even faster, even during the development stage, and we can also enable it just for clients that are willing to take some risk.”
It Does Not End Here…
Resources are being engaged to start upgrading all NGFWs to version 6.3 in the coming weeks. Any over-provisioned appliances will be converted to instances to free up resources, which will allow us to migrate legacy Adaptive Security Appliance hardware/software to FTD.
We are looking forward to continuing the partnership and test new features/enhancements as we continue to evolve our security solutions.