Network Security Automation using Cisco Secure Firewall and HashiCorp’s Consul: Today, more organizations are embracing microservices and dynamic infrastructure deployments in cloud environments. In these environments, instances and services can be created and decommissioned as needed, which means keeping track of updates to such components in a fast-changing environment is a challenge for SecOps teams. This new reality requires solutions that are as dynamic as the environments they need to automate.
Dealing with Changing IP Addresses
Here’s an example: a security policy configured on the Cisco Secure Firewall allows traffic from one service to another based on their IP addresses. It is effective as long as the IP address does not change. If the destination node goes down or becomes inaccessible, another node will replace it, making the policy ineffective. The policy does not dynamically change on the Firewall — it needs an administrator to log into the device and manually update it unless the Cisco Secure Firewall Management Center (FMC) receives dynamic updates to modify the policy rules based on the attributes of the node.