« back to news

Cisco ISA3000 with FTD – FMC version – Lab v3

November 2020

The Cisco ISA-3000 Industrial Security Appliance is a ruggedized Firewall built to secure Industrial Networks such as Manufacturing plants, Electric Substations, and Oil Refineries. Traditional OT (Operation Technology) environments include silos of vendor-specific infrastructure with separate management systems. The Cisco ISA 3000 provides common security processes and network security management across IT and OT systems. This combination allows companies to use their existing IT security expertise while meeting OT specific needs.

The Cisco ISA 3000 helps deliver consistent policy enforcement and the segmentation needed to simplify compliance standards such as ISA99, IEC 62443, NERC-CIP. This also serves to reduce Audit scope. As customers open up their OT environments to take advantage of IoT efficiencies, they cannot compromise system availability. The Cisco ISA 3000 provides application awareness, understanding protocols such as Modbus and rich OT specific threat detection. This increases visibility across the IT and OT environments, enables consistent policy enforcement, and reduces risks to system availability.

The Cisco ISA 3000 Industrial Security Appliance incorporates the same security as Cisco Next generation firewall. It also comes with four high-performance Ethernet data links in a DIN rail or rack-mount form factor. Cisco ISA 3000 supports 2 software architectures, the first being ASA with Firepower services and the second, Firepower Threat Defense (FTD) software. This Lab is based on FTD software.

What’s New

Five new scenarios cover Remote Access, and four types of Segmentation: Network, L4 Information, OT Applications (AppID), and OT Commands (Read/Write).


The preconfigured Cisco ISA3000 with FTD – FMC version – Lab v3 includes:

  • Scenario 1: Initial Lab Setup Using FMC
  • Scenario 2: Access Control Policy to Enable SCADA Protocol Detection
  • Scenario 3: OT Protocol Command Inspection
  • Scenario 4: OT Threat Protection Using IPS
  • Scenario 5: Remote Access
  • Scenario 6: Segmentation Based on Networks
  • Scenario 7: Segmentation Based on L4 Information (Port and Protocol)
  • Scenario 8: Segmentation Based on OT Applications (AppID)
  • Scenario 9: Segmentation Based on OT Commands (Read/Write)


Required Optional
  • Laptop
  • Cisco AnyConnect®

Get Started & Resources