Turn off firewall for ASA running IPS

Unanswered Question
Dec 3rd, 2007
User Badges:

I have two ASA devices. 5510 with IPS and 5520 with Content scanning. The 5510 sits behind the 5520. I want the 5520 to perform all firewall functions along with content scanning for spyware and viruses. The 5510 will be used purely for IPS for traffic that has been allowed through the 5520. Is there a way to effectively turn off the firewall on the 5510? Is there any inherent problems with this configuration?


James Krysinski

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
amritpatek Mon, 12/10/2007 - 14:55
User Badges:
  • Silver, 250 points or more

Yes, you can turn off the firewall on ASA. For this remove any interface which is in outside or inside; better place all interfaces in same security level. Now permit all traffic between the same security level interfaces and remove any other config which was used for firewall.

jkrysinski Mon, 12/10/2007 - 20:12
User Badges:

Thanks for the tip. I followed your advice and was able to have the 5510 perform just IPS.

Thanks again.


This Discussion