12-03-2007 01:56 PM - edited 03-10-2019 03:53 AM
I have two ASA devices. 5510 with IPS and 5520 with Content scanning. The 5510 sits behind the 5520. I want the 5520 to perform all firewall functions along with content scanning for spyware and viruses. The 5510 will be used purely for IPS for traffic that has been allowed through the 5520. Is there a way to effectively turn off the firewall on the 5510? Is there any inherent problems with this configuration?
Regards,
James Krysinski
12-10-2007 02:55 PM
Yes, you can turn off the firewall on ASA. For this remove any interface which is in outside or inside; better place all interfaces in same security level. Now permit all traffic between the same security level interfaces and remove any other config which was used for firewall.
12-10-2007 08:12 PM
Thanks for the tip. I followed your advice and was able to have the 5510 perform just IPS.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide