05-07-2009 09:37 AM - edited 03-10-2019 04:37 AM
I have two ASA-5520's in active/standby mode servicing a 500-node LAN w/ 1 outside interface, 1 inside interface, and 1 DMZ. How best to implement IPS, preferably using integrated modules, and without introducing a single point of failure? Also, what software would I need to install & manage IPS? Can it be managed thru ASDM or is something like Cisco Security Manager (CSM) necessary? TIA!
05-08-2009 07:07 AM
You don;t mention if you want to do in-line IPS or promiscious mode IDS.
We'll assume you want in-line IPS. You'll need an AIP-SSM module in each ASA5520 chassis. they will operate independantly (unlike the firewalls that maintain state between them), and you'll suffer a little when traffic fails over between active and standby ASAs. The size of the AIP-SSM modules will depend on how much traffic you're pushing thru your firewall interfaces that require inspection, including your DMZs. Don't believe the Cisco performance numbers. Since you only have two IPS sensors I wouldn't reccomend CSM. use the CLI, build in GUI or the free up-to-5-sensor management application.
05-08-2009 09:17 AM
Yes, we want to do in-line IPS. Thanks for the fast response!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: