We have two ASA's in an active/passive failover situation each with an AIP-SSM-20 IPS module.
Are these modules meant to synchronize their configs like the ASA's do? Or are they each a separate entity and each need to be configured separately?
Thanks for any help!
Each will need their own IP, and each will need to be separately configured.
They will not communicate with each other and will not share configuration.
You will need to ensure config changes in one are made on the other.
You monitoring station will need to pull events from both sensors.
The SSMs rely on the ASA for tracking TCP state so they will work fine within an ASA failover design.