we have a fail-over ASA cluster, with 2 AIP-SSM IPS, each one in one ASA. There is a way to config IPS module in cluster mode like ASA, or have a configuration mirroring between them ?
Thank you really much.
Best regards Antonello.
Configuration mirroring between AIP-SSMs is not currently available. You can mimic this process by copying the current-configuration from the active AIP-SSM to a FTP server, edit the configuration to remove the host specific details (IP address, etc) and then copy that configuration to the stand-by AIP-SSM.
Another option would be to invest in Cisco Security Manager (CSM) and create a shared policy that is applied to both AIP-SSM.