Hey Guys, hopefully a quick question. I'm in the process of setting up my first CX module and as of right now, I have all traffic being redirected to the module, form the ASA. Is this a good practice? I've seen other examples where the admin only redirects http and https from the ASA; but I think this will be a problem if users go to a site that uses a non-standard http port, right? Also, if I only send web traffic to CX, I won't be able to see any other application traffic so I'm not sure why other admins are pushing this as a good way to configure CX. What do you guys do in your environments?
I've seen it done both ways. You are correct regarding the limitaitons of only sending http and https traffic.
One thing that some customers do is to supplement the CX inspection of the standard ports 80 and 443 used by http and https protocols with a separate policy only allowing the well-known ports outbound (by use of an access-list on the inside interface).