I have been setting up a pair of ASA 5515-X with WSE & AVC. So far I am impressed with its application filtering. I am using the CX Prime Security Manager and cannot figure out how to pull a report on a specific user or IP address. The other filters I have used have had this feature. I want to be able to drill down on activity like what is present in the event viewer but would like to export it somehow. Hopefully I am missing something so that when the brass asks for a report on a users internet activity I can hand them something.
One more question if I may. Do I have to purchase the off-box Prime security manager to manage both CX modules on these firewalls or is that typically included? Both came with an empty Prime Security Manager DVD case which I thought was a bit odd.
Thanks for any help.
As of right now the reporting is limited to the canned reports available from the "generate report" menu. You're correct in that it's not nearly as informative as the screens you can call up in the event viewer under Users or Policies. I expect this to be enhanced in future releases.
Off-box or multi-device PRSM is a separately licensed product and must be purchased on its own. I agree this is a burden in a simple two unit HA pair. Without it, you have to do double entry on all your configuration changes. With it, the pair only consumes a single device license count but the entry level licensing is for 5 devices (PRSMV9-SW-5-K9, list price US$3,000)