- Blue, 1500 points or more
I want to setup a service policy rule to send traffic to the CX module. What would be the best setup for that? What interfaces? etc.
Ideally you'd send all traffic - that's part of the value of AVC, giving you visibility into and control over what's going on at the application level.
No, you should not inspect http on the base ASA. Any other inspections should be OK to keep.
With a default policy set there should not be any traffic disruption. Based on what policy you may have configured, you may get the blocks, warnings, etc. the product is designed to offer.
Even so we always recommend testing in a lab environment first and introducing any such significant change as part of a coordinated and approved maintenance window so that the possibility of service-affecting outage is taken into account.