Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5510 security plus

I just installed CISCO ASA 5510 security plus in my network,

I chose very simple configuration,

DMZ security level 50

Inside 100

Outside 0

Added some routes towards inside network

ACL is in place to permit traffic from outside network into DMZ, users will connect to the router via vpn and then will access DMZ servers via ASA

Nothing else is added in the ASA,,

IS THIS CONFIGURATION will be helpful for IDS/IPS Operation,,,

How ASA will upgrade its database??

What else do I need to configure in the ASA to protect it from Intrusions,, viruses etc etc,,,

I am not in the mood of buying CSC SSM security module for spam etc etc,, its very expensive,,,But I can think about it,, as my company can afford it...

Will CSC SSM module will be helpful??

Please advise

1 REPLY
Cisco Employee

Re: ASA 5510 security plus

The CSC module is capable of scanning 4 protocols (http, ftp, smtp and pop).

It is like a computer on its own. You give it an IP address like any other computer and give it internet access (tcp port 80 and 443 and udp 53) and it will automatically go out to Trend Micro's servers and receive updates at the set schedule (every hour or once every day or manually)

For small companies with 30-50 users, this will be ideal.

http://www.cisco.com/en/US/docs/security/csc/csc62/administration/guide/csc62adm.html

Here is the sizing guide as to how many concurrent sessions can the csc-10 and csc-20 modules handle at a given time.

http://cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_white_paper0900aecd805c3cd6.html

Do you want to protect the ASA or the computers behind it?

It is the later correct?

313
Views
0
Helpful
1
Replies
CreatePlease to create content