ASA - Send Traffic to AIP-SSM *AND* Perform Inspections
I want to send all traffic to the AIP-SSM in my ASA as well as perform the inspections listed in the global_policy map below. What is the best way to accomplish this? Can I just enter "ips inline fail-open" within the "class inspection_default" section?
Re: ASA - Send Traffic to AIP-SSM *AND* Perform Inspections
You want to also apply application inspection to that traffic.
The ASA will apply its firewall policies prior to sending the traffic to the AIP-SSM module. Here, depeding on the operation mode of the AIP-SSM, the traffic will actually be send it to the AIP-SSM or only a copy will be sent to the module.
If you have application inspection enabled globally on the ASA (or applied to an interface), the ASA will apply those rules before contacting the AIP-SSM module.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...