11-12-2008 05:13 AM - edited 03-11-2019 07:12 AM
For failover settings, should the primary and secondary peer IP address be the ASA mgmt IP or the CSC-SSM mgmt IP.
Regards.
Solved! Go to Solution.
11-13-2008 02:28 AM
no its not unsafe. by default on an ASA, all incoming traffic is blocked unless allowed by an ACL.
When an inside server initiates a connection to a server on the internet, the return traffic is classed as safe and allowed through.
HTH
11-12-2008 07:37 AM
Hi,
do you mean failover for the ASA's or the CSC Modules?
If the CSC modules, the way i have them configured is on the same IP as the inside network (to access the trend server for updates). When I tried to put the CSC on the Management interface on a diff subnet, i found that the CSC modules could not connect to the net for the updates. According to TAC, there are no issues in putting the CSC modules on the inside network.
HTH.
please rate if useful
11-12-2008 08:26 AM
Don't you think it is unsafe to access the Trend Server on the internet through the inside network.
What kind of security policies, access-list have you configured to block any unwanted traffic such viruses, attack from outside as you would have opened access to internet from inside network for trend updates.
11-13-2008 02:28 AM
no its not unsafe. by default on an ASA, all incoming traffic is blocked unless allowed by an ACL.
When an inside server initiates a connection to a server on the internet, the return traffic is classed as safe and allowed through.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide