Solved: Configuration synchronization CSC-SSM

new_networker · ‎11-12-2008

For failover settings, should the primary and secondary peer IP address be the ASA mgmt IP or the CSC-SSM mgmt IP.

Regards.

SOL10 · ‎11-13-2008

no its not unsafe. by default on an ASA, all incoming traffic is blocked unless allowed by an ACL.

When an inside server initiates a connection to a server on the internet, the return traffic is classed as safe and allowed through.

HTH

View solution in original post

SOL10 · ‎11-12-2008

Hi,

do you mean failover for the ASA's or the CSC Modules?

If the CSC modules, the way i have them configured is on the same IP as the inside network (to access the trend server for updates). When I tried to put the CSC on the Management interface on a diff subnet, i found that the CSC modules could not connect to the net for the updates. According to TAC, there are no issues in putting the CSC modules on the inside network.

HTH.

please rate if useful

new_networker · ‎11-12-2008

Don't you think it is unsafe to access the Trend Server on the internet through the inside network.

What kind of security policies, access-list have you configured to block any unwanted traffic such viruses, attack from outside as you would have opened access to internet from inside network for trend updates.

SOL10 · ‎11-13-2008

no its not unsafe. by default on an ASA, all incoming traffic is blocked unless allowed by an ACL.

When an inside server initiates a connection to a server on the internet, the return traffic is classed as safe and allowed through.

HTH