Can the ASA IPS module be setup for configuration replication?
While setting up two ASAs with IPS modules in an Active/Standby configuration, we were configuring the IPS modules and couldn't find any information on setting up the IPS modules in failover between the two ASAs such as configuration replication.
Do we have to duplicate config. changes on both IPS modules?
Re: Can the ASA IPS module be setup for configuration replicatio
You can put the same configs in both IPS modules, but the IPS devices don't share state like the firewalls.
So in a failover condition IPS may lose state of open TCP flows and TCP will need to do a reset to correct the problem. This is generally only a problem if you have a long flow such as a FTP file transfer going on. From a user perspective in most cases, you don't even know that you failed over to the secondary IPS occurred. Engineering is currently looking at sharing stateful information between IPS devices.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...