CSA MC: learn mode vs. application behavior investigation
Hi net pros,
We use CSA to protect a few call manager clusters. On the old call manager clusters we had the standalone CSAgents running.
With an update to a new call manager version we will setup CSA MC 5.2.
In the lab we use the predefined policies for CCM, CRS etc. and it is working as expected.
With the managed CSA version the goal is of course to protect other server/applications as well - for these applications course no predefined policies exist.
So at the moment I am trying to get an idea how to get to these policies?!
As I understand with learn mode no policies are generated - only all queries will be answered with "yes". But then I don't really know what my server is doing?!
With application behavior investigation you are able to investigate the server which seems very time consuming - and - as far as I understand - you need an extra license if you want to get policies out of that investigation.
I created a few small policies for VNC, McAfee ePO Agent etc. but no "big" policies for complex applications.
Maybe someone here with experience in creating CSA policies can give me some hints - best practice etc.
Should I use learn mode? Buy the rule module creation license?
Re: CSA MC: learn mode vs. application behavior investigation
so in learn mode no events are sent to the MC? (thats what im seeing with one server which has a learn mode policy - but I thought the csa installation on that server is broken, because i see no events)
and if after a csa reset everything is gone, what is this mode good for? production environment? not really?!
so the best thing is to talk to the vendor of that server, ask whats running (ie. webserver, db server, application server etc.), use the predefined policies, run in test mode and make a lot of exceptions?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...