Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

New SSM40 install

Im working on configureing an SSM40 on a 5520. I want all traffic entering and leaving the network to be scanned before being passed to the ASA. My question is when Im setting the sensor up under the traffic allocation tabdose selecting the Global policy satisfy this need above? I have seen some configuration guide where aa class map is needed on the ASA to actually send traffic to the sensor? Is this class map needed?

Also another ASA I seen running SSM10 under the backplane the mode was "unpaired" should this be paired?                   

Everyone's tags (6)

New SSM40 install

Yes, the class-map would be required.

You may want to refer to following guide for detailed config.

Hope this helps.


Sawan Gupta

Thanks & Regards, Sawan Gupta

New SSM40 install

There is a VOD at the link below which steps you through the initial config.

Community Member

New SSM40 install

I'd reccomend setting up the policy so that it matches an access-list in a class-map, as opposed to just sending it to the IPS.  The ACL will show up in the ASDM and provide you with a check box to easily disbale the ACL rule and thus disable the IPS should you ever need to turn it off.  The ACL should be a simple permit IP any any....

CreatePlease to create content