Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA CSC-10 Replacement

In the ASA 5520 CSC-10, there used to be Trend Micro antivirus running and now the replacement model is ASA- 5525-X, it's called "Application Visibility and Control"

How does this work? No more trend micro antivirus on asa? How about the management? Is it still thru ASDM?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

ASA CSC-10 Replacement

Cisco is changing the focus of network protection away from things like anti-virus and into Context-aware security model. There is no more Trend Micro Antivirus offering since the end of sale of the older 5500 series and their associated modules last year.

Thus we have the the CX module on the newer firewalls with features like AVC, Web Security Essential (WSE) and Next-Generation IPS.

All of these are managed via the Prime Security Manager (PRSM) GUI. It's a web GUI distinct from ASDM. It's starting to incorporate some of the ASDM features for managing the base firewall but for now it's main focus is the NGFW features (Next-Generation Firewall as the above features are collectively known).

PRSM can be launched from the ASA itself (known as "on-box" mode) or purchased separately and run as a VM in your VMware environment to manage multiple ASAs. We refer to that as "off-box" PRSM. In that mode, you can share objects and policy definitions across multiple ASAs.

Hall of Fame Super Silver

ASA CSC-10 Replacement

That's correct no Cisco or directly integrated 3rd party AV.

You can set up Dynamic Access Policies (DAP) in traditional remote access VPNs to check for the presence of and current signature files in a client's AV product.

For enterprises that have the Cisco ISE product with Advanced licenses you can do a posture check on wired and wireless clients and check for many things including AV and direct them to a remediation page etc.

4 REPLIES
Hall of Fame Super Silver

ASA CSC-10 Replacement

Cisco is changing the focus of network protection away from things like anti-virus and into Context-aware security model. There is no more Trend Micro Antivirus offering since the end of sale of the older 5500 series and their associated modules last year.

Thus we have the the CX module on the newer firewalls with features like AVC, Web Security Essential (WSE) and Next-Generation IPS.

All of these are managed via the Prime Security Manager (PRSM) GUI. It's a web GUI distinct from ASDM. It's starting to incorporate some of the ASDM features for managing the base firewall but for now it's main focus is the NGFW features (Next-Generation Firewall as the above features are collectively known).

PRSM can be launched from the ASA itself (known as "on-box" mode) or purchased separately and run as a VM in your VMware environment to manage multiple ASAs. We refer to that as "off-box" PRSM. In that mode, you can share objects and policy definitions across multiple ASAs.

Community Member

ASA CSC-10 Replacement

So there is no anti-virus software?

Hall of Fame Super Silver

ASA CSC-10 Replacement

That's correct no Cisco or directly integrated 3rd party AV.

You can set up Dynamic Access Policies (DAP) in traditional remote access VPNs to check for the presence of and current signature files in a client's AV product.

For enterprises that have the Cisco ISE product with Advanced licenses you can do a posture check on wired and wireless clients and check for many things including AV and direct them to a remediation page etc.

Community Member

ASA CSC-10 Replacement

So prime security manager is required only when there is avc and wse. We dont need this when we utilize firewall with ips right?

475
Views
0
Helpful
4
Replies
CreatePlease to create content