02-05-2014 10:33 AM - edited 02-21-2020 05:06 AM
In the ASA 5520 CSC-10, there used to be Trend Micro antivirus running and now the replacement model is ASA- 5525-X, it's called "Application Visibility and Control"
How does this work? No more trend micro antivirus on asa? How about the management? Is it still thru ASDM?
Solved! Go to Solution.
02-06-2014 06:39 AM
Cisco is changing the focus of network protection away from things like anti-virus and into Context-aware security model. There is no more Trend Micro Antivirus offering since the end of sale of the older 5500 series and their associated modules last year.
Thus we have the the CX module on the newer firewalls with features like AVC, Web Security Essential (WSE) and Next-Generation IPS.
All of these are managed via the Prime Security Manager (PRSM) GUI. It's a web GUI distinct from ASDM. It's starting to incorporate some of the ASDM features for managing the base firewall but for now it's main focus is the NGFW features (Next-Generation Firewall as the above features are collectively known).
PRSM can be launched from the ASA itself (known as "on-box" mode) or purchased separately and run as a VM in your VMware environment to manage multiple ASAs. We refer to that as "off-box" PRSM. In that mode, you can share objects and policy definitions across multiple ASAs.
02-06-2014 09:17 AM
That's correct no Cisco or directly integrated 3rd party AV.
You can set up Dynamic Access Policies (DAP) in traditional remote access VPNs to check for the presence of and current signature files in a client's AV product.
For enterprises that have the Cisco ISE product with Advanced licenses you can do a posture check on wired and wireless clients and check for many things including AV and direct them to a remediation page etc.
02-06-2014 06:39 AM
Cisco is changing the focus of network protection away from things like anti-virus and into Context-aware security model. There is no more Trend Micro Antivirus offering since the end of sale of the older 5500 series and their associated modules last year.
Thus we have the the CX module on the newer firewalls with features like AVC, Web Security Essential (WSE) and Next-Generation IPS.
All of these are managed via the Prime Security Manager (PRSM) GUI. It's a web GUI distinct from ASDM. It's starting to incorporate some of the ASDM features for managing the base firewall but for now it's main focus is the NGFW features (Next-Generation Firewall as the above features are collectively known).
PRSM can be launched from the ASA itself (known as "on-box" mode) or purchased separately and run as a VM in your VMware environment to manage multiple ASAs. We refer to that as "off-box" PRSM. In that mode, you can share objects and policy definitions across multiple ASAs.
02-06-2014 07:56 AM
So there is no anti-virus software?
02-06-2014 09:17 AM
That's correct no Cisco or directly integrated 3rd party AV.
You can set up Dynamic Access Policies (DAP) in traditional remote access VPNs to check for the presence of and current signature files in a client's AV product.
For enterprises that have the Cisco ISE product with Advanced licenses you can do a posture check on wired and wireless clients and check for many things including AV and direct them to a remediation page etc.
02-06-2014 10:29 PM
So prime security manager is required only when there is avc and wse. We dont need this when we utilize firewall with ips right?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: