Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
873
Views
0
Helpful
4
Replies

ASA CSC-10 Replacement

Go to solution
avilt
Level 3
Level 3

‎02-05-2014 10:33 AM - edited ‎02-21-2020 05:06 AM

In the ASA 5520 CSC-10, there used to be Trend Micro antivirus running and now the replacement model is ASA- 5525-X, it's called "Application Visibility and Control"

How does this work? No more trend micro antivirus on asa? How about the management? Is it still thru ASDM?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-06-2014 06:39 AM

Cisco is changing the focus of network protection away from things like anti-virus and into Context-aware security model. There is no more Trend Micro Antivirus offering since the end of sale of the older 5500 series and their associated modules last year.

Thus we have the the CX module on the newer firewalls with features like AVC, Web Security Essential (WSE) and Next-Generation IPS.

All of these are managed via the Prime Security Manager (PRSM) GUI. It's a web GUI distinct from ASDM. It's starting to incorporate some of the ASDM features for managing the base firewall but for now it's main focus is the NGFW features (Next-Generation Firewall as the above features are collectively known).

PRSM can be launched from the ASA itself (known as "on-box" mode) or purchased separately and run as a VM in your VMware environment to manage multiple ASAs. We refer to that as "off-box" PRSM. In that mode, you can share objects and policy definitions across multiple ASAs.

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to avilt

‎02-06-2014 09:17 AM

That's correct no Cisco or directly integrated 3rd party AV.

You can set up Dynamic Access Policies (DAP) in traditional remote access VPNs to check for the presence of and current signature files in a client's AV product.

For enterprises that have the Cisco ISE product with Advanced licenses you can do a posture check on wired and wireless clients and check for many things including AV and direct them to a remediation page etc.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-06-2014 06:39 AM

Cisco is changing the focus of network protection away from things like anti-virus and into Context-aware security model. There is no more Trend Micro Antivirus offering since the end of sale of the older 5500 series and their associated modules last year.

Thus we have the the CX module on the newer firewalls with features like AVC, Web Security Essential (WSE) and Next-Generation IPS.

All of these are managed via the Prime Security Manager (PRSM) GUI. It's a web GUI distinct from ASDM. It's starting to incorporate some of the ASDM features for managing the base firewall but for now it's main focus is the NGFW features (Next-Generation Firewall as the above features are collectively known).

PRSM can be launched from the ASA itself (known as "on-box" mode) or purchased separately and run as a VM in your VMware environment to manage multiple ASAs. We refer to that as "off-box" PRSM. In that mode, you can share objects and policy definitions across multiple ASAs.

0 Helpful

Go to solution
avilt
Level 3
Level 3
In response to Marvin Rhoads

‎02-06-2014 07:56 AM

So there is no anti-virus software?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to avilt

‎02-06-2014 09:17 AM

That's correct no Cisco or directly integrated 3rd party AV.

You can set up Dynamic Access Policies (DAP) in traditional remote access VPNs to check for the presence of and current signature files in a client's AV product.

For enterprises that have the Cisco ISE product with Advanced licenses you can do a posture check on wired and wireless clients and check for many things including AV and direct them to a remediation page etc.

0 Helpful

Go to solution
avilt
Level 3
Level 3
In response to Marvin Rhoads

‎02-06-2014 10:29 PM

So prime security manager is required only when there is avc and wse. We dont need this when we utilize firewall with ips right?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card