https://community.cisco.com/t5/network-security/asa-default-configuration-threat-detection/m-p/3212165#M1023069 <P>Good day,</P> <P>&nbsp;</P> <P>We provide data services to different customers. Our frontier to the Internet is an ASA 5510 running version 8.2(5). Security related, we have the default configuration with some ACLs applied. We have a DMZ area configured as well.</P> <P>&nbsp;</P> <P>Is this configuration enough? Or is there any functionality you recommend activating?</P> <P>&nbsp;</P> <P>We have basic threat detection enabled (default), and are considering changing it to advanced threat detection or even scanning threat detection. However, we don't know what parameters to check to see whether this may have an impact on our system (traffic is not too much so we don't think it should be an issue). Would you recommend going for advanced or scanning threat detection? what parameters should we check first?</P> <P>&nbsp;</P> <P>We do not want to limit our client's traffic, but we do want to have our network protected from external threats and attacks.</P> <P>&nbsp;</P> <P>Thank you all in advance.</P> <P>Best regards,</P> <P>Marta</P> Fri, 21 Feb 2020 14:39:49 GMT marta.mendez 2020-02-21T14:39:49Z https://community.cisco.com/t5/network-security/asa-default-configuration-threat-detection/m-p/3212165#M1023069 <P>Good day,</P> <P>&nbsp;</P> <P>We provide data services to different customers. Our frontier to the Internet is an ASA 5510 running version 8.2(5). Security related, we have the default configuration with some ACLs applied. We have a DMZ area configured as well.</P> <P>&nbsp;</P> <P>Is this configuration enough? Or is there any functionality you recommend activating?</P> <P>&nbsp;</P> <P>We have basic threat detection enabled (default), and are considering changing it to advanced threat detection or even scanning threat detection. However, we don't know what parameters to check to see whether this may have an impact on our system (traffic is not too much so we don't think it should be an issue). Would you recommend going for advanced or scanning threat detection? what parameters should we check first?</P> <P>&nbsp;</P> <P>We do not want to limit our client's traffic, but we do want to have our network protected from external threats and attacks.</P> <P>&nbsp;</P> <P>Thank you all in advance.</P> <P>Best regards,</P> <P>Marta</P> Fri, 21 Feb 2020 14:39:49 GMT https://community.cisco.com/t5/network-security/asa-default-configuration-threat-detection/m-p/3212165#M1023069 marta.mendez 2020-02-21T14:39:49Z https://community.cisco.com/t5/network-security/asa-default-configuration-threat-detection/m-p/3212565#M1023070 <P>Hi&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="UserName lia-user-name lia-user-rank-New-Member lia-component-message-view-widget-author-username"><SPAN class=""><A id="link_14" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://supportforums.cisco.com/t5/user/viewprofilepage/user-id/445134" target="_self">marta.mendez</A>,</SPAN></SPAN></P> <P><SPAN class="UserName lia-user-name lia-user-rank-New-Member lia-component-message-view-widget-author-username"><SPAN class="">&nbsp;</SPAN></SPAN></P> <P><SPAN class="UserName lia-user-name lia-user-rank-New-Member lia-component-message-view-widget-author-username"><SPAN class="">Good day.</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN class="UserName lia-user-name lia-user-rank-New-Member lia-component-message-view-widget-author-username"><SPAN class="">First of all, I would like to bring it to your notice that 8.2(5 ) is a very old version. You must upgrade your device to some stable 9.2.(x ) version. If you need help in that please let me know.</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN class="UserName lia-user-name lia-user-rank-New-Member lia-component-message-view-widget-author-username"><SPAN class="">Secondly, You can also make use of Nat'ing functionalities, if required.</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN class="UserName lia-user-name lia-user-rank-New-Member lia-component-message-view-widget-author-username"><SPAN class="">If you have dual ISP connection for fault tolerance, you must use SLA-monitor feature.</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN class="UserName lia-user-name lia-user-rank-New-Member lia-component-message-view-widget-author-username"><SPAN class="">Coming to threat detection feature, obviously you can use advanced and scanning threat detection feature. It does take a toll on CPU but as you say that you dont have much traffic flowing across, you can go for it. Always keep in mind, "threat detection" just detects the possibility of threat and alert us but does not prevent.</SPAN></SPAN></P> <P><SPAN class="UserName lia-user-name lia-user-rank-New-Member lia-component-message-view-widget-author-username"><SPAN class="">For more granularity on the subject, you can refer to the link below: -</SPAN></SPAN></P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html</A></P> <P>&nbsp;</P> <P>Please do select and rate the correct answer.</P> <P>&nbsp;</P> <P>Best Regards</P> <P>Dubey, Shivam</P> Tue, 07 Nov 2017 19:05:33 GMT https://community.cisco.com/t5/network-security/asa-default-configuration-threat-detection/m-p/3212565#M1023070 er.shivamdubey31190 2017-11-07T19:05:33Z https://community.cisco.com/t5/network-security/asa-default-configuration-threat-detection/m-p/3213086#M1023071 <P>Thank you <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/266979">@er.shivamdubey31190</a>!!</P> <P>&nbsp;</P> <P>As for upgrading the device to 9.2.(x), we didn't get a contract service for the ASA. It's now end of life, and we haven't found a way to get a maintenance for it to have access to IOS downloads.</P> <P>Do you know how we can activate this device in Cisco to be able to upgrade the IOS?</P> <P>&nbsp;</P> <P>We are going to activate advanced threat detection on the ASA. Even though it does not prevent, we would like to have the logs to know if we are under attack.</P> <P>&nbsp;</P> <P>Best regards,</P> <P>Marta</P> Wed, 08 Nov 2017 12:38:19 GMT https://community.cisco.com/t5/network-security/asa-default-configuration-threat-detection/m-p/3213086#M1023071 marta.mendez 2017-11-08T12:38:19Z https://community.cisco.com/t5/network-security/asa-default-configuration-threat-detection/m-p/3306177#M1023072 <P>Dear Marta,</P> <P>&nbsp;</P> <P>I am sorry, I could not revert back to you on time as I was unwell.&nbsp;</P> <P>Wishing you a very happy new year.&nbsp;</P> <P>&nbsp;</P> <P>Coming to the contract related concern, Please help me with the ASA model.&nbsp;</P> <P>&nbsp;</P> <P>Even if the ASA is end of life, you can request for the Asa OS download.&nbsp;</P> <P>&nbsp;</P> <P>Do you have a valid cisco support contract, if yes, you can for raise a TAC case and ask for the support.&nbsp;</P> <P>&nbsp;</P> <P>Shivam <span class="lia-unicode-emoji" title=":smiling_face_with_smiling_eyes:">😊</span></P> Thu, 04 Jan 2018 16:19:55 GMT https://community.cisco.com/t5/network-security/asa-default-configuration-threat-detection/m-p/3306177#M1023072 er.shivamdubey31190 2018-01-04T16:19:55Z