topic Hello Sir,Sorry for the in Network Security

about ASA firewall

Fahad Wasi — Tue, 12 Mar 2019 04:00:23 GMT

Hello everyone,

I have a question about ASA firewall, is it true that in ASA firewall, their are 2 ways we can configure it?

Either we use GUI mode to access the ASA firewall or CLI mode?

Is the GUI application basically the ASDM that we download and install it on the firewall?

Thanks

Yes, you are right. You can

Karsten Iwen — Fri, 28 Mar 2014 11:52:52 GMT

Yes, you are right. You can use either the CLI or the GUI which is the ASDM.

For the firewalling-part you can also do some config on the CLI and other config on the GUI, just as you want.

But for VPN, there are some parts in the config that can't be configured with the CLI, these have to be done in the GUI.

hi fahad,karsten is right!

johnlloyd_13 — Sun, 30 Mar 2014 02:36:00 GMT

hi fahad,

karsten is right! you can only do certain things or configuration in ASDM (ASA GUI) versus CLI.

a perfect example is the clientless SSL VPN (webvpn) portal customization.

also to further add his answer, there's an option either to install the launcher permanently on your PC/NMS or run dynamically from ASA (from flash).

Hello Karsten IwenThanks

Fahad Wasi — Thu, 10 Apr 2014 16:36:42 GMT

Hello Karsten Iwen

Thanks for your reply so you mean that their are certain configurations that can only be done on CLI and GUI mode?

My other question is apart from configuring ACL on firewalls, what else can we do on it?
Do we also have to configure IPS /IDS on it or they are by default set?

Thanks

Very little is set by default

Marvin Rhoads — Thu, 10 Apr 2014 17:43:28 GMT

Very little is set by default. A default configuration only has the management interface active with an IP address and DHCP server. Once you setup some basic interface addresses and give them names and security levels you will, by default, be allowed to pass traffic from higher security to lower security level interfaces. Some routing is helpful to make anything other than connected networks reachable.

There are hundreds of other things you can do. IDS/IPS, for instance is a separate and optional module on the ASA. Only if you have it installed and licensed can you then create a service-policy in the ASA (using cli or GUI) directing traffic to it.

Configuration of the IDS is technically possible from the cli but 99% of people use the GUI (ASDM or IME - IPS Manager Express) for that.

Hello Sir,Sorry for the

Fahad Wasi — Tue, 06 May 2014 10:31:35 GMT

Hello Sir,

Sorry for the delay, thanks for the reply, Sir, do you mean that by default the security settings on the ASA firewall is set the max(Highest) level?

How do we install IPS/IDS on ASA firewall?

Do these IPS/IDS protect the LAN from external threats eg. viruses,trogons and etc?

Regards,

Also, just to add, the XML

Marius Gunnerud — Tue, 06 May 2014 11:10:22 GMT

Also, just to add, the XML files for the anyconnect profiles can only be customised via the ASDM.

Please remember to select a correct answer and rate

As I mentioned above, "IDS

Marvin Rhoads — Tue, 06 May 2014 18:31:21 GMT

As I mentioned above, "IDS/IPS, for instance is a separate and optional module on the ASA." It must be installed and licensed. There are several types for the ASA. On the older 5500 series as well as the newer 5500-X series, one can use the AIP-SSM, part of Cisco's older technology IPS. Its capabilities are covered in the data sheet.

The newer 5500-X series also have the option of running IPS services on the CX module as part of the Next Generation Firewall (NGFW) features (also included is the option to run Web Security Essentials and Application Visibility and Control). That product is further described here.

The NGFW features are going to give you the greatest protection going forward as that represents the latest platform and developments from Cisco.

For whichever path you choose, the product support page (linked from the product info pages I already noted above) for a given product has installation and configuration guides.