https://community.cisco.com/t5/network-security/configuring-csc-ssm/m-p/2069399#M54716 <P>From what I've been reading about the SSM module is that there is a Base License and a Plus License.</P><P>The Base license allows the SSM module to do basic antivirus/spyware checking on your network. The Plus</P><P>License allows the Base License, Plus URL Filtering and Email filtering.</P><P></P><P>So, I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?</P><P>I guess you could also just apply ACLs but the best way would be through the SSM.</P><P></P><P>If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,</P><P>when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and</P><P>to the Internet?</P><P></P><P>Thanks for your help guys&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Sun, 10 Mar 2019 12:45:46 GMT JohnTylerPearce 2019-03-10T12:45:46Z https://community.cisco.com/t5/network-security/configuring-csc-ssm/m-p/2069399#M54716 <P>From what I've been reading about the SSM module is that there is a Base License and a Plus License.</P><P>The Base license allows the SSM module to do basic antivirus/spyware checking on your network. The Plus</P><P>License allows the Base License, Plus URL Filtering and Email filtering.</P><P></P><P>So, I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?</P><P>I guess you could also just apply ACLs but the best way would be through the SSM.</P><P></P><P>If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,</P><P>when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and</P><P>to the Internet?</P><P></P><P>Thanks for your help guys&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Sun, 10 Mar 2019 12:45:46 GMT https://community.cisco.com/t5/network-security/configuring-csc-ssm/m-p/2069399#M54716 JohnTylerPearce 2019-03-10T12:45:46Z https://community.cisco.com/t5/network-security/configuring-csc-ssm/m-p/2069400#M54719 <HTML><HEAD></HEAD><BODY><P>Hello John,</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;"> I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">I guess you could also just apply ACLs but the best way would be through the SSM?</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">A/&nbsp;&nbsp;&nbsp;&nbsp; Well as the name said this is a content filtering device, he will apply policies based on what you configured, on the other hand the IPS-SSM will allow al traffic denying only the ones he found is ilegal so I would say yes you are right.</P><P></P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">to the Internet?</P><P> A/ No downtime at all, just remember to have the CSC previously setup, a fail-open policy would be great and finally just redirect the traffic to see it working. As soon as the CSC is up and running there will be a peace association</P><P></P><P>Regards,</P><P></P><P><STRONG>Remember to rate all the helpful posts</STRONG></P><P></P><P>Julio</P></BODY></HTML> Tue, 28 Aug 2012 06:51:48 GMT https://community.cisco.com/t5/network-security/configuring-csc-ssm/m-p/2069400#M54719 Julio Carvajal 2012-08-28T06:51:48Z https://community.cisco.com/t5/network-security/configuring-csc-ssm/m-p/2069401#M54724 <HTML><HEAD></HEAD><BODY><P> Thanks for the help jcarvaja. From what I was reading, it looks lilke the best way to go is, make sure to configure the CSC-SSM, so that if the module fails traffic passes as usual.</P><P></P><P>Once again Jcarvaja, thanks for the help.</P></BODY></HTML> Tue, 28 Aug 2012 09:56:58 GMT https://community.cisco.com/t5/network-security/configuring-csc-ssm/m-p/2069401#M54724 JohnTylerPearce 2012-08-28T09:56:58Z https://community.cisco.com/t5/network-security/configuring-csc-ssm/m-p/2069402#M54729 <HTML><HEAD></HEAD><BODY><P>Hello John,</P><P></P><P>It is always a pleasure to help</P><P></P><P>Julio</P></BODY></HTML> Tue, 28 Aug 2012 19:10:32 GMT https://community.cisco.com/t5/network-security/configuring-csc-ssm/m-p/2069402#M54729 Julio Carvajal 2012-08-28T19:10:32Z