02-11-2019 07:41 AM - edited 03-12-2019 07:17 AM
Dear
How are you? Implementing two sfr modules in ASA failover firewall will be managed by an FMC. For 3 weeks you will be only monitoring the traffic and analyzed through the FMC to define the signature bases that we will block, I have a period to leave it in "Inline Tap Monitor Only", What do you recommend? or leave it online (sfr fail-open) without a monitor and in the FMC allow all traffic?
Firepower policy map
class firepower class
sfr fail-open monitor-only
Thanks very much.
Solved! Go to Solution.
02-12-2019 07:01 PM
I'd say it's easier to do the monitor-only in the ASA policy-map configuration.
That way it's a one-line immediate effect change to revert it.
02-12-2019 07:01 PM
I'd say it's easier to do the monitor-only in the ASA policy-map configuration.
That way it's a one-line immediate effect change to revert it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: