cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


216
Views
0
Helpful
5
Replies
Highlighted

ASA 5545-X

 

   Hi All,

   I am planing to implement asa 5545X firewall in place of juniper firewall. We have having cloud proxy now, but we have much problem with cloud proxy for some applications and trusted sites. Now i want to know

  1. can i build my network in such a way, some sites ASA can do proxy(content not required for this) and rest i can push to cloud?
  2. I am going to use 2 ASA's as active and standby, So can i use the standby ASA for proxy filter. So that ASA load will be less.

    Thanks in advance.

 Regards,

 Satya.M

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Mentor

> we are have a plan to get

we are have a plan to get SF-ASA-CX-9.1-K8, which is software based. Now i want to know can we do Proxy on this.

No, the ASA-CX is not a proxy. A Cisco Web Security Appliance (WSA) for example is a proxy. The CX is a transparent gateway where then data gets inspected and allowed/denied while the data flows through.

5 REPLIES 5
VIP Mentor

1) First of all, you have to

1) First of all, you have to define what you want from that proxy. The ASA is an application inspection gateway that sits transparently in the traffic-flow. That's much different then what a traditional proxy does. Of course you can provide extra security with L7-inspection. For that you need a software module which can be the ASA CX or the FirePower (SourceFire).

2) No, the standby ASA is *only* a backup for the primary ASA in case of a failure. There is no loadsharing in active/standby.

  Tnx Karsten, we are have a

 

 Tnx Karsten, we are have a plan to get SF-ASA-CX-9.1-K8, which is software based. Now i want to know can we do Proxy on this.Any document on proxy config will be helpful.

 

Thanks,

Satya.M

VIP Mentor

> we are have a plan to get

we are have a plan to get SF-ASA-CX-9.1-K8, which is software based. Now i want to know can we do Proxy on this.

No, the ASA-CX is not a proxy. A Cisco Web Security Appliance (WSA) for example is a proxy. The CX is a transparent gateway where then data gets inspected and allowed/denied while the data flows through.

Rising star

Hi, I am not sure, how better

Hi,

 

I am not sure, how better you can do proxy using cisco asa... but for your question 2: you cannot make use of the standby one to do anything... that can take traffic only when it becomes traffic... it takes only management and sync traffic when it is in standby mode.

 

Regards

Karthik

   Thnaks Karthik, wish Cisco

 

  Thnaks Karthik, wish Cisco does such things in future :)

  Regards,

  Satya.M