cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
306
Views
0
Helpful
3
Replies
Highlighted
Rising star

Configuring CSC-SSM

From what I've been reading about the SSM module is that there is a Base License and a Plus License.

The Base license allows the SSM module to do basic antivirus/spyware checking on your network. The Plus

License allows the Base License, Plus URL Filtering and Email filtering.

So, I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?

I guess you could also just apply ACLs but the best way would be through the SSM.

If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,

when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and

to the Internet?

Thanks for your help guys                  

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

Configuring CSC-SSM

Hello John,

I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?

I guess you could also just apply ACLs but the best way would be through the SSM?

A/     Well as the name said this is a content filtering device, he will apply policies based on what you configured, on the other hand the IPS-SSM will allow al traffic denying only the ones he found is ilegal so I would say yes you are right.

If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,

when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and

to the Internet?

A/ No downtime at all, just remember to have the CSC previously setup, a fail-open policy would be great and finally just redirect the traffic to see it working. As soon as the CSC is up and running there will be a peace association

Regards,

Remember to rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
3 REPLIES 3

Configuring CSC-SSM

Hello John,

I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?

I guess you could also just apply ACLs but the best way would be through the SSM?

A/     Well as the name said this is a content filtering device, he will apply policies based on what you configured, on the other hand the IPS-SSM will allow al traffic denying only the ones he found is ilegal so I would say yes you are right.

If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,

when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and

to the Internet?

A/ No downtime at all, just remember to have the CSC previously setup, a fail-open policy would be great and finally just redirect the traffic to see it working. As soon as the CSC is up and running there will be a peace association

Regards,

Remember to rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Rising star

Configuring CSC-SSM

Thanks for the help jcarvaja. From what I was reading, it looks lilke the best way to go is, make sure to configure the CSC-SSM, so that if the module fails traffic passes as usual.

Once again Jcarvaja, thanks for the help.

Configuring CSC-SSM

Hello John,

It is always a pleasure to help

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards