03-17-2015 12:50 PM - edited 03-11-2019 10:39 PM
I have an ASA 5525-X with the Sourcefire module and would like some verification about whether HTTP inspection should be enabled on the ASA. Basically, on my 5510 I had a HTTP inspect policy configured on the outside interface (matching specific URI information) which also dropped connections with HTTP protocol violations. When setting up my 5525-X I set up the same inspect policy on the outside interface I'm running into an issue where I can't download ISOs from Microsoft because the ASA is dropping the connection since there is a HTTP protocol violation.
Couple of questions:
1. Should I be doing http inspection on any interface on the ASA or leave that to the Sourcefire module?
2. How can I find out what the protocol violation is and how can I fix it?
Thanks.
Solved! Go to Solution.
09-02-2016 11:11 PM
The ASA includes many advanced application inspection features, including HTTP inspection. However, the ASA FirePOWER module provides more advanced HTTP inspection than the ASA provides, as well as additional features for other applications, including monitoring and controlling application usage.
You must follow these configuration restrictions on the ASA:
Other application inspections on the ASA are compatible with the ASA FirePOWER module, including the default inspections.
09-02-2016 11:11 PM
The ASA includes many advanced application inspection features, including HTTP inspection. However, the ASA FirePOWER module provides more advanced HTTP inspection than the ASA provides, as well as additional features for other applications, including monitoring and controlling application usage.
You must follow these configuration restrictions on the ASA:
Other application inspections on the ASA are compatible with the ASA FirePOWER module, including the default inspections.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide