12-01-2013 05:02 AM - edited 03-11-2019 08:11 PM
Can I implement the new ASA 5525-X IPS in transparent mode? Can I still have fail open features with it? What are the pros and cons with this mode?
Solved! Go to Solution.
12-01-2013 08:37 PM
Hello,
That for sure, no problem.
The IPS can sit inline
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
12-01-2013 10:30 AM
Hello,
Sure you can.
Regarding the IPS and Firewall there are no such restrictions.
Restrictions would be with the way the ASA behaves.
EX:
No VPN support
No routing protocols.
Stuff like that buddy
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
12-01-2013 11:30 AM
So all I need to do is from the active firewall inside interface--> connect it to ASA IPS ----> L3 switch.
IPS will be active only when the primary firewall is active.
Do I need to allow any specific rules on IPS for the ASA HA pair to work when I insert IPS in between primary and the L3 switch?
12-01-2013 01:33 PM
Hello,
Remember that the ASA 5500-X Family use a software based IPS. So no physical interface to connect but logicals.
Now, you are talking about fail-over between ASAs. Before was fail-open and fail-closed with the IPS itself.
The answer to the last question is yes, if the active ASA fails then the ASA will too. There will be a switchover.
No special rules, no worry. From the IPS perspective it will work the same.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
12-01-2013 08:24 PM
Can I have ASA-IPS in inline mode with transparent mode as well?
12-01-2013 08:37 PM
Hello,
That for sure, no problem.
The IPS can sit inline
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide