11-07-2017 03:53 AM - edited 02-21-2020 06:39 AM
Good day,
We provide data services to different customers. Our frontier to the Internet is an ASA 5510 running version 8.2(5). Security related, we have the default configuration with some ACLs applied. We have a DMZ area configured as well.
Is this configuration enough? Or is there any functionality you recommend activating?
We have basic threat detection enabled (default), and are considering changing it to advanced threat detection or even scanning threat detection. However, we don't know what parameters to check to see whether this may have an impact on our system (traffic is not too much so we don't think it should be an issue). Would you recommend going for advanced or scanning threat detection? what parameters should we check first?
We do not want to limit our client's traffic, but we do want to have our network protected from external threats and attacks.
Thank you all in advance.
Best regards,
Marta
Solved! Go to Solution.
11-07-2017 11:05 AM
Hi marta.mendez,
Good day.
First of all, I would like to bring it to your notice that 8.2(5 ) is a very old version. You must upgrade your device to some stable 9.2.(x ) version. If you need help in that please let me know.
Secondly, You can also make use of Nat'ing functionalities, if required.
If you have dual ISP connection for fault tolerance, you must use SLA-monitor feature.
Coming to threat detection feature, obviously you can use advanced and scanning threat detection feature. It does take a toll on CPU but as you say that you dont have much traffic flowing across, you can go for it. Always keep in mind, "threat detection" just detects the possibility of threat and alert us but does not prevent.
For more granularity on the subject, you can refer to the link below: -
Please do select and rate the correct answer.
Best Regards
Dubey, Shivam
11-07-2017 11:05 AM
Hi marta.mendez,
Good day.
First of all, I would like to bring it to your notice that 8.2(5 ) is a very old version. You must upgrade your device to some stable 9.2.(x ) version. If you need help in that please let me know.
Secondly, You can also make use of Nat'ing functionalities, if required.
If you have dual ISP connection for fault tolerance, you must use SLA-monitor feature.
Coming to threat detection feature, obviously you can use advanced and scanning threat detection feature. It does take a toll on CPU but as you say that you dont have much traffic flowing across, you can go for it. Always keep in mind, "threat detection" just detects the possibility of threat and alert us but does not prevent.
For more granularity on the subject, you can refer to the link below: -
Please do select and rate the correct answer.
Best Regards
Dubey, Shivam
11-08-2017 04:38 AM
Thank you @er.shivamdubey31190!!
As for upgrading the device to 9.2.(x), we didn't get a contract service for the ASA. It's now end of life, and we haven't found a way to get a maintenance for it to have access to IOS downloads.
Do you know how we can activate this device in Cisco to be able to upgrade the IOS?
We are going to activate advanced threat detection on the ASA. Even though it does not prevent, we would like to have the logs to know if we are under attack.
Best regards,
Marta
01-04-2018 08:19 AM
Dear Marta,
I am sorry, I could not revert back to you on time as I was unwell.
Wishing you a very happy new year.
Coming to the contract related concern, Please help me with the ASA model.
Even if the ASA is end of life, you can request for the Asa OS download.
Do you have a valid cisco support contract, if yes, you can for raise a TAC case and ask for the support.
Shivam 😊
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide