cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1029
Views
5
Helpful
3
Replies

ASA default configuration - Threat Detection

marta.mendez
Level 1
Level 1

Good day,

 

We provide data services to different customers. Our frontier to the Internet is an ASA 5510 running version 8.2(5). Security related, we have the default configuration with some ACLs applied. We have a DMZ area configured as well.

 

Is this configuration enough? Or is there any functionality you recommend activating?

 

We have basic threat detection enabled (default), and are considering changing it to advanced threat detection or even scanning threat detection. However, we don't know what parameters to check to see whether this may have an impact on our system (traffic is not too much so we don't think it should be an issue). Would you recommend going for advanced or scanning threat detection? what parameters should we check first?

 

We do not want to limit our client's traffic, but we do want to have our network protected from external threats and attacks.

 

Thank you all in advance.

Best regards,

Marta

1 Accepted Solution

Accepted Solutions

Hi  marta.mendez,

 

Good day.

 

First of all, I would like to bring it to your notice that 8.2(5 ) is a very old version. You must upgrade your device to some stable 9.2.(x ) version. If you need help in that please let me know.

 

Secondly, You can also make use of Nat'ing functionalities, if required.

 

If you have dual ISP connection for fault tolerance, you must use SLA-monitor feature.

 

Coming to threat detection feature, obviously you can use advanced and scanning threat detection feature. It does take a toll on CPU but as you say that you dont have much traffic flowing across, you can go for it. Always keep in mind, "threat detection" just detects the possibility of threat and alert us but does not prevent.

For more granularity on the subject, you can refer to the link below: -

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html

 

Please do select and rate the correct answer.

 

Best Regards

Dubey, Shivam

View solution in original post

3 Replies 3

Hi  marta.mendez,

 

Good day.

 

First of all, I would like to bring it to your notice that 8.2(5 ) is a very old version. You must upgrade your device to some stable 9.2.(x ) version. If you need help in that please let me know.

 

Secondly, You can also make use of Nat'ing functionalities, if required.

 

If you have dual ISP connection for fault tolerance, you must use SLA-monitor feature.

 

Coming to threat detection feature, obviously you can use advanced and scanning threat detection feature. It does take a toll on CPU but as you say that you dont have much traffic flowing across, you can go for it. Always keep in mind, "threat detection" just detects the possibility of threat and alert us but does not prevent.

For more granularity on the subject, you can refer to the link below: -

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html

 

Please do select and rate the correct answer.

 

Best Regards

Dubey, Shivam

Thank you @er.shivamdubey31190!!

 

As for upgrading the device to 9.2.(x), we didn't get a contract service for the ASA. It's now end of life, and we haven't found a way to get a maintenance for it to have access to IOS downloads.

Do you know how we can activate this device in Cisco to be able to upgrade the IOS?

 

We are going to activate advanced threat detection on the ASA. Even though it does not prevent, we would like to have the logs to know if we are under attack.

 

Best regards,

Marta

Dear Marta,

 

I am sorry, I could not revert back to you on time as I was unwell. 

Wishing you a very happy new year. 

 

Coming to the contract related concern, Please help me with the ASA model. 

 

Even if the ASA is end of life, you can request for the Asa OS download. 

 

Do you have a valid cisco support contract, if yes, you can for raise a TAC case and ask for the support. 

 

Shivam 😊

Review Cisco Networking for a $25 gift card