04-16-2020 07:36 AM
Hi all
I've got a new ASA Firepower which replaces an other old ASA. The old one has various IP Audit Policies configured, but I think for legacy reasons.
What is the default today in regards to IP Audit?
Is this enabled by default or not?
What are your recommendations?
I could only find this in the legacy documentation for ASA 9.12.x image, so I assume it should be left disabled, unless there are good reasons to enable it?
https://www.cisco.com/c/en/us/td/docs/security/asa/legacy/asa-legacy-gd/protect-tools.html#26683
This device terminates exclusively SSL VPN Client connections, if that is of importance, and sits behind another Firepower ASA.
Thanks
Patrick
04-17-2020 04:13 AM
I've never seen the feature used in production in the past decade of working with 100s of ASA firewalls.
If you have a current ASA with Firepower service module, the basic IPS policy enforced by the service module (most often "Balanced Security and Connectivity") would the the analogous feature. It would also more closely reflect what's appropriate for the current threat landscape.
04-17-2020 04:47 AM
04-17-2020 05:00 AM
Ah OK. Hopefully the upstream ASA has the Firepower protections in place.
I imagine the config was on an old Pix that might have been installed there once. That's the last place I recall seeing that config item used.
04-17-2020 05:31 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide