Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1535
Views
0
Helpful
4
Replies

Cisco ASA use Sophos UTM IPS

Mokhalil82
Level 4
Level 4

‎05-14-2018 05:56 AM - edited ‎02-21-2020 07:45 AM

Hi

I am trying to understand if the ASA can use the IPS on the Sophos UTM 9.

We have a pair of ASA 5585-X firewalls with IPS. I am in the process of looking to replace the IPS module with a firepower module.

We also have a Sophos UTM 9 that does all the email and web filtering etc. 

Am I able to utilize the IPS functionality of the Sophos UTM to work with the ASA?

Not that I want to do that but its a question I just want to answer whether it can work

 

Thanks

Labels:
0 Helpful
4 Replies 4

Florin Barhala
Level 6
Level 6

‎05-14-2018 06:21 AM

Why wouldn't work?
It ALL depends of the design you're using to scan traffic already with your UTM appliances. Are you using some kind of "transparent mode" or you redirect traffic? Just add a network diagram for your setup.
0 Helpful

Mokhalil82
Level 4
Level 4
In response to Florin Barhala

‎05-14-2018 07:41 AM

I have just attached a diagram.

The UTM sits alongside the ASA currently. The ASA does the IPSEC VPNs and the UTM does the SSL VPNs.

 

All our web traffic currently uses the inside address of the UTM as the gateway (the computers have a client that talks to the sophos cloud web gateway which proxies the web traffic to the UTM first) and then sent out the inside interface to the ASA before leave the outside interface of the ASA.

 

So If in this case we want to utilize Sophos for the IPS, what is the best way to achieve this?

 

 

Preview file
23 KB
0 Helpful

Bogdan Nita
VIP Alumni
VIP Alumni
In response to Mokhalil82

‎05-14-2018 08:31 AM

I usually try to avoid designs where there are 2 default gateways possible and one of those is the ASA.
They may work at first, but after a while a request will come that can't be done because the ASA does not support icmp redirections and wants to see the going and return traffic.
Usually it's a better idea to have only one device as default gateway and the other one connected using a interconnect network.
I am not familiar with the Sophos UTM, but if it is a UTM it has the functions available on the ASA and plus some, so why still use the ASA in this case ?
If you want to offload the site to site VPNs to the ASA, I would use the UTM as default gateway and have a interconnect to the ASA so that vpn traffic still gets filtered by the UTM.
If you are planning to use both devices for filtering traffic, the acl based device (in this case the ASA) would be placed before and the IPS, because devices running IPS are more resource intensive.

 

HTH

Bogdan

0 Helpful

Florin Barhala
Level 6
Level 6
In response to Mokhalil82

‎05-15-2018 06:55 AM

I subscribe's to Bogdan's reply. I would preferably use transparent mode for UTM so you will be left with only "one default gateway".

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card