Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
898
Views
0
Helpful
3
Replies

Cisco ASA with FirePower operational modes

holgmark37
Level 1
Level 1

‎02-07-2017 06:39 AM - edited ‎03-12-2019 06:16 AM

Hi.

 

I am very new and inexperienced to the FirePower functionality and have some thoughts and questions on this topic.

We have recently invested in Cisco ASA 5515 with FirePower.

Currently it is only configured in Passive Monitor-Only Forwarding Mode.

I am thinking about getting this configured to Inline Tap Monitor-Only Mode.

 

If I understand the Cisco documentation correctly, I can start making policies and see what the SFR module would have done with the traffic, without actually implementing/doing anything.

 

The issue is, that our ASA firewalls already have been running in production for a while, and because of this have the necessary ACL’s and policies in place. We copied the main configuration from our old ASA's to the new 5515 series.

So my question is: Will configuring the SFR module in inline TAP Monitor-only Mode affect the policies already running on the ASA?

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-08-2017 10:25 PM

No it wont.

0 Helpful

holgmark37
Level 1
Level 1
In response to Philip D'Ath

‎02-09-2017 01:26 AM

Tnx for the reply.

But could you elaborate a little, so i understand a more how this works?

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to holgmark37

‎02-09-2017 10:52 AM

If it is in monitor only mode, then it sends a copy of the data to the FirePower module that matches your service policy.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card