Solved: Configuring CSC-SSM

JohnTylerPearce · ‎08-26-2012

From what I've been reading about the SSM module is that there is a Base License and a Plus License.

The Base license allows the SSM module to do basic antivirus/spyware checking on your network. The Plus

License allows the Base License, Plus URL Filtering and Email filtering.

So, I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?

I guess you could also just apply ACLs but the best way would be through the SSM.

If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,

when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and

to the Internet?

Thanks for your help guys

Julio Carvajal · ‎08-27-2012

Hello John,

I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?

I guess you could also just apply ACLs but the best way would be through the SSM?

A/ Well as the name said this is a content filtering device, he will apply policies based on what you configured, on the other hand the IPS-SSM will allow al traffic denying only the ones he found is ilegal so I would say yes you are right.

If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,

when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and

to the Internet?

A/ No downtime at all, just remember to have the CSC previously setup, a fail-open policy would be great and finally just redirect the traffic to see it working. As soon as the CSC is up and running there will be a peace association

Regards,

Remember to rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎08-27-2012

Hello John,

I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?

I guess you could also just apply ACLs but the best way would be through the SSM?

A/ Well as the name said this is a content filtering device, he will apply policies based on what you configured, on the other hand the IPS-SSM will allow al traffic denying only the ones he found is ilegal so I would say yes you are right.

If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,

when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and

to the Internet?

A/ No downtime at all, just remember to have the CSC previously setup, a fail-open policy would be great and finally just redirect the traffic to see it working. As soon as the CSC is up and running there will be a peace association

Regards,

Remember to rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

JohnTylerPearce · ‎08-28-2012

Thanks for the help jcarvaja. From what I was reading, it looks lilke the best way to go is, make sure to configure the CSC-SSM, so that if the module fails traffic passes as usual.

Once again Jcarvaja, thanks for the help.

Julio Carvajal · ‎08-28-2012

Hello John,

It is always a pleasure to help

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC