08-26-2012 11:28 AM - edited 03-10-2019 05:45 AM
From what I've been reading about the SSM module is that there is a Base License and a Plus License.
The Base license allows the SSM module to do basic antivirus/spyware checking on your network. The Plus
License allows the Base License, Plus URL Filtering and Email filtering.
So, I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?
I guess you could also just apply ACLs but the best way would be through the SSM.
If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,
when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and
to the Internet?
Thanks for your help guys
Solved! Go to Solution.
08-27-2012 11:51 PM
Hello John,
I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?
I guess you could also just apply ACLs but the best way would be through the SSM?
A/ Well as the name said this is a content filtering device, he will apply policies based on what you configured, on the other hand the IPS-SSM will allow al traffic denying only the ones he found is ilegal so I would say yes you are right.
If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,
when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and
to the Internet?
A/ No downtime at all, just remember to have the CSC previously setup, a fail-open policy would be great and finally just redirect the traffic to see it working. As soon as the CSC is up and running there will be a peace association
Regards,
Remember to rate all the helpful posts
Julio
08-27-2012 11:51 PM
Hello John,
I'm assuming that the only way to block malicious web sites and URL filtering is through the SSM?
I guess you could also just apply ACLs but the best way would be through the SSM?
A/ Well as the name said this is a content filtering device, he will apply policies based on what you configured, on the other hand the IPS-SSM will allow al traffic denying only the ones he found is ilegal so I would say yes you are right.
If you purpose the CSC-SSM with Plus LIcense, and configure it, will there by any downtime associated with it,
when you switch the traffic being forwarded to the CSC from the ASA instead of just going out to the ASA and
to the Internet?
A/ No downtime at all, just remember to have the CSC previously setup, a fail-open policy would be great and finally just redirect the traffic to see it working. As soon as the CSC is up and running there will be a peace association
Regards,
Remember to rate all the helpful posts
Julio
08-28-2012 02:56 AM
Thanks for the help jcarvaja. From what I was reading, it looks lilke the best way to go is, make sure to configure the CSC-SSM, so that if the module fails traffic passes as usual.
Once again Jcarvaja, thanks for the help.
08-28-2012 12:10 PM
Hello John,
It is always a pleasure to help
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide