03-14-2011 11:53 AM - edited 03-11-2019 01:06 PM
Hello,
I need for explanation about the way the number of user/eat used is calculated.
A customer has a basic license for CSC-SSm with 50 seats.
In the night he receives a mail explaining that there is a license violation .
I find that a seat is in fact one IP address.
The command 'sh csc-node' summarizes the number of IP addresses seen by the CSC-SSM module (from inside interface) for the day (from midnight to midnight).
1) is that to says that only 50 IP inside addresses can be analyzed by the CSC-SSM module ?
what about if 2 more end-users need to go outside (throught this CSC-SSm card) are they blocked ?
2) as some IP inside addresses are used for only 1 hour a day (even less), how can we get some more IP addresses be analyzed by this module ?
3) can we reduce the intervalle used by the command 'sh csc node-count' ?
4) can we get this node count by SNMP polling, what is the OID to be polled ?
Regards,
Solved! Go to Solution.
03-14-2011 12:48 PM
Hello,
See [MR] inline for the answers to your questions:
1) is that to says that only 50 IP inside addresses can be analyzed by the CSC-SSM module ? what about if 2 more end-users need to go outside (throught this CSC-SSm card) are they blocked ?
[MR] No, the IPs that exceed the seat count will not be blocked. The license exceeded message is purely informational.
2) as some IP inside addresses are used for only 1 hour a day (even less), how can we get some more IP addresses be analyzed by this module ?
[MR] You can purchase license upgrades for the CSC to increase the seat count. For example, if you wanted to upgrade from 100 seats to 250 seats for a CSC-SSM-10, you would purchase the following licensing part number:
ASA-CSC10-100-250=
3) can we reduce the intervalle used by the command 'sh csc node-count' ?
[MR] No, this is hard-coded for a 24 hour period and cannot be changed.
4) can we get this node count by SNMP polling, what is the OID to be polled ?
[MR] No, this is only available through 'show csc node-count' command. You would need to write a script to login to the firewall and collect this output if you wanted to monitor this remotely.
Hope that helps.
-Mike
03-14-2011 12:48 PM
Hello,
See [MR] inline for the answers to your questions:
1) is that to says that only 50 IP inside addresses can be analyzed by the CSC-SSM module ? what about if 2 more end-users need to go outside (throught this CSC-SSm card) are they blocked ?
[MR] No, the IPs that exceed the seat count will not be blocked. The license exceeded message is purely informational.
2) as some IP inside addresses are used for only 1 hour a day (even less), how can we get some more IP addresses be analyzed by this module ?
[MR] You can purchase license upgrades for the CSC to increase the seat count. For example, if you wanted to upgrade from 100 seats to 250 seats for a CSC-SSM-10, you would purchase the following licensing part number:
ASA-CSC10-100-250=
3) can we reduce the intervalle used by the command 'sh csc node-count' ?
[MR] No, this is hard-coded for a 24 hour period and cannot be changed.
4) can we get this node count by SNMP polling, what is the OID to be polled ?
[MR] No, this is only available through 'show csc node-count' command. You would need to write a script to login to the firewall and collect this output if you wanted to monitor this remotely.
Hope that helps.
-Mike
03-15-2011 04:29 AM
hello Mike,
1) thank you for those answers.
2) regarding the 2 or 3 more seats used avoer the figure according by the license, if the traffic isn't block and the message only for information, then what happens to this traffic ?
Is it send without any control ?
is it controled and maybe blocked for unauthorised site ?
how much users can be managed by this feature/service with a 50 seats license ? (and the message only for information).
regards,
Jean-david
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide