- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2019 07:41 AM - edited 03-12-2019 07:17 AM
Dear
How are you? Implementing two sfr modules in ASA failover firewall will be managed by an FMC. For 3 weeks you will be only monitoring the traffic and analyzed through the FMC to define the signature bases that we will block, I have a period to leave it in "Inline Tap Monitor Only", What do you recommend? or leave it online (sfr fail-open) without a monitor and in the FMC allow all traffic?
Firepower policy map
class firepower class
sfr fail-open monitor-only
Thanks very much.
Solved! Go to Solution.
- Labels:
-
NGIPS
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2019 07:01 PM
I'd say it's easier to do the monitor-only in the ASA policy-map configuration.
That way it's a one-line immediate effect change to revert it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2019 07:01 PM
I'd say it's easier to do the monitor-only in the ASA policy-map configuration.
That way it's a one-line immediate effect change to revert it.
