Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
819
Views
3
Helpful
4
Replies

fail to secure state

Go to solution
Jeff Horton
Level 1
Level 1

‎08-23-2022 10:27 AM

Is there a way to configure the ASA 5555X to fail to a secure state upon a failure? 

0 Helpful
1 Accepted Solution

Accepted Solutions
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-23-2022 10:43 AM

Failure can mean many things - from the box crashing to an interface going down to a bug causing certain traffic to be mishandled. Obviously if the former happens no traffic will pass through the device. I suppose you could call that "fail to a secure state".

We would need to know more about the context of your question to answer your original question better.

Go to solution
Jeff Horton
Level 1
Level 1
In response to Marvin Rhoads

‎08-23-2022 11:00 AM

There is a DISA STIG that has the following requirement: The firewall must fail to a secure state upon the failure of the following: system initialization, shutdown, or system abort.

Thanks for the quick response.

Go to solution
Jeff Horton
Level 1
Level 1
In response to Jeff Horton

‎08-23-2022 11:05 AM

The fix text says: Configure the firewall to stop forwarding traffic or maintain the configured security policies up the failure of the following actions: system initialization, shutdown, or system abort.

Could I create an EEM that shuts down ports incase of one of the actions? If so, what syslog id would I get the EEM to monitor?

Sorry for so many questions. This has been biting me for a long time now and I have to fix with a solution or they will have to accept a risk acceptance.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card