Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
896
Views
9
Helpful
2
Replies

Firepower and Scansafe CWS

GRANT3779
Spotlight
Spotlight

‎02-02-2016 02:51 AM - edited ‎03-12-2019 12:13 AM

Hi,

I have been reading the following -

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

It states the following -


Do not configure Cloud Web Security (ScanSafe) inspection on traffic that you send to the ASA FirePOWER module. If traffic matches both your Cloud Web Security and ASA FirePOWER service policies, the traffic is forwarded to the ASA FirePOWER module only. If you want to implement both services, ensure there is no overlap between the traffic matching criteria for each service.

When it says "ensure no overlap, if you want to use both services" what exactly would be used here?
I have CWS configured on a number of ASAs which are soon to be enabled for Firepower also. For CWS we are matching on ACL (http and https). If I want to send web traffic to the Firepower module also what would be required?

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-02-2016 02:58 AM

You really should only need to use one ... but I think if you enable the policies on different interfaces (inside and outside for example) you should be ok.  You just can't enable both policies at the same time globally or per interface.

rrfield
Level 1
Level 1

‎02-17-2016 01:40 PM

I wonder if this would apply to only in-line mode, or passive / monitor only mode as well?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card