07-03-2016 01:57 PM - last edited on 03-25-2019 06:16 PM by ciscomoderator
We are a small ISP with about 600 customers. Our aggregate through our ASA 5515x hits about 320 mbps.
A speedtest shows that it can do about 860 mbps up/down without FirePower. With a typical Firepower inline configuration, we get about 220 mbps.
Purchasing a 5555-x is currently over our budget. We are licensed for two ASAs, so the option exists to put a second one on the network or load balance. (which I've heard does not consume a license)
Another option is to just block BitTorrent, otherwise be notified of malware & intrusion attempts?
Can anyone suggest a way to configure this?
Thanks,
-Robert
07-03-2016 10:07 PM
Hi Robert,
For blocking bittorrent, you can create an access control rule with bittorrent as an application selected and set the action to block.
Make sure if you are using the latest VDB (vulnearbility database on your firepower)
For getting alerts on intrusions and malware , you can refer to the below document :
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html
If you are managing via ASDM, you can use syslog an snmp same as above.
Please rate and mark helpful posts.
Thanks,
Ankita
07-04-2016 12:06 PM
We are managing with FMC running under VMWare. I'd rather see the alerts on FMC.
I do have this configuration, with my File policy looking like:
If I select Malware cloud lookup under "action", it just looks up? Otherwise I'd select "block malware"?
It seems that no matter how minimal the configuration is, I cannot get over 280 mbps, and while doing a speedtest with one client, a ping test of about 2ms goes to 150-330 ms with a lot of jitter.
Thanks,
Robert
07-04-2016 10:33 PM
Hello
If you enable malware cloudlookup it will query cloud for the file disposition to check if the file is clean or threat etc..Block malware means it will completely block the files marked as malware.
For the verification of throughputs you can open a TAC request just to confirm that your deploymebt is proper.
Rate if posts helps you
Regards
Jetsy
07-15-2016 12:44 PM
Keep in mind that Malware/file analysis will create more overhead on those ASAs, adding latency in your network. Tune it well. this is in addition on other features you add like URI filtering, Network Discovery policies, and Signatures with HIgh or very High overhead.
Just me 2 pennies
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide