Hi, Applying policy , depends

crusier2015 · ‎10-12-2015

Hi,

We are planning implement the firesight (Virtual) on central site to manage 4 remote ASA, is it recommended?

Tks

Marvin Rhoads · ‎10-13-2015

As long as you have adequate connectivity between the sites it's fine.

There's not a published requirement for how much that is since it can vary widely according to your traffic and applied policies.

crusier2015 · ‎10-13-2015

But, every time that the users from remote site will be access the Internet, they have to consult Firesight on central site?

Or local ASA have a copy the policies of Firesight?

Marvin Rhoads · ‎10-13-2015

The local ASA FirePOWER modules are the policy enforcement point.

The remote FireSIGHT Manager is used for policy management and reporting (primary functions among others like license and device management, system updates etc.).

User traffic does not flow through FireSIGHT Manager nor does it have to be consulted during enforcement of policy by the remote FirePOWER modules.

inlandprinting · ‎10-26-2015

I currently manage ASA's with SFR modules in 4 sites across the country, in addition to the site that hosts my firesight manager. i have had no issues other than applying policy's tends to take forever.

Aastha Bhardwaj · ‎10-26-2015

Hi,

Applying policy , depends on factors like number of rules in the policy etc , which might cause a delay . But apart from that when you apply the policy , the snort reloads as compilation of new access-list is done which takes some time.

You can check the status in /var/log/action_queue

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Firesight - Remote Site