I have a ASA 5545X with the internal IPS module
The IP address of the IPS module is one the management network (management interface) (192.168.108.x), and during setup of the IPS, I specify the default gateway as either the management interface of the ASA or the IP of the downstream switch.
The IPS module will have to communicate with the Internet for updates, and I will hvtbe to remotely manage it
so here is my question:
When the IPS module attempts to contact hosts on the Internet, wht path does it follow? Does it go out the magaement interface, through the downstream swtich, and then to the inside interface of the ASA, and out to the web?
If so, do I need to modify the ACL on the inside interface to allow the IPS module out? What ports will need to be open? 443? 80?
Then, if I try to contact this IPS module, and the management interface is set to "management-only", how do I get in? (I assume this limits access to the management network 192.168.108.x)
Any advice would be great