Hi,We'd like to implement ASA5585 with SSP-60.
I knew that the inspection will stop while the signature is updating.
because sensor app will be stopped.
I guess there are only one signature database on IPS which is managed by IPS device.
It means every virtual sensor's inspection depends on same signature database.
I think all virtual sensor will stop inspecting if some virtual sensor worked on IPS when the signatures is updated.
But I can't find evidence what is above.
if you knows it,please tell me about it.
You are right. Just think about what is virtualized with virtual sensors and what not. Only the processing of the sensor policy is part of the virtualization. All the rest is based on the same shared system for all virtual sensors. Of course you can influence the behavior of your system with inline/promiscous-settings in MPF and also with specifying if you want to use fail-open/fail-close or even using failover to your secondary ASA while the first ASA-module does maintainance.
Sent from Cisco Technical Support iPad App
Thank you so much for your answer.I got it.
We will make some policies on MPF to solve it.the one is fail-open,another is fail-close.we have a/s architecture,but It's hard to use secondary when every time signature is updating on primary.
I think this spec is serious for customer.
because there are time without inspection.