12-09-2019 10:32 PM
Hello everyone,
I have Cisco ASA 5525-X with following images
asa922-4-smp-k8
asdm 7.2(2)1
asasfr-5500x-boot-5.4.0
I need to deploy the firewall in Datacentre environment. For this purpose , i want to create zones/zone pairs and assign interfaces to different zones, and apply bi-directional policies to control traffic. With my past experience of Juniper Netscreen/SRX firewalls , doing all this was so simple and straight forward. But i am unable to find any commands relevant to Zone based configuration in my current setup. Do i need image upgrade or something else?
12-09-2019 11:36 PM
Hi there,
The cisco equivalent Zone Based Firewall is a feature found on cisco routers not ASAs.
The ASA uses the concept of security level (0 - 100) applied to routed interfaces. There is an implicit permit of traffic from a higher level to a lower level in the absence of ACLs. On an SRX you would group IRBs under the same zone, on an ASA something similar could be achieved by having a set of SVIs all have the same security level and configuring same-security-traffic permit inter-interface .
cheers,
Seb.
12-10-2019 08:36 AM
@Seb Rupik , Thanks for reply. Someone have suggested me to follow the given below link, which shows that Zones could be configure in ASA.
Visiting this link and going through all the config, i haven't found even these commands on my ASA 5525X.
I am really confused, what to do now?
12-10-2019 09:14 AM
12-10-2019 10:38 PM
Oohh, It mean mine ASA is just a box, cannot use it as a firewall at all. Even the security Zones config need licenses. As compare to Juniper Netscreen/SRX and Fortinet Fortigate, its not gonna help in creating security zones.
Will FTD replace the current ASA image? or it will run in parallel and just increase the security capabilities of the ASA?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide