asa 9 trustsec

Posted on 2013-10-20
Medium Priority
Last Modified: 2013-10-27

with asa 9, there is a new feature that allows it to integrate with trustsec.  That allows for policy based enforcement.

I'm still a novice with trustsec, however can someone explain to me what benefit this feature brings to have enforcement at the ASA?  
Where would policy enforcement happen if it wasn't done on the ASA and what benefit does it offer to do it at the aSA?
Question by:trojan81
  • 2
  • 2
LVL 16

Expert Comment

ID: 39587129
Here is a good article explaining it:


It's not really in context of the ASA but as an example you can use TrustSec to apply your group policies that are generated with TrustSec to determine packet flows at the ASA, rather than trying to restrict edge traffic from the switch ports.

Author Comment

ID: 39588161
wouldn't you want to restrict traffic at the closest point to the user which is the switch port?

Author Comment

ID: 39588231
what's a good use-case example for having trustsec at the ASA?
LVL 16

Accepted Solution

btassure earned 2000 total points
ID: 39588323
I'll answer both questions at once :)

Yes, you could restrict it all at the switch but it means leaving holes in the security perimeter.

The idea around this stuff is that you would configure internal policies on the ISE (Identity Services Engine) that will span the whole network. Adding the ASA to mix enables you to either plug the gap in the security if you have TrustSec everywhere else, or allows you to run TrustSec at your border even if you can't/don't implement it on your switches.

I'm not sure if that's enough info for a use case? What switches do you have and are you already using TrustSec?

Some more info here:


Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question