Solved

cisco asa 5525 cx module

Posted on 2014-01-23
7
1,365 Views
Last Modified: 2014-10-05
has anybody out there used a cisco asa 5525 cx module to restrict users access to the internet using url filtering ?. i have read the words on it and it sounds great but i want to be re-assured it does what it says on the tin.
0
Comment
Question by:tjwoollard
  • 3
  • 3
7 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39806385
It is ASA CX SSP software module which required Cisco solid state drive (SSD) with Module OS 9.1, ASA 9.1(1) and later OR Module OS 9.2 and ASA 9.1(3). The working of it is actually quite detailed  described below. Do catch the "Compatibility with ASA Features" and "Guidelines and Limitations" sections. The CX does not support failover directly hence inadvertent bypass security policy check though. Also the filtering for SSL traffic required decyption too - actually that applies to any device

http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/modules_cx.html#wp1087140

There is some review though which may be informative
(peek into ASA CX)
http://brandonjcarroll.com/blog/asa-cx-looks-good-with-no-java-and-hard-drives
(Cisco ASA CX Lab Part 2: GUI Overview and Building Basic Policies)
http://www.thesecurityblogger.com/?p=2772
(ASA CX and Cisco Prime Security Manager)
http://www.thesecurityblogger.com/?p=2915 

You may already know, below is an 2012 PDF showing  throughtput testing on the normal ASA but I do expect wit CX, it may be lower in throughput, probably not that impactful. but as device sees more and inspect more, it need to pull in more resources. The policy configure will impact as well with use of wildcard and specific URL.

http://www.miercom.com/pdf/reports/20120514.pdf
0
 

Expert Comment

by:chescotech
ID: 40325187
We have been using the Cisco ASA 5555-x and ASA 5512-X with Prime security manager for 5 months.
It crashes constantly and code upgrades have been a nightmare, with every upgrade there is a new set of problems! Do not buy this product!It is a piece of garbage!

We have been working with CiSCo TAC through out the whole ordeal and the issues persist.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40357665
I've got a Cisco 5525 with 120GB SSD. What is that SSD used for btw?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 62

Expert Comment

by:btan
ID: 40358511
Q. What is the purpose of the solid state drive (SSD)?

A. The SSD is required in order to run the Cisco Application Visibility and Control (AVC), and Cisco Web Security Essentials (WSE), next-generation firewall services on the Cisco ASA 5500-X Series. The SSD stores logs and any reports for traffic that is processed by these services, in addition to application signatures and a web security database that are part of these subscriptions.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40358797
I see. Thanks for sharing. Does that mean, if I take out that SSD, there should be no issue to running ASA if I don't need to store logs ?
0
 
LVL 62

Expert Comment

by:btan
ID: 40358871
in a way yes - SSD drive is intended for exclusive use of the NGFW features. Taking an example, the base 5515-X is a NGFW but the IPS would not generally be considered next generation. It stores the signature database locally on the module.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40362499
Thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now