Solved

cisco asa 5525 cx module

Posted on 2014-01-23
7
1,355 Views
Last Modified: 2014-10-05
has anybody out there used a cisco asa 5525 cx module to restrict users access to the internet using url filtering ?. i have read the words on it and it sounds great but i want to be re-assured it does what it says on the tin.
0
Comment
Question by:tjwoollard
  • 3
  • 3
7 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39806385
It is ASA CX SSP software module which required Cisco solid state drive (SSD) with Module OS 9.1, ASA 9.1(1) and later OR Module OS 9.2 and ASA 9.1(3). The working of it is actually quite detailed  described below. Do catch the "Compatibility with ASA Features" and "Guidelines and Limitations" sections. The CX does not support failover directly hence inadvertent bypass security policy check though. Also the filtering for SSL traffic required decyption too - actually that applies to any device

http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/modules_cx.html#wp1087140

There is some review though which may be informative
(peek into ASA CX)
http://brandonjcarroll.com/blog/asa-cx-looks-good-with-no-java-and-hard-drives
(Cisco ASA CX Lab Part 2: GUI Overview and Building Basic Policies)
http://www.thesecurityblogger.com/?p=2772
(ASA CX and Cisco Prime Security Manager)
http://www.thesecurityblogger.com/?p=2915

You may already know, below is an 2012 PDF showing  throughtput testing on the normal ASA but I do expect wit CX, it may be lower in throughput, probably not that impactful. but as device sees more and inspect more, it need to pull in more resources. The policy configure will impact as well with use of wildcard and specific URL.

http://www.miercom.com/pdf/reports/20120514.pdf
0
 

Expert Comment

by:chescotech
ID: 40325187
We have been using the Cisco ASA 5555-x and ASA 5512-X with Prime security manager for 5 months.
It crashes constantly and code upgrades have been a nightmare, with every upgrade there is a new set of problems! Do not buy this product!It is a piece of garbage!

We have been working with CiSCo TAC through out the whole ordeal and the issues persist.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40357665
I've got a Cisco 5525 with 120GB SSD. What is that SSD used for btw?
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 61

Expert Comment

by:btan
ID: 40358511
Q. What is the purpose of the solid state drive (SSD)?

A. The SSD is required in order to run the Cisco Application Visibility and Control (AVC), and Cisco Web Security Essentials (WSE), next-generation firewall services on the Cisco ASA 5500-X Series. The SSD stores logs and any reports for traffic that is processed by these services, in addition to application signatures and a web security database that are part of these subscriptions.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40358797
I see. Thanks for sharing. Does that mean, if I take out that SSD, there should be no issue to running ASA if I don't need to store logs ?
0
 
LVL 61

Expert Comment

by:btan
ID: 40358871
in a way yes - SSD drive is intended for exclusive use of the NGFW features. Taking an example, the base 5515-X is a NGFW but the IPS would not generally be considered next generation. It stores the signature database locally on the module.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40362499
Thanks
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Installing Tor browser 15 88
PCI standards 5 45
USB System Failing 17 60
Resource cost of NAT vs routing 3 21
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now