Solved

cisco asa 5525 cx module

Posted on 2014-01-23
7
1,374 Views
Last Modified: 2014-10-05
has anybody out there used a cisco asa 5525 cx module to restrict users access to the internet using url filtering ?. i have read the words on it and it sounds great but i want to be re-assured it does what it says on the tin.
0
Comment
Question by:tjwoollard
  • 3
  • 3
7 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39806385
It is ASA CX SSP software module which required Cisco solid state drive (SSD) with Module OS 9.1, ASA 9.1(1) and later OR Module OS 9.2 and ASA 9.1(3). The working of it is actually quite detailed  described below. Do catch the "Compatibility with ASA Features" and "Guidelines and Limitations" sections. The CX does not support failover directly hence inadvertent bypass security policy check though. Also the filtering for SSL traffic required decyption too - actually that applies to any device

http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/modules_cx.html#wp1087140

There is some review though which may be informative
(peek into ASA CX)
http://brandonjcarroll.com/blog/asa-cx-looks-good-with-no-java-and-hard-drives
(Cisco ASA CX Lab Part 2: GUI Overview and Building Basic Policies)
http://www.thesecurityblogger.com/?p=2772
(ASA CX and Cisco Prime Security Manager)
http://www.thesecurityblogger.com/?p=2915 

You may already know, below is an 2012 PDF showing  throughtput testing on the normal ASA but I do expect wit CX, it may be lower in throughput, probably not that impactful. but as device sees more and inspect more, it need to pull in more resources. The policy configure will impact as well with use of wildcard and specific URL.

http://www.miercom.com/pdf/reports/20120514.pdf
0
 

Expert Comment

by:chescotech
ID: 40325187
We have been using the Cisco ASA 5555-x and ASA 5512-X with Prime security manager for 5 months.
It crashes constantly and code upgrades have been a nightmare, with every upgrade there is a new set of problems! Do not buy this product!It is a piece of garbage!

We have been working with CiSCo TAC through out the whole ordeal and the issues persist.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40357665
I've got a Cisco 5525 with 120GB SSD. What is that SSD used for btw?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 62

Expert Comment

by:btan
ID: 40358511
Q. What is the purpose of the solid state drive (SSD)?

A. The SSD is required in order to run the Cisco Application Visibility and Control (AVC), and Cisco Web Security Essentials (WSE), next-generation firewall services on the Cisco ASA 5500-X Series. The SSD stores logs and any reports for traffic that is processed by these services, in addition to application signatures and a web security database that are part of these subscriptions.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40358797
I see. Thanks for sharing. Does that mean, if I take out that SSD, there should be no issue to running ASA if I don't need to store logs ?
0
 
LVL 62

Expert Comment

by:btan
ID: 40358871
in a way yes - SSD drive is intended for exclusive use of the NGFW features. Taking an example, the base 5515-X is a NGFW but the IPS would not generally be considered next generation. It stores the signature database locally on the module.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40362499
Thanks
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question