Solved

cisco asa 5525 cx module

Posted on 2014-01-23
7
1,379 Views
Last Modified: 2014-10-05
has anybody out there used a cisco asa 5525 cx module to restrict users access to the internet using url filtering ?. i have read the words on it and it sounds great but i want to be re-assured it does what it says on the tin.
0
Comment
Question by:tjwoollard
  • 3
  • 3
7 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39806385
It is ASA CX SSP software module which required Cisco solid state drive (SSD) with Module OS 9.1, ASA 9.1(1) and later OR Module OS 9.2 and ASA 9.1(3). The working of it is actually quite detailed  described below. Do catch the "Compatibility with ASA Features" and "Guidelines and Limitations" sections. The CX does not support failover directly hence inadvertent bypass security policy check though. Also the filtering for SSL traffic required decyption too - actually that applies to any device

http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/modules_cx.html#wp1087140

There is some review though which may be informative
(peek into ASA CX)
http://brandonjcarroll.com/blog/asa-cx-looks-good-with-no-java-and-hard-drives
(Cisco ASA CX Lab Part 2: GUI Overview and Building Basic Policies)
http://www.thesecurityblogger.com/?p=2772
(ASA CX and Cisco Prime Security Manager)
http://www.thesecurityblogger.com/?p=2915 

You may already know, below is an 2012 PDF showing  throughtput testing on the normal ASA but I do expect wit CX, it may be lower in throughput, probably not that impactful. but as device sees more and inspect more, it need to pull in more resources. The policy configure will impact as well with use of wildcard and specific URL.

http://www.miercom.com/pdf/reports/20120514.pdf
0
 

Expert Comment

by:chescotech
ID: 40325187
We have been using the Cisco ASA 5555-x and ASA 5512-X with Prime security manager for 5 months.
It crashes constantly and code upgrades have been a nightmare, with every upgrade there is a new set of problems! Do not buy this product!It is a piece of garbage!

We have been working with CiSCo TAC through out the whole ordeal and the issues persist.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40357665
I've got a Cisco 5525 with 120GB SSD. What is that SSD used for btw?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Expert Comment

by:btan
ID: 40358511
Q. What is the purpose of the solid state drive (SSD)?

A. The SSD is required in order to run the Cisco Application Visibility and Control (AVC), and Cisco Web Security Essentials (WSE), next-generation firewall services on the Cisco ASA 5500-X Series. The SSD stores logs and any reports for traffic that is processed by these services, in addition to application signatures and a web security database that are part of these subscriptions.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40358797
I see. Thanks for sharing. Does that mean, if I take out that SSD, there should be no issue to running ASA if I don't need to store logs ?
0
 
LVL 63

Expert Comment

by:btan
ID: 40358871
in a way yes - SSD drive is intended for exclusive use of the NGFW features. Taking an example, the base 5515-X is a NGFW but the IPS would not generally be considered next generation. It stores the signature database locally on the module.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40362499
Thanks
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question