• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1448
  • Last Modified:

cisco asa 5525 cx module

has anybody out there used a cisco asa 5525 cx module to restrict users access to the internet using url filtering ?. i have read the words on it and it sounds great but i want to be re-assured it does what it says on the tin.
0
tjwoollard
Asked:
tjwoollard
  • 3
  • 3
1 Solution
 
btanExec ConsultantCommented:
It is ASA CX SSP software module which required Cisco solid state drive (SSD) with Module OS 9.1, ASA 9.1(1) and later OR Module OS 9.2 and ASA 9.1(3). The working of it is actually quite detailed  described below. Do catch the "Compatibility with ASA Features" and "Guidelines and Limitations" sections. The CX does not support failover directly hence inadvertent bypass security policy check though. Also the filtering for SSL traffic required decyption too - actually that applies to any device

http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/modules_cx.html#wp1087140

There is some review though which may be informative
(peek into ASA CX)
http://brandonjcarroll.com/blog/asa-cx-looks-good-with-no-java-and-hard-drives
(Cisco ASA CX Lab Part 2: GUI Overview and Building Basic Policies)
http://www.thesecurityblogger.com/?p=2772
(ASA CX and Cisco Prime Security Manager)
http://www.thesecurityblogger.com/?p=2915 

You may already know, below is an 2012 PDF showing  throughtput testing on the normal ASA but I do expect wit CX, it may be lower in throughput, probably not that impactful. but as device sees more and inspect more, it need to pull in more resources. The policy configure will impact as well with use of wildcard and specific URL.

http://www.miercom.com/pdf/reports/20120514.pdf
0
 
chescotechCommented:
We have been using the Cisco ASA 5555-x and ASA 5512-X with Prime security manager for 5 months.
It crashes constantly and code upgrades have been a nightmare, with every upgrade there is a new set of problems! Do not buy this product!It is a piece of garbage!

We have been working with CiSCo TAC through out the whole ordeal and the issues persist.
0
 
bominthuCommented:
I've got a Cisco 5525 with 120GB SSD. What is that SSD used for btw?
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 
btanExec ConsultantCommented:
Q. What is the purpose of the solid state drive (SSD)?

A. The SSD is required in order to run the Cisco Application Visibility and Control (AVC), and Cisco Web Security Essentials (WSE), next-generation firewall services on the Cisco ASA 5500-X Series. The SSD stores logs and any reports for traffic that is processed by these services, in addition to application signatures and a web security database that are part of these subscriptions.
0
 
bominthuCommented:
I see. Thanks for sharing. Does that mean, if I take out that SSD, there should be no issue to running ASA if I don't need to store logs ?
0
 
btanExec ConsultantCommented:
in a way yes - SSD drive is intended for exclusive use of the NGFW features. Taking an example, the base 5515-X is a NGFW but the IPS would not generally be considered next generation. It stores the signature database locally on the module.
0
 
bominthuCommented:
Thanks
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now