asked on

quickest way to turn of CWS on ASA 9.9 using ASDM

Hi We have a fail open policy set. Can someone advise on the quickest way to simply completely turn off scansafe cws using asdm. briefly - I'm not after a bypass for 1 IP- just want it off briefly while continuing to allow web traffic to flow and then quickly turn back on - - since I have a fail open policy set is it simply a matter of just removing the tower IP address set in configuration - device management cloud web security - by having nothing here (removing) will this turn off CWS? - thanks

Thanks

ASKER CERTIFIED SOLUTION

Pete Long

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

philb19

ASKER

Wow thanks Pete - that did clear things up a lot :)

Would I still be correct however in saying that removing the IP of the tower would force the ASA to "fail-open"
And so in effect even though the Access-Lists remain (untouched) the traffic would flow fine And I would be not using CWS/Scansafe)
Another method I guess in effect. - and to put back on just put the IP of tower back in I guess.

Cheers

philb19

ASKER

or in effect I could just untick the service policy rule match any4 any4 https which is configured to go to cloud web security

Pete Long

>>Would I still be correct however in saying that removing the IP of the tower would force the ASA to "fail-open"

I would say 'probably yes' but I cant test it!

>>or in effect I could just untick the service policy rule match any4 any4 https which is configured to go to cloud web security

Only, if that's all the policy is doing - if so it will only be applied to an interface (as you can only have one one global policy).

philb19

ASKER

thanks all i ending up turning off the servie policy - just removing the towers IP - it does not allow you to have them blank in asdm - untick service policy for http and https did the trick