Chapter 19 Managing the AIP SSM and CSC SSM

Managing the CSC SSM

Note The SSM management port IP address must be accessible by the hosts used to run ASDM. The IP addresses for the SSM management port and the adaptive security appliance management interface can be in different subnets.

DNS server IP address.

HTTP proxy server IP address (required only if your security policies require use of a proxy server for HTTP access to the Internet).

Domain name and hostname for the SSM.

An email address and an SMTP server IP address and port number, for email notifications.

IP addresses of hosts or networks allowed to manage the CSC SSM.

Password for the CSC SSM.

Step 4 In a web browser, access ASDM for the adaptive security appliance that the CSC SSM is in.

Note If you are accessing ASDM for the first time, see the Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide for assistance with the Startup Wizard.

For more information about enabling ASDM access, see the “Allowing HTTPS Access for ASDM” section on page 33-4.

Step 5 Verify time settings on the adaptive security appliance. Time setting accuracy is important for logging of security events and for automatic updates of CSC SSM software.

If you manually control time settings, verify the clock settings, including time zone. Choose Configuration > Properties > Device Administration > Clock.

If you are using NTP, verify the NTP configuration. Choose Configuration > Properties > Device Administration > NTP.

Step 6 In ASDM, run the Content Security setup wizard. To do so, access the ASDM GUI in a supported web browser and on the Home page, click the Content Security tab. The Content Security setup wizard runs. For assistance with the Content Security setup wizard, click the Help button.

Note If you are accessing ASDM for the first time, see the Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide for assistance with the Startup Wizard.

Step 7 On the ASA 5500 series adaptive security appliance, identify traffic to divert to the CSC SSM (as described in the “Diverting Traffic to the CSC SSM” section on page 19-11).

Step 8 (Optional) Review the default content security policies in the CSC SSM GUI. The default content security policies are suitable for most implementations. Modifying them is advanced configuration that you should perform only after reading the Cisco Content Security and Control SSM Administrator Guide.

You review the content security policies by viewing the enabled features in the CSC SSM GUI. The availability of features depends on the license level you purchased. By default, all features included in the license you purchased are enabled.

With a Base License, the features enabled by default are SMTP virus scanning, POP3 virus scanning and content filtering, webmail virus scanning, HTTP file blocking, FTP virus scanning and file blocking, logging, and automatic updates.

Cisco Security Appliance Command Line Configuration Guide

19-8

OL-8629-01

 

 

Page 7 Page 9
Page 8
Image 8
Cisco Systems ASA 5500 manual 19-8
Page 7 Page 9

ASA 5500 specifications

Cisco Systems ASA 5500 is a robust security appliance designed to provide advanced network security and protection against both internal and external threats. Ideal for organizations of various sizes, the ASA 5500 series offers a wide range of features that combine firewall capabilities with intrusion prevention, VPN support, and application control, among others.

One of the key features of the ASA 5500 is its stateful firewall technology. This allows the device to monitor active connections and enforce security policies based on the state of the traffic. By maintaining the context of network sessions, the firewall can make informed decisions on whether to allow or deny traffic based on established rules.

In addition to traditional firewall functionalities, the ASA 5500 series integrates advanced intrusion prevention capabilities. By analyzing traffic patterns and identifying known threats, the IPS functionality helps organizations defend against a variety of malicious activities, such as DDoS attacks, malware, and unauthorized access attempts. The ASA 5500 continuously updates its threat intelligence through Cisco's global threat database, enhancing its ability to detect emerging threats in real-time.

Virtual Private Network (VPN) support is another significant aspect of the ASA 5500 series. The device offers secure, encrypted connections for remote users and branch offices, ensuring safe access to corporate resources over the Internet. It supports both IPsec and SSL VPN protocols, allowing organizations to choose the best option for their specific needs. This capability is crucial for businesses that require a secure environment for remote work.

The ASA 5500 series also features extensive application control and visibility tools. These tools enable organizations to manage and control the applications running on their network, ensuring that only authorized applications can communicate through the firewall. This level of control helps to mitigate risks associated with unauthorized applications, which can lead to data breaches or reduced productivity.

Moreover, the ASA 5500 is designed with high availability and scalability in mind. Its clustering support ensures that multiple units can work together to provide redundancy and load balancing, enhancing both performance and reliability. This characteristic is especially important for organizations looking to maintain continuous operation during traffic spikes or hardware failures.

In summary, Cisco Systems ASA 5500 is an all-in-one security solution that combines stateful firewall protection, intrusion prevention, VPN capabilities, and application control. With its robust feature set and focus on security, it is well-suited for organizations seeking to protect their networks from an ever-evolving landscape of cyber threats. Whether for small businesses or large enterprises, the ASA 5500 provides the necessary tools to create a secure networking environment.
Top Page Image Contents