--> Cisco ASA 5500 Series Firewalls allow you to insert hardware modules for increased security and more features.
--> There are basically three different types of hardware modules we can use on ASA 5500 series:
1) ASA CX Module ( For USer Identification)
2) ASA IPS Module ( For IPS Functionality)
3) ASA SFR Module ( For Implementing Firepower Services on ASA).
--> Previously in Cisco ASA, we used to insert hardware modules that contain a software with IPS or CX Feature.
--> Currently in Cisco ASA, we are using an SSD disk drive instead of a hardware module and the software functionality such as IPS or CX is installed in the SSD Disk Drive.
--> Working of the module in the Cisco ASA is same if it is applied as hardware or software.
--> Cisco ASA Firewall receives the traffic on the physical interface and forwards it to the hardware or software module.
--> Once Module receives the traffic from ASA, it is going to inspect it based upon the policy configured.
--> If Policy configured is on the module marks the traffic as good then module returns the traffic to the ASA and the traffic is forwarded to the destination.
--> If Policy configured is on the module marks the traffic as not good then the module tells ASA to drop the traffic.
--> # show module command allows you to check which modules are installed and running on the ASA.
--> Currently it is not possible to run more than one module on the ASA.
--> If you want to remove any module on ASA then execute the following commands,
asa# sw-module module cxsc shutdown
asa# sw-module module cxsc uninstall
asa# reload
Note: If you want to remove IPS Module then replace cxsc with ips in the command.
Ref: Cisco.com
Md.Kareemoddin
CCIE # 54759
--> There are basically three different types of hardware modules we can use on ASA 5500 series:
1) ASA CX Module ( For USer Identification)
2) ASA IPS Module ( For IPS Functionality)
3) ASA SFR Module ( For Implementing Firepower Services on ASA).
--> Previously in Cisco ASA, we used to insert hardware modules that contain a software with IPS or CX Feature.
--> Currently in Cisco ASA, we are using an SSD disk drive instead of a hardware module and the software functionality such as IPS or CX is installed in the SSD Disk Drive.
--> Working of the module in the Cisco ASA is same if it is applied as hardware or software.
--> Cisco ASA Firewall receives the traffic on the physical interface and forwards it to the hardware or software module.
--> Once Module receives the traffic from ASA, it is going to inspect it based upon the policy configured.
--> If Policy configured is on the module marks the traffic as good then module returns the traffic to the ASA and the traffic is forwarded to the destination.
--> If Policy configured is on the module marks the traffic as not good then the module tells ASA to drop the traffic.
--> # show module command allows you to check which modules are installed and running on the ASA.
--> Currently it is not possible to run more than one module on the ASA.
--> If you want to remove any module on ASA then execute the following commands,
asa# sw-module module cxsc shutdown
asa# sw-module module cxsc uninstall
asa# reload
Note: If you want to remove IPS Module then replace cxsc with ips in the command.
Ref: Cisco.com
Md.Kareemoddin
CCIE # 54759
No comments:
Post a Comment