Modules ASA CSC - SSM - any good?

Similar Questions

• ASA CSC - SSM issue

  Dear concern,

  I installed CSC-SSM-10 on cisco ASA 5520.

  I am facing two problems

  Problem 1: When I send traffic from ASA to module SSM then internet connection becomes slow and sometimes internet disconnected session.

  2. when I try to manually update and then following erros shows please see attachment.

  Please note that I can internet ping of the SCC module. Please suggest me to solve these problems.

  Concerning

  Imran

  Hi Imran,

  I'm glad that it works after the correction of the DNS configuration.

  To view SCC files-logs, you can use one of the 4 options:

  1 look at one of the newspapers > menu query in the Trend Micro admin page (this is a fixed size buffer)

  2. manually export logs from the Trend Micro admin page in a CSV file

  3. send the logs to a syslog server (Logs > settings)

  4. on the tab control of ASDM content security

  Hope that helps.

  -Mike

• Upgrade of the CSC-SSM

  Hello

  A user ASA 5510 with ASA-SSM-CSC-10-K9 module with more-lic(Spam/URL/Phish), in recent years, he has not renewed the contract Smartnet (CON-SNT-XXXX) and its ASA CSC - SSM module subscription has expired as well.

  He now wants to upgrade to subscription CSC - SSM,

  (1) upgrade the module CSC - SSM with ASACSC10-50UP1Y (50 users ASA 5500 CSC-SSM-10 w / more Lic.) will solve its purpose or must it also renew CON - SNT as well.

  Because according to the Cisco document "" two services are necessary to the proper functioning of the CSC - SSM: Update software and Cisco SMARTnet® service. ""

  ((2) to renew the contract of Cisco Smartnet, what product it has need to renew the contract for one) would be - for module CSC - SSM -.

  ("SMARTNET 8X5XNBD ASA content Sec SSM - 10W / Usr 50 AV", or b) for Cisco ASA 5510? or (c) what will be the room code?

  ((3) at the present time, S/W of CSC - SSM version is 6.3.1172.0, he wants to renew 6.6.1125.0 - a) is this renewal fee? or (b) renewing most Lic / SMARTNet allows for upgrade version as well?

  Thanks in advance,

  Amit

  SMARTnet for the 5510 ASA with CSC is:

  CON-SNT-AS1C10K9

  SMARTNET 8X5XNBD ASA 5510 Appl w / scc10, SW, 50 Usr AV/Sp.

  SMARTnet coverage is a sine qua non for the subscription:

  CON-SNT-ASCS10K9

  SMARTNET 8X5XNBD ASA content Sec SSM - 10W / Usr 50 AV.

  Having these two will allow the user to improve and update.

  That said, the 5510 and CSC are ready to go end of sale. IHave you talked about their upgrade to 5512-X with module CX? It is a much more capable solution.

• -Renewal-license module CSC SSM

  Recently, my existing CSC SSM module license expired & I need to know the necessary steps & product ID to renew expired CSC SSM license module hosted on ASA-SSM-20 device:

  Tip,

  The system was laid off with Base & more license, 500 users.

  Yes, it's at the BASE and MORE.

  Please check the question as answered if that's the case, so that others can benefit from in the future.

  Take care

  PK

• Cisco ASA 5500 CSC-SSM-20 Series

  How many subscribers maximum, sessions, licenses are allowed using Cisco ASA 5500 Series CSC-SSM-20 on ASA5540 module

  Use the following command 'See - activation key' to get maximum subscribers, sessions, details County licenses.

• Users for Module CSC - SSM

  Hello world.

  I went through the CSC - SSM product data sheet at http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f.html.

  In the license product he sai CSC - SSM 20 supports max 1000 users. What does that mean?  This means that I can't use CSC - SSM when the number of users is more than 1000?  If I'm not correct, what is the maximum number of users I can get behind CSC - SSM 20 so that it works efficintly when all features are enabled?

  Thanks in advance

  Deepak Khemani

  Hi Deepak,

  The numbers that you're talking about in the data sheet are a number of IP addresses of the single user inspected by the module. This account is a cumulative over a period of 24 hours. If the license is exceeded, the administrator will be sent an email once per day to inform them of this.

  -Mike

• Question on the CSC - ssm modules and aip - ssm in the ASA5500

  Is it true that the CSC - ssm and aip - ssm modules cannot coexist in the device of ASA5500 at the same time?

  Another issue is the site of cisco using the command keyword intra-interface involving NO IPSEC TRAFFIC, there are example of config/example

  It is true that the CSC - ssm and aip - ssm modules cannot coexist in the device of ASA5500 at the same time.

  It is not a sample configuration partitions on the spot yet. However, outside the control of the same security, you must the ordinary rule of translation to pass traffic. Also, because of the dynamic nature, it allows only one-way traffic. For example:

  NAT (inside) 10 192.168.1.0 255.255.255.0

  Global interface (10 Interior)

  Global (ouotside) 10 interface (is not required however)

  Sincerely,

  ~ AJ

• Installation of CSC-SSM-20 on ASA5510

  Hello

  Is it good idea to run a CSC-SSM20 on and ASA5510, and I must have 2 gigabytes of Ram on the ASA5510?

  I was wondering too, for filtering of the web. If all Internet users are behind a proxy, the CSC - SSM says that there is only one user.

  I would appreciate any advice.

  Thank you

  .

  Hello

  There is no specific memory requirements for the installation of module on ASA CSC, CSC does not use the memory of ASA, the only thing he uses is the bottom of basket ASA, so the ASA can redirect internet traffic to CSC management ip for filtering. CSC has its own memory and CPU it uses.

  For the second question, if trhe users behind a proxy then definitely the SCC would see demand originating from a single IP address, so you would not be able to filter the traffic at the granular level.

  Hope this answer your questions.

  Thank you

  Varun

• Could not update the Antivirus model Cisco CSC SSM

  I have a Cisco ASA 5520, with Cisco ASA-SSM-CSC-10-K9. ASA version 8.4.3.

  Since two days ago, reason for automatic virus protection update for Cisco CSC SSM failed, error message as below:

  AntiVirusPattern: Model update: the download file failed for ActiveUpdate could not verify security information. The confidence of information database is damaged. Contact Trend Micro technical support... The error code is 62.

  The license is valid and the subscription is expired September 2014.

  Any body encountered a similar problem before?

  Any body has Trend Micro Cisco CSC SSM helpdesk contact?

  I can't find any info Trend Micro for Cisco CSC SSM.

  SCC Module tcaps 1144 is available on server Trend Micro safesync:

  See

  https://supportforums.Cisco.com/docs/doc-40231

• Configuration of CSC - SSM

  From what I've read on the subject the SSM module is that there is a Base license and a license again.

  The basic license allows the module SSM basic antivirus/spyware, control over your network. Most

  License allows the Base license, most Email Filtering and URL filtering.

  So, I guess the only way to block malicious websites and URL filtering is through the SSM?

  I guess you could also simply apply ACLs, but the best way would be through the SSM.

  If you higher purpose CSC - SSM with license and set up, will be there in no downtime associated with it.

  When you pass the traffic that is transferred to the SCC of the ASA instead of just out of the ASA and

  to the Internet?

  Thanks for your help guys

  Hi John,.

  I guess the only way to block malicious websites and URL filtering is through the SSM?

  I guess you could also simply apply ACLs, but the best way would be through the SSM?

  A / as the name says this is a content filtering device, it will apply policies based on what you've set up, on the other hand the IPS - SSM will allow al traffic refusing only those he finds is ilegal so I would say that, Yes, you are right.

  If you higher purpose CSC - SSM with license and set up, will be there in no downtime associated with it.

  When you pass the traffic that is transferred to the SCC of the ASA instead of just out of the ASA and

  to the Internet?

  A / without interruption at all, remember to have the SCC of installation above, a policy of relief would be great and finally simply redirect traffic to see it working. As soon as the CSC is running there will be a peace association

  Kind regards

  Don't forget to note all the useful messages

  Julio

• Cisco CSC - SSM can block https pages?

  / * Style definitions * / table. MsoNormalTable {mso-style-name : « Tabla normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-marge-top : 0 ; mso-para-marge-droit : 0 ; mso-para-marge-bas : 10.0pt ; mso-para-marge-left : 0 ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}

  Hi I m new administers Trend Micro InterScan for Cisco CSC - SSM.

  I have blocked access to facebok using filtering Url CSC - SSM (Communication and research/social network management), this present works very well block access to http://www.facebook.com but this morning I noticed that users can access the facebook page using the following URL https://www.facebook.com.

  Pouvez Cisco SCS - SSM block/filter HTTPS traffic?

  Any ideas to block access to https://www.facebook.com

  Thank you.

  Hello

  Well since the CSC SSM inspects only SMTP, POP3, HTTP, FTP traffic, there is no way to block https using the CSC SSM.

  Kind regards

  SOM

  P.S.: Please check question one answer, if it has been resolved. Note the useful messages. Thank you.

• The ACE IPS Cisco and Cisco ASA AIP - SSM (IPS)

  Is there a difference between the features offered by the Cisco ACE IPS and Cisco ASA AIP - SSM (IPS) devices?

  Can we do without Cisco ASA AIP - SSM (IPS) of 'only' configuration/implementation Cisco ACE IPS.

  Cisco AVS/ACE emphasis on commissioning and to secure web-based applications. IP addresses do not focus on just the web applications and trying to get the multiple layers of the OSI stack. Consider the IPS as a general practitioner and the ACE/AVS as an eye surgeon, or something :)

  Here is the response from Cisco itself:

  http://www.Cisco.com/en/us/prod/collateral/modules/ps2706/ps6906/prod_qas0900aecd8045867c_ps6492_Products_Q_and_A_Item.html

  Q: how is Cisco AVS Firewall application differs from an intrusion prevention system (IPS)?

  A. IPSs are solid solutions of protection against targeted attacks of known vulnerabilities in major platforms such as Windows, Solaris, Apache or Microsoft Internet Information Services (IIS). Cisco AVS excels to protect against targeted attacks Web sites or enterprise applications. These applications can be built custom internal applications or software vendor. Signatures and security patches are generally not available for these types of applications, and building these security levels in each application, it would be almost impossible.

  Q: how is Cisco AVS Firewall application differs by a network firewall?

  A. The Cisco AVS 3120 and Firewall network such as the Firewall of Cisco PIX® and Cisco ASA 5500 Series Adaptive Security appliances are complementary products. The application Cisco AVS Firewall secures Web applications; excellent network in the network security firewall. and the Cisco AVS provides defense in depth for Web applications.

  Firewall network apply policy networks, IP addresses and ports; they have a wide range of application for many different protocols layer features. The firewall can and will be deployed in many locations, including the edge, edge of the enterprise network, branch, etc. Cisco AVS imposed the policy on data HTTP as URL, headers and parameters. Cisco AVS is deployed in the data center in front of Web applications

  Concerning

  Farrukh

• Physical connectivity of ASA AIP - SSM

  How the physical connectivity of ASA AIP - SSM should be in the case of inline interface mode of inspection for all interfaces of the firewall. ?

  Rgds.

  Assuming that 'interface_policy' has "inline ips" in the policy, then yes your configuration is correct.

  Keep in mind that 'GigabitEthernet0/1' being assigned to vs0 is the background interface of basket of the MSS itself and should not be confused with the external interface GigabitEthernet0/1 of the SAA.

  As for using several virtual probes, it is a personal choice.

  When you use an ASA with just a single context, then usually a single virtual sensor is sufficient. It's only when you want to follow for traffic coming from firewall interfaces (or different classes of traffic) If you want to use several different virtual devices.

  However, when you use an ASA with multiple security contexts, then it is usually a good idea to go and use a virtual sensor separate from the context of the ASA.

  If you choose to use several virtual devices, you must understand that the background basket interface GigabitEthernet0/1 are only awarded to only 1 virtual sensors.

  Here is an explanation of how the other virtual sensors would get traffic:

  When packets are sent to DFS for monitoring ASA, ASA includes a special header in each packet. Special information such as the framework of the SAA whence the package, the real and NAT/PAT package addresses, and a few other things. An important field of this header is for the virtual sensor. He tells the SSM which virtual sensor must monitor this package.

  When the ASA is configured without using the names of virtual sensor, this is a virtual sensor in the package header field is blank. If the SSM sees a package with the field left blank it will check the DFS configuration to see which virtual sensor GigabitEthernet0/1 of the SSM has been assigned and that sends the packets to the virtual sensor.

  If ASA has been configured to send the packet to a specific virtual sensor (be it by adding the name of virtual sensor at the end of the "inline ips" entered configuration or by using the configuration entries "allocate ips" in the context of system configuration) then the ASA will include the virtual sensor in the header of the packet. The SSM will read in this area, and instead to send the virtual sensor where Gig0/1 is assigned, it will rather send to virtual sensor specified in the header of the packet.

  Indeed, it overrides the assignment Gig0/1 and will lead to what ever virtual sensor has been specified by the configuration of the SAA.

• (ASA) AIP - SSM 10 Inline; Supreme events?

  A 5520 ASA with SSM-10 GOAL is set to inline mode, but the events of the show for 2 hours (sensor > HS event past 02:00) of the Interior of the sensor shows and "promicuous mode", "left promicuous mode'."

  This AIP SSM - 10 has only one gig0/0 and gig0/1 where o/o is taken out of service and a value default virtual sensor (vs0) is assigned to gig0/1. I see the statistics (sensor > sh SEO-engine of analysis) to gig0/1 so I collect statistics.

  If the configuration of the ASA 5520 has the following policy of inline and events log shows that enter and exit in promiscuous mode so how do I check if I am inspection/recovery in inline mode?

  (ASA > sh run access-list IPS)

  IPS list extended access permitted ip DMZ 255.255.255.0 26.26.1.0 255.255.255.0

  (ASA > sh run | b class-map)

  class-map IPS

  corresponds to the IP access list

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the netbios

  inspect the rsh

  inspect the rtsp

  inspect the skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect the tftp

  inspect the sip

  inspect xdmcp

  inspect the waas

  inspect the icmp

  class IPS

  IPS inline help

  !

  global service-policy global_policy

  (sensor > sh interfaces)

  ...

  Statistics interface GigabitEthernet0/1 MAC

  Function of interface = interface detection

  Description =

  Support type = backplane

  By default Vlan = 0

  Inline = unpaired mode

  Pair of status = n/a

  Circumvention of Capable hardware = no.

  Twin derivation material = n/a

  Link status = upwards

  Link speed = Auto_1000

  Link Duplex = Auto_Full

  Lack of Packet percentage = 0

  Total packets received = 95044

  Total number of bytes received = 8715230

  Total multicast packets received = 0

  Total of broadcast packets received = 0

  Total fat packets received = 0

  Total sousdimensionnés packets received = 0

  Receive the total errors = 0

  Receive FIFO overruns total = 0

  Total packets transmitted = 95044

  Total number of bytes sent = 9047702

  Total multicast packets sent = 0

  Total broadcast packets sent = 0

  Total fat transmitted packets = 0

  Total packets transmitted sousdimensionnés = 0

  Total transmit errors = 0

  Total transmit FIFO overruns = 0

  sensor > sh events last 02:00

  evStatus: eventId = 1203360411830836145 = Cisco vendor

  Author:

  login host: ASA2_IPS

  appName: kernel

  appInstanceId:

  time: 2008-02-20 19:01:46 2008/02/20 19:01:46 UTC

  syslogMessage:

  Description: device ge0_1 entered promiscuous mode

  evStatus: eventId = 1203360411830836146 = Cisco vendor

  Author:

  login host: ASA2_IPS

  appName: kernel

  appInstanceId:

  time: 2008-02-20 19:01:53 2008/02/20 19:01:53 UTC

  syslogMessage:

  Description: the promiscuous mode device ge0_1 left

  The left State events and entered promiscuous mode are usually generated when you do a 'package of display' or 'the capture of packets' command on the CLI of the sensor.

  Track order of the package is promiscuity but is independent of promiscuity or inline followed by analysis of the probe engine.

  If you have inline monitoring using the probe analysis engine.

  And still make command package to the cli for your own monitoring promiscuity of those same packets. Here are 2 independent monitors of the same packages.

  If I remember right inline monitored packets always get returned to the ASA (unless expressly denied), which is not promiscuous packets. So check sensors gig0/1 interface statistics and the number of packets for transmission. If receive and transmit accounts are quite close, then packets are monitored by the analytical engine InLine. If the number of transmission is nil or very low then the packets are likely promiscuous monitored.

  With the configuration of your ASA you are correctly configured for online tracking.

  So I don't think that you are investigating inline, and status messages are specific to your start and stop of the command 'package' on the CLI for your own independent viewing packages promiscuity.

• is 3 GB of ram any good for games?

  Is 3 GB of ram any good for games + desktop + web navigation + watch videos etc...

  (with dual-core Intel pentium @ 2 GHz and Intel hd graphics card)

  (operating system-Windows 7 64 bit)

  Also, Intel integrated graphics will almost certainly produce images low rates/resolutions for games. Other uses will be fine.