Redundant ASA + IPS
liven
Member Posts: 918
Ok I have two asa 5520 each with the IPS module.
I have the ASAs working the way I want with failover.
However the IPS is a little lacking.
First off I don't see anywhere to configure failover on the IPS. I understand that when the host ASA fails the stand by asa IPs module will kick in. But I am wanting configuration updates to work like they do with the ASAs when setup in failover. Does that make sense?
I have the ASAs working the way I want with failover.
However the IPS is a little lacking.
First off I don't see anywhere to configure failover on the IPS. I understand that when the host ASA fails the stand by asa IPs module will kick in. But I am wanting configuration updates to work like they do with the ASAs when setup in failover. Does that make sense?
encrypt the encryption, never mind my brain hurts.
Comments
-
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
Are you referring to fail-open or fail-closed in the sysem policy configuration for the IPS inspection rule? There is stateful failover on the IPS module.The only easy day was yesterday! -
liven
Member Posts: 918
Either, I just don't see fail over on ASDM, or IDM...
It might exist via the command line, but I was instructed to just run: setup and then do everything else from the GUI....encrypt the encryption, never mind my brain hurts. -
liven
Member Posts: 918
and I am not really seeing any fail over commands on the CLI either....
These things are only somewhat like most Cisco devices. Reminds more of linux than anything...
Acutally I think they are linux.encrypt the encryption, never mind my brain hurts.