Redundant ASA + IPS

livenliven Member Posts: 918
in CCNP Security
Ok I have two asa 5520 each with the IPS module.

I have the ASAs working the way I want with failover.

However the IPS is a little lacking.

First off I don't see anywhere to configure failover on the IPS. I understand that when the host ASA fails the stand by asa IPs module will kick in. But I am wanting configuration updates to work like they do with the ASAs when setup in failover. Does that make sense?
encrypt the encryption, never mind my brain hurts.
· Share on FacebookShare on Twitter

Comments

  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Are you referring to fail-open or fail-closed in the sysem policy configuration for the IPS inspection rule? There is stateful failover on the IPS module.
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • livenliven Member Posts: 918
    Either, I just don't see fail over on ASDM, or IDM...

    It might exist via the command line, but I was instructed to just run: setup and then do everything else from the GUI....
    encrypt the encryption, never mind my brain hurts.
    · Share on FacebookShare on Twitter
  • livenliven Member Posts: 918
    and I am not really seeing any fail over commands on the CLI either....


    These things are only somewhat like most Cisco devices. Reminds more of linux than anything...

    Acutally I think they are linux.
    encrypt the encryption, never mind my brain hurts.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.