Network technologies and trends

Aug 19 2016   5:55PM GMT

Cisco ASA FirePOWER deployment options – Series 1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
ASA
Cisco
Decryption
Encryption
Security policies

When it comes to deploying the Cisco ASA FirePOWER module, it can be configured in one of the following modes

  • Inline Mode
  • Promiscuous monitor-only (passive) mode

Inline Mode

In an inline mode, the traffic passes through the configured ASA firewall polices and then the traffic is sent to the ASA FirePOWER module for further action.

The below figure illustrates the complete order of operation of the Cisco ASA FirePOWER module in an Inline mode.

Figure 1.1 - ASA FirePOWER Inline Mode

Figure 1 – ASA FirePOWER in Inline Mode

Suppose Host A sent a traffic to host B, it will go through the following process

  1. Traffic sent from Host A is received by an Outside interface of the ASA Firewall.
  2. Suppose IPsec or SSL VPN is configured them the incoming encrypted traffic is decrypted.
  3. Firewall policies are applied to the decrypted traffic.
  4. If the received traffic is complaint and allowed by the ASA policies them the traffic is sent to the ASA FirePOWER module.
  5. The Cisco ASA FirePOWER module then applies its security policy to the traffic, and takes an appropriate action. If the traffic is not complaint with security policies or it is malicious in nature, then the Cisco ASA FirePOWER module send back its verdict to the ASA to block the traffic and ASA also sent an alerts to Network Security Administrator. Suppose the traffic is valid, then the ASA allows the traffic to pass though.
  6. Suppose IPsec or SSL VPN is configured them the decrypted traffic is encrypted back.
  7. The processed traffic is then forwarded to respective interface, in this case its Inside interface.

Only Cisco knows how the traffic is processed in the Cisco ASA Next Generation Firewall at the hardware level, also at the same time there are very few deployment option Cisco offers with their Next Generation Security solutions.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: