Cisco ASA 5506-X Series Quick Start Guide
8.Configure the ASA Firepower Module
Use ASDM to configure the module security policy and to send traffic to the module.
Note:
You can alternatively use the FireSIGHT Management Center to manage the ASA Firepower module. See the
ASA Firepower Module Quick Start Guide
Configure the ASA FirePOWER Security Policy
Procedure
1.
Use the ASA Firepower pages in ASDM to configure your module security policy. You can click Help in any
page, or choose Help > ASA Firepower Help Topics, to learn more about how to configure policies.
2.
Certain areas of ASA Firepower module functionality may require additional licenses. Enable licenses using
the ASA Firepower pages in ASDM. See the licensing chapter of the ASA FirePOWER Module User Guide or
the online help for more information.
The ASA itself does not require any additional licenses.
Configure the ASA Security Policy
Procedure
1.
To send traffic to the module, choose Configuration > Firewall > Service Policy Rules.
2.
Choose Add > Add Service Policy Rule.
3.
Choose whether to apply the policy to a particular interface or apply it globally and click Next.
4.
Configure the traffic match. For example, you could match Any Traffic so that all traffic that passes your
inbound access rules is redirected to the module. Or, you could define stricter criteria based on ports, ACL
(source and destination criteria), or an existing traffic class. The other options are less useful for this policy.
After you complete the traffic class definition, click Next.
5.
On the Rule Actions page, click the ASA Firepower Inspection tab.
6.
Check the Enable ASA Firepower for this traffic flow check box.
7.
In the If ASA Firepower Card Fails area, click one of the following:
—
Permit traffic—Sets the ASA to allow all traffic through, uninspected, if the module is unavailable.
—
Close traffic—Sets the ASA to block all traffic if the module is unavailable.
8.
(Optional) Check Monitor-only to send a read-only copy of traffic to the module, i.e. passive mode.
9.
Click Finish and then Apply.
Repeat this procedure to configure additional traffic flows as desired.
9. Where to Go Next
For more information about the ASA Firepower module and ASA operation, see the "ASA Firepower Module"
chapter in the ASA/ASDM firewall configuration guide, or the ASDM online help. You can find links to all
ASA/ASDM documentation at
For more information about ASA Firepower configuration, see the online help or the
User Guide
or
for more information.
Navigating the Cisco ASA Series
FireSIGHT System User
Guide.
8.Configure the ASA Firepower Module
Documentation.
8
ASA Firepower Module