Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 711

    Page 711 CH A P T E R 32-1 Cisco ASA Series Firewall ASDM Configuration Guide 32 Configuring the ASA CSC Module This chapter describes how to configure the Content Security and Control (CSC) application that is installed in a CSC SSM in the ASA. This chapter includes the following sections: Information About the CSC SSM, page 32-1 Licensing Requirements for the CSC SSM, page 32-5 Prerequisites for the CSC SSM, page 32-5 Guidelines and Limitations, page 32-6 Default Settings, page 32-6 Configuring the CSC... 
    CH A P T E R
 
32-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
32
Configuring the ASA CSC Module
This chapter describes how to configure the Content Security and Control (CSC) application that is 
installed in a CSC SSM in the ASA.
This chapter includes the following sections:
Information About the CSC SSM, page 32-1
Licensing Requirements for the CSC SSM, page 32-5
Prerequisites for the CSC SSM, page 32-5
Guidelines and Limitations, page 32-6
Default Settings, page 32-6
Configuring the CSC...

    Page 712

    Page 712 32-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Information About the CSC SSM Figure 32-1 Flow of Scanned Traffic with the CSC SSM You use ASDM for system setup and monitoring of the CSC SSM. For advanced configuration of content security policies in the CSC SSM software, you access the web-based GUI for the CSC SSM by clicking links within ASDM. The CSC SSM GUI appears in a separate web browser window. To access the CSC SSM, you must enter... 
     
32-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 32      Configuring the ASA CSC Module
  Information About the CSC SSM
Figure 32-1 Flow of Scanned Traffic with the CSC SSM
You use ASDM for system setup and monitoring of the CSC SSM. For advanced configuration of content 
security policies in the CSC SSM software, you access the web-based GUI for the CSC SSM by clicking 
links within ASDM. The CSC SSM GUI appears in a separate web browser window. To access the CSC 
SSM, you must enter...

    Page 713

    Page 713 32-3 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Information About the CSC SSM Figure 32-2 CSC SSM Deployment with a Management Network Determining What Traffic to Scan The CSC SSM can scan FTP, HTTP/HTTPS, POP3, and SMTP traffic only when the destination port of the packet requesting the connection is the well-known port for the specified protocol. The CSC SSM can scan only the following connections: FTP connections opened to TCP port 21.... 
     
32-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 32      Configuring the ASA CSC Module
  Information About the CSC SSM
Figure 32-2 CSC SSM Deployment with a Management Network
Determining What Traffic to Scan
The CSC SSM can scan FTP, HTTP/HTTPS, POP3, and SMTP traffic only when the destination port of 
the packet requesting the connection is the well-known port for the specified protocol. The CSC SSM 
can scan only the following connections:
FTP connections opened to TCP port 21....

    Page 714

    Page 714 32-4 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Information About the CSC SSM Based on the configuration shown in Figure 32-3, configure the ASA to divert to the CSC SSM only requests from clients on the inside network for HTTP, FTP, and POP3 connections to the outside network, and incoming SMTP connections from outside hosts to the mail server on the DMZ network. Exclude from scanning HTTP requests from the inside network to the web server... 
     
32-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 32      Configuring the ASA CSC Module
  Information About the CSC SSM
Based on the configuration shown in Figure 32-3, configure the ASA to divert to the CSC SSM only 
requests from clients on the inside network for HTTP, FTP, and POP3 connections to the outside 
network, and incoming SMTP connections from outside hosts to the mail server on the DMZ network. 
Exclude from scanning HTTP requests from the inside network to the web server...

    Page 715

    Page 715 32-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Licensing Requirements for the CSC SSM In the outside-policy, outside-class matches SMTP traffic from any outside source to the DMZ network. This setting protects the SMTP server and inside users who download e-mail from the SMTP server on the DMZ network, without having to scan connections from SMTP clients to the server. If the web server on the DMZ network receives files uploaded by HTTP from... 
     
32-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 32      Configuring the ASA CSC Module
  Licensing Requirements for the CSC SSM
In the outside-policy, outside-class matches SMTP traffic from any outside source to the DMZ network. 
This setting protects the SMTP server and inside users who download e-mail from the SMTP server on 
the DMZ network, without having to scan connections from SMTP clients to the server.
If the web server on the DMZ network receives files uploaded by HTTP from...

    Page 716

    Page 716 32-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Guidelines and Limitations –Domain name and hostname for the CSC SSM. –An e-mail address and an SMTP server IP address and port number for e-mail notifications. –E-mail address(es) for product license renewal notifications. –IP addresses of hosts or networks that are allowed to manage the CSC SSM. The IP addresses for the CSC SSM management port and the ASA management interface can be in... 
     
32-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 32      Configuring the ASA CSC Module
  Guidelines and Limitations
–Domain name and hostname for the CSC SSM.
–An e-mail address and an SMTP server IP address and port number for e-mail notifications.
–E-mail address(es) for product license renewal notifications.
–IP addresses of hosts or networks that are allowed to manage the CSC SSM. The IP addresses 
for the CSC SSM management port and the ASA management interface can be in...

    Page 717

    Page 717 32-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Configuring the CSC SSM Configuring the CSC SSM This section describes how to configure the CSC SSM and includes the following topics: Before Configuring the CSC SSM, page 32-7 Connecting to the CSC SSM, page 32-8 Determining Service Policy Rule Actions for CSC Scanning, page 32-9 Before Configuring the CSC SSM Before configuring the ASA and the CSC SSM, perform the following steps: Step 1If the... 
     
32-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 32      Configuring the ASA CSC Module
  Configuring the CSC SSM
Configuring the CSC SSM
This section describes how to configure the CSC SSM and includes the following topics:
Before Configuring the CSC SSM, page 32-7
Connecting to the CSC SSM, page 32-8
Determining Service Policy Rule Actions for CSC Scanning, page 32-9
Before Configuring the CSC SSM
Before configuring the ASA and the CSC SSM, perform the following steps:
Step 1If the...

    Page 718

    Page 718 32-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Configuring the CSC SSM If you manually control time settings, verify the clock settings, including time zone. Choose Configuration > Properties > Device Administration > Clock. If you are using NTP, verify the NTP configuration. Choose Configuration > Properties > Device Administration > NTP. Step 6Open ASDM. Step 7Connect to and log in to the CSC SSM. For instructions, see the “Connecting to... 
     
32-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 32      Configuring the ASA CSC Module
  Configuring the CSC SSM
If you manually control time settings, verify the clock settings, including time zone. Choose 
Configuration > Properties > Device Administration > Clock.
If you are using NTP, verify the NTP configuration. Choose Configuration > Properties > Device 
Administration > NTP.
Step 6Open ASDM.
Step 7Connect to and log in to the CSC SSM. For instructions, see the “Connecting to...

    Page 719

    Page 719 32-9 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Configuring the CSC SSM To connect to the CSC SSM, perform the following steps: Step 1In the ASDM main application window, click the Content Security tab. Step 2In the Connecting to CSC dialog box, click one of the following radio buttons: To connect to the IP address of the management port on the SSM, click Management IP Address. ASDM automatically detects the IP address for the SSM in the ASA.... 
     
32-9
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 32      Configuring the ASA CSC Module
  Configuring the CSC SSM
To connect to the CSC SSM, perform the following steps:
Step 1In the ASDM main application window, click the Content Security tab.
Step 2In the Connecting to CSC dialog box, click one of the following radio buttons:
To connect to the IP address of the management port on the SSM, click Management IP Address. 
ASDM automatically detects the IP address for the SSM in the ASA....

    Page 720

    Page 720 32-10 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module CSC SSM Setup Wizard Step 4Click the Create a new traffic class option, type a name for the traffic class in the adjacent field, check the Any traffic check box, and then click Next. The Rule Actions screen appears. Step 5Click the CSC Scan tab, and then check the Enable CSC scan for this traffic flow check box. Step 6Choose whether the ASA should permit or deny selected traffic to pass if the... 
     
32-10
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 32      Configuring the ASA CSC Module
  CSC SSM Setup Wizard
Step 4Click the Create a new traffic class option, type a name for the traffic class in the adjacent field, check 
the Any traffic check box, and then click Next.
The Rule Actions screen appears.
Step 5Click the CSC Scan tab, and then check the Enable CSC scan for this traffic flow check box.
Step 6Choose whether the ASA should permit or deny selected traffic to pass if the...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals