Top Site Net Features | Register | Login

checkpoint network security jobs

ASA 5505: The ASA 5505 IPS module does not have an external management interface and is managed using a management VLAN within the ASA. By default, the VLAN that is used is 1, and the default IPS management IP address is 192.168.1.2.
ASA 5510, ASA 5580, ASA 5585-X: These devices have an external management interface that is used to configure the device and the IPS module; the ASA 5585-X actually has several external management interfaces. With these devices, the ASA and the ASA IPS module are typically assigned with IP addresses that are on the same subnet (default: ASA – 192.168.1.1, ASA IPS – 192.168.1.2). It is also possible to configure the ASA to be managed via an inside interface while the ASA IPS module is solely managed via the external management interface.
ASA 5512-X, ASA 5555-X: These devices work similarly to the previous models with an external management interface and with the same default IP addresses.
The Basic Operation of the ASA IPS Module

The basic ASA IPS module operation is simple: Traffic comes into the ASA and goes through the initial ASA processes (e.g., VPN decryption, firewall policy). Traffic that is matched is then sent to the IPS module; traffic that is allowed to pass is returned from the IPS module and can be sent back out another ASA interface.

The ASA IPS module does offer two different operating modes that can be specified within the traffic-matching configuration; these include inline mode and promiscuous mode. While in inline mode, all matched traffic will be sent to the ASA IPS module and will not continue on through the ASA until it is returned from the module.

While in promiscuous mode, a copy of the matched traffic is sent to the ASA IPS module with the initial copy of the traffic continuing through the ASA; if the ASA IPS module finds that specific traffic matches one of the attack signatures, it will send a shun message to the ASA to block any future traffic matching the specific traffic characteristics.

More info: checkpoint network security


About This Author


ravitejaraviteja
Joined: January 22nd, 2019
Article Directory /

Arts, Business, Computers, Finance, Games, Health, Home, Internet, News, Other, Reference, Shopping, Society, Sports