Cisco has not done a good job of bringing the NAT policy and firewall policy together. With its heritage as a NAT device, the ASA carries a fair amount of configuration baggage. Without CSM, IPS and firewall management are not integrated, requiring not just another IP address but another Ethernet port. You also need a separate MARS appliance, Cisco’s security information-management system, because MARS is the only Cisco tool to receive and analyze IPS/IDS events. To manage your ASA firewall with an IPS installed you also need to use ASDM, the local GUI, because CSM doesn’t have tools for monitoring the status of the ASA.
#ASA AWE FULL#
We worked with CSM in this test and found that while Cisco has done a great job at bringing CSM where it needed to be for enterprise management, it is still not a full management solution for controlling all of the features a UTM has to offer. The ASA series can all be configured entirely from the command line, can be driven through a local GUI (called ASDM), or controlled through Cisco’s optional global-management tool, Cisco Security Manager (CSM), at an extra cost. Because current models of the ASA have only a single slot, you can choose to implement either IPS or antivirus, but not both at the same time.
While the ASA has strong built-in firewall, protocol inspection, and NAT features, the antivirus and IPS UTM features each require an add-in security services module.