Introduction to Cisco ASA Modules

--> Cisco ASA 5500 Series Firewalls allow you to insert hardware modules for increased security and more features.

--> There are basically three different types of hardware modules we can use on ASA 5500 series:

1) ASA CX Module ( For USer Identification)

2) ASA IPS Module ( For IPS Functionality)

3) ASA SFR Module ( For Implementing Firepower Services on ASA).



--> Previously in Cisco ASA, we used to insert hardware modules that contain a software with IPS or CX Feature. 

--> Currently in Cisco ASA, we are using an SSD disk drive instead of a hardware module and the software functionality such as IPS or CX is installed in the SSD Disk Drive.

--> Working of the module in the Cisco ASA is same if it is applied as hardware or software.

--> Cisco ASA Firewall receives the traffic on the physical interface and forwards it to the hardware or software module.

--> Once Module receives the traffic from ASA, it is going to inspect it based upon the policy configured.



-->  If Policy configured is on the module marks the traffic as good then module returns the traffic to the ASA and the traffic is forwarded to the destination.

--> If Policy configured is on the module marks the traffic as not good then the module tells ASA to drop the traffic.

--> # show module command allows you to check which modules are installed and running on the ASA.

--> Currently it is not possible to run more than one module on the ASA.

--> If you want to remove any module on ASA then execute the following commands,

asa# sw-module module cxsc shutdown

asa# sw-module module cxsc uninstall

asa# reload

Note: If you want to remove IPS Module then replace cxsc with ips in the command.

Ref: Cisco.com

Md.Kareemoddin

CCIE # 54759

0 Comments