anyone using IPS modules on their ASAs?

[oddyager]

Your experiences with them? Easy to manage, does the job? Or its terrible?

 

[sactwnguy]

They are ok. Management is nothing special and could use improvement, very similar to ASDM. It is annoying that HA pairs don't configuration sync so you have to do every change twice. The default signatures have rarely dropped legitimate traffic for us, which is a problem we had all the time with Juniper IPS. Also keep in mind that if you have an ASA that is passing a lot of traffic turning on the IPS can lower your throughput quite a bit.

 

[Emulex]

interesting i wanted to check one out i have hp's tippingpoint which is fantastic for how much they discount it (tons). i like how they let you build your own blacklist (ip) and signatures (of course you are on your own if you blacklist your own network).

are you getting signature updates daily?

 

[sactwnguy]

Cisco updates signatures kind of randomly but it probably averages out to about twice a week.

 

[Cooky]

Don't mean to go off-subject, but has anyone tried any next-gen firewall/IPS, such as the firewalls from Palo Alto Networks?