• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Anyone work with Cisco ASA CSC SSM?

C

cpals

Diamond Member
We currently utilize a Trend Micro module in our two ASA 5520s which can scan email/web traffic for spam, viruses, etc. It doesn't appear to be highly scalable (Cisco has told us this) and because of this we're looking at getting a standalone appliance for our web traffic scanning (we already have an email appliance).

My question is: because of the module a lot of the lines in my config have references to DM_INLINE_SERVICE and more, which I assume is because of the module being inserted. When/If I remove the module from the ASA, will the config go back to normal and remove these weird references or will they stay? And is it even possible to remove this module without screwing up the config?

Thanks.
 
I use one at work. I didn't do the initial config on it, but I'm fairly confident that your config won't automatically change itself when the module is removed. You can take a look at the configuration examples here and compare that to your config so that you know what to un-do if you remove your module.

The other (not recommended) option would be to change your "csc fail-close" line to "csc fail-open". But, personally, I'd clean up the config.
 
I know if you use a comma list on the ASA it will create DM_INLINE object groups. Not sure if this is whats happening here.
 
I work with ASA and CSC modules all day, I will try and make this clear, but I am not very articulate, so I am sorry if this doesn't make sense.

The DM_INLINE objects allow you to group ports, ip addresses, etc on access lists. When you remove the CSC module you should be ware of removing all of those objects, as they may be referenced by an entirely unrelated ACL. If you are removing the CSC module, the most important thing is to remove the service policies that are pointing traffic to the CSC module. Most often this is configured on the default global-class. Once all the service policies pointing traffic to the CSC module are removed it is safe to take the module out.
If you want to clean up all the config for it you will probably find an ACL named something similar to "global_mpc_2" remove this access list and the DM_INLINE objects it references (make sure it is not referenced anywhere else), and the entire CSC config will be gone.
 
Um... sorry to startup an old topic again, but I could really use some advice about the Trend Micro module. The spam filtering seems to have only 3 levels, but even when I set the used method to 'low' as opposed to 'medium' it still has too many false positives.

We don't have a Smartnet-contract yet and are now using the CSC SSM version 6.3.1172.0 release. Will spam filtering improve when using version 6.3.1172.3? Or do you have any other advice on how to get less false positives? All false positives are being blocked by pattern recognition (fyi).
 
Case72 said:
Um... sorry to startup an old topic again, but I could really use some advice about the Trend Micro module. The spam filtering seems to have only 3 levels, but even when I set the used method to 'low' as opposed to 'medium' it still has too many false positives.

We don't have a Smartnet-contract yet and are now using the CSC SSM version 6.3.1172.0 release. Will spam filtering improve when using version 6.3.1172.3? Or do you have any other advice on how to get less false positives? All false positives are being blocked by pattern recognition (fyi).
Click to expand...

Sorry, I'd like to help, but we never used the module for email spam and only for web/email virus scanning.

Also, we're only on version 6.2.1599.6
 
Case72 said:
Um... sorry to startup an old topic again, but I could really use some advice about the Trend Micro module. The spam filtering seems to have only 3 levels, but even when I set the used method to 'low' as opposed to 'medium' it still has too many false positives.

We don't have a Smartnet-contract yet and are now using the CSC SSM version 6.3.1172.0 release. Will spam filtering improve when using version 6.3.1172.3? Or do you have any other advice on how to get less false positives? All false positives are being blocked by pattern recognition (fyi).
Click to expand...


I'm in the same boat as cpals....we use another appliance for Spam analysis.
 
Ah well, thx for replying. Maybe someone at my company will know what to do. I installed a syslog-app to collect how many e-mails are being processed. I will compare the number with other anti-spam solutions used at other companies. I'll also read the releasenotes for 6.3.1172.1 + 2 + 3. If no improvement is mentioned I'll propably advise another solution.
 
Last edited:
Case72 said:
Ah well, thx for replying. Maybe someone at my company will know what to do. I installed a syslog-app to collect how many e-mails are being processed. I will compare the number with other anti-spam solutions used at other companies. I'll also read the releasenotes for 6.3.1172.1 + 2 + 3. If no improvement is mentioned I'll propably advise another solution.
Click to expand...

I personally wouldn't rely on the CSC module too much... we recently went through a email security project between Symantec Brightmail and McAfee Ironmail and ended up going with McAfee. Has a lot of nice features and very detailed, but the Symantec would work fine for a basic setup also.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top