This is done via the asdm image disk0:/asdm-XYZ.bin command whereas XYZ is the ASDM version. When configuring the Cisco ASDM on the ASA, you must specify the path in command line as to the location of the binary file. This is because commands may have changed between the time the supports firewall software was released and the latest software. Newer ASDM images are compatible with previous ASA software however older ASDM binaries are not compatible with newer firewall software. The Cisco ASDM is completely Java based and whenever a new ASA software is released, a new ASDM image is released along with it to ensure its compatibility. The Cisco ASDM software for the ASA’s is actually a binary file that is a zipped up JAR file for a web browser. In any case, for the CCNA Security and CCNP Security exams you must be familiar with the Cisco ASDM, this of course does not mean you have to use it to manage your firewalls. Many corporate security policies require that the ASDM be completely uninstalled from the ASA as an effective measure of hardening the device due to the software utilizing JAVA which is constantly being updated due to bugs, exploits and security vulnerabilities. While this is not a problem, the ASDM does tend to make the configuration harder to read because of the naming convention it uses. In many organizations you have those who prefer GUI and those who prefer ASDM.
While most engineers prefer command line, there are those select few who would prefer to point and click.
Now imagine you do this multiple times a day… You could easily save 30 minutes or more a day just by avoiding the ASDM to do simple task versus the command line.
Effectively saving 3-5 minutes of your time thus making you more productive. You could either load up the ASDM and authenticate and wait for the GUI to load, than click on configuration than navigate to the object-groups and find the object group down through the list just to view the servers in the group or you could simply log into the ASA via SSH and execute the show run object-group | begin NAME whereas the name is the name of the object group. Throughout history Cisco has made many attempts at providing a GUI for engineers to configure their hardware on however 99% of all skilled engineers prefer command line over the GUI because of the simplicity and the ability to get right to the point.įor example, lets say you need to view which servers are included in an object group on a Cisco ASA.
0 kommentar(er)
