Cisco ASA5510 and content filtering (antivirus)

Hi,

Can the Cisco ASA5510 support somekind of traffic filtering like the Checkpoint and eSafe with CVP ???
I am aware of the Content Security Edition but is there another alternative ??
 
I know that some products like Fortigate can be used in transparent mode but that would filter the traffic of only one of the interface of my ASA5510.  I am looking for something that would filter all the internal interfaces of my CiscoASA5510 (3)

fox54Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MikeKaneCommented:
Right here:
http://www.cisco.com/en/US/products/ps6823/

I've used it....   Its acceptable albeit lacks a lot of the fine-tuning you'd expect from such a product.  

This what you had in mind?
0
fox54Author Commented:
That's what i don't want to use for the reasons you mentionned.

Is there another solution ?
0
MikeKaneCommented:
In the past I've also used eSafe.   It's also an acceptable choice, but you are limited to the speed of the hardware on which it's deployed.  Which, for most small businesses, is acceptable.  We started to see issues when inline on a 6 mb circuit with 290 users.     But it served it's purpose up to that point very well.  

After the esafe I looked at the Cisco solution above and the Fortigate solution.  

Fortigate offers products with multiple interfaces that (as I was told by sales) cold be configured to provide multiple paths to the same device.  Essentially you would need 6 configurable ports (an in and out for inline scrubbing) to support the 3 ASA ports.      The catch here is that it was really expensive.   IIRC, fortigate charges were scaled based on number of connections and the total throughput.     I don't know if they changed in the last year, but the cost is why I went with the cisco product instead.    

I would imagine that most other solutions also would be inline only (Like esafe).   However, for most purposes, one would only want to scrub the traffic coming in from the public internet.   I was forced to scrub all interfaces for adherence to federal regulations covering the line of business.    Unless its a definite need, a single scrubber on the outside interface mixed with a decent IDS on the inside would be very secure IMHO.     Have you considered that type of solution?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.